Recently I was reading an article saying that most people aren't truly secure and only believe they are. It said that using a firewall and keeping up to date on virus definitions wasn't enough. It claimed that Norton and McAfee were not very good security programs. It also said something about rootkits and other newer threats. Now I keep up with spyware and virus scans and keep it all up to date, running scans regularly, but I don't know too much about rootkits. I read the wikipedia article on them but I'm still not sure I fully understand them. How can I be sure that I am clean of them if the antivirus programs don't scan for them? Are there other security threats as well? If Norton and McAfee aren't very good, what program SHOULD I be running? I want to keep myself informed on the latest threats but it's hard. Is anyone able to help clear this up for me? I just hate having this black magic box mentality where you tell your security software to run and you trust it to protect you. I want to know what it's doing and why, only the will I feel truly secure.
Another question I had is why does everyone seem to keep their IP address a secret? It seems like if you're determined, getting someone's IP address wouldn't be very hard. I mean all you would need to do is get them to connect to your PC through an IM file transfer or something, or click a link to a webserver you are running, or something like that. Is telling someone your IP really that big of a risk? Realistically what could they do with it besides ping you?
Oh and one more thought occurs. I am currently running the free ZoneAlarm firewall. Is this a good firewall? The fact that it is free kind of makes me think there might be better ones out there, but I suppose that isn't necessarily the case :P I do have money and would be willing to pay for a nicer firewall if there are indeed better ones out there though.
I'm sorry if these are stupid beginner questions but I am having trouble finding the answers through simple google searches.