If you have yet to suffer a major intrusion or privacy breach, you could easily believe that it can’t happen to you. But the unfortunate reality for most computer users is that it’s a matter of when it will happen, not if it will happen. If there’s an unsecured computer out there that’s not isolated from other people, it’s a sure bet that someone will find a way into it sooner or later.

To enjoy all the conveniences of today’s computers and the Internet, we must address the inherent security risks that come with those conveniences. Thankfully, the resources to deal with those risks are freely available and easy to use, but you need to willingly and actively use them to stay protected. The following tips will help keep your PC and data safe from the risks you’re likely to encounter.


Implement General Security Measures

Worms, viruses, and spyware tend to nab most of the headlines when it comes to security, but properly securing your computer means much more than using antivirus and anti-spyware programs. These programs won’t necessarily protect you against network-based attacks, nor will they protect you from scams that try to steal your identity and other information. Security should entail several lines of defense so your data is protected even if someone manages to break through the first line or even the second line. With a secure network, secure OS (operating system), secure passwords, and secure files, you can build a fortress that’s tough to penetrate.

Update Windows. One of your PC's most vulnerable elements is the OS, and if your OS isn't secure, you're asking for heaps of trouble. Because crackers constantly find new holes and exploits in Windows, you must keep your Windows version updated at all times by directing Windows Update to automatically notify you as soon as high priority updates are available.

You'll find these settings in Windows Me by clicking Start, Settings, Control Panel, and Automatic Updates; in Windows XP, click Start, Control Panel, System (in Performance And Maintenance category), and Automatic Updates. You also can visit windowsupdate.microsoft.com at any time to search for and install Windows updates.

Software-based firewalls, such as the free Sygate Personal Firewall, can help protect your computer from unauthorized traffic entering and exiting your network.

Use a firewall. The first line of defense against Internet-based threats is a properly configured firewall, which prevents unauthorized access to your PC and/or the computers on your network. Both hardware and software firewalls are available, and although high-end hardware firewalls are considered strong, be aware that many basic firewalls geared for home use (such as those included with inexpensive routers) only monitor inbound traffic. Because Trojan horses and other malicious code can send information from your PC out to the Internet, it’s important to protect both inbound and outbound traffic.

Several free software firewalls, including Sygate Personal Firewall (smb.sygate.com) and ZoneAlarm (www.zonelabs.com), do a nice job of monitoring both types of traffic. These third-party software firewalls also are more effective than the firewall included with WinXP SP2 (Service Pack 2), which doesn’t block any outbound traffic.

Avoid phishing scams. As if viruses and spyware weren’t enough to cause stress, you also have to worry about phishing. In these scams, rogue email messages or pop-ups are disguised to look like important messages from legitimate companies or organizations. The messages typically inform you that your personal or financial information needs updating at the organization’s Web site, and the message will either include a form in its body or provide a Web link to a Web-based form. Although these messages and forms often look exactly like something you’d expect to receive from your bank, online payment service, ISP (Internet service provider), or another company, they’re actually imitations designed to steal credit card numbers, Social Security numbers, and other information that scammers can use to steal your identity and make fraudulent purchases.

To avoid phishing scams, never provide sensitive information via an email or pop-up message. If you’re not sure whether the message is legitimate, contact the company by phone to ask if it really needs the information. Also, to visit a company’s Web site, don’t click any links inside a message; instead, open a new Web browser window and type the company’s URL (uniform resource locator) in the Address field.

Perform regular backups. One of the most devastating effects of computer security breaches is the loss of data, particularly when a virus or worm causes data corruption or severe system instability. Even if you protect your computer with regularly updated security software and a firewall, you can’t guarantee that an attack won’t harm your data because crackers always work diligently to find new methods of destruction that can’t be initially stopped by existing security tools.   You can avoid data loss by performing regular backups that store all of your important files or even create a complete image of your primary hard drive. Depending on the amount of data you need to back up, you can use recordable/rewriteable discs (CDs or DVDs), an online storage service, or an external hard drive. Regardless of your chosen backup method, always keep your backups in a safe place away from your PC.   Many people don’t regard backups as an essential security step, but when they lose data due to a virus or another intrusion, they’re the first to lament the loss.

