Defend your virtual home

(Money Magazine) -- It may seem melodramatic, but the truth is, hackers across the globe - or maybe across the street - are working 24/7 to find ways to steal your passwords, take control of your computer or turn your hard drive into a whirring pile of scrap metal.

Visit the wrong site or download the wrong file, and your PC could end up with spyware that tracks your surfing or adware that chokes your Internet connection.

Meanwhile, since nearly everything you do on a computer leaves a trace somewhere, your privacy is at the mercy of companies that hold the data. Maybe they'll hand it over to the government someday. Or they'll just be careless with it, leaving you exposed to ID thieves.

Unless you are permanently logging off, though, you can't eliminate these risks. You can only learn how to manage them. But in that sense, your life online is no different than your life offline.

"Why doesn't your house get robbed every day? Because you weren't targeted," says Thomas Longstaff, a computer security expert at Carnegie Mellon University.

So take some simple steps to make yourself a less appealing target and to help you recover more easily if you do get hit.

Keep your computer up to date. Hackers are constantly searching for flaws in your operating system, especially if you run Windows. So update your most critical software regularly. You can do this automatically. Check your settings (under Control Panel in Windows and System Preferences on Macs) to make sure automatic updates are on.

Use security software... At a minimum, on Windows machines you must have antivirus, anti-spyware and firewall software. The antivirus/anti-spyware programs from Symantec and McAfee cost $40 for a year.

Your Internet service provider may supply free software - compare it with the paid stuff by downloading a free trial. A firewall blocks outside computers from getting access to your machine. The latest versions of Windows and Mac OS X have optional basic firewalls. But Windows users should use a third-party firewall. ZoneAlarm is a free download available at zonelabs.com. Firewalls also come bundled with all-in-one Internet-security suites, which range in price from $50 to $70.

...but don't depend on it. "You catch the low-hanging fruit with antivirus software," says Jeff Moss of Black Hat, a security consultant. The biggest threat you face is the new hacker tactic that your security program doesn't know about yet.

So you must develop Internet street smarts. Unless you have good reason to believe otherwise, assume that any attachment to an e-mail or any free download offered on a website contains a dangerous program. That goes triple for e-mails from strangers and for websites you've never heard of.

A University of Washington study found that one in 25 sites contained intrusive software, ranging from adware to really scary stuff that lets someone see what you type. Many of the most dangerous sites entice users who are looking for something for nothing, such as games, illegal music downloads or screen savers.

Take away your PC's superpowers. Both Macs and Windows PCs allow you to set up accounts for different users and give each user a different level of privileges to alter the machine, such as by adding software. Chances are, you've got administrator rights.

This makes using your computer a bit easier, but it makes you more vulnerable, warns Mike Reiter, technical director at Carnegie Mellon's CyLab. Say you come across a malicious piece of software. If it launches when you're in admin mode, it could wipe out your hard drive. Work on an account with limited privileges, and the bad code may not be a threat. Use your admin account only to install software or perform maintenance chores.

Get a router and lock it down. Almost any $30 Wi-Fi router beefs up your security by acting as another firewall between your computer and everybody else on the Internet. But that doesn't do you much good if you then leave your wireless connection open to your neighbor or anyone driving down your street.

If you have unencrypted Wi-Fi, anybody can hop on to your network and use your bandwidth - or watch what you do or even break into your computer. To foil them, set your router to encrypt your data, advises Stu Elefant of McAfee. You usually have two choices: WEP or WPA. Choose WPA. It's tougher to break.

Be careful at the coffee shop. A lot of places offer free laptop Wi-Fi access. But if it's easy for you to log on, it's easy for the guy sipping a latte at the next table to spy on you, says Devin Akin of the CWNP Program, a wireless-security training firm.

Make sure your computer is set not to share files with a network, and avoid typing in passwords or sensitive data, especially if you're on an unsecured Web page (one that doesn't start "https").

No matter what, don't do your banking in a public spot. If you have a POP-based e-mail program, use a secure SSL connection - and if that's all alphabet soup to you, lay off e-mail and get that scone to go.

Get smart - and get real - about passwords. Use different passwords for your sensitive accounts. A strong password is long, combines letters and numbers and is not a dictionary word, name or anything someone who knows a bit about you could guess. Microsoft has a neat tool that tests password strength (microsoft.com/protect). Unfortunately, such a password is devilishly hard to remember.

That's why security guru Bruce Schneier of Counterpane Internet Security recommends doing what you've always been warned not to do: Write your passwords down. "Human beings are very good at securing little pieces of paper," says Schneier. "We've been doing it a long time."

Know how your computer watches you. As you wander the Web, your browser can record every site you visit. You may be collecting "cookies" loaded onto your computer by the sites you visit, as well as storing copies of those sites in your cache file and leaving a history log easily accessible to anyone else who looks at your browser. The new Internet Explorer and Firefox have one- or two-click functions under Tools that clear your browsing history.

Shred or smash. Little bits of personal information can linger on your hard drive even if you think you deleted them. Before you throw or give away an old computer, wipe your hard drive clean with software that meets Department of Defense standards for data destruction. Disk wipers go for about $30, or you can download the free Darik's Boot and Nuke at dban.sourceforge.net. Alternatively, you can remove your hard drive and apply a sledgehammer ($30) while, of course, wearing your safety glasses ($10).

Don't assume you are anonymous online. Web sites can keep surprisingly detailed records about their visitors, and your digital footprints might, in theory, be traced to you.

AOL (a unit of Money Magazine's parent company) recently exposed some customers' Web searches to public view, providing clues to their identities. That's why the Electronic Frontier Foundation recommends that you avoid entering personal information like your name or Social Security number into a search engine on your own PC, and that you not use search engines run by your ISP or e-mail provider.

________________________________

More from the Complete Layman's Guide to Cyber Safety:

Thwart ID Thieves: You can spend big bucks and drive yourself nuts listening to the hype. Or you can take a few sensible precautions.

Guard Privacy at Work: Everything your do at the office is an open book. Understand that and you can save yourself embarrassment. Or worse.

Keep Your Kids Safe: Your parents worried that you watched too much TV. They never had to deal with IMs and MySpace.