Yes, there are drive-by viruses out there if your browser allows them. Most can be stopped, even without new security patches, simply by setting some security settings in your browser to disallow a bunch of things, such as code execution from the 'net.
(almost anything automatic can be a problem)
For some, this turns of a few features of web sites, and they won't do it - and the default settings of some browsers (mainly explorer) permit some - their email program uses the browser core code, so it has the same problems.
While its not a solution for everyone, replacing your browser with Firefox (don't think I could live without the adblock+ plugin here), and keeping updates up to date will mostly do it without virus scanning software that often both misses the virus, and wastes so much machine time it might as well be one itself.
Here, I run Linux, in particular Ubuntu 10.04 LTS, on almost my entire network. That alone - no problems, rock solid. It's what I want as an opsys, customizeable the way I like. I run windows in a virtual machine created by VirtualBox. It can still get viruses, since it's real windows. But! In Virtualbox, you can save your entire state of a virtual windows machine with a click, and just revert to a known good one with another click...
I do this as I develop code using windows-only tools now and then. I actually have 4-5 completely different windows machines - but I can run any or all of them on any of the machines on my network at any time. So each real machine tends to have a backup copy of each one. (you don't want to run windows disk access across your network, too slow, so you make local copies)
While this doesn't solve the problem of, today I have a virus, and I need to recover yesterday's work completely - it does more often than not. This is because even if a windows machine gets so hosed it can't boot, the linux host running all this can peer into the windows files, suck out what you want, then push it to another windows instance that *isn't* hosed and restore them there - then you just erase the bad one.
There are actually a couple of ways to get this one done, that's just the way I do it here. You can also dual-boot, using linux just as a way to do that when windows gets borked.
In my setup, I set aside some disk space in a directory called pub, that all the windows virtual machines are setup to access and put most files into. That it's actually a directory on a linux partition windows isn't aware of - it's a network share as far as its concerned. That way, either opsys - from any machine real or virtual - has access to all the bulk of my important files all the time. This also makes that stuff very easy to do deep backup on - you just copy that dir to something else.
I prevent my emails and such things as my "little black book of logins" from getting scattered around by using just one machine for email and that. There's almost no learning curve there.
I have to mention - if you surf porn - that's still where a ton of the problems come from. Only do that on a separate dedicated machine that's locked down tight, or you're really taking chances.
I know there are some other computer guys here - any other good schemes out there?