Since the web has evolved into a far more versatile platform that it was 5 or 10 years ago many unscrupulous types are including delivery systems that are no longer just Windows only, as many attacks no longer need to be bundled in a windows executable file. While your mac will not execute a Windows-centric virus from the web it's still vulnerable to other attacks malware, web services vulnerabilities, java script, python script, phony websites or phony packaging of software that tell you your 'flash' needs an upgrade and you download something that looks to be a legitimate installer but in now way is, or a download helper someone pulls down from a sharing site that is a recompiled keylogger/screen capture app that has someone watching on the other end of the world as you put in your credit card info. ClamX is a reliable anti-virus, Avast also makes a Mac anti-virus, free or pay-for with additional features