Here’s a fun video showing what can happen to an unprotected computer by visiting a malicious website:
Nasty, right? The user isn’t guilty of anything worse than a typo. What happens if you visit the same page with Windows Vista in a completely default, unpatched state? I recorded this:
Yep, nothing bad happens.