That's where the stupidity comes into play. You don't just get those viruses from thin air, you get them from going to places where you ought not go. Porn sites, unknown shopping sites, opening up random emails (aka phishing emails), downloading torrents or other files you ought not be downloading, etc. I cannot tell you how many people have had issues like that as a result of using Limewire. I see that on their desktop and my eyes roll back in their sockets.
This is untrue.
It has been demonstrated time and again that simply hooking a Windows PC up to an open internet connection can cause it to become infected. You don't need to go to a particular site or open an email ... there are worms that propagate themselves across open networks.
Back in 2008, the Internet Storm Center published a report
showing that an unprotected Windows XP box will become infected with malware within an average of 4 minutes of being connected to an open 'net connection.
4 minutes. No surfing. No email.
Now, Vista and 7 have default firewall rules setup and most people are using a router which (usually) have default filtering rules as well. This helps. In fact, I (like Chumly) believe that firewalls and hardware filtering are more effective in blocking attacks than software based scans. However, these need to be set up properly in order to be effective.