Now more than ever, the key component of any computer security system is right between your ears.

Technology-based assaults - viruses, worms, Trojans and assorted other hacks - are still omnipresent and protective software remains essential. Microsoft's new Vista operating system was designed to close Windows security vulnerabilities, and a wide variety of security suites are on the market to protect against an ever-growing list of threats.

But scams and identity theft are escalating at an even more rapid rate. While software can help, in most cases the best defense is your own common sense. If an offer is too good to be true, an e-mail is from a source you don't know or it seems to be from a known source but is out of pattern (e.g., a financial advisor asks for information they should already have; there is an odd attachment in the e-mail), you need to observe the Three Don'ts:

* Don't open it.

* Don't respond to it.

* Don't forward it to someone else.

The famous Nigerian scam (an e-mail from a supposed VIP in Nigeria who needs your help to get millions out of the country by putting up a little front money) is a con game as old as crime itself. There probably was a variant on this in ancient Babylon. The only thing that's special about the high-tech incarnation is that a spammer can send out a couple of million e-mails with little effort or expenditure, thereby increasing the odds for finding that one sucker who is born every minute.

Similarly "phishing" (pronounced "fishing") is just a new electronic variant of fake letters or phone calls from con men and con women looking to trick you into giving up credit card or banking information. In such cases, the e-mails direct you to a fake website or e-mail reply address. The problem has reached the point where you simply cannot trust unsolicited e-mails that appear to be from eBay, its PayPal money transfer arm or most banks and brokerages. Note: "unsolicited" - if you did make a transaction or signed up to be notified of bills coming due, you can't use fear of phishing as an excuse for nonpayment.

You do need security software because some threats cannot be stopped solely by your good judgment - and besides none of us is perfect. Vista, as with the most recent Windows XP update, includes some minimal firewall service (protection against intruders hacking into your system), but no antivirus software. For that, my recommendation is Symantec's Norton AntiVirus (the latest version is branded "2007"). Norton's pedigree goes back to the earliest days of PC computing, and they pretty much have this task down pat.

As for comprehensive security suites, revisions to accommodate Vista still are works in progress. The front-runner at the moment is Symantec's Norton Internet Security 2007. However, while antivirus, firewall, anti-spyware and browser components are ready, anti-spam and Web ad blockers are available only for XP. Vista versions are due next month. The latest version of the major rival package, CheckPoint's ZoneAlarm Security Suite, which will be Vista capable, is not yet on the market.

One interesting new market is the Apple Macintosh. Although Mac advocates like to brag about better security than Windows, that advantage depends in no small measure on the fact that Apple's market share doesn't make Macs a particularly tempting target for hackers. But as a minimum, Mac users ought to have antivirus software installed - if only to avoid forwarding infected e-mails on to Windows users.

Meanwhile, the advent of the Intel powered Mac has led to a variety of products (notably Apple's Boot Camp and Parallels Inc.'s Desktop for Mac) that let you run Windows on a Mac. So however limited the vulnerability may be on the Mac side, the Windows operations will be subject to Windows's vulnerabilities. Intego, a British tech company, has been specializing in Mac security software with its VirusBarrer X4 and Internet Security Barrier X4. Now it is offering bundles of the Mac products along with a matching Windows suite from BitDefender, which can save users money compared with buying two separate suites.

But that gets us back to where we started. The security suites and most browsers now try to guard against such things as phishing. This approach only goes so far; software can only catch previously identified scams not the very latest one.

Your best protection is: When in doubt, be doubtful. Call the company yourself or send an e-mail using a known good address rather than simply hitting "reply" or clicking on a link. Don't do the scam artists' jobs for them.

Al Gordon is a Massachusetts-based media and political consultant who also writes about technology. You can read more of his articles at www.algordon.com/techblog.html and e-mail him at eagle@algordon.com.