I really need help!!!

A buddy of mine knows a couple of hackers who have done sh*t to his system 
without informing him.   They acquired all of his information from his laptop 
and his WebTV.  He was paranoid about what they might do to his information 
(c cards, social, etc).  I told him enough to scare him into talking to those 
hackers.  They confessed, and they told him what they did, and what they are 
capable of.   But, what scared me the most is what he said they did to me 
without me knowing.  They told him about what I do with Linux based on my 
command prompt history.   My buddy wasn't messing with my head, because 
before they told him that, he didn't know what a command prompt was.   This 
guy accessed my system through my ppp connection with Inficad, even through 
the random ip addresses that they send.

The point to all of this is:  I want to find out how to stop this from 
happening.  I have a few ideas of my own, and I have lots of questions.

Besides setting up a firewall, what other security measures should I consider 
implementing?

What will it take to keep this guy out of my system?  What is he capable of 
doing besides knowing my command history in my term windows.  Would it be 
effective if I set up a user for myself (I am always root) to keep him out?  
I am not on a LAN, just ppp to inficad, and I don't know if being root is 
dangerous or not.


If it helps...
I use Slackware 7.1 (I modified it to incorporate kernel 2.4.1), and I use 
dial-up internet pppd with kppp - and the ISP assigns random ip addresses.
I don't have a firewall set up yet, and I am working on getting that up (I am 
reading the howto now).

Thanks!!!


-- 
Rick Rosinski
http://rickrosinski.com
rick@rickrosinski.com