How can I be in danger from viruses and malware?
There are not that many sites that you can get a virus simply by viewing, however there are a few that try to exploit holes in a computer - for example, a while ago there was a nasty one where just viewing a special picture could allow someone to install items on your hard drive (In Windows).
The main reason for the software / services that block visitors to pages is simply to stop the nasty pages that serve no legitimate purpose. For example, there are quite a few "fake antivirus" type websites that the only reason for them to exist is to pretend to be a dialog box and get people to download from them. So, why bother letting people go there at all!
In the above, you are correct that you can only get affected if you actually download and run the software, but why risk it or let it go that far when you can prevent people from visiting all together... For example, I remember some sites that tell people to ignore the warnings, click accept and/or give instructions on how to load addons through the bar in Internet Explorer - it just makes sense to stop people before they are even at the page.
Typically just like email, there is low risk just from viewing, there are a few things that this is not true such as holes in Adobe, Flash and a few other programs, but just don't run .exe or similar files from people or places you do not trust (and even if you trust, take caution!)
Browsers are computer programs as well, somethimes they have vulnerabilities. Sometimes these vulnerabilities allow bad guys to get their exploits executed without your explicit confirmation (for example, you get that code as JavaScript when visiting a malware site and don't have something like NoScript).
I've always thought that a well-designed operating system can survive without an antivirus. The purpose of an antivirus is to close up some holes in the OS security (holes which a good OS ideally must not have).
Also bear in mind that security is a process. So just running an antivirus (or even more than one, yes, some people do that and feel "safer") and blindly relying on it won't help too much.
I'd say that following some simple rules are more important than running an antivirus:
- do not work permanently using an Administrator/root account. Use the superuser only when you can't achieve a certain goal as regular user
- have a sane firewalling policy. This assumes you know the basics of TCP/IP and you know them reasonably well
- monitor what's happening inside your system, what's changing