I read an article yesterday about kits that are available that automate the creation and monitoring of drive-by malware. The kit will not only install the malware on your website but track which exploit was the most successful and what browser versions where affected. It includes exploits for IE, Firefox, Safari, Opera, and Chrome as well as Flash and Acrobat flaws. If someone implements one of these kits, unless you're system is fully patched, if you visit an infected site you're doomed.
And I agree with you about anti-virus vs. smart browsing. I rarely find myself in any kind of trouble, it's been years since I've had a bug on my system, and its due to my web smarts more then my virus protection. Plus it seems the majority of the systems I find myself cleaning up had anti-virus installed. It just didn't matter as the exploit went right by it like it wasn't even there. (ironically enough a lot of the stuff I have to clean up are fake anti-viruses).
