https://www.virustotal.com/file/93e...829ff7cc1f8b1f428310ab60/analysis/1347591910/
^ Pretty much all antivirus sucks. If you read up on malware like the BlackHole exploit kit, they actually integrate antivirus scanning in their product to make sure their polymorphic one-off malware files DON'T get detected. WHILE serving them live! Sophos has a writeup, for those interested:
http://nakedsecurity.sophos.com/2012/03/29/exploring-the-blackhole-exploit-kit/ Pro tip: unlike these testing outfits, the bad guys don't use stale collections of malware to attack you.
I'd say if there's a feature to look for, behavioral detection has potential. But the products I've used that have host IPS/behavioral detection slow the system down, which is a logical result when it's watchdogging everything.
I have ten systems at work running MSE in the hands of average people, as well as my own at home, with no infections. But as you probably can guess, the antivirus software is just a third-string player in my security gameplan. I've uploaded tens of thousands of malware samples at VirusTotal, and the results teach one lesson: DO NOT rely on antivirus protection. Use it, but don't think of it as a solid defense.
Use low user rights, use Software Restriction Policy or Parental Controls to prevent your low-rights account from executing anything it's not supposed to, use EMET, max out UAC, disable AutoRun, use a browser with sandboxing/Protected Mode, remove all unnecessary software (most of all Java), and update the rest rigorously and check it with Secunia PSI. Got all that? Ok,
now throw on an antivirus.