Enumerating badness

Not all malware relies on patchable vulnerabilities.  Even being alerted to a known exploit
arriving from some vector allows a user to take action, even if they're not vulnerable.  I'd
certainly stop browsing a site if I discovered they were trying to infect my computer with
something, even if they can't infect it.  

Though I generally wouldn't run an anti-virus scanner because of the performance implications
- they tend to suck up tons of CPU resources and are awful for developers or anyone who
creates lots of files.  But that doesn't mean there is no use-case for anti-malware scanning.