Like anything in life these things are often a compromise, I don't fee that I'm particularly vulnerable to this type of attack so I'm happy enough with an on-demand anti-spyware.
You can take proactive action to prevent or limit infection, I use firefox with the no_script and DrWeb link checker extensions. I don't open unknown email attachments or click links in said emails. Any program that has internet access I run under DropMyRights (see signature) to help prevent/limit infection getting established. So even without resident AS protection you are fairly well protected.
If you want you could install a HIPS type program that should add another level of protection CyberHawk gets a reasonable review.
But above all else have a backup and recovery plan for when the dark and stick stuff hits the fan, backup the stuff you don't want to lose every day. A disk imaging program (most good ones cost but you don't have to renew each year) can take an exact copy of your HDD in minutes.
Take a weekly image and if you get into trouble that is likely to take some time to resolve, I usually opt to restore my last image, about 10-15 minutes tops, then restore the last daily backup. So if the worst come the max you can lose is 6 days of program updates/installs and 1 days worth of data files, emails, docs, bookmarks, address book, etc.