Hi androidcool.

I am not a great expert but I note that your question is unanswered so I will have a go.  

Android works in a different way from Windows and as far as I am aware there is no current case of an Android phone being infected by malware by just browsing a website.  However anything may be possible and I will not say that it cannot happen.  I would say however, that if you stick to mainstream websites and have NMS installed you will have gone a long way to reducing even further the chance of having a nasty surprise!

I hope that helps.

To clarify, drive by downloads occur due to vulnerabilities in the browser used.  PC's are a huge target and the PC browsers have a lot of vulnerabilities.  As Mobile browsers become a bigger target I'm sure that some will be found, but the OS design does help limit these types of attacks for now.  So far, we aren't seeing any in case you were wondering.  

> So no windows viruses spyware finding there way on to android and being saved

It's difficult to see how this could be true.

There's Flash, Adobe Reader, Java, ...

@androidcool,

Not exactly what I was meaning to say.  For example.  Let's say you have a Windows virus file that is copied to your android device.  On the device the virus is inactive.  This is because the threat is a designed for a different environment.  A drive by download occurs when a script/etc on a website is designed to take advantage of a browser vulnerability to remotely download and execute code.  It requires two things.  The first is someone using a browser with a vulnerability the hacker can take advantage of.  The code that is downloaded can be executed.  

@joen,

The items you listed do exist on Android as well, but keep in mind that each environment has a different set of vulnerabilities and limitations in exposure.  For example, if you had a vulnerability that allowed remote execution and required an action that requires superuser access on an unrooted device, the vulnerability would be useless for someone who wanted to attack an unrooted device.  

Close enough.  Short answer, yes for now.

Ironically, there was a pop-up on our Windows computers this morning about a new version of Flash.

Adobe posted a security warning a few days ago on their website.  Which, of course, I didn't see until I looked for it today because of the new version availability. Here is an abbreviated version of it:

-----

Security update available for Adobe Flash Player
Release date: February 15, 2012

Platform: All Platforms   <----

Summary:

This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for _Android 4.x_, and Adobe Flash Player 11.1.111.5 and earlier versions for _Android 3.x and 2.x_.

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only).

Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6.

Affected software versions:

Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems

Adobe Flash Player 11.1.112.61 and earlier versions for _Android 4.x_, and Adobe Flash Player 11.1.111.5 and earlier versions for _Android 3.x and 2.x_

Solution:

Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6 by browsing to the Android Marketplace on an Android device.

Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6 by browsing to the Android Marketplace on an Android device.

Severity Rating:

Adobe categorizes these as critical updates and recommends users update their installations to the newest versions.

Details:

This update resolves a type confusion memory corruption vulnerability that could lead to code execution.

This update resolves an MP4 parsing memory corruption vulnerability that could lead to code execution.

This update resolves a memory corruption vulnerability that could lead to code execution.

This update resolves a security bypass vulnerability that could lead to code execution.

This update resolves a security bypass vulnerability that could lead to code execution.

This update resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website.

Affected Software:

Flash Player 11.1.112.61 and earlier for Android 4.x
Update:  11.1.115.6
Availability:  Android Marketplace
 
Flash Player 11.1.111.5 and earlier for Android 3.x and 2.x
Update: 11.1.111.6
Availability:  Android Marketplace

Flash Player 11.1.102.55 and earlier for Chrome users
Update: 11.1.102.62
Availability: Google Chrome Releases