When it comes to security, to paraphrase Pogo, "I've seen the enemy and he is us." While that's not entirely the case, the fact is, the most innocuous of things might lead to an opening to someone attempting to gain information.

Not long ago, I was cleaning out my cookie folder and I discovered many of the cookies included my name in the name of the cookie. How did that happen, I don't give my name at web sites? I did it to myself.

When you install Windows, a screen appears during the installation process asking for your name. If you input your name, it will be used by many applications when you install them. You'll note, during application setup, very often a screen appears showing your name and organization or job. That information comes from your Windows setup information and it is used by your system all the time as it is stored in the system registry.

Having found my name connected to a cookie led to a little experiment. As a beta tester, I have to reformat my hard drive or at least the partition on which my operating system resides fairly regularly. At the next format, when I reinstalled Windows, I used something nondescript when asked for a name and I left the organization blank.

Once I was up and running, I went to a site that I knew deposited cookies and allowed it to do so. Guess what? My name was gone, replaced by the nondescript name I had used during setup.

The reason I make this point, I run a firewall that blocks both incoming probes and outgoing information. However, that is indicative some information we input to our systems is still available. If a cookie can pick it up so can a web site or someone else. The cookie uses it as an ID.

Now, before you start getting paranoid, remember, this is fairly innocuous but consider this. If a web site can pick up your name and also determine your ISP, they are well on their way to finding your e-mail address and that can lead to spam.

They don't need anything exact because most spam is sent in bulk. They often use random name generators for the purpose of using a scattershot approach they hope will reach some live addresses. If they have a name and ISP, they can use that in their random name generator for purposes of generating a variety of combinations based on your name and possibly hit your address.

Unless you are using some sort of anonymizing software or a proxy server, you do reveal your ISP as you are surfing. In a previous column I talked about proxy servers but they've currently fallen into some disfavor because they usually require an open port. In fact, for that reason, I no longer recommend proxy servers, at least not the software variety. I think it is more important to block access to your system. I haven't tested the hardware variety so that will have to await a future column.

Something else to consider is what you use as an ID with your ISP. As is the case with many, when I first went on the Internet, I used an initial and a part of my name. This usually becomes your e-mail ID. This makes you more vulnerable to spam, partly because of the random name generators but also because that information can be used to identify you at various web sites.

Hence, the more you randomize and cloak your ID, the better chance you have of avoiding spam. If you use a non-descript name when you set up Windows and that name has no relationship to your e-mail ID, it's much tougher for the spammers to figure out your address.

Of course, this isn't bulletproof. It's just one more way of cloaking your identity. Awhile back I was testing a setup with a firewall that only blocked incoming probes. I blithely went about my business until a friend of mine inquired about a name he saw listed in the properties of one my posts in a newsgroup. I went up to the Gibson Research site, www.grc.com and sure enough, the site welcomed me, informing me I was broadcasting my computer's name to the Internet.

I immediately changed to a setup that blocked outgoing information as well as incoming probes and I was once again back behind my shield. Also, just to play safe, I changed the names of the computers on my home network to something nondescript and also non-revealing of whether either computer was the host or the client. Again, all of this is important because, if you are revealing your computer name or your own name, this is just the tip of the iceberg.

It's an indication that a door is open. You may not be able to block all information seen by outsiders but you can certainly close the doors and make whatever information you do display as innocuous as possible. If you happen to have a home network and an outsider is able to see a computer name if they gain access to one system, they may well gain access to your entire network.

If you have children and they have a computer networked to your own, the above should certainly be a consideration. Of course, children aren't the only consideration. You have all sorts of information stored on your computer. If you are using Quicken or QuickBooks, both have the ability to password protect their data files or your account within the program.

You may find it a bit inconvenient to have to fill in a password each time you open the program but it is one more line of defense. If someone gains access to your system, at least you will know they then have to figure out a password to gain access to your information. In other words, inconvenience the hacker. Most of them are just pranksters and voyeurs so this is another case of an ounce of prevention that might pay dividends later.

Some might argue, if it's all just innocent fun, no harm, no foul. The problem is, you never know who might be lurking. It only takes one malicious hacker to make a mess of your system, steal your personal information and/or use your system for a denial of service attack on some web site that not only brings down the site but also clogs bandwidth and slows the net for everyone, possibly affecting access to other sites as well.

You should also remember, downloading files and e-mail are not the only points of entry for a virus. If you are not using a firewall, any port a hacker can enter is also a possible point of entry for depositing a virus. Once he's in, he might find a way to bypass your anti-virus program or plant a Trojan or some malicious script and you wouldn't know anything about it until it's too late. After all, if a hacker could deposit a script that would force your system, unwittingly, into becoming an accomplice in a denial of service attack, he could just as easily deposit a script that wreaks havoc on your system.

Perhaps true system invasions are rare but if you've ever used Zone Alarm, you know that system probes from the outside are not rare. If you are at all familiar with denial of service attacks, it usually takes hundreds of thousands if not millions of hits on a server to bring it down. That's not rare, that's an indication of the number of unprotected systems vulnerable to this type of unwitting use and vulnerable to attack.

You needn't be paranoid; it doesn't take much to protect yourself as I've already indicated. There are free versions for home users of the two most widely used and best software firewalls, Zone Alarm and Sygate Firewall. I've tested both on my home systems and both had all my ports running in stealth mode at the Gibson Research site, www.grc.com. Both do an outstanding job. Zone Alarm is available at http://www.zonelabs.com/ and Sygate Firewall is available at http://www.sygate.com/.

If you are looking for something a little more robust, you might try Norton Internet Security, http://www.symantec.com/. This is not free but you can download a trial version at the above site to see if it suits your needs.

I began with a quote from Pogo and I'll leave you this line from "Hill Street Blues," "Let's be careful out there."