I run a Live CD, Ubuntu Fiesty (rel. 7.04) on a desktop from a dial-up
account. None of my disks are at risk when I web surf, not due to any
special security software like the iptables firewall I initialize
after I am powered up and subsequently connected to the Internet, but
because I specifically unmount my disks before I am connected to the
Internet. I have 1GB of volatile RAM. If any malware were to get
through during a session, since the malware has only deposited itself
into the Live CD file system built in memory (RAM), when I power down
the malware will be no more.

I have written scripts to install a restricted iptables firewall and
an upgrade environment to the Live CD software. For example, Fiesty
comes with Firefox 2.0.0.4, but I have a way that is not unlike a USB
persistent flash drive to retain my updated environment - I run with
the latest Firefox 2.0.0.6 updates. Other updates allow me to play
videos, etc.

The way I add software updates that is available from repositories is
to use only the Synaptic Package Manager after using only the Check
function of the Update Manager under the System->Administration menu
selection.

After the updates are installed, there is a package.list associated
with the software located in the directory /var/lib/dpkg/info. What I
do is to copy the package.list file to the / directory as root
renaming a copy to packagename.list.orig. I then edit the
package.list file to remove all directory only paths, retaining only
the full path names of all of the files related to the update. Then,
as root, I run the command:
# tar -cf packagename.tar `cat packagename.list`
# bzip2 packagename.tar
which creates packagename.tar.bz2

Of course, at this point in time, I am not connected to the Internet -
no access in or out. Then I mount my other Linux disk and save both
the packagename.tar.bz2 file, and both .list files, and then edit my
initialization scripts to install the updates after my Live CD
environment boots up the next time I use my system.

I use the following Firefox add-ons: NoScript, ShowIP, FasterFox,
CustomizeGoogle, DownThemAll, FireFTP, FlashGot, and Update Notifier,
and also have the latest Flash and Java JRE software updates.

I have recently installed Opera's latest release and am currently
exploring it's use.

That's how I do it. You can do it too! No need for all of the extra
cost software it takes to keep WinXP Pro SP2 safe. I am now exploring
the use of USB Flash drives with a persistent Ubuntu environment to
replace my use of the Live CD scheme. Fiesty is currently broken with
regard to its persistence, so I'll look to Gutsy to fix that, hopefully.