Windows 98: has no security whatsoever. You can set up multiple users with different passwords, and you can use Policy Editor to make sure that someone can't just press escape, but once someone has logged on they can open any file on the computer. Zip files and some MS Office files can be password protected, but I believe these can be cracked easily (not sure how though). Third party software can be added to Windows to add file protection. If someone restarts the computer in MSDOS mode they can also access files.
Windows NT: offers file and folder security if installed on an NTFS partition. But if the administrator password is simple it can be guessed, or obtained using a program like l0phtcrack. An administrator can open any file on an NT system, even if they do not have permission. This is why administrator passwords should always be lengthy, mixed case alphanumeric and featuring special characters. Also somebody could install another copy of NT in another partition with themselves as an adminstrator and thereby get access to everything on the computer.
Covering your tracks (after a bit of dodgy browsing with Internet Explorer)
The obvious:
The not so obvious:
The paranoid:
Even if you burn your computer to ashes, remember that all websites can potentially log at least the IP address of all visitors, and that all newsgroup postings are logged and can be searched eg. using Google groups. ISPs will usually surrender personal details of users if pressed by law enforcement agencies. So don't do anything illegal!
Some people are paranoid about using credit cards over the Internet. If you buy from companies like reputable companies using SSL then it'll be fine, and there's more chance of someone stealing your account number at a petrol station than over the Internet anyway. SSL basically establishes a secure connection between your computer and the one handling the transaction. It's pretty difficult to intercept transmissions using SSL from another computer, and even if you do the information is encrypted. Encryption can be cracked but as this takes several hours if not days the transaction will probably have finished by then.
Security and encryption is a touchy subject, especially for the American government. Until recently the Pentagon classified 128 bit encryption along with any computer over 800 Mhz, as military weapons which cannot be exported (in case they end up in China). These rules have been relaxed somewhat now with the advent of 1Ghz processors. But software products with 128-bit encryption still cannot be exported from America, which means that while people living in the USA or Canada have nice 128-bit versions of NT and IE, we have pointless 40 bit encryption which can be cracked without too much trouble, (although actually the 128-bit upgrade for NT and IE5 can be downloaded from Replay Associates, based in Holland) and the poor sods in France have no encryption at all (I've heard). There are numerous new encryption algorithms, developed no doubt by some fiendishly clever mathematicians, which are virtually unbreakable, but they will not be endorsed because the truth is that caring organisations such as the British and American Governments and the CIA want to be able to read people's data.
Security is an ongoing process, and any new method is only effective until someone cracks it. If someone really wants to know where you live, or get your credit card number they can, just as a determined thief can infiltrate any building. Credit card numbers have been posted on web sites, computers at Visa have been hacked, and 512-bit encryption has been broken. but you have to take comfort in the knowledge that the vast majority of people either don't have the technical knowledge (although it's getting easy now, with detailed arial maps and lists of ex-directory numbers available), or don't have the money/determination to do it.
Some links:
Microsoft
Security
Cult of the dead cow - home of Back
Orifice
CIAC Security Website
The Euro - what a waste of time.