One quick tip: if you want to access sensitive Websites safely (e.g., your online bank, your taxes, …), then:
- do so in a different Web browser than the one you generally use.
- make sure that the browser you use for sensitive sites is NOT your default browser (i.e., the one that opens when you click on links in e-mails for example)
- make sure that your browser is up to date
- make sure that you never use that browser for anything else
- do NOT visit anything else (i.e., no other tabs) at the same time
- quickly check that you don’t have weird extensions or plugins installed (you could very well have been p0wned by any application installed on your machine)
- make sure that you configure very strict security rules on that browser (e.g., disable caching, passwords/form data storage, etc)
Why does this help? Well if your machine isn’t part of a botnet or infected with hundreds of malwares yet, then the above could still protect you against commonly found vulnerabilities (e.g., cross-site request forgery), vulnerabilities exploited through a different tab in your browser, etc.
Personally I use Google Chrome as my default Web browser and Mozilla Firefox whenever I need to access sensitive sites.
Do NOT consider this as bulletproof though, it’s nothing but ONE additional thing you can do to protect yourself; you’re still exposed to many security risks, the Web is a dangerous place ;-)