It's both. Bitcoin's fungible, thus ideal for stealing. Using offline storage is ideal, but it's worth keeping in mind most don't use it. Web browsing good practices are necessary, especially people who keep hot wallets on their PC, but there're still a good many people out there unfamiliar with what that includes.
1) Don't go to websites you're unfamiliar with unless they come from someone you trust. If you have to, you should use VM software to view these sites.
2) Disable Flash and Javascript by default, enable them on websites you trust.
3) In many situations, Adblock is effective AV software (especially for old, computer-illiterate people -- if you're constantly going to your parents' house where they expect you to manually go through Task Scheduler and their registry instead of wiping their OS, install Adblock!). Feel free to disable it on sites you trust, keeping in mind they may still accidentally serve third-party content with malware.
4) VNC server software should NEVER be installed on any computer which is on the same network as your wallet-hosting software. (keep your ASIC masters on a separate network!)
5) Whenever presented a hyperlink, ALWAYS hover over it so the actual URL displays (there are also extensions/plugins which'll do this for you on most browsers). You don't want a situation like this:
www.wikipedia.com6) NEVER run an untrusted executable on the PC running your wallet client (especially "bots" you find on this forum, but also new altcoin clients). You should avoid running untrusted executables on any PC in the same network as a PC hosting your wallet client.
7) Don't be lazy in configuring your PC and network: don't keep ports open on your router, don't enable DMZ, don't have easy passwords for your PC or network, don't disable Windows UAC.
8
) When in doubt, wipe the entire hard drive and start over.
