See: http://www.csoonline.com/article/717...goes-universal

it is my understanding that for a "Man in the Browser" attack to succeed the attacker will need to compromise the victim's browser. Most likely by covertly installing a plug-in...

...these browser attacks may be the main reason I'm building me a new big hammer so I can switch my online activity to Linux

in Windows I have to run "WinPatrol" -- to detect and stop all these requests to update my browser... it is really UGLY

hopefully in Linux the browser, e.g. Firefox -- is actually running in "Userland" -- and cannot be updated without permission to install software -- and that would apply to "plug-ins" as well -- which -- in Windows -- UAC does not object to ... I think because such updates are updates to the browser -- and not to the system

please forgive me if I chew on too many of this type of question...