Then too, there is Internet Explorer itself. Rather than being a single entity, IE is a collective. Under the covers, Internet Explorer houses ActiveX controls, Browser Helper Objects, Toolbars and Browser extensions; each is a different mechanism for software to insert itself inside the web browser.
To see the software that hides in IE7 do Tools -> Manage Add-ons -> Enable or Disable Add-ons. Then explore each of the four categories of Add-ons. To see the extra software running inside IE8, do Tools -> Manage Add-ons, click on Toolbars and Extensions (on the left), then be sure show all add-ons (the drop-down box). When you do online banking with Internet Explorer you are trusting all this software.
The good news is that you can force IE7 and IE8 to run without any add-ons. In Windows XP, click on Start -> Programs -> Accessories -> System Tools -> Internet Explorer (No Add-ons). Better yet, make a shortcut for it.
Firefox also has extensions and can also be forced to disable them for a single session. Windows users should find a "Mozilla Firefox (Safe Mode)" entry in the list of installed software under the heading "Mozilla Firefox."
A browser without any extra internal add-on software is a big step forward for security, but, in my opinion it's not sufficient. You're still swimming with sharks.
In discussing his research on the Clampi Trojan Joe Stewart of SecureWorks concluded that "Businesses may even consider using an alternative operating system for workstations accessing sensitive or financial accounts."
Bingo. For whatever reason, he didn't suggest this for consumers. I do.
Macs are safer than Windows in part because they are a lesser target (thanks to fewer users) and in part because OS X derives from Unix/Linux. But Macs are expensive and Apple's record on security issues is spotty.
Blogging at Computerworld, Preston Gralla has pointed this out a number of times recently:
I think it's fair to call Gralla a Windows guy, but that doesn't make him wrong. Rob Enderle also asked if Apple security was an oxymoron.
This leaves Linux. Linux isn't perfect either, but when it comes to online banking, running Firefox under Linux is, I think, the safest approach.
Linux is a lesser target than Macs (again, fewer users), free and amazingly flexible. A Windows user who has never seen either OS X or Linux before will probably have an easier time adapting to Linux than they will to OS X.
When I earlier called Linux a better maintained swimming pool, I was referring to the fact that the Linux self-update application updates all the installed software, something that Apple and Microsoft don't do.
Perhaps the easiest way for Windows users to run Linux is offered by Wubi, which lets you install Ubuntu and some other distributions under Windows. The installation is done within Windows. There is no Linux lingo to learn and no partitions to contend with. After Linux is installed, it appears in the Control Panel Add/Remove list of programs from where it can be easily removed. The entire Linux operating system appears to Windows as a single big file.
Wubi works like Apple's Boot Camp. When the computer starts up, you chose which operating system to run. At any given time, the computer is running one OS or the other. Switching between them requires rebooting.
I've used Wubi a few times with mixed success. However, even when things went poorly, the un-install of Linux was perfect, so there is not much downside to trying it.
Virtual machines are another way to run Linux on a Windows machine, but VMs are complicated and complexity is always the enemy of security.
A safe, simple way to run Linux is to put it on a CD and boot from it. Malware can't be installed and passwords can't be saved (to be stolen later). The operating system remains the same, usage after usage after usage. Also, there is no need to have a dedicated computer for either online banking or Linux. The total cost is that of a blank CD, mere pennies.
Firefox running on a read-only medium, such as a CD, is the safest approach to online banking.
There are a couple downsides, however. For one, running software off a CD is much slower than running it off a hard drive. And, from time to time, you'll need to download and burn another Linux CD to pick up updates to both Firefox and the operating system.
But many distributions of Linux have another trick up their sleeve - they can also run from a USB flash drive.
Software running off a flash drive should be faster than running off a CD, and a flash drive is even more portable. USB flash drives also open up netbooks as potential hosts for your favorite Linux distribution.