You've got to be kidding me! Your expose is impressive and enough to give someone nightmares for months. I'm sending that link to everyone I know. This is an uphill battle to be sure. A website is compromised every 5 seconds! So even if you use something like NoScript and you whitelist your favorite sites, they still might be compromised?! At least you'll have some protection against clickjacks & XSS (I think).
Staying safe online seems a really tough problem; and I suspect that the average Joe -- millions upon millions -- aren't even aware of 1/20 of the dangers you've outlined (I was one of them 6 weeks ago). There should be some public service announcement to get folks to take a look at least!
I'm still designing my defense plan and it's been weeks of learning and I still feel confused after spending day and night on the topic (presently unemployed -- when it rains it sure does pour).
MBR rootkits seems like a nasty one -- maybe MBR guard can save me from that? From what I've gleaned it's harder to hook a 64 bit OS, though I've read of at least one rootkit designed for 64 bit systems recently. Geeze this really is tough nut to crack. Seems like online banking should be done off a Linux disk or in an LUA dedicated only to it, if at all.
Well it's certainly fascinating, as much as it all pis**s me off! Maybe I've found a new calling! My prediction is the term 'rootkit' will become more mainstream as time goes on. If you have any other sugestions as to how to think about constructing a defense plan all are welcome -- I know there's no one 'correct' solution, but hints/suggestions from the pros always help. Does something like disk encryption help for example? That's my latest research project. Thanks again. Oh yeah, if you have a link for bleepingcomputer or Unite donations I'm glad to help out; otherwise I'll go to Unite directly (though my means are modest right now!) Thanks again, Cheers -- S