Well, for novices, there's a couple of simple rules: - install antivirus - install firewall (recommend ZoneAlarm) - install Spybot Search & Destroy and enable TeaTimer, its registry/process watcher - install Ad-Aware Keep them all RELIGIOUSLY updated. Turn automatic updates on, even if you're on dial-up. Abandon Internet Explorer. Or if you don't want to, turn off ActiveX completely. Turn off automatic installation of programs. Avoid suspiscious looking sites. And that means ANY. For instance, I was writing an article about MP3 piracy on the web and went to a site that purportedly has MP3's for download. The site didn't work in Opera. Of course. They wanted me to download their downloader. So I fired up Explorer and clicked to download the downloader. Explorer asked me whether I want to install an ActiveX control. I said yes. Then TeaTimer started shouting that somethign wants to change the registry. I said to let them. And then antivirus started screaming that a Trojan dropper was trying to invade my computer. Well, it was time to cease and desist. I terminated the connection to the server, but a part of damage was already done. I had to spend ten minutes cleaning my computer. And I had all the help in the installed programs and knew what I was doing. Your default user would have been infected and probably wouldn't even have an MP3 for their trouble. So, the key word is paranoia. Paranoia. PARANOIA. Internet's not a walk in the park anymore. Hasn't been for quite a while. A propos phishing, well, will you click on a "cancellation of account" mail from Ebay even if you don't have an account at Ebay?

-- erlik