Windows XP hijack

[Jeff Zylstra]

Gateway anti-virus and content filtering on a firewall is a good start, and then combine that with OpenDNS to further control sites that are visited.  We use Sophos anti-virus, and it has a "whitelist" for applications.  Only those programs that are allowed to run on a machine can execute on that machine.  So if FAKEANTIVIRUS.EXE gets downloaded from a compromised or malicious website, it will not be allowed to execute.  It also stops users from downloading and installing and/or running games.   

To further answer your original question, some legitimate websites get compromised or redirected to bad sites.  You can either click on a malicious link in an e-mail, or visit a legitimate site which has been compromised using cross site scripting or other means.  Many websites display content from other sites in boxes on their web page.  For instance, many of the advertisements on MSN.Com do not reside on their servers.  Other websites display these ads from servers that are somewhere else.  When one of these many servers gets compromised, you get compromised.

[Bob]

Stay up to date on windows updates and other apps and use common sense.

Without some updates you exploit yourself just visiting a website at times.    Common sense well, Free is not Free, I didn't ask for this attachment, My mom never says Dude so why should I click on link, only my IT department will tell me my computer is slow or infected and stick to your objective..  Don't let pop ups draw your attention or click. 

Intimidation works on those with no common sense.   

[Jim Jensen]

Web searches can get to one quickly too. Performing a legitimate search, perhaps on a client or prospect or other legit reason and land on a bad page - sometimes the URL can tip you off that it's not the page you probably want, but not always. Lord knows that searching for music is a quick way to get one.