A recent study found that at least 45.2% of web users were not using the most secure version of their chosen browser, be it Internet Explorer, Firefox, Safari or whatever. But it gets better... most of them (577 million out of 637 million in the survey) are using an old version of Internet Explorer. The rest include 38 million users of Firefox, 17 million users of Safari and about 5 million users of Opera.
You're not one of those with an old version - are you???
I hope not. The biggest single area the bad-uglies have targeted recently is web browser vulnerabilities - the ability of one of their compromised web pages to do a "drive by" download of nasty software to your computer without you either knowing about it or having to click on any special link other than the link that got you to the page in the first place.
This ties directly into the fact that millions of web pages on thousands of legitimate sites, including government and big business, have been compromised with injected links to bad sites such that even if you visit a seemingly "good" site you can end up being redirected unknowingly to download something from a bad site - invisible to you as the viewer in front of your computer. It all happens in the background with what are called "iframes" - whole pages that can be referenced invisibly from within an otherwise legitimate page - and the reference reduced to just a one-pixel spot on your screen so you don't see it.
The fixed browsers will (among other things) stop iframes from showing up anything from a different domain from the one you think you're visiting.
So you should be using the latest version of Firefox (2.0.0.15 is out as well as the most recent and wonderful version 3) or Apple Safari 3.1.2 which came out with their recent security update. http://support.apple.com/kb/HT2163
Opera recently released version 9.51 which fixes a couple of security issues. http://www.opera.com/download/
While I'm on the topic of visiting web pages and potentially getting your machine compromised, I'll note that my favourite anti-virus software vendor, Grisoft (AVG) is in the tech news with what may prove to be an ill advised way of protecting you from bad pages. With their purchased version (not the free version, I've checked) there is an option called "Active Surf-Shield" that previews each of the links on any page you visit just in case you decide to go to that page. Note that it does this preview before you decide to click - so it does it on ALL the links on the page (not the ads which generally are javascript, not direct links).
http://www.theregister.co.uk/2008/06/13/avg_scanner_skews_web_traffic_numbers/
http://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/
This previewing has two effects:
1 - your internet usage will go up - which may cause you to get a note from your ISP
2 - there will be (are) lots of bogus visits to sites showing up in the sites' log files as if you really visited those sites.
This second item skews the statistics that webmasters rely upon for figuring out how popular their sites are and how profitable advertising is - so called "clicks per thousand" or CPM (the M is thousands in roman numerals) - which will show lower numbers because the page looks like it gets more visits but the number of subsequent clicks on ads on the page do not go up, since you really never actually see the page unless you actually click on the link that AVG has previewed - and then another visit is added to the count and the webmaster is even more confused...
The second item can also have a dire consequence if you are in a corporate environment with browsing policies and logging. Even though you did not yourself see any given page, the logs will show that you visited every single one as if you yourself had clicked on the links on the page you really did visit - including any links to porn or other "bad" sites that might be there.
I'm provisionally lifting my recommendation on AVG's subscription products (AVG 8) until AVG either removes this facility or does something akin to the way Google handles the task, by doing a single visit to a page (the first time any one of their customers sees such a link) and then caching the result (presumably on AVG's site) so only 1 extra page load per x days is added to the poor webmaster's logs.
And now for the traveling public - Nearly 70% of the 12,000+ laptops stolen at US airports WEEKLY!!!! are never recovered.
http://www.dell.com/content/topics/global.aspx/services/prosupport/en/us/exec_summary
The PDF of the study makes interesting reading too.
Richard's Digital Rag - Tips for Technology Users in the Real World
http://digital-rag.pacdat.net/article.php/2008070318350038