@simon 12/10/2007 @ 05:30 GMT,
no the malware and cross-site-scripting extent is certainly beyond 'questionable' sites, it is a fact that many 'normal' sites continue to be hit/hacked to host malware.
1st Congressional district of Wisconsin Republican Part website, (iFrame/Storm)
A fake NFL results website (iFrame/Storm)
YouTube aggregate websites (iFrame/Storm)
any* site with banner adverts that has had the advert feed compromised
(yes, this includes El Reg' !) Trojan
and whatever malware will be invented tomorrow....
IE is a reasonable browser, with flaws that MS is working on - but personally I ONLY use IE for windows update purposes. I use Firefox with TOR with RefControl, with NoScript with Flash/Shockwave deleted from the system. (and most of my webpresence is on a Mac or *nix system too!)
think, even for home use, NSA type Multiple Independent levels of Safety/Security (MILS), anything else is OK , "if you're feeling lucky" (=You're certain that you have NO trojan - including maybe the stealth trojan that is almost totally inactive on your system, no slowdown , no IRC in the background - until it detects a bank account login - when it will keylog for a while , then slowly phone home)
of course this brings to mind the Aircraft Safety comment .....quote from some bog somewhere..."Can't remember who it was exactly, but some senior bod at Rolls-Royce was once asked what he thought defined a really safe aircraft. His reply was something to the effect: "If my co-pilot told me that an engine had failed...and I asked him which engine...and he said 'Number 29 sir'...and then I asked him 'Number 29 on which side?'..."
but it's YOUR bank account that could be microdebited in favour of far-away terrorism and YOUR IP that the police will be asking about the indecorous image webring.