The days of the student writing a virus for fun are over. It's all about $$$$....
Part of my work involves ranking spammed domains on a very big social networking site, so priority can be given to taking action against the most dangerous.
Simply put, I spend two hours every day clicking on links posted by spammers. WIthout an AV or firewall of any kind, in order to see what the links do to an unprotected computer. I DO clean up afterwards...but rarely find more than a standard tracking cookie. Apart from the well-known suspects -- porn, gambling and "crack" sites -- very few sites seem to download viruses or trojans. Email attachments might still be a risk.
The bigger danger to end-users is the proliferation of scams that will cost them money (eg surveys that are phishing for emails and/or charging fees on mobile phone bills) and these include most of the scareware anti-virus programs. There is NO program available to prevent losses caused by user naiveté.
BTW the big names are no less innocent...both Norton and McAfee a year or two ago were in trouble for automatically taking next year's membership from people's credit cards WITHOUT ASKING THEM, and of course are near impossible to remove once you've installed them.