Rafe Needleman and Brian Cooley (a.k.a. the Cat Master) discuss the best hardware and software for monitoring your home when you're not there. Plus, your questions answered!

Laptops are all the rage these days, but they're easily stolen, even from places you think are safe, like work. Even if you just lose a laptop, you probably don't want anyone to have easy access to all your data just by pressing the power button.

That's why the first step (definitely not the last, but the first step to protecting your laptop) is to put strong password protection on your user accounts. Most people think this is a pain, but it's easy to set up and a small price to pay in inconvenience to keep your data safe.

Windows

Go to Control Panel and choose User Accounts.

Choose the Advanced tab.

Check the box that says Require users to press Ctrl-Alt-Delete.

Press OK.

If that's not how your Windows machine looks, try this from the User Accounts screen:

Click Change the way users log on or off.

Uncheck the welcome screen option.

This forces a user to enter a username and password when they log in.

Now go back to the Control Panel and open Display Options. Click the Screen Saver tab.

Check the option that makes the screen saver ask for a password.

Then press OK.

Finally go back to the Control Panel and this time choose Power Options.

Select the Advanced tab. And make sure you check the box by Prompt for password when the computer resumes from standby.

Press OK.

Mac

Go to System Preferences and choose Security.

Check Disable automatic log-in.

Check Require password to wake this computer from sleep or screen saver.

Now you need to take other action like logging out of accounts, encrypting data, and so on. But you're on the right track to a safer laptop setup. Just in case.

Rafe and Tom answer tech questions about getting Microsoft software for cheap, the security of bank apps and more.

If you log-in to your Gmail account on computers that aren't yours, you're probably very responsible about logging out afterward so that no one can steal your e-mail account. But what about that one time you were drinking too much at the library (again) and you can't remember if you logged out of the public terminal?

Here's how to find out if you're logged in anywhere else, and what to do if you are. Scroll down to the bottom of your screen and click details.

You'll get a pop-up window listing all the other IP addresses that have logged into your account. If they're all the same, they're probably just the computer you're on, and you're OK. However, if you see a different one, you may have a problem.

To be sure, click "Sign out all other sessions" and all but the account you're currently using will be kicked out. If you're worried at all that someone may have figured out how to access your account, be sure to change the password right away.

The employee most likely thought they had proper security protections in place. We'll show you how the Gmail account got cracked, and how you can take better care to protect your Gmail account.

Obviously, you should start by picking a strong password that's not a dictionary word or easily guessable. But that password is only as strong as Google's password recovery system. Google allows three methods to recover your password. E-mail, SMS, and the vaunted "security question." Three methods an attacker could use to gain entry to your account.

To check your password recovery options, go to settings, choose Accounts, and click on Google Account Settings. Then click "Change password recovery options."

The e-mail recovery method tripped up the Twitter employee. In this method, if you forget your password, you can specify an e-mail account where a password-reset link can be sent. This is common practice in Web services.

Allegedly, the Twitter employee had their recovery account set to a Hotmail account that was deactivated. The hacker was able to guess what the e-mail had been, reregister the account, and was able to get the password reset link sent to the Hotmail account.

How do you protect yourself against that? Well make sure you have a valid e-mail account listed as your secondary account, and make sure that account has solid security protection. Or better yet, don't use this method. Just leave the secondary e-mail account blank.

You have two other methods to choose from.

Method two is SMS. This is fairly secure, since any attacker would have to get access to your phone, or at least be near enough to intercept text messages to your phone number to steal your password. While this isn't impossible, it's a taller order. Of course, it also means you have to have a phone with a text messaging plan. Still this is my favored method.

Method No. 3 is my least favorite. The Security Question. This is where a lot of people fail. If you make the answer to your security question something guessable or easy to find out, then the strength of your password won't matter. Google suggests a few hard to guess things like your first phone number or Dad's middle name. But while they may be hard, all of these are discoverable. Thankfully, Google lets you write your own question.

I think you should treat this security question like another password. Write your own question and make the answer something entirely unguessable. Like What have you never told anyone else about? Answer: 5623break. Yes, that may be hard to remember, but it's very secure. Unfortunately, they don't let you leave this field blank, so at best you can fill it with nonsense information.

No system is 100 percent secure and obviously the most secure method here would be to provide no way to recover your password. However, if that's too strict for you, now you have some information to help you choose where in that balance between protection and convenience you land.

The Internet is full of threats like cross-site scripting attacks and clickjacking. A lot of these attacks work by injecting scripts in Web pages that you don't even know are there. You can give yourself a modicum more protection by running a Firefox plug-in called NoScript.

