I strongly recommend using Firefox over Microsoft Internet Explorer. But even with Firefox, you can improve your risks by permitting Flash, JavaScript, and Java execution run only from trusted sites.
Many websites use ads that run scripts from domains that you might not consider trusted. NoScript gives you domain-level control, permitting you to specify precisely which sites you allow scripting and which you consider untrusted.
NoScript takes up zero additional real estate on the screen unless you want to see what’s being blocked and what’s not. There is a nice set of options for setting the level of control you wish.
Update: NoScript recommended in a Dark Reading article, here:
http://www.darkreading.com/blog.asp?blog_sectionid=415
Get NoScript here: http://noscript.net/
Peter H. Gregory 