Hi Confused Computer User,
As to why IE8 with their inbuilt protection does not have the same protection grade as with Firefox or Flock with NoScript extension installed, you can read here:
http://forum.avast.com/index.php?topic=45411.0Naturally IE8 is a critical update over IE7, but then as for loads of users IE came with their computers and they do not know any other way to go to the Internet or are not educated to turn IE from the default settings into a more secure browser, and they also find that working NoScript inside Fx is for them way over their heads, these users are sitting ducks for cybercrime re-directors that easily can score with one of the many Adobe and Flash or IE-MS specific holes.
Moreover while the larger majority of users won't do any upgrading or patching themselves for third party software (in previous days old buggy java still being on their machines and making 'em vulnerable). Now we, security aware, use Secunia PSI to get all the patches and security updates for all third party software. Normal users never heard the word, and also their providers do not alert to the fact that half of their users do not own their computers anymore, because it is a bot-driven zombie working beyond the radar (lost some cycles and see slightly more activity from the console leds) but alerting their users that they are spam spewing bot-owned would not be good for their business model. They would have to take strict measures to take bot-nets out or have users clean their machines as they do not know how.
Now a third complicating factor as the malware of old has changed for low profile cybercrime directed malware downloads to see they earn money of their online victims, cybercriminal gangs and bot herders have learned that security awareness of big Web 2.0 reputable websites is full of cracks and vulnerabilities and they can cash in on that situation (example we find here in this thread, also recent SEO ad-click manipulation like gumblar.cn infections, rogue av installers, and spyware etc.
Well 60% of sites have these vulnerabilities, some have 1 some have 7 laying around that can be exploited). Normal users are not even aware of this current situation nor is the average web-owner, and all this is further being hindered by the credit crisis, so these days and times is a boom-haven for malware all sorts. Then finally also to please the average browser and Windows user the MS firewall was only one way by default.
That is why I see so many HJT logfiles where we see no active software firewall running, and that is putting users that do not know how to SafeHex at risks exactly from these new attack vectors. Good that avast is having the shields, and that the users of avast are protected here, because avast will disconnect from any redirect to a silent malware downloader site. Again I say use Fx with NoScript and RequestPolicy installed and there is not much that can harm you there,
polonus