• PC World
• »Security

It's 2004: Computer viruses, worms, Trojan horses, and spyware applications are flooding the world's networks. You're nuts to use a PC without an antivirus tool, but that alone isn't enough. Antivirus programs can't detect a new virus until it is already on the loose. That leaves your system vulnerable for the hours or even days it takes your antivirus vendor to deliver an update. Fortunately, you can help stop the nastiest viruses in their tracks--even before anyone knows about them.

Patch that system, private! It's time to bust out the old drill-sergeant voice, because anyone who doesn't follow this simple instruction is going to have to drop and give me 50 knuckle push-ups. Okay, everyone repeat after me, "Unpatched systems are the devil's spawn."

Enable Automatic Updates: In Windows XP, right-click My Computer, choose Properties, Automatic Updates, and make sure that 'Keep my computer up to date' is checked. (See this month's Internet Tips for more on Automatic Updates.) Once a month (preferably just after Microsoft announces its latest security fixes), visit windowsupdate.microsoft.com, let the site scan your system, and then download anything labeled 'Critical'. Every month, no exceptions--got it?

Turn off scripting behaviors in Internet Explorer: Many worms and viruses spread through Web page scripts (commands in the page that push the worm out to anyone who opens it in IE). Other browsers don't have this problem, but if you can't or simply won't change to Opera, Mozilla, or another browser, you must alter IE's scripting settings to block the threat.

In IE, click Tools, Internet Options, Security. Choose the Earth icon under 'Select a Web content zone', and click Custom Level. The settings in the dialog have three options: Disable, Enable, and Prompt. Enabling everything is asking for trouble, but being prompted every time a script or ActiveX control wants to run will drive you batty. In any event, disable 'Download unsigned ActiveX controls', 'Initialize and script ActiveX controls not marked as safe', 'Active scripting', and 'Scripting of Java applets' (see FIGURE 1 ). Set 'Java permissions' to High Safety.

With scripts disabled, many of your favorite Web sites may not open. Also, your company intranet or Web mail service may require scripting. If so, add the URLs for these sites and services to IE's Trusted Sites list. Open IE and click Tools, Internet Options, Security. Select the Trusted Sites icon, click Sites, and then enter the URLs one at a time. Uncheck Require server verification (https:) for all sites in this zone, and click OK (see FIGURE 2 ).

Control what starts up with Windows: Many worms place a reference to themselves in a portion of the Windows Registry that defines what programs start up with Windows. The TeaTimer applet that comes bundled with Spybot Search & Destroy 1.3 and with WinPatrol can control what gets added to this list. TeaTimer asks you to verify any program that seeks to be added to that list. Spybot and WinPatrol are free, so why not use both?

Use a software and a hardware firewall: If you have broadband Internet service--even if you have Zone Labs' free ZoneAlarm or some other software firewall active on your PC--you can't be too safe. Belkin, D-Link, Linksys, and other vendors sell inexpensive broadband gateways that bounce back worm attacks that otherwise would reach your computer.

Andrew Brandt is a senior associate editor for PC World and the author of the monthly Privacy Watch column.