Shortly after the arrival of the latest Internet worm, Lovgate.c, I got a fair amount of e-mail from worried friends and readers. Given that Lovgate spreads a Trojan horse, which then gives remote users access to infected machines, my correspondents wondered what the worm's creators were after. "Do they want my credit card number? Will they read my Quicken files?" they asked.

My answer: The person or persons responsible for this latest round of Trojan horse infections could be scanning your hard drive for your personal info, but it's more likely that they want to use your PC to launch attacks on large government or corporate servers--a new trend among virus writers.

Firewalls are necessary
Because of this, you need more than an antivirus program to protect yourself against today's digital threats--you need a firewall program, too. A firewall will shut down open system ports and report any suspicious activity, so malicious users can't use your PC for nefarious purposes. That's why I think all desktop antivirus apps should now include some type of firewall.

To understand why firewalls are such a good idea, you need to know how virus writers get ahold of your computer. They don't target any particular PC. Instead, they send out worms such as Lovgate with Trojan horses to infect as many computers as possible. Once a system is infected, the Trojan might send back to the creator some basic information about the machine (usually the IP address, hardware specs, and operating system).

When the virus authors receive this information, they know they "own" the hundreds or thousands of computers the Trojan horse infected. (In hacker speak, such machines are referred to as 0wn3d.) The authors can then use these PCs to carry out future large-scale attacks. However, if you use firewall software and your PC becomes infected, the Trojan should not be able to communicate to its creators without alerting you first--and giving you the option to remove the malicious code from your system.

Real concerns
Do you really have to worry about your computer being hijacked like this? Yes.

First, you are legally responsible for the contents of your PC. If, for instance, your PC were hijacked by hackers to participate in a large-scale attack, you could--in theory, at least--be held responsible for that attack. You could certainly be found liable if your PC is running pirated software (known as warez). The laws in this area haven't been thoroughly tested, but the courts could decide that PC users who allow a dangerous Trojan onto their machines have aided and abetted the true criminals.

Second, knowing that someone put software on my PC without my permission feels like a violation--and I don't think I'm alone here. It's like finding that someone's been living under my front porch. Still not convinced?

All right, then: Your PC could be the one in a thousand that is scrupulously investigated by a malicious user. This means a stranger could view every Web site you've visited, every e-mail message you've written, and every image on your PC. They could use this information to impersonate you online and run up a big credit card bill on your account. They could also publish information from your PC on the Web, making public a new business plan you've been working on or your confidential correspondence.

Antivirus with firewall technology
All of this is why I applaud the recent releases of Trend Micro PC-cillin 2003, Panda Platinum 7.0, and McAfee VirusScan Home Edition 7.0--antivirus apps that include firewalls. The vendors of these products recognize that the traditional methods used for spotting viruses--signature files and heuristics--aren't enough for today's blended threats. A firewall, even a rudimentary one, is able to alert you to activity on your computer ports that may be the result of a worm or a Trojan horse, something antivirus software alone can't do.

What boggles my mind is that industry-leader Symantec (maker of Norton AntiVirus) has been so slow to catch on. McAfee, the first vendor to bundle a firewall with its antivirus software, did so nearly two years ago. Yet the recent release of Norton AntiVirus 2003 did not include Norton Personal Firewall 2003; they remain separate products, each costing about $50. In contrast, for $20 to $40, you get everything you need to protect your PC with PC-cillin, VirusScan, or Panda Platinum.

Now, Symantec did add a very basic Intrusion Detection System (IDS) to the latest version of Personal Firewall; it examines the contents of Internet packets coming and going on your PC and stops worms such as Code Red. Yet this new IDS technology is twice as effective if you use it with Norton AntiVirus. To get antivirus and firewall protection in one package, you must buy the Norton Internet Security suite for about $70. Not only is the price relatively high, this suite includes several additional programs you don't really need and that consume a fair chunk of your system resources.

In light of Lovgate and other recent Trojan-carrying worms, you have no excuse for not protecting your PC. Get firewall software such as ZoneAlarm Pro or one of the new firewall-enabled antivirus apps. Trust me, you'll be glad you did.

Are you running a firewall app on your PC? Why or why not? TalkBack to me!

Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know!