Decent Zero-Day exploits that aren't rerolled previous exploits are virtually impossible to detect. If one gets you then all you can do is hope is isn't a bad one. If your AV and anti-malware proggies don't have definitions or heuristics to detect some heebie-jeebie then you're a dead duck.

The best defense is to be vigilant. Don't allow javascript, java or flash to run from websites that you don't absolutely trust. I use NoScript and Flashblock with Firefox to help me to only run what I want to run in my browser. Don't blindly click on email attachments that you don't expect or when you don't already know what's in them. One of the favorite tricks of the exploiters is to raid infected users' addressbooks and then email everyone in them *as the infected user* with a malicious attachment. Just because you know Joe Schmoe doesn't mean it is OK to click on something in an email that looks like it is from him.

Be wary of any request for money from anyone in any way for any reason.

Above all, use common sense and maintain a healthy dose of internet paranoia because someone *really is* out to get you!

That isn't much help when Igor has your name, address, SSN, and CC number and has just bought a new yacht, opened 2 bank accounts and got a mortgage. Oh, and he also got you debit card pin and you are 100 in the hole and the bank is charging overdraft fees. Thats the problem, the merchants have not invested in prevention, and the bad guys are morphing twice as fast as the merchants finally get defences in place. So any card you use may or may not be on a compromised system. A backup is useless when your being scammed on the WalMart checkout card swipe thingy.