The computer helper: Safer surfing

Washington - Almost every week we hear about a new security concern online - one that threatens to put your privacy or personal information at risk. Some of the most alarming involve programs that you think you are installing to protect you from harm when, in fact, the programs themselves cause it. While these threats grab the headlines, they shouldn't make you afraid to conduct business on the Internet. Know what to be on guard against when surfing the Internet, and you'll have the upper hand. Q: I downloaded some anti-spyware software that was advertised on a Web site. After I installed it, I started receiving a lot of pop-up advertisements. Could the anti-spyware software have caused this?

A: Yes. The unfortunate fact is that some purveyors of spyware and adware have found that one of the best ways to get this malicious software onto your computer is through peddling fake anti-spyware software. Once installed, this software does little or nothing to protect you from actual spyware or viruses. Instead, it just might monitor your activities or push paid advertising upon you, even when you are not logged on to the Internet with a Web browser.

These bogus anti-spyware packages have become such a problem that the Spyware Warrior Web site (http://www.spywarewarrior.com/rogue_anti-spyware.htm) was created to identify them. The site currently lists some 350 rogue anti-spyware applications and provides details regarding the type of nefarious activities they perform once installed. "Aggressive advertising," "browser hijacking," and "stealth installations" are some of the more common results of installing these programs.

Your best defense against this type of software, of course, is never to install it. Don't install any software that is pushed at you through pop-up ads or windows. Be especially suspicious of pop-ups that warn you that your computer may be infected with spyware or that your registry may be damaged. Clicking on a link in such an ad will almost certainly spell trouble. Either you'll be told that there's some software that will fix your computer's problem, or some malicious software will be installed on your PC in the background.

Q: How safe are password managers? I am reluctant to use one to store all of my passwords. How do I know someone can't hack into it?

A: Many password managers use a type of robust encryption that would be nearly impossible to crack, even by the developers of the password manager software. Roboform, for example, uses several types of encryption, all of which are industry standards. Stick with a well-regarded password manager, and you should have no problems. In addition to Roboform, Login King, Password Manager XP, and Account Logon are all highly regarded.

Your biggest threat comes not from password managers themselves but from the likelihood that you use the same password for everything and that you have written that password down where someone might find it.

At the least, you should divide your password needs into a couple of categories. Bank and financial passwords, for instance, should never be the same as other, less critical passwords, and you should not use the same password for more than one financial institution. You might even want to draw upon the ability of most password managers to generate strong passwords - consisting of numbers, letters, and special characters - and changing it every few months.

Q: I understand that I should look for the lock icon in my browser when purchasing something online. If a site I'm trying to purchase something from does not have the lock icon, should I avoid it?

A: You should be suspicious. But before you run away from the site, be sure you know where to look to find the lock icon. Some browsers display it in the lower right-hand corner of the Web browser. With others, it's in the lower left-hand corner, and sometimes it appears to the right of the Address bar, where the site's Web address - which should begin with "https" - is displayed. The lock should not appear on a Web page itself.

Note, too, that the lock icon is not simply a graphic. If you click it, you should see a Web site identification pop-up, which includes the site's security information. Among the information there should be a line that reads "This connection to the server is encrypted." That means that any potentially sensitive information you transmit will be digitally scrambled and not legible to a third- party, even if the data were intercepted.

If you do not see the lock icon anywhere and you still wish to purchase from the site, find the site's contact information and place a call to the vendor.