Prez wrote on Oct 17, 2012, 17:47: Is it simply a matter of avoiding clicking on external Steam links?
The most secure way to avoid being exploited is to uninstall the Steam client. If you try to remove Steam's URL handler functionality manually, Steam's forced updates will simply put it right back on the next launch. Barring that only use Chrome or IE9 as your web browser and set them to prompt for user confirmation on all URL handlers. Then if such a notice pops up, always choose "block" or "no" in the popup.