For the millions of computer users still running older versions of Microsoft Windows, the latest bundle of security upgrades for Windows XP customers may provide little comfort. But there are plenty of simple steps and free security tools available that do a good job of keeping legacy Windows users safe from hackers, viruses and spyware.

Analysts at the research company IDC say there are still roughly 200 million copies of Windows 2000/NT, ME, 98 and 95 in use, all of which are susceptible in varying degrees to online threats. Regardless of which operating system you use, keeping your computer secure is an ongoing process that requires several layers of protection -- and that goes even for XP users who install SP2. Online security is not a static, set-it-and-forget-it, one-time chore.

To make that chore as easy as possible, here is an introduction to some of the security tools available online today, as well as tips for keeping those tools current to fend off future threats.

Fight Fire With Firewalls

Firewalls are the bedrock of safe home computing, and you shouldn't go online without one. Windows 2000 and Windows NT systems have built-in firewalls, but setting them up properly requires some technological expertise that is beyond the grasp of many home users. The best option is to leave them alone and download one of several excellent free software firewall products from the Internet.

Many companies offer free firewall software on their Web sites but then try to steer you toward buying versions that contain more bells and whistles. Unless you feel at home configuring advanced networking options (and you're probably not), start with the free version. You can always upgrade later.

Here are links to just a few free firewall products: Zone Labs' Zone Alarm: www.zonelabs.com; Sygate: soho.sygate.com; Outpost Firewall from Agnitum: www.agnitum.com/products/outpost; Kerio: www.kerio.com/us/kpf_home.html.

Setting up a software firewall requires patience. Once it is installed, the program will spend several days periodically interrupting you, asking you to approve or deny requests from various programs on your computer to seek access to the Internet. It also may ask you to make that decision based on what seems like cryptic information at best. You may not realize, for example, that "Spoolsv.exe" is a file that lets your printer communicate with your computer over a network. When in doubt, look up the name at www.liutilities.com/products/wintaskspro/processlibrary/. If that doesn't work, try searching on Yahoo, Google or another search engine for the file's name to make sure it's legitimate and not a virus.

If you operate a wireless network in your home or business, it's a good bet that your wireless router came with a hardware-based firewall as well. Hardware firewalls protect computers from Internet-based attacks by masking their Internet addresses. However, they do not prevent viruses and other bad software that may already be on your computer from hijacking your Internet connection, so it is a good idea to use a software firewall all the time.

Patch Madness

After your firewall is installed, make sure your PC contains the latest Windows security fixes. Windows 2000 users should take advantage of the "Automatic Update" feature, which can be configured to notify you of new security patches. It also can download and install updates automatically when Microsoft makes them available. Windows 2000 users can load this option by clicking "Start," "Settings," "Control Panel" and then "Automatic Updates."

For everyone else, there's Microsoft's Windows Update Web site, at windowsupdate.microsoft.com. Visit the site, let it scan your computer and install any patches that it says you need. Some security fixes -- such as service packs -- need to be installed separately and require you to reboot your computer before installing other patches. If you're not sure whether you successfully installed the available patches, revisit the Windows Update site and let it scan your computer again.

Once you patch your PC, sign up for Microsoft's security e-mail bulletin, www.microsoft.com/technet/security/bulletin/notify.mspx, which goes out to subscribers shortly after patches are released. You also can receive Microsoft's free bimonthly security newsletter for home users at www.microsoft.com/athome/security/secnews/default.mspx.

Many patches require you to restart your computer. If you receive a prompt to restart, don't delay; in most cases the patch won't take effect otherwise. And remember, security software needs updating from time to time. Many anti-virus and firewall vendors configure products to take care of this task, but some PC security programs prompt you to visit their Web sites and upgrade to newer versions to remedy new security flaws.

Again, don't delay. Here's an example that shows what can happen when you do: Last March, the "Witty" worm attacked computers running Internet Security Systems' BlackIce personal firewall less than 24 hours after the company warned its customers to apply a patch to prevent the attack. Witty wiggled into computers through a hole in the firewall software, damaging or ruining the computer hard drives of more than 10,000 BlackIce customers who didn't take the time to apply the patch.

One final note on patching: Hackers often disguise malicious programs as patches in e-mail messages that claim to come from Microsoft or another software maker. As a rule, never download patches or other security enhancements via e-mail. Instead, type the vendor's Internet address in your Web browser, visit the site and look for recent updates.

Anti-Virus Antidote

Anti-virus software isolates and kills viruses and worms on your PC. Most anti-virus tools on the market today also do a decent job of scanning incoming and outgoing e-mail, one of the most common vehicles for malicious programs. Many computers come with anti-virus software installed but require users to pay for subscriptions to receive updates after several months. Many reputable companies also offer free 30- to 90-day trials of their products, including Symantec Corp.'s Norton anti-virus software (www.symantec.com/purchase/), McAfee (www.mcafee.com/us/) and Sophos (www.sophos.com).

There are also some free alternatives. Last year, Computer Associates partnered with Microsoft to offer a free package of firewall software and anti-virus tools (including a year's worth of updates). The promotion was supposed to end in June, but the package is still available at www.my-etrust.com/microsoft.

Another free option is AVG Anti-virus from Grisoft Inc. at free.grisoft.com/freeweb.php/doc/2/. AVG does a decent job locating -- but not deleting -- many viruses. Also, it doesn't hog nearly as much computer memory as some of the retail anti-virus products on sale today.

A few tips on using anti-virus software: If the option is available, make sure that it is set to allow the program to search for bugs in Windows' "hidden folders." Windows hides important system files and directories that contain the files hackers usually try to disable or corrupt. Also, make sure your anti-virus program is set to download updates automatically if that option is available.

Spyware Everywhere

Few computer pests are more insidious and aggravating than "adware" and "spyware," programs that invade your computer without permission and sometimes report back to marketing companies or the hackers who created them with information about your Internet activity. Even if they don't "spy," they can slow your PC's processing speed and Internet connection.

Fortunately, two of the best tools for squashing spyware are free. Lavasoft's Ad-Aware (www.lavasoft.de) will scour your entire computer for hundreds of kinds of spyware and adware and delete any it finds. The free version comes with unlimited updates (just make sure to select "check for updates" in Ad-Aware each time before you scan). Depending on how often you surf the Web, it's a good idea to program Ad-Aware to scan regularly. Ad-Aware Plus is a $20 add-on that prompts you every time an application tries to change which programs should be allowed to run when the computer starts up.

Another excellent option is "SpyBot Search & Destroy," available for free at www.safer-networking.org/en/index.html. Ad-Aware and SpyBot Search & Destroy target different types of spyware, and each will turn up junk programs that the other missed. Again, the best defense is constant vigilance and layers of protection.

Pop-up advertisements are a popular way to plant spyware, so using a pop-up blocker may help secure your PC. Google's Toolbar (toolbar.google.com/) works well, as does "Pop-up Stopper" from Panicware at www.panicware.com/product_psfree.html. If neither of these options appeals to you, there are dozens of other free pop-up blockers available online. Mozilla's Firefox Web browser also blocks pop-ups by default and protects against an increasing number of attacks aimed at flaws in Microsoft's Internet Explorer browser.