"It's not so much people not realizing they're vulnerable than it is they don't believe they're a target," he said. "The fact is, anybody can be a target."
The reasons attackers would want to break into your machine are as varied as the methods for doing so.
Computer criminals often use other peoples' PCs for storing files that would be incriminating if found on their own machines, such as child pornography or lists of stolen credit card numbers, said Marc D. Goodman, senior managing director of the Digital Security and Investigations Group at Decision Strategies in New York.
More frequently, criminals hijack computers for financial gain or as a means of attacking others with impunity, Goodman said.
2. Use anti-virus software and update virus definitions regularly. More than 80 percent of Internet users surveyed in the AOL study have antivirus software installed on their computers, but less than a third said they regularly update their virus definitions, an indication that most users do not bother to pay the renewal fee when the antivirus software subscription expires, Gau said.
"The lack of proper security hygiene at the individual level can put the rest of the Internet at risk," Uncapher said. "It becomes similar to someone who doesn't get properly vaccinated and ends up spreading diseases to the broader public."
Once executed on a vulnerable computer, most viruses transmit copies of themselves to all of names in the victim's e-mail address book. As a result, people who don't use antivirus software or allow their virus definitions to expire are putting their friends, co-workers and loved ones in the line of fire, Uncapher said.
"With antivirus software, you're not just protecting yourself for your own sake, but also for the sake of those you communicate with," he said.
3. Create secure, original passwords. Creating unique passwords is
one of the easiest ways for consumers to ensure their privacy and security online. See Cybersecurity Primer for more tips.
4. Update your computer(s) with the latest vendor security patches. Fully 95 percent of all network intrusions can be avoided by keeping computer systems updated with the latest vendor patches, according to the Cert Coordination Center's Software Engineering Group, a government-funded computer security watchdog group at Carnegie Mellon University.
Visit www.cert.org for a comprehensive list of security alerts and vendor patches. Windows users can go to windowsupdate.microsoft.com to install the latest updates. Using Microsoft's automatic update notification service, users can get updates when they are released. Windows XP users can configure updates to install automatically.
5. Practice basic e-mail and downloading "street smarts." Most viruses are transmitted as e-mail attachments. Some may come from people you know; others will enter your inbox bearing enticing subject lines. Either way, users should be wary of opening all attachments, and scan each one with antivirus software before opening them. Avoid opening e-mail attachments that contain the ".vbs" file extension. Short for visual basic script, .vbs is commonly used in writing computer viruses.
People who use so-called "peer-to-peer" file-sharing networks such as Morpheus, Kazaa and Limewire place themselves at a particularly high risk, especially when downloading "executable" programs, experts say (executable files have names that end in ".exe").
"Kazaa and other P2P networks are filled with viruses and other bad stuff," Goodman said. "Often times the most destructive things are programs that won't be caught by antivirus software."
Such nasties include so-called "Trojan Horse" programs that allow attackers to control your computer from afar, and keystroke loggers, which can record everything you type on your keyboard, including passwords and bank account numbers.
P2P users also should take care to limit the directories they share. It is not uncommon for users who rush through the process for installing programs that run those services to end up sharing the contents of their entire hard drive.