AV is doomed to failure
An AV package needs to scan, in real time, every input source of the computer - network, USB ports, floppy disks (for your nana in Iowa) etc. No AV package can do this without materially affecting the performance of said computer. Doesn't matter whose it is. Sure you can pull tricks like heuristic scanning but that's really a bandaid - a heuristic is basically an intelligent guess based on experience that allows the package to shortcut the full scan function. So not perfect, and never will be.
Compounding the problem is that most AV packages are aggressively horrible: buggy, difficult to manage, and reeking of money-grubbing (I find AVs' prompts to try/buy and their ordering systems bizarrely mirror the look and feel of the very kind of dodgy malware they purport to defend against - almost like they were written by the same people). I would rather have imperfect Windows Defender baked into the OS than some sh**ware from Symantec. It occurs to me that with MSFT's penchant for data collection they are also in a position to start doing behavioral analysis on network connections too, like CC companies do. If my nana's PC in Iowa suddenly starts making TCP connections to a server in a faroff country, wouldn't that strike you as a little odd?
Biting the hand that feeds IT
