Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.
This is the purpose of the screen, to verify the address and amount are correct before signing.
no, it's not. The only way to guard against such attack (out of having one distinct channel to communicate Bitcoin addresses) is to support BIP 70 payments with properly pinned down certificates (so that the malware wouldn't be able to sign again in the middle with its own key).
To clarify (?):
* No device will protect you, if you got the wrong address to start with. If you are not a paranoid computer guy, malware could trick you by substituting the thief's address for a merchant's address that you got from email or a website.
* Assuming you have the correct address (and a legitimate Trezor with legitimate bug-free firmware), checking the address on Trezor's screen will protect against malware on the PC.
* As I understand it, the Ledger screen-less device picks some random letters from the address, and asks you to type the corresponding codes that you look up in an table provided with the device. Assuming you have the correct address (and a legitimate Ledger device with legitimate bug-free firmware), this protocol will protect from malware at first. However, as discussed above, after signing enough honest transactions the malware in the PC will get to know the code table; and then it will be able to trick the device into signing a transaction with the thief's address.