So much misinformation.
* “Just don’t visit porn sites” is no longer true. Porn sites have cleaned up their act and are actually among the safest sites in terms of not getting infected. The worst? Blogs and personal sites. Social networking sites can be pretty dangerous too. Malware can lurk in ad banners.
* The vast majority of infections these days are trojans, not viruses. Even on PCs, viruses and worms are rare these days, and most true virus infections happen after the system has already been hosed by a trojan that downloads additional malware. But to an end user, an infection is a “virus” regardless of the correct semantics.
* You don’t have to be fooled into clicking on Allow/Install or opening a file to get infected. Many infections happen when you search for something popular on the internet (e.g. celebrity news), click on an SEO-poisoned website set up by the hacker to be high up on a search engine result, and if your web browser, Java, Flash, etc. are out of date, you’re screwed. They use code exploits to automatically run the software on your computer, and it bypasses the normal permissions granting install procedure. This is why Flashback was so bad: a serious Java exploit had recently come out but Apple was being lazy on patching it for OS X, so even if you were fully up to date, you could still get infected just by visiting the wrong website. Apple seems to have gotten their act together however and issued the latest update to Java very quickly.
Stay Hungry, Stay Foolish!
In memory of Steve Jobs