The news earlier this month that two major Windows security flaws were found should send warning signals to computer users that they must be constantly on the lookout for updates and patches to the software on their machines.

While your tech guy at the office should be up on these matters, it's the home user who probably is the most vulnerable to hackers who exploit these software bugs to gain access to computers so as to wreak malicious havoc.

Security experts estimate that as few as 25 percent of users download security patches from the software companies regularly. And this includes the many patches Microsoft produces almost every week to fix glaring glitches or security flaws in Windows, Word, Outlook and Internet Explorer.

Getting the latest patches is a task every home and business user should regularly do once a week along with a backup of files.

One of the recent security flaws has been labelled as potentially one of the most damaging as Outlook Express users don't even have to open an e-mail that has been downloaded for a malicious code to execute and cause damage on their computers. Outlook users need to open the e-mail for a damaging virus to execute.

To fix the security hole and others go to http://www.microsoft.com/technet/security/current.asp on the Internet where you'll find all number of patches to Microsoft software. As of Sunday Microsoft had listed on its site seven patches to fix security flaws in its various software and that's just for the month of July.

Perhaps the easiest way to update Microsoft products is to go regularly to http://windowsupdate.microsoft.com. The site will give you most of what you need. There you'll find a link to http://officeupdate.microsoft.com.

This is a great site. You click on automatic update and the site will produce the number of downloads you need to do listed in order of priority under "Critical updates'' and "Recommended updates''.

On Sunday I needed to install Office 2000 Service Release 1a (SR-1a), and Outlook 2000 SR-1 Update: E-mail Security. These were the critical updates.

Under recommended updates I needed the Word 2000 SR-1 Update, Collaboration Data Objects Patch, and the Excel/PowerPoint 2000 SR-1 Update. What a hassle and a time-waster all of this is, but necessary if one is to attempt to avoid future problems.

Apple users need to go to http://www.apple.com/support for their fixes and updates. Now, don't say you haven't been warned.

E-mail dangers The Microsoft anti-trust trial brought home to many executives the potential dangers of not keeping track of information stored on corporate computers.

In an article on Law.com (a great site), corporate counsel Catherine Aman says many companies fall down when it comes to tracking potential digital evidence.

"The bad news is that despite innumerable articles spawned by the Microsoft litigation warning that e-mail evidence can be lethal, many companies still don't have electronic document retention policies,'' she wrote.

"Some are unwittingly holding on to everything; others have no rules to guard against spoilage of electronic data in the event of a suit; still others have policies -- but have implemented them so imperfectly that they might have created new problems.'' A big part of the problem is that corporate lawyers tend not to understand what the information technology (IT) department does.

"IT staff typically have two mandates: Keep the network up and don't lose anything,'' she writes, quoting a PricewaterhouseCoopers investigator. "So if you're assuming that the company's electronic `closets' are being cleaned on a regular basis, you're probably wrong.'' In a survey of 216 litigators PricewaterhouseCoopers found that 83 percent said no when asked if their clients had an established protocol for handling electronic discovery requests.

The experts quoted in the article recommend that companies issue policies that distinguish between official and unofficial e-mail so that employees have clear guidelines on what to save as official communications.

The policy should be followed up by consistent and complete implementation and auditing. The article advises in-house lawyers to find out how digital information is being stored and where it is being kept.

"While your instinct may be to ask the chief information officer for this, go instead to the operational level,'' the article states. Another piece of advice is to meet regularly with your IT staff to learn what they're doing and teach them the legal ramifications of their actions.

It seems to me both pieces of advice should be followed on an even broader scale when dealing with business decisions.

Tech Tattle deals with topics relating to technology. Contact Ahmed at ahmedelamin yhotmail.com or (33) 467901474.