We're having the wrong debate
I love the way I hear people say they haven't had a virus in x amount of years.
In my experience, that mostly means you are not aware of the virus(es) on your machine, especially when you are only using the recommended list of software you find scattered all over the net.
The base problem is still the blacklist approach being used by AVs instead of an active whitelist. It's becoming more and more common for malware to use some form of polymorphism which means literally thousands of different variations, the broader the algorithms become, the more false positives we'll see and vice versa with detection rates.
This will completely depend on user requirements, but if you know what you are doing, the best way is going with DEP or some other whitelist approach, which is next to impossible to manage in corporate environments at the moment, which is exactly the point we should be debating on.
The host file entry suggestion hit near the mark and this can quite easily be integrated into the gateway of a corporate network, which will prevent a number of nasty scenarios but then you are again looking at a blacklist, at least it???s an holistic approach...
As far as the best AV go, we're back to an opinionated discussion, rather than any actual facts which can educate people on how to proceed, which means we're getting back to a list you can find on Yahoo Answers rather than among a group of IT professionals. We should be discussing new approaches, not picking the most successful loser or reinventing the wheel.
Stuxnet proved beyond any doubt that our existing approaches will not weather the storm to come. We aren't talking about 16 year old kids that start out with a bit of C++ and slap together pieces of code from online articles anymore, it isn't innocent anymore, we are talking dedicated professionals looking for monetary gain. They are knocking on the doors and our blacklist locks won't keep them out forever. They are knocking on the doors and it won't be long, they are coming.
