I say that the chance is "small" because when I connect to the Web I use an ordinary phone modem and a PPP connection through my ISP. It would be quite a different story if I used a cable modem or a DSL line to connect at high speed. But I'll get to that later; first the basics, step-by-step.

If you use Windows 95, a phone modem and an ISP, then your system is probably similar to mine; follow along with me while we check it out:

1. Start up Windows 95 Control Panel, and double-click "Internet Properties".
2. Go to the "Connection" tab, and highlight the "Dial-Up Networking connection" entry for the ISP that you use to cruise the Web.
3. Click on the Properties button to see the Properties of your connection to the ISP, and select the "Server Types" tab.
4. Notice that "TCP/IP" is checked in the "Allowed network protocols"settings.
5. Carefully Cancel out of the settings and close the Control Panel without changing anything.

The TCP/IP protocols allow two-way connections between networked computers, using virtual "ports." They are like the serial ports, parallel ports, USB and FireWire ports on your PC. But those are physical ports, using connectors and wire, and TCP/IP ports are purely software arrangements.

So a program on your computer uses TCP/IP to connect to a program on another computer over a network, through one or more TCP/IP ports. Now comes the nice part: TCP/IP lets you have more than one connection running at the same time. In other words, you can have lots of TCP/IP ports in use at the same time. It's almost as if you had a direct wired connection running to each other computer in the network- or on the Internet, for that matter.

Such is the power of TCP/IP. But another feature of TCP/IP can turn that power into a liability: Once you start up TCP/IP on your computer, for example by connecting to the Internet with your Web browser, your FTP server, or your email program, TCP/IP allows other programs running on your computer to accept network connections on various TCP/IP ports, even if they don't know who is making the connection. (Such programs are called "servers".)

Not a problem, if you know exactly what servers are running on your computer at all times, right? You wouldn't knowingly run a program that served up all of your private hard disk files to anybody connecting anonymously over the Internet, for example, would you?

Hey, wait a minute, that last one sounds an awful lot like Windows file- and printer-sharing support for local area networks, doesn't it? Well, yes, it does. And there's the rub: Windows ITSELF uses TCP/IP ports to allow file and printer sharing over your office LAN; Windows acts like a server program. Whenever you fire up any program that turns TCP/IP on and connects to the Internet, there is a chance that your particular installation of Windows could accept requests for file, from somebody out on the Internet.

And so people with cable modems are finding, to their surprise, that there are "crackers" out there who run software that deliberately tries out ("probes") the TCP/IP ports of other computers on the Internet. If it finds open ports, the software can do a lot of damage.

It doesn't just happen with cable modems, either; DSL lines can also be vulnerable. The longer you leave your system connected to the Internet via one of these "always on" Internet connections, the greater your chance of being probed and invaded through an open port.

Now, if you use a phone modem to dial up your ISP for a few minutes at a time, and you shut off the modem when you're done, your chances of being invaded are a lot less. Furthermore, with a PPP connection, your Internet address changes each time you connect to the Internet; this means that your system might not be hit by the same cracker a second time. Still, the chance exists that somebody will hit your system; or, you will connect to a Web site that runs some nasty software that probes and invades your system while you are looking at the content of the Web site.

What to do, what to do? For starters, check out Steve Gibson's site of SpinRite fame. Take a deep breath, then click on the "Shields Up!" link and watch as he probes YOUR system over the Internet. Chances are that he will show you that your system is not completely immune to invasion. For a further demonstration, click the link that says "Probe My Ports."

After you calm back down, check out Zone Alarm 2.0. This is a freeware version of a "firewall", a program to notify you of attempted port probes. It also blocks the probes. Zone Alarm looks pretty good to me; after I installed it on my system, I went back to Steve Gibson's Shields Up! site. Zone Alarm stopped every attempt at probing. Gibson's Web site reported that my computer was so well protected that it was as if it were not even connected to the Internet. It was completely "Stealthed," but normal, benign Internet access still worked properly.

If you choose to use Zone Alarm, be aware that some of the registration information that you fill in when installing it, may get sent back to Zone Labs over the Internet. Read the fine print first!

Now, just because you're running a firewall, don't think you're invulnerable. Visit "Check Your Browser" to see if your browser is giving away your email address. That has nothing to do with TCP/IP ports at all; it's a "feature" built into many (but not all) browsers.

And then, there are JavaScript traps, cookies, viruses, Trojan horses, and who knows what else lurking out there! If you want some more technical material, read the article by Lincoln D. Stein titled "Security in an 'Always On' World."

Our next meeting will be in the usual large meeting room at the Davis branch of the Yolo County Public Library, at 7:00 p.m. on Wednesday, April 26. We hope to see you there!