What this shows is that if you are using a machine connected to the internet, assume you have been rooted. If you are paranoid, do all of your surfing in a VM over Tor and reset that VM state after every launch.
Good idea but there's quite a lot of exploits in virtual machines that let them infect the host machine too. :P
So it's really pretty hard to stay safe.
You could always run your OS from a read-only CD?
At least you'd be none-infected on each reboot.
My favorite is you run the browser on a different machine and you place a webcam near it that you can visit on your primary machine. Sending keystrokes and mouse moves to the browser machine using an infrared laser to create a unidirectional serial link to the machine.
I have a more doable sketch of this, running in a guest account on a raspberry pi over xvnc. Laptop is firewalled from net, raspberry pi is booted from read only media. Would need hardware ethernet firewall between laptop and raspberry pi to only allow VNC traffic.