Law-abiding citizens love a good "dumb crook" story. These stories not only make us feel better about our own mistakes, but seem to carry a kind of cosmic justice. They also give us a sense of false security, or at least a hope that all criminals will be so easily apprehended.

While our two social-network addicts were arrested because of their computer use, a number of criminals avoid detection precisely because they use computers in the commission of their crimes. We refer, of course, to hackers. Hackers learn to disguise their tracks by going through proxies. They work long distance, often from other countries. And the goods that they steal are account numbers and identities, not the kinds of things you sell on eBay. They find their customers on the Internet's black markets. And if they do log into MySpace, I bet they use a computer that's not tied to their hacking activities.

Alter all, when was the last time you heard a good "dumb hacker" story?  Exactly.

To get the full scoop on Norton Internet Security and see how it stacks up against the competition, check out our Internet security software reviews and comparison chart.

Q: Are Webroot and Trend Micro the same? Is it harmful to have them on at the same time? Or is it a waste of money, and am I doing double security?

A: This is a good question. It reminds me of a scene from a Billy Wilder movie called Ace in the Hole. In it, Kirk Douglas plays a scheming reporter who tells his prospective employer that, "I've done a lot of lying in my time. I've lied to men who wear belts. I've lied to men who wear suspenders. But I'd never be so stupid as to lie to a man who wears both belt and suspenders." His point being that you can't slip one by a man who has redundant methods for keeping his pants up.

Back in the world of Internet security software, Web Root and Trend Micro are actually different Internet security products put out by different companies. You can read our reviews and see a comparison here. You actually should not have two Internet security products of any brand running at once. It's not so much that you're doing damage, but the products may interfere with each other allowing something else to damage to your computer. Instead of doing double security, you might actually be cutting your security down.

Webroot may do something that Trend Micro sees as virus-like activity, or vice versa. Of course, Webroot is not a virus, but its activities could be misinterpreted. At the very least, it's a bit of a resource drain. At worst, it could interfere in detection of an actual virus or firewall intrusion. So choose the one you like best and uninstall the other one.

In Ace in the Hole, it turns out that Douglas actually is lying. So, while Internet security software is neither belt nor suspender, the moral of the story is the same: sometimes being twice protected doesn't help at all.

When Fonzie jumped the shark, that spelt the end of Happy Days.

The FTC's warning to 100 companies and agencies, that their employees are leaking client and sensitive data on the web via Peer to Peer file sharing (P2P), is the single most pathetic and embarrassing communication to come across the desk of an IT professional. This is old news, and the FTC seems far behind. As Trautman tells Rambo, "it’s over, Johnny, it's over!"

The FTC certainly has their hands full with the mess of information security that we call identity theft. I’ve met some from the FTC. These are smart people who are doing the best they can with what they have to work with. But government is usually the last to be on top of what is new and ahead of what is next. Especially, with technology issues. Generally, they are reactive and fix it after it’s broke. They step in when there is a problem and work to fix it so it’s not a problem in the future.

How is it that after hundreds of data breaches and numerous articles that all point to leaks via P2P, there are still companies who allow the installation of technology that opens a big hole in your network?It's a hole big enough for a car bomb.

As Byron Acohido eloquently stated, “the Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer (P2P) file sharing networks.” The operative word here being “finally.” Why are we having this conversation?

For the under a rock crowed, P2P has been around since before the days of Napster. Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software for getting your computer hacked.

Last year the House Committee on Oversight and Government Reform responded to reports that peer to peer file sharing allows Internet users to access other P2P users’ most important files, including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software. In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for an entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and frankly, the most fun kind of hacking. I’ve seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild web.

Here's how to stay out of the P2P mess:

• Don’t install P2P software on your computer.

• If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.

• Set administrative privileges to prevent the installation of new software without your knowledge.

• If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select the shared data for you.

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Q:I received a Windows security alert and it directed me to have a scan of my computer which alerted me to numerous Trojan and viruses and worms.  Now I am not able to open any of my computer files or access my virus protection. Is this site legitimate or is it a scam?

A: It depends on where that warning came from. If it came from reputable Internet security software that you installed on your computer, it's probably legitimate. If it came from a website that you came across, it's probably a scam. Either way, it sounds like you probably have a virus, or some other piece of malware on your computer. A good antivirus product would have removed any viruses or advised you on further action.

A good first step is to try running a free scan from a reputable company, such as the one from Norton. This should give you an indication of what's going wrong. Depending on the quality and age of your antivirus product, you may want to consider upgrading to a more robust Internet security software product.

A webcam is certainly one way the bad guy can gain intelligence about you. They can use it to spy on you. They can listen in to everything you say all day. They know when you are home or not, whether or not you have an alarm—they watch you. But in my opinion, the real issue here isn’t the webcam, but the technology that allows for full remote control access to your network.

If you are a cave-dwelling unabomber you may have missed the story about the family, who is already involved in numerous civil judgments, suing their son's school for spying on him with the school issued laptop. Apparently, it’s not OK to spy on students who are issued a school laptop.

The school apparently installed laptop tracking software that is designed to find a stolen laptop. Laptop tracking often uses GPS, or IP-based technology that provides location-based information when plugged into the Net. The trick to this particular laptop tracker was a peeping Tom technology called a RAT, aka a Remote Access Trojan.

RATs can capture every keystroke typed, take a snapshot of your screen and even take rolling video of you. But what’s most damaging is the full access to your files, and if you use a password manager they may have access to that as well.

RATs generally monitor a PC without the user’s knowledge. RATs are a criminal hacker's dream and are the key ingredient in spyware. Common RATs are Backdoor Orifice and LANRev Trojan. It was the latter RAT that allowed the school district full remote access to the student’s laptop, at his home and in his bedroom. Creepola!

