Ill go with Sometimes, for example, does an experienced user who know what to look after know if they experience a drive-by attack? or an network attack? neither does the average joe, which is why having some sort of security product is important.
How so ?
They would test in a isolated environment the security products.
And would debug / fuzz to play with it.
But can't understand how it increases the risk ?
I voted yes. Due to being well aware of security, I realise the important of keeping my systems updated and know not to open random files (e.g. email attachments from unknown senders) and as a result I never get infected.
All the security experts I know keep their security very basic, very simple. And they say (and prove) that for most people very basic, very simple protects average joe and jane. Proof of this fact is that only a minority of all users get infected with only native Windows security. The notion that people need to use anything other than very simple, very basic is due to fear mongering marketing and a tiny fraction of all users who are paranoid. Threats are blown way out of proportion.