NoScript blocks all scripts from running until you authorize them. Let me show you how it works.

Go to addons.mozilla.org and search for NoScript or get it from Download.com. Install it as you would any add-on. Once you have it installed, look in the bottom right corner at the little S with the cross-out symbol.

Clicking on it brings up a submenu that lets you choose how to handle scripts on the page you're at. The safest way to go is not to allow any scripts. You'll never fall victim to code that doesn't run.

But some sites won't work without scripts so, the next safest thing is to temporarily allow only the scripts you need or trust. A lazier and slightly less safe method is to temporarily allow all on a page.

The next more convenient level, but also less safe is to permanently allow scripts individually or all for a page. This becomes necessary for things like your Bank's Web site or Google Docs where you don't want to constantly allow scripts every time you launch your browser. If you permanently allow scripts from a site, you're putting your trust in that site that it will never allow itself to be infected by a malicious script.

The worst thing you can do is globally allow all scripts. You might as well not run NoScript at that point. If you have allowed a script on a page and you change your mind about it, you can always choose forbid, to start blocking it again.

Running NoScript means you're going to have to do a bit more thinking about pages you surf to. It was enlightening when I first started running NoScript to see which of my banks and utilities worked just fine without scripts and which became disabled. If nothing else, NoScript gives you more control over what risks you expose yourself to on the Net.

Watch the show on CNET TV.

Things we Crave

Free Trendnet updates TV-M7 wireless camera monitor application.

Alleged PS3 Slim spy photos get cease-and-desist treatment.

Cheapskate

Get an iPhone charging dock for $5.99 shipped

First Look

LG 160 (Credo Mobile)

Voyager Q

Links we mentioned

Ray in Georgia asked Brian Cooley if he still loved the Smart Car. Short answer? No. Andrew from England asked about iPhoto loading everytime he plugs his iPod Touch in and how to minimize subwoofer bass from going through the floor. You can turn off a preference in iPhoto to stop it loading.

Auralex SubDude for isolating bass sounds.

Jeremiah Grossman's Top Ten Hacking Techniques. This link includes the chart showing how the IFRAME clickjacking works.

Adobe Flash Player 10.

Stream Pandora to your home stereo using Airport Express

The Airfoil software that lets you stream Web music to Airport express.

Reinstall Windows XP without the CD.

Tales sent this link for replacing Windows CDs on HP machines in Europe.

Official Microsoft policies on replacing lost Microsoft software.

Kodak EasyShare Picture Viewer

Palm LifeDrive

Paul Kocher from Cryptography Research gives us the lowdown on botnets and just what we need to be afraid of.

Watch the show on CNET TV.

Things we crave:
Trade HD DVDs for Blu-rays with Warner's Red2Blu program

PediSedate

Download of the week
Netstumbler and iStumbler

Cheapskate
Netgear N router for $25

Your video call
Mark in Albuquerque, N.M. wants to know why Windows update isn't working fro him in Parallels. A tough one to do without followup questions, but most likely he needs to have Parallels tools installed. If that's not it, a bridged connection instead of a NAT might help. If he's virtualising off a Bootcamp partition, try doing the updates in boot camp. If none of that helps, take a look at this forum thread on Macworld.com.

Your calls
For the caller with the DVD drive that disappeared when he plugged in an external hard drive, we suggested some troubleshooting steps. Look to see if the drive still shows in BIOS. If it doesn't, the drive is likely toast and it's all a coincidence. If it does show up there, then try booting off it, say with a live Linux CD like Ubuntu, just to make sure it works. If that works, try upgrading the drivers in Windows. More ideas can be found here.

For underwater digital cameras, Brian Tong pointed out, you can get waterproof enclosures for any camera. This is good enough for poolside and snorkeling. There are also some heavier duty cameras meant for underwater use. There's a good forum thread about this at CNET forums.

The MSI gaming series laptop is a decent gaming laptop, but if you only want light gaming, a cheaper Netbook and desktop combo might cost you the same or a little cheaper.

CNET Store

Take a look at shop.cnet.com where you can order CNET T-shirts, mugs, and more.

In the wake of the Conficker worm, we dug into our research vault, known as the Web, and ferreted out the five deadliest computer viruses/worms of all time. Turns out all we needed to do was read the London Times. And all they needed to do was ask a security company.

Watch the video, then come back here and answer the trivia question. If you are one of the first 10 people to get it right, you have a chance to win the fleece. Best of luck!

P.S. If these five PC viruses give you the chills, check out our favorite freeware antivirus and other security picks in CNET Download.com's Security Starter Kit.