You can get a virus even if you don't visit "social networking" websites or download seedy stuff - for example, due to vulnerabilities in the OS (case in point: the Blaster Worm). And with Windows, you can bet there are always a couple of good undiscovered exploits.
True, but since 2003 the only real self-propagating Windows exploit was Conficker, and that attacks netbios shares, mostly the ADMIN$ share. Folks running a firewall (assuming they aren't letting in random anonymous SMB requests) are safe from this, as would they have been against Blaster, NIMDA, Code Red, Sobig, and any of the other self-propagating worms out there. The fact that the Windows firewall in XPSP2 (August 2004) and up, in Vista, and in Windows 7 will prevent these sorts of attacks means the self-propagating network exploit is just not that much a security risk anymore, if at all. I know many people who run without antivirus software actively running (myself included), and it is true that a firewall (at least host-based) and safe computer use habits are enough to be safe. Also note that Symantec recently released information on vulnerability statistics (aka infected machines stats), and found that the bulk of infected machines were XPSP1 and XP RTM, meaning folks who have old software vulnerable to the exploit and haven't upgraded to patch levels are the ones being attacked. I know that there are other ways to get this (autoplay, infected files on network shares) but as an automated network / internet propagating virus, I don't need antivirus software to protect me here - I just need to use the built-in firewall that came with the product I paid for (or I can use a 3rd party one if I don't like this).
Again, it's true there could be a vulnerability out there that is unpatched that will leave us open until Microsoft patches it, but without direct network access to my machine it'll be hard to get a virus on it automatically. Which leaves us with social engineering, to which I'm not likely to fall for (but know plenty of family members who might, hence why they get MSE installed in all new builds as part of the first round of post-Windows-install software). If you feel safer running antivirus, by all means do so - this is not a post to try and sway anyone for or against. However, it is worth knowing that an ounce of prevention can be enough to not have to run it at all for a good number of folks (like most people here, who are security-conscious and knowledgeable enough to not be fooled by social exploits).