The only thing I completely agree with the current answers is this sentence:

It is impossible to give a short and capacious answer to this question, there are many nuances

Nevertheless, I will go through each question and statement in a simpler and at the same time more detailed way, but first I need to clarify something:
What is a virus? Google will give a not entirely clear answer to this question, therefore, within the framework of this question, I will designate a virus as a malicious CODE, the purpose of which is to bring profit to the creator at the expense of the user . A lot of different code is played on the computer, and only in rare cases, with certain actions, you can stumble upon a malicious one.
Even here, in one of the answers, it is advised to install the NoScript extension, which, in other words, will turn off all the part of the code that is responsible for assembling all web pages. You should not follow this advice.

Someone says he went to the site - he picked up the virus

- Under the phrase "went to the site" you can mean several completely different actions, but, in general, any of these actions can turn into something more or less unpleasant.

1. Just open the site in a browser and do nothing else. What can an evil website owner do?
   Some of these:
   - try to convince to click somewhere;
   - turn on the miner*, which will exist only when this site is opened;
   - take the computer's Internet identifier (IP) and start sending many, many requests to its address so that the user simply stops working on the Internet for fun for a while;
   - enable scary loud video.
   *miner - malicious code that uses PC resources to mine cryptocurrency
   In 99.999% of cases, absolutely any sites will have the first subparagraph. The rest are just for reference. There is one more sub-item that I did not include in this list - large vulnerabilities in the browser or in the operating system that allow you to bypass all the prohibitions that the browser applies to the code of site owners. Such vulnerabilities can allow you to immediately do what will be discussed below, but in practice, encountering such a vulnerability is equal to the chance to win a very large lottery, and the more often the system and browser are updated, the less this chance.
   
2. Click somewhere / press a button on the keyboard
   Such an action can already start downloading a file to a computer or subscribe to a paid SMS mailing list if the site has opened a smartphone via mobile Internet. However, don't panic. You can unsubscribe from the mailing list, and the file itself will not open if you do not click on it.
   Those who are far from the world of computers, due to lack of experience, simply do not distinguish when the screen shows them the contents of the site, and when - browser events. But usually the browser has some specific animation when downloading a file, and if there is a suspicion that the site has started loading some kind of file that is not like that, especially if it is a site that does something quickly and for free, then you should carefully open the downloads folder , the address of which can be found in the browser settings, and delete the file from there.
   Also, do not immediately click on colored buttons in specific browser modal windows that allow the site to make notifications or download files without asking. It is worth reading everything carefully to begin with to understand that there is some kind of logical inconsistency
   
   
3. Active use
   In general, there is no difference between the capabilities of evil coders for this item and for the past, but such an item can mean something unsettling - you believed such a site. There are many sites whose purpose is to deceive the user and force them to enter private data on such a site, intended for reliable sites. They make the address and design of the site very similar to the original, they make many long psychological chains that make the user think that everything that happens on the site is real, when in fact he is promised money, but is asked to pay for their delivery. How to be in that case? You need to stop trusting everything that is written on the Internet.
   

What happens if you still open the file that was downloaded?
If the operating system does not have any protection-warning before the file opens, then in this way on a poorly configured system you can install a self-executing code on the computer with one click, which can do almost all of the above actions, and even more - block the computer or delete files permanently, extorting money from them. At the same time, unlike the browser, there may not be any visual animations at all, and even more so the "Return Back" buttons.
In general, the situation with "viruses" on the Internet is moderate, if you know where you can click and where you shouldn't. At this stage, from Yandex.ru advertising you can get to an online store that will never send the goods and will not return the money, and from Google.com issuance you can easily get to a malicious site that will contain nothing but buttons like on the screenshot above, and will show these buttons until the user agrees, but personally I haven’t even used any antiviruses for a long time, because I know superficially how it all works.

In general, there is a possibility that ionizing radiation from outer space or just from the environment will enter your RAM and, if things turn out well, it will change several million bits and create a virus there that can capture all of humanity. The chance of this is about 1/10^10001000

Hello.
It will not be possible to give a short and capacious answer to this question - the topic is too broad, and there are a lot of nuances.

someone says that you can go to sites, the main thing is not to download anything

In this case, there are transparent iframes or autoload, so by.

How can you catch a virus at all and how can you not?

Usually - out of stupidity and / or inattention. There is always a risk, if only because of 0-day vulnerabilities.

Which activities are completely safe and which are not?

A completely safe action is inaction, in all other cases there are risks. The base is not to sit under the administrator, not to use warez in any form, not to go to dubious sites, install system and software updates, and periodically do diagnostic checks of the system. For the browser - security plugins, strict security policies in the settings (it will affect usability in some cases, but here what is more expensive for you).
Something like this.
ZY: https://stepik.org/course/191/promo

Download programs only from the developer's official websites or popular torrents where there are reviews