In this day and age, I would argue that having a competent ad blocker is just as important, if not more important, than having a virus scanner.
99% of infections come from Website ad's. Period. End of story. We blocked ads at our companies' firewall and malware alerts from our antivirus system went from 5-10 a day to literally 1 every 3-6 months, and all of them being secure e-mail bombs that happened to escape our mail and URL filters. I get a call once a month for a "Call Microsoft" Scam vs 1 at least daily before the block.
Oh, but Web browsers block malicious ad's. Yes they do. And they are absolute trash as it. By the time they block a malicious URL, Half the world and dog has already been infected and every competent Adblocker was already blocking it in the first place. Every single one of the calls I have got from a "Call Microsoft" Scam has either come from the Microsoft Start Page in Edge, The Recommended By Pocket in Firefox, the or the Front page of Google Search. If they can't even keep their home pages clean, then why the hell would you trust them to keep your PC clean?
Also, you would think that the companies that serve ads would screen them, They Don't. Period. If they do anything it's a quick skim, the URL pops up a GIF or JPG and it's off to a million+ hit site to become a bomb within 20 minutes.
The absolute, dumbest, most "Pants on head Retarded" thing that ever happened to web ad's was allowing any form of active content. If in the off chance I ever went nuts and started to run an ad company, and was accepting ad's from a third party, I would only accept two things.
1) the GIF, JPG or WEBM of your ad, which would be screened for malicious things like timed frames or code injections and possibly re-encoded on the fly through a screener for maximum protection.
2) The URL that the ad goes to when you click on it (which would be only to a direct site such as whatevermysitenameis.com, not whatevermysitenameis.com/obfuscator/reallylongrandomcharacterssoyourscreenermissesthe/infectomaticscript?uniqueinfectionvectorID or absoluterandomcharacters.stupidTLD)
I would absolutely, never ever, EVER let anyone other then my company serve the ads to save on bandwidth or other stupid things. I'd save bandwidth by the re-encoding process and try to win on customer trust rather than profit maximization. This is exactly what Google did when they started their Adwords campaign back in the day when the world was full of noisy flash ads, popups and monkeys trying to get people to punch them for $20. No Pictures, Ad's were off to the side and easily identifiable and prices were equable to the point that everyone went with them. Now a Days, they might as well rename adwords to TreeLoot.
Ad's lost my trust when they started becoming less about adverting something and more about being an infection vector. There is no turning back. I will not risk my security (or my coworkers) because you need to make a buck or two, and if anyone in our company gets an infection from any site because YouTube coerced them into removing or disabling their adblocker you can be damn sure that there will be a lawsuit against Google for the malware cleanup cost afterwards.