I would say that what you have said is supported by the fact that I have never had anything on my home PCs caught by the virus scanner. The people who I help that have had something have been downloading all sorts of rubbish that I wouldn't go near because I would consider them to be a risk.

But then I never had viruses on XP either. Last time I think I had a virus was back in the days of boot floppies and viruses being spread in the boot sector.

Was CWS and the Transponder gang etc really that far back?

There have been many perfectly innocent sites infected via exploits (Google Ads was a major player as well as Java exploits) over the last year or so. IIRC, the NYT and several major financial sites were victims not so long ago. Facebook, myspace etc and many of the popular sites such as genealogy, popular forums etc are always prime targets for purveyors of malware. In many instances, these exploits are patched after the event so cannot be avoided.
However, a decent AV/firewall solution will analyse behaviours and advise of/block anything suspicious. The downside of this of course is that false positives can occasionally occur but better a false positive than an infected machine.

I use a members only list which currently contains over 150,000 currently confirmed compromised domains and that doesn't include the ubiquitous live but non updated "Wordpress" clutch.
http://news.softpedia.com/news/300-000-Websites-Fall... also weren't included.

Not educating users in the ways of the web, or worse still, badly educating them re security precautions etc is simply assisting the criminals, spammers and scammers in who knows what their aims are.