Washington (dpa) - Almost every week we hear about a new security
concern online - one that threatens to put your privacy or personal
information at risk. Some of the most alarming involve programs that
you think you're installing to protect you from harm when, in fact, the
programs themselves cause it. While these threats grab the headlines,
they shouldn't make you afraid to conduct business on the Internet.
Know what to be on guard against when surfing the Internet, and you'll
have the upper hand.

Q: I downloaded some anti-spyware software that was advertised on a
Web site. After I installed it, I started receiving a lot of pop-up
advertisements. Could the anti-spyware software have caused this?

A: Yes. The unfortunate fact is that some purveyors of spyware and
adware have found that one of the best ways to get this malicious
software onto your computer is through peddling fake anti-spyware
software. Once installed, this software does little or nothing to
protect you from actual spyware or viruses. Instead, it just might
monitor your activities or push paid advertising upon you, even when
you're not logged on to the Internet with a Web browser.

These bogus anti-spyware packages have become such a problem that
the Spyware Warrior Web site
(http://www.spywarewarrior.com/rogue_anti-spyware.htm) was created to
identify them. The site currently lists some 350 rogue anti-spyware
applications and provides details regarding the type of nefarious
activities they perform once installed. "Aggressive advertising,"
"browser hijacking," and "stealth installations" are some of the more
common results of installing these programs.

Your best defense against this type of software, of course, is
never to install it. Don't install any software that is pushed at you
through pop-up ads or windows. Be especially suspicious of pop-ups that
warn you that your computer may be infected with spyware or that your
registry may be damaged. Clicking on a link in such an ad will almost
certainly spell trouble. Either you'll be told that there's some
software that will fix your computer's problem, or some malicious
software will be installed on your PC in the background.

Q: How safe are password managers? I am reluctant to use one to
store all of my passwords. How do I know someone can't hack into it?

A: Many password managers use a type of robust encryption that
would be nearly impossible to crack, even by the developers of the
password manager software. Roboform, for example, uses several types of
encryption, all of which are industry standards. Stick with a
well-regarded password manager, and you should have no problems. In
addition to Roboform, Login King, Password Manager XP, and Account
Logon are all highly regarded.

Your biggest threat comes not from password managers themselves but
from the likelihood that you use the same password for everything and
that you've written that password down where someone might find it.

At the least, you should divide your password needs into a couple
of categories. Bank and financial passwords, for instance, should never
be the same as other, less critical passwords, and you should not use
the same password for more than one financial institution. You might
even want to draw upon the ability of most password managers to
generate strong passwords - consisting of numbers, letters, and special
characters - and changing it every few months.

Q: I understand that I should look for the lock icon in my browser
when purchasing something online. If a site I'm trying to purchase
something from does not have the lock icon, should I avoid it?

A: You should be suspicious. But before you run away from the site,
be sure you know where to look to find the lock icon. Some browsers
display it in the lower right-hand corner of the Web browser. With
others, it's in the lower left-hand corner, and sometimes it appears to
the right of the Address bar, where the site's Web address - which
should begin with "https" - is displayed. The lock should not appear on
a Web page itself.

Note, too, that the lock icon is not simply a graphic. If you click
it, you should see a Web site identification pop-up, which includes the
site's security information. Among the information there should be a
line that reads "This connection to the server is encrypted." That
means that any potentially sensitive information you transmit will be
digitally scrambled and not legible to a third- party, even if the data
were intercepted.

If you do not see the lock icon anywhere and you still wish to
purchase from the site, find the site's contact information and place a
call to the vendor.

--- Have a computer question? Send it to the Computer Helper at jayd@csi.com.
(dpa)