viruses, spyware and filters

i'm sure most people in our class have already read this story on google finding that 1 in 10 websites contain malicious code/viruses/spyware. according to the article, much of it is not written by the site authors, but by third-parties that distribute banner ads, traffic counters, etc. to a variety of domains. but we all know that the chances of getting viruses are greatly increased when visiting porn sites or those enabling illegal downloads. one of the questions that has been raised previously in the class is whether it is worthwhile to acquire library material that we know will just be stolen. on another practical note, at what point do you decide to keep allowing access to sites that continually stay one step ahead of anti-virus software programs? is there a point where the right to receive information is trumped by the need to protect patrons from identity theft, or corruption of personal files/papers? you could argue that users take their own risks when visiting these sites. But it seems unfair if the next patron to use the computer only wants to visit cnn.com, then unknowingly e-mails the virus along with a news story to read later, and ends up infecting her home computer. this is all hypothetical - i have no idea how often this actually affects library i.t. departments. i assume that most libraries do not take responsibility for malicious codes that users download, and are not liable for it. but i'm still curious how many are affected by this.