Use an anti-virus program, and keep it up to date. Without such a program, you're inviting disaster.  The program will warn you when you attempt to run a virus-infested program, check your email for viruses, etc.  I use Norton Anti-virus, but there are others on the market which are also effective. Keep it updated, so you won't fall prey to new viruses.  I update daily.

	Keep up-to-date all patches for your operating system. The operating system is key to everything; check frequently at http://windowsupdate.microsoft.com
	Check with vendors of other programs for security updates and patches.
	Some Internet service providers include security programs with their service,  Check with them before buying your own.
	Use a software firewall to protect your system from attack.  Anytime you're connected to the Internet, your system is susceptible to being probed and attacked.  This is especially true if you have a cable modem or DSL connection, but regular dial-up (using a telephone line) is also be targeted.  Once your system has been penetrated the attacker can do anything, erase all your files, copy your credit card and social security numbers, set up you system to act as a zombie to attack web sites, etc.  Note: make sure your firewall prevents traffic both from and to your computer (XP's does not, even using SP2) Test your computer to see if it's exposed to external attacks by using ShieldsUP at Gibson Research Corporation.  Click on ShieldsUP, then "Test my shields" and after that test is complete "Probe my ports".  You may be surprised how open your system is to hackers.  Also download, install and run "Leaktest" to find out if programs run on your machine can "phone home" without your knowledge (RealPlayer is one, whether you're actually using the program at the time or not). I recommend ZoneAlarm, a free download.  This program can prevent your system from being visible to potential attackers (and if they can't see it, they can't attack it.)  It will also notify you of any programs which attempt to access the Internet, and you choose whether to allow or not.  This can be a real eye-opener. If you download the free version ZoneAlarm and like it, the "Pro" version can be bought at that time for about $40; however if you wait a week or two you probably will receive an email invitation from them to purchase at a reduced price.
	Install a hardware firewall router for additional protection. You can't be too careful, and a $20 investment could save you lots of trouble. Be sure to change the default password.
	Most viruses are spread as email attachments; accordingly I recommend the following Don't open email attachments unless you know the person who sent them, and you check that they intended to send an attachment. If you receive an email with attachment from someone you don't know, delete it without looking further; it's probably a virus.  I received 155 emails with attachments from one individual on one day; I didn't have to guess that they were all viruses. Many viruses automatically forward themselves to some or all listings in the infected machines email address book.  Even though you may know the person, that person's machine may have been infected and unknowingly sent infected mailings. Be careful using Microsoft Outlook as your email program. Upgrade to Outlook 6, and in Tools, Options, Security check the box "Do not allow attachments to be saved or opened that could potentially be a virus" Or avoid using Outlook entirely.  Since Outlook is free and included with the operating system (or a free download), most people use it.  Because of this, virus writers target it as a way into systems.  Some virus attachments run automatically when viewed in Outlook; they don't have to be opened to infect.  I use Pegasus Mail, but Netscape's mailer is fine, as is Eudora (free with banner ads, or pay for ad-free). To monitor your machine, add these test addresses to your address book -- virus@locksmith.org and avirus@locksmith.org  These are autoresponders which will send you a warning if you send email to them.  If you receive such mail, you know that you have a problem. Why two of them?  Because some viruses send email to the entire address book, others to a more limited number.  By having alerts from both ends of the alphabet, there's a better chance that at least one responder would be emailed.
	Instant messaging has the same security holes as email; reading is OK but attachments may be viruses.  Use the same precautions as email.
	Use strong passwords at least eight characters in length which incorporate upper- and lower- case letters, numbers and (if permitted) punctuation characters.  Don't use words in any language, your pet's or child's names.
	Use different logon names and passwords at different sites so if one of the sites is compromised, your information isn't at risk at other sites.

 

	Browsers, such as Microsoft Internet Explorer and Netscape Communicator can infect your machine when visiting malicious sites. Use a browser other than Internet Explorer (which is targeted by hackers because it is the most widely-used browser).  Alternatives include Mozilla Foxfire and Opera (both free downloads.) Check to see you have the latest security updates from the publisher. Disable Java and ActiveX.  Each can be unsafe; enable only when visiting trusted sites (such as CNN.com, Microsoft.com, etc.)  JavaScript is usually not a problem at this time.  As of 11/19/01 Microsoft TechNet  recommends installing a patch to prevent hacking of your cookie file. Installing Netscape and AOL can change security settings on Internet Explorer.  Check Tools -> Internet Security -> Trusted Sites -> Sites to see if any are listed that you're unaware of.  Delete those sites.  (I don't "trust" any sites.) When you install new software, use the "custom installation" so you can monitor which programs and options are installed, and where. Check your browser's security
	Install and use spyware detection programs.  Spyware can monitor your activities and send that information to another site (such as sites visited, credit card information, etc.); they also slow your system, and can be used to attack websites (zombies). Two good free programs (use both): AdAware and Spybot Search and Destroy. Site with authoritative spyware information.
	Test your computer for vulnerabilities at this free Web Security and Penetration Testing site
	Minimize your exposure to hackers by not connecting to the Internet when not needed. If you're not connected you can't be hacked, so disconnect from the Internet on when you're not using it.
	Don't respond to "phishing" emails.  "Phishing" is attempting to deceive you into reveling secret information by pretending to be someone who already has the information, e.g., posing as a bank in order to obtain your account or social security numbers. Any email asking to "confirm" your account or other information should be viewed with extreme distrust ― no reputable institution would ask you to do so.  This is especially true if the email threatens that your account would be closed or frozen unless you respond.  If you think it might be true, contact them by phone via a number previously provided by them, not a number the email provides Any email suggesting your credit card has been compromised should be handled in the same manner.  Example: you receive a email from a supposed security department of a bank which issued a credit card to you, and requests you click on a link to their site to confirm your account.  Don't believe it!  If you think it might be true, type in the bank's known website address in the browser and proceed from there; a link in an email might send you to a spoof site which looks like the bank's but is only there to collect information for thieves. Think you know everything about phishing emails? Take this test! Methods of determining if a link is trustworthy
	If you doubt the authenticity of any site you've previously registered with, supply wrong information when signing on; if that wrong information is accepted, the site's a scam.
	Don't send any confidential information via email ― it's not secure unless you encrypt it (uncommonly done)
	Only send confidential information via secure web pages, those which begin "https://. . ." and show a locked padlock on the status line.
	Read more at http://www.cert.org/homeusers/HomeComputerSecurity/ for a complete description of what you need to do,  http://pcworld.com/features/article/0,aid,62483,pg,4,00.asp for general computer security, http://pcworld.com/features/article/0,aid,62483,pg,5,00.asp for patches, http://www.pcworld.com/features/article/0,aid,62223,00.asp for firewalls and email defense. http://www.securityfocus.com/columnists/220 A Home User's Security Checklist for Windows, covering all aspects of computer security