I knew it was high but, wow, 95%!
This is from last year but I haven't seen our habits change much.  I still clean up more systems from user-installed junkware (toolbars, etc) than I do actual viruses.

Remember, folks, before you click that email link or apply that update some random webpage tells you need ... question it.  Hover (without clicking) over the link and look for a little popup (usually lower-left) that will tell you where it goes.  It doesn't matter if it says (e.g.) "RBC" somewhere in the text, it matters ONLY before the first "/".  So, a link that says "http://RBC.randomscammer.com/blahblah..." or even "RBC.com.somethingelse.ru/" are NOT trustworthy.  In general, never trust an email link - if you think the email is legitimate, open your browser and manually visit your bank's site.  If some guy on the street wearing an RBC t-shirt passed you a note asking for your banking credentials, you wouldn't hand them over so don't do it because an email did!

Oh, and even if the email shows a big link that doesn't mean that that's where the link will go.  Example:   "Click here to check your account:  http://accounts.rbc.com/"  Hover your mouse over that link.   Just like a link can say "click here" and have a link go somewhere, a link can be made to say it goes to one site but the real clickable part goes elsewhere.

And those "you must update" popups?  NEVER believe them.  Period.
My "Constant Care" and "Weekly Care" customers have software on their systems that update them either 3x or once a week respectively so you're never dangerously behind.

Full article at VentureBeat.com