Like virus detection programs. They have a large database of "signatures" that they look for.
For example, for tracking cookies, the cookie has to be readabe by the privacy-steal scum that arranged to have it planted, so the cookie will have some domain like "spy.DoubleScum.com". The detector sees that cookie and knows it's spyware.
There are also registry changes, DLL infections, and run-at-startup entries in the big database that are scanned for and reported.
It's a lot of work to keep adding to the database, so if you're using one of the free tools and it has helped you, you might consider donating a few dollars to pay back all the time they put in.