In January, someone at Google discovered a bug in Windows that had been there for 17 years. (This was reported at The Register, among other places.) Microsoft have now released a patch, as described in Security Bulletin MS10-015, so it’s no longer a problem. However, I think that the details are interesting, particularly if you intend to move to 64-bit Windows at some point.
In part 1 of my LUA series, I mentioned a virus that modified the HOSTS file on a PC. This meant that each time someone tried to connect to their banking website, they actually went to a fake website instead, even though they’d typed in the correct URL. This could also be a problem if your DNS server gets compromised, or if someone reconfigures your wireless router so that you use a rogue DNS server.
One way to protect yourself is to use https. If you know the correct address for the website, and you see a padlock in the address bar, you can be confident that this is the real site. This isn’t an absolute guarantee, e.g. if your PC is infected by a virus then it could add some self-signed certificates to your trusted store. However, it’s certainly a step in the right direction. Unfortunately, lots of banks haven’t quite grasped this concept.