Now the FBI is in the fray. According to the original complaint, the student was accused by his school’s assistant principal of "improper behavior in his home" and shown a photograph taken by his laptop as evidence. That kind of backdoor slap on the hand for home-based bad behavior certainly raises an eyebrow. For every action there is a reaction, as they say.

RAT installation can be done by someone with full onsite access to the machine, or remotely through malware propagated by an infected attachment, malicious links in a popup, or a permissioned toolbar or other software. A RAT can come from a thumb-drive found on the street or in a parking lot, and even from off-the-shelf peripherals like a digital picture frame or an external hard drive that’s infected in the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.

There are plenty of remote access programs that use legitimate back door technology that we use every day. Examples include Radmin and GoToMyPC remote access. Your desktop has “remote desktop” which acts in a similar way. There are a dozen iPhone Apps that do the exact same thing.

Considerations:

An unprotected PC is the path of least resistance. Use anti-virus and anti-spyware. Run it automatically and often.

A PC that's not fully controlled by you is vulnerable. Use administrative access to lock down a PC, preventing the installation of unauthorized software.

Many people leave their PC on all day long. Consider shutting it down when it's not in use.

Unplug your webcam if you are freaked out by it. If it’s built in to your laptop cover it up with tape. You may also be able to disable it on startup, uninstall it and remove the drivers that make it work.

And invest in identity theft protection.

Protect your identity.

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated.

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing Webcam Spying on The CW, New York

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Q: What is an ID vault?

A: Many Internet security software products offer features related to identity theft protection. The best ones allow you to securely store personal information such as logins, passwords, credit card numbers, and other sensitive information for easy input into websites. In the past we've used the term ID vault a little generically to refer to this feature, but as your question points out the term is not clear. We're now referring to it as "credit card/login protection" though each company has its own name for it. Norton, for instance, calls its version of the feature Identity Safe. This is how it works:

We all get tired of typing in logins, passwords, and other frequently used bits of info such as address, telephone, and credit card numbers into our favorite websites. Most web browsers have an auto-fill function, which works fine for some info, but not for others. Often it's a little indiscriminate, and will auto-fill information even when you don't want it to. It also generally won't remember your credit card number, which is a good thing. You should choose exactly when and where you enter your credit card number.

This is where something like Norton's Identity Safe comes in handy. We mentioned that it's inconvenient to type in this info all the time, but it can also be insecure. A keylogger that records your every keystroke can grab password and credit card info when it's typed into an Internet form. A feature like Identity Safe allows you to password-protect all your important information and enter it when—and only when—you want to. So you can store your credit card info in a safely encrypted area and never have to type it in again. You can store all your logins and only ever have to remember one password, the one that manages your personal information.

The site couples Twitter status feeds with 4square activity. 4square is a popular social networking game that lets its users claim rewards for being in real places: bars, restaurants, stores, the homes of friends. One could see it as a web-enabled version of what dogs do when they encounter a fire hydrant. Users simply use a mobile phone application to tell the world where they are and, as the creator of pleaserobme.com points out, where they're not. Namely, at home.

As pleaserobme.com points out, the potential for criminals to find a network of targets is huge. The technology essentially creates a giant cross-reference of addresses:

It gets even worse if you have "friends" who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address… on the internet…

The site is controversial, of course. Some claim it promotes crime. But according to the Groenvold, the site's creator:

We're not trying to get people robbed, but helping them not to get robbed," said Groeneveld. "We're just presenting this information in a more obvious way. And that's our point: Everyone can see this on Twitter."

"Last year, the notorious Win32/Waledac Trojan made the rounds on Valentine's Day, downloading itself onto victims' machines and making them accessible to hackers for information harvesting or conscription into zombie armies."

While this makes February 14th sound more like Halloween than Saint Valentine's day, they have a point. Trend Micro advises people to be careful with emails purporting to be E-cards. Legitimate E-cards  are not sent as attachments, they're picked up online. Of course, even a link in an email can be the first step in a phishing or driveby-download scheme.

That doesn't mean you have to ignore these electronic love letters, but it does mean you need to be careful when determining which ones are safe. Blue Mountain has tips on how to identify email notifications that come from them. We think the best way to pick up your E-card is to go directly to the website which provides the E-card and look for a "claim your E-card" link, then enter the claim number found in the email. Remember, don't follow the link in the email. Here's where to go for Blue Mountain, and here's where to go for Hallmark. Other E-card sites can be found in Yahoo!'s E-card directory. If you don't find the provider listed there, it might not be legitimate. Also, no E-card site should need you to enter a password or other personal information to pick up an E-card. If it does, stay away.

While we're on the subject of love, you can show your computer how much you care for it by giving it the virus protection it deserves. It may not protect you from the hazards of love, but it'll help keep you safe online.

The brouhaha has largely focused on moral issues, and while some have demanded Kerr be fired, it's also become a bit of a cause celbre—well at least one celeb, Miranda Kerr. Should Kiely be fired for looking at porn? That's an HR issue. What we're more concerned about is an IT issue. Dave Kiely should not be opening image attachments at work, no matter what they're of.

Email attachments are a favorite way of spreading viruses and other malware. Kiely is a bank employee, and his computer not only has pictures of Miranda Kerr on it, but also likely has personal financial information regarding the bank's customers. Now, there's no evidence that any breach occurred. In fact it seems to be a prank and the real damage is to Kiely's reputation. But the potential is still there.

According to the article, a bank spokesman has said, "Macquarie and the employee apologize for any offense that may have been caused." And Miranda Kerr hopes he doesn't lose his job over a little ogling. But all of this misses the point, because the real threat is not to morals, but to customer security.