Firespy proves that just changing your browser isn't enough.
Harry Waldron blogs about the Formspy / Firespy spyware trojan, which is also described by Sophos and McAfee. It's interesting because it's a bit of spyware that abuses the Firefox web browser, and as such could catch people who think they're safe because they don't run IE unaware.
Actually, this is a good old school email distributed hack.It doesn't abuse a security hole in your email client, or hack your browser in order to infect you. It relies on fooling you into downloading and running a file.Harry hopes that it won't be serious because it requires people to download and run the attachment from an email and we all should know better than that, but I'm not so sure. Still it isn't every day you see me actually hoping to be proved wrong!
So if changing your browser isn't enough to keep you safe, what do you need to do? Why drive safely of course. While car analogies often end up being quite tortured in computing articles, I'm going to break out my old stand-by and compare virus scanners and the like to seatbelts and airbags, and stretch it to compare applications to the cars themselves.
Some cars are safer than others, that is true. But no matter how safe a car is by design, no matter how good quality the seatbelts are, how well the airbags do in tests, it never becomes a good idea to intentionally drive into walls at high speed, instead you drive safely and regard these things as insurance for the day it all goes wrong.
As it is with software. You can change from one browser to another or one email client to another in the pursuit of safety (we'll save the discussion about whether or not this is worthwhile for later), and you can install the best virus scanners you can find or even switch to a platform that claims not to need AV scanners, but you still need to 'drive' safely or you'll come unstuck sooner or later.