Combat Malicious Code Malicious code, including viruses, Trojan horses, worms, and spyware, can cause problems ranging from system instability and privacy breaches to outright theft and data destruction. Protecting your Internet-connected system against these threats isn’t just a good idea, it’s a must. Beware of email attachments. You’ve heard it many times before: Don’t open suspicious email attachments. With all of this publicity, you’d think that most virus and worm writers would’ve moved on to another data-sending medium to spread their malicious creations, but the move really isn’t necessary. People still click suspicious attachments, regardless of the warnings, and even those who heed the warnings remain at risk because virus writers can easily camouflage their messages to appear legitimate. Now that free email services offer the ability to send massive attachments, the risk of receiving malicious code through email will probably escalate. You can avoid infection by never opening an attachment unless you can verify that the sender intended to send it to you. If verification isn’t possible, save the attachment to your hard drive and scan it with your antivirus software. There's no excuse not to install and use antivirus software, especially when free, easy-to-use programs such as Grisoft's AVG Anti-Virus Free Edition are available. Install and use anti-spyware software. Spyware, adware, and similar privacy threats are so prevalent today that without software to find and eliminate these threats, your PC can become clogged with this intrusive code in a matter of weeks. To battle spyware and its brethren, download and install both Ad-aware SE Personal (free; www.lavasoftusa.com) and Spybot Search & Destroy (free; www.safer-networking.org). Perform weekly manual scans with both programs or schedule the programs to run automatically. Avoid spyware. Most anti-spyware works by removing spyware after it’s already on your PC, which means that you could experience data theft or other damage between scans. By taking a couple of steps to prevent spyware infection, you can limit potential problems that anti-spyware programs may not be able to fix until it’s too late. First, avoiding opening obvious spam messages or clicking unfamiliar or strange-looking URLs (hover your pointer over a link and look at the lower-left corner of your browser window to see the actual URL). Second, never install software without verifying that the developer is legitimate. If you’re not familiar with the software, search for the application’s name at Google Groups (groups.google.com) to read about other users’ experiences with it. If the application is notorious for installing spyware, you’ll likely find plenty of complaints about it. Install and use antivirus software. Chances are pretty good you already have antivirus software installed on your PC--most PC users do. However, not everyone actually uses the software. You should configure your antivirus software to automatically start with Windows so that your data is protected at all times. Also, configure it to automatically scan incoming email messages, documents, and program files. Before you download unfamiliar anti-spyware, check the Spyware Warrior Web site, which lists all known rogue programs. If you can’t remember to run weekly virus scans, use the software’s built-in scheduling tool to schedule scans one or two days per week, and make sure your PC is on during those times. On the other hand, if you don’t have antivirus software, immediately download and install Grisoft’s AVG Anti-Virus Free Edition (free.grisoft.com/freeweb.php). Update your security software. The effectiveness of your anti-spyware and antivirus software plummets when you don’t retrieve updates for them on a regular basis because new threats emerge worldwide daily. You can set most security programs to automatically search for and install new updates, or at least have them remind you to check for updates. Configure your antivirus software to check for new updates daily and check for anti-spyware updates each time you perform your weekly anti-spyware scan. Avoid fraudulent anti-spyware applications. Amazingly, the very software that claims to protect you against spyware can actually install spyware on your PC. Legitimate anti-spyware programs--such as Ad-aware, Spybot Search & Destroy, PestPatrol, Spy Sweeper, and a few others--are vastly outnumbered by fraudulent programs plagued by false advertising, ineffective scanners, out-of-date databases, and worse. In addition, companies market many of these imposter programs using names that closely resemble the names of legitimate anti-spyware, so be careful before downloading any anti-spyware program that’s not listed among these tips. You also can reference Spyware Warrior (www.spywarewarrior.com), which maintains an active list of rogue and suspect anti-spyware applications.