You cannot rely on antivirus
Antivirus is inherently out of date while consuming ever-increasing resources while viruses are now far more dangerous.
As the number of viruses/malware to scan for and parts of the system to monitor for infection increases more resources will be required. I bet we already spend the equivalent of one whole CPU of ten years ago just scanning for malware on the typical modern computer. In the last couple of years there has been talk of the end of antivirus as we know it:
This is because the increase in resources required to secure the computer cannot continue forever.
What's worse is that antivirus only detects known viruses. There are an increasing number of unknown viruses out there and antivirus vendors are falling further behind. There has always been a large lag between initial release and detection by antivirus software. The virus has to be released, discovered, reverse engineered, signature created, added to antivirus software signature database, then the user has to update. This all takes plenty of time.
There is an increasing number of unknown viruses out there that do not get caught until after they have already caused damage. Google had no clue they were infiltrated until the bad guys tipped their hands by getting caught logging into other people's webmail accounts which prompted investigation. At that point the malware they had been sent was undetected. There have been serious consequences, likely including prison time if not worse, for certain human rights activists in China whose gmail accounts were compromised.
Stuxnet was discovered in June 2010. The widely accepted theory is that it was designed to sabotage the Iranian centrifuges and has probably been successful. According to:
we see the number of centrifuges online decreasing between May and August of 2009.
On July 17, 2009 WikiLeaks posted a notice saying:
Two weeks ago, a source associated with Iran’s nuclear program confidentially told WