The zero-hour threat (a concept by which computer threats are spread before security firms find out about it) should be the least of people’s worries. Anti-virus firms have admitted they can’t catch things like Sony’s rootkit, because they just don’t know about them.
The fact of the matter is, rootkits are designed with stealth in mind. The security set needs to get away from the “definition” method, whereby they develop “antidotes” for known threats (and require you constantly update your machine’s definition database), and start thinking along the lines of behavior identification (like your pathetic spam filter).
But if you are running Windows and a flavor of IE, you SHOULD just keep on worrying about zero-day exploits.