For guys and gals who must surf at work what I recommend is either a personal laptop with tunneling software linked via encrypted tunnel to wi-fi or wired internet or a boot-able USB key-drive with tunneling software, a personal browser, and evidence/cleaner eradicator software.
There are of course ways this sort of thing can be defeated.
Firewalls can be set to block tunelling (most types - socks, http proxy, GRE/RAS tunnels. ssh, l2tp, ipsec, etc.)
Higher end firewalls can redirect all HTTP traffic to a login in page first for authentication before passing traffic. Or some can even pull user credentials straight out of IE on that redirect page and authenticate them against the domain (or ldap, or radius...). Unless a good user ID and password are supplied, no traffic passes. So unless you know someone else's ID (whom you don't mind getting nailed for your activities), it still lays a trail back to you. How's it look when a strange MAC address tries to open an encrypted tunnel after giving the firewall your credentials?
I nailed a guy doing exactly that in fact. One of the nails in his coffin when he was let go (that, and running a side business out of his office, using company resources, vehicles and employees on the company clock)
Better way is if you can finagle an analog modem at your desk...Slow, but then they can't trace what you are doing.