I've run into the hidden iFrame on the website for my daughter's dance school. I reported it to them, but they haven't managed to get it cleaned up yet. In fact, I got the domain it directed to shut down, and now the code points to a new one.
As far as the Avast vs. AVG vs. Avira, I'm using Avira (paid) because I found it was detecting a higher percentage of the malware being reported when Castlecops' malware listserve forum was up. (To be posted there, a sample had to be missed by at least 50% of the products included in VirusTotal's scan.) But Avira's wonderful 96% performance still means it misses 4%, which is still a lot of malware.
I would not go without an antivirus nor without Noscript. In the case of the iFrame on the dance school website, being a trusted site, Noscripts might have whitelisted it. (Fortunately, that particular site had no other javascript, so it had never come up.) Avira pitched a fit as soon as I tried to load the page. If Avira had missed the obfuscated code, Noscript likely would still have blocked it because it would have blocked the domain being loaded in the iFrame as untrusted. If the iFrame had not been referring to another domain, my browser is set to always ask where to put downloads, so I would have been alerted to the fact that it was trying to download malware. And if the malware creators had found a vulnerability in my browser (not IE) that allowed them to download a script, Avira may have caught it or caught whatever other malware it might try to download once installed. The more layers of protection you have, the less chance a single vulnerability can be successfully exploited ... assuming you don't have the biggest vulnerability, which is a user that is bound and determined to override all security features so he can see the
dancing bunnies.
Re: breaking malicious links in forums: If a link has the http or www, it will be live. If you include those but use invisible forum tags (like the tags for color, italics, bold, etc.) it won't be live, but can be easily swiped, copied and pasted by people who really want to. So in your composition window, your link might look like this:
http:[i
]//[/i]example.com/gobbledygook.php
or
www[b
].[/b]example.com/gobbledygook.php
but when you see it in the final post, it will be
http
://example.com/gobbledygook.php
or
www
.example.com/gobbledygook.php
Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b3pre) Gecko/20090223 SeaMonkey/2.0a3