Most malware these days is WEB-based. No executable files other than your browser. In fact, I think (IMHO) that JAVA files are more prevalent these days. Here is my take on malware:
A long time ago, people wrote malware to get noticed. Call it "bragging rights" or whatever. For example, someone was able to find a "vulnerability" (key word these days in a mainframe to get the OS to do things it wasn't supposed to do. Then we had MS-DOS and all of the viruses, worms, etc. that went along with that. What did a "Michelangelo Virus" do? On the birthday of Michelangelo, it would wish him a happy birthday as it formatted your hard drive. Back then it was a big deal. A really big thing. Today, that would just be a nuisance, right? People can just reload using their backup software.
Today, though, it is all about the money. No sparks flying on your screen; no popups; no big whoop-dee-do. Because, if you want to invade some person's bank accounts and get all the money, you need to do it quietly. So, you get a lot of people who say they never had malware on their computer but, unless they scan for it, they would never really know. Others are more pro-active. We've seen these things progress over 40 years.
Because someone is out there trying to steal your passwords, your account numbers and, ultimately, your money, the Internet (also due to its popularity) seems to be a good way to do that. Aside from your browser, there are not many "exe" files here. There is Java, ASP, HTML, PHD. etc. There are SCRIPT files involved.
Yes, you can consider these to be "executable" if you want but, if all you are doing is looking at "*.exe" files, that is not the whole thing. It used to be that you could just scan all of your files looking for a signature of malware, but that isn't much these days. It takes understanding of heuristics and knowing that a process is not doing something "normal".
So, I agree. Not only do we not sit around and do 'nothing', we have to reduce our risk as much as possible. Unfortunately, as many have pointed out over the years,, convenience and "useability" can go right out the window if you fortify yourself and your computer too much. The only safe way to operate a computer is to cut all the wires at the back especially, the power cord. The big deal here is to minimize your risk especially to people that are NOT tech-savvy or who may not be able to spot a phishing attempt. It is more about the risks these days than some executable erasing your hard drive.
All this is just my opinion so, if anyone disagrees, that is fine. I'm just trying to say is that today we move further away from executable file malware and into behavioral analysis, if that makes any sense.