PC knows all that already. He has reasonable security settings, antivirus software, and antispyware software. I don't know if I've persuaded him to keep Windows up-to-date, though.
The problem is that there are still a bunch of unfixed security bugs in Windows that allow a malicious site to download trojans if you just visit the site without even clicking on anything. This has happened to me several times in the last few months, and I probably have stricter security settings than most people here.