Computer hygiene 101

Regular backups of important data, plus use of antivirus software and a firewall, are the most important ways to protect your computer's contents. You can also make yourself less of a target by using applications that aren't as widely adopted as Microsoft products--Eudora e-mail, say, or WordPerfect word processing. The following measures also help ensure that important information or programs on your computer won't easily be damaged or stolen.


ESSENTIAL STEPS

Regularly update your operating system, web browser, and other key software, using the manufacturers' update features or web downloads. For Windows, run Windows Update from the Start menu. For Macintosh, go to the Software Update Control Panel.

With a DSL or cable connection, staying online increases exposure. When you aren't using the computer, shut it off or unplug the cable or phone line.

Don't open an e-mail attachment, even from someone you know well, unless you know what it contains.

To foil password-cracking software, make sure your passwords are at least eight characters long and include at least one numeral and a symbol, such as "#." Avoid common words, and never disclose a password to anyone online. Avoid using the same password for, say, an online discussion group and a critical task, like online banking.

Don't forward any e-mail warning about a new virus. As many of our survey respondents learned, it may be a hoax or outdated. Check for hoaxes at www.vmyths.com.The four companies whose antivirus software we rated offer an e-mail virus-alert service.


IF YOU'VE BEEN ATTACKED BY A VIRUS

What to do first. Unplug the phone or cable jack from the computer. Before anything else, scan your whole computer using fully updated antivirus software. If you don't have it, buy it and install it to try to eliminate the virus before you do anything else with your computer. On the other hand, if you choose to stay online, do a free scan via the web at http://security.norton.com. You can also download a free trial version of antivirus software at www.mcafee.com/eval.

What NOT to do. Don't delete files, even infected ones. Viruses can infect files your computer needs, which can often be disinfected by antivirus software. Don't reformat your hard drive or run your e-mail program until you have run an antivirus scan. If antivirus software doesn't fix the problem, contact the antivirus manufacturer.


IF YOU'VE BEEN HACKED

What to do. Immediately disconnect the phone or cable jack from the computer. Run a complete virus scan on your computer to remove software such as a Trojan Horse, which hackers may have planted. A free trial version of a Trojan-cleaning utility is at www.moosoft.com. If you don't already have a firewall, install one. Before reconnecting to the Internet, try to find out why your computer was vulnerable.


WHOM TO CALL FOR HELP

The intruder's Internet provider. If your firewall provides the intruder's numeric Internet (IP) address, look up his Internet provider (via Network Lookup at www.network-tools.com ) and e-mail documentation of the incident--copied from your firewall's "log file" to the provider's "abuse" mailbox, for example abuse@rr.com.

The authorities . Except in large cities, the chances are your local police won't be able to help. A number of state police departments or attorneys general have a computer crime unit. You can also report serious incidents to the FBI (www1.ifccfbi.gov) or the Internet's emergency response team, CERT (e-mail: cert@cert.org) ,but don't expect much help.

What NOT to do. Don't try to track down hackers or get even with them. You'll merely disclose your presence and Internet address, inviting further intrusions.


FOR USERS OF CERTAIN SOFTWARE

Windows 98, Me, and XP. Disable file and printer sharing (for your Internet connection), enable hidden file extensions, and remove Windows Scripting Host. To do that, you should be familiar with Windows settings. Otherwise, have a computer-savvy friend do it. If your computer uses the newest version of Windows, XP, you can easily run a thorough security check by going to www.microsoft.com/technet/security/tools/tools/mbsahome.asp.

Outlook Express. Check the Tools Menu, then Options, then Security, for options that tame viruses and worms. One warns you when "other applications try to send mail as me" and another can block attachments that could be a virus. If you don't have the options, you need to update to the latest version of Outlook Express. To get the latest security updates for all Microsoft browsers and e-mail programs, go to http://windowsupdate.microsoft.com.

Microsoft Word. If you never use macros--self-contained programs residing within Word documents--disable the feature. In Word 2000 or later, check the Tools menu, then Macro, Security, to make sure macro security is set to High.

Instant messaging. Run programs like America Online's Instant Messenger only when needed. Don't start them automatically when the computer boots. Be very careful with the file-transfer feature: A firewall won't block files sent to you this way because they piggyback on the file-transfer application itself, so you're creating an entrée for a virus. Windows Messenger's remote-assistance feature, which lets another user control your computer for technical support or troubleshooting, can also be used to hack into your machine.

File-sharing, peer-to-peer (P2P). Run music-swapping programs like Kazaa only when needed and carefully configure them not to share more folders and files than you intend.