The information superhighway is a two-way street: if you can get out into the virtual world, then some of the less savoury inhabitants could also get into your personal computer. Scary, isn't it?

OK, so you have nothing to hide and nothing worth stealing, so no-one's going to invade your PC, right? Wrong.

The computer intruders out there don't know what you've got until they've had a look around your hard drive. And once they've done that, who knows what they might do? Even if they just deleted or renamed a few files, or changed some data, that wouldn't be very nice.

As wake-up calls go, you might think this is late: intruders have been breaking into computers for at least 20 years. But this was mostly people with home computers breaking into large corporate networks, usually for fun. Now they are breaking into home computers and it's no fun at all.

My own wake-up call came soon after British Telecom introduced its free (0800) internet service at the weekends. Instead of getting on and off the net in a hurry, I'd stay on for hours, which made my PC much more noticeable.

And for the first time, I became aware of other users trying to access my machine, or at least testing the "ports" through which computers listen to the net. (To find out which ports are listening on your PC, simply open a DOS window, type netstat -a and press Return. Do you know which programs are using those ports? If you see 12345 or 31337, be very afraid.) Today I can get at least 50 alerts over a weekend.

My interest in "firewalls" - special programs designed to keep intruders out - took a sudden leap.

My son, who is 14 and knows everything, told me not to be silly (I paraphrase slightly). Every kid has a port scanner, he said, and they probe people's ports when they're bored. It doesn't mean they can get into your PC. Not in my case, because - unlike you - I'd spent several hours going over the thing with the computer equivalent of a fine-tooth comb. But people can get into a PC, and do almost anything they like, if there's a "trojan" such as NetBus or Black Orifice or SubSeven sitting on the hard drive.

That's why many of those "innocent" probes are for the ports that these remote control programs usually use, such as 12345. In other words, would-be intruders are not looking for your PC in particular, just for any machine with a trojan that provides backdoor access.

Of course, you wouldn't have installed such a program deliberately, but it might still be present. It might have been concealed in a game that you downloaded from the net (whacked any moles recently?) or emailed to you as an attachment.

Someone else - not you - might have got one from a pirate software CD.

Part of the problem is the growing trend to hide what's going on, to make computing seem simpler than it really is. What about all those programs that various websites install on your PC or Mac for your convenience? What about the routines concealed in Java or JavaScript or ActiveX controls? How many people know what they do?

There are several web pages that will show you how vulnerable your computer is, without doing anything illegal. Privacy.net has a good one which can probably tell you your name, the name of your PC, the name of your workgroup, the name and address of your internet service provider, and sometimes your email address. More personal information may also be stored on your PC in "cookies" including details of web pages visited and advertisements viewed. (Cookies are small text files that websites can deposit in your PC's Cookies folder, unless you set your browser to reject them. This is done from the Tools menu in Microsoft Internet Explorer 5: select Internet Options then the Security tab.)

For an even more worrying experience, go to the Gibson Research Corporation website and invite it to probe your computer's ports. Steve Gibson is much more paranoid than I am about people getting access to your computer, and he just might be right.

Fortunately there now seems to be a solution, and for home users with Windows PCs, it's free. Go to the Zonelabs website and download the new ZoneAlarm 2.0. Find the 1.5 megabyte file called zonalm20.exe, on your hard drive and double-click it to install the program.

ZoneAlarm is a firewall that monitors all the internet traffic in and out of your PC. It will stop websites from sneakily accessing your hard drive, and will keep out intruders doing port scans or trying to find trojans. For an illustration of its effectiveness, go back to Privacy.net and GRC's site and retest your machine for privacy and security.

ZoneAlarm is not a panacea. For example, once you've allowed your browser access to the internet, there's nothing to stop you from downloading a trojan.

Nor will it stop you from running email attachments that you should have no compunction about deleting on sight.

However, it will stop things happening in the background that you probably wouldn't know about, unless you'd already bought a firewall such as BlackICE Defender.

Nor does ZoneAlarm check for trojans such as NetBus and SubSeven, or for viruses and other nasties. You should do this separately using a virus checking program. There are lots available: just make sure you use the latest version of a program that also checks for trojans.

As for those cookies, Webroot's Window Washer (or MacWasher) can be used to clear them out, and you can download a trial version from the website. But installing ZoneAlarm should be just the start of a more defensive attitude to computing.

It's time we stopped letting website designers shove all sorts of rubbish at us in the name of a more "personal" experience when that seriously compromises our security and our privacy.

• For detailed information on firewalls and listening ports, see www.robertgraham.com/pubs/firewall-seen.html