You need a good antivirus program, a strong firewall program, an effective antispam program, and a program that specializes in stopping spyware and adware. Or you could just buy an Apple Macintosh, which isn’t significantly affected (so far) by these threats, other than spam email.

But the fastest-growing computer-security problem isn’t viruses or other traditional malicious programs, and it can’t be entirely defeated by using security software or by buying a Mac. It’s called “social engineering,” and it consists of tactics that try to fool users into giving up sensitive financial data that criminals can use to steal their money and even their identities.

Social engineering is a broad term that includes “phishing,” the practice by which crooks create emails and Web sites that look just like legitimate messages and sites from real banks and other financial companies. It’s closely linked to a newly named category of malicious software called Crimeware — programs that help criminals steal your private financial information.

These terms are confusing and overlapping, but the threat is real. Increasingly, common-looking scams are combined with secret installations of software that help criminals spy on you and steal your data.

Here are a few tips to help you avoid these schemes:

1. Don’t trust email from financial institutions. Email is so easily manipulated by crooks that you simply should never, ever consider any email from a financial institution as legitimate. The message may bear a bank’s or a broker’s logo, but you should never respond to such an email, and never click on any link it contains.

There is a very high chance it’s a skillful fraud, and that the link will take you to a clever fake Web site designed to capture passwords and account numbers. The site may also silently install on your PC a program called a key logger, which records everything you type and sends that information back to the crooks.

2. Never respond to unsolicited commercial email, or spam, or even click on a link in an unsolicited commercial email. In the old days, responding to spam just got you on more spam email lists. Today, it might also result in the secret installation of a key logger or other malicious software.

Besides, any company that has to resort to spam as a sales tool isn’t likely to have a very good product to offer. Do you really think that if someone had invented a pill that enlarged penises and breasts, he’d be selling it through spam? He’d have sold it to a big drug company for billions. And nobody in Nigeria needs your bank account to store stolen millions.

Would you buy a stock touted on the street by a complete stranger? If not, why would you buy one touted in a spam email?

The only safe response to spam is to ignore it and delete it.

3. Don’t download or use free software unless you’re sure it’s legitimate. Sites offering free cursors, for instance, can secretly install all sorts of bad stuff on your PC. This is especially true of free security software, which is sometimes just malicious software posing as a security program. If you suddenly see a security program pop up on your PC, don’t trust it.

There are many legitimate free programs, including some good free security programs, like SpyBot or AVG Anti-Virus. But check them out before downloading. Look them up on the CNET or PC Magazine Web sites, which review most software. If they’re not covered there, assume they’re not legitimate. You may pass up some free programs that are real, but it could save you from huge grief.

Earlier, I said that buying Windows security software, or using a Macintosh, can’t automatically protect you from social-engineering schemes, and that’s true. But they can help. An antispyware program can’t prevent you from entering sensitive information on a fake Web site, but it might block the installation and operation of spying software from that site. A Macintosh owner can foolishly give up her bank account number, but most malicious software that crooks try to install won’t work on a Mac.

And there are some new security programs aimed directly at social-engineering scams. McAfee’s Site Advisor program can tell you if a Web site seems bad. A new add-on for the Firefox Web browser, called Shazou, can tell you where a Web site’s server is located. If you think you’re on the Bank of America Web site, but Shazou tells you the server is in Russia, that’s a clue that you’re being scammed. And Symantec plans a new product this fall called Norton Confidential that will tell you if a Web site appears to be a fake. Also, forthcoming new versions of Firefox and of Microsoft’s Internet Explorer browser will have built-in warnings that sites may be fake.

The best defense against social engineering, however, is to be smart and careful.

• Email me at mossberg@wsj.com.

These creeps now find it easier than ever to defraud people, steal their identities and blast them with unwanted or false advertising. They use the Web as a pathway to infect computers, corrupt data and take over others’ machines.

Security software can help block this wave of woe. But it would be better to know in advance if a Web site that comes up in a search result, or one you arrived at through other means, is harboring malicious software, or perpetrating scams, or generating spam and unwanted pop-ups. It might also be nice to know if a site with an innocuous name contains pornography, hate speech or other content that might be offensive to you.

I’ve been testing two services that aim to provide such advance notice of bad or offensive sites. The services, Scandoo and SiteAdvisor, take different approaches to the task and offer different features. But both instantly mark up a search-result page, and label the links that might be dangerous.

Both services are free of charge, and each works on both Windows and Macintosh computers, and in multiple Web browsers. On balance, I prefer SiteAdvisor, though Scandoo has a couple of things SiteAdvisor lacks.

Scandoo, still in beta, or test, phase, is from a company called ScanSafe, which provides site-scanning and security services for corporations. SiteAdvisor was founded by some engineers from MIT and was recently bought by McAfee, the big computer-security firm.

SiteAdvisor works via a software plug-in that you download and install. The plug-in, available at www.siteadvisor.com, modifies either the Internet Explorer browser for Windows, or the Firefox browser for Windows, Macintosh and Linux, so the browser can identify bad Web sites. SiteAdvisor works with the Google, Yahoo and MSN search engines.

Scandoo requires no software downloads and works with more browsers than SiteAdvisor does. But it requires you to enter a search term at its Web page, www.scandoo.com, rather than at the home page or search box of your favorite search engine. It then transfers to the search engine you choose and modifies the results page to identify sites that may be troublesome. It now works only with Google or MSN.

There are some other major differences between the two. Scandoo scans Web pages on the fly to look for bad stuff. SiteAdvisor matches Web sites against a database it has compiled about content. Scandoo works only on pure search results, not the ads alongside the results. SiteAdvisor rates the results and the ads, which often are more dangerous.

In addition, because it is built into the browser, SiteAdvisor can rate any site you are visiting, not just sites listed in search results. SiteAdvisor places a small, unobtrusive icon in your browser. The icon is green if you are on a Web page it considers safe and honest. It turns red if it regards the site as dangerous.

Scandoo works only on search results pages. But it has a function SiteAdvisor lacks. It can rate pages for offensive content, while SiteAdvisor focuses just on the presence of malicious software, or invasive advertising techniques. Scandoo allows you to specify which kinds of content you want flagged, including pornography, hate speech and gambling.

SiteAdvisor also flags sites it regards as perpetrating scams, like charging people for software that actually is free. But in my tests, it ignored some other scams, such as offers for pills that magically enlarge body parts.

In my tests, SiteAdvisor consistently flagged more Web sites as bad than Scandoo did. When I searched for “Free iPods” in Google, Scandoo gave all the regular search results a green check mark, meaning OK. SiteAdvisor marked the first regular result in red and gave it an “X,” meaning trouble. It also marked most of the ads in red and gave them “X’s.”

This is partly due to different techniques they use. Scandoo claims its real-time scanning can uncover bad sites SiteAdvisor might miss. SiteAdvisor claims its database is more comprehensive.

Another reason for the disparity is that SiteAdvisor isn’t just looking for viruses or spyware. It uses test computers to see if sites are likely to generate what it calls “spammy” email or pop-up ads. If they do, the sites get flagged.

Some might regard SiteAdvisor’s filters as too aggressive, but, unlike Scandoo, it gives a detailed explanation for each rating. The explanations I saw made sense. For the free iPods site SiteAdvisor flagged, it explained: “After entering our e-mail address on this site, we received 11 e-mails per week. They were very spammy.” It even showed some test emails.

Both services are very helpful. You might want to use Scandoo if you’re concerned about offensive content. But for flagging malicious software and invasive advertising, SiteAdvisor is more comprehensive and tougher.

• Email me at mossberg@wsj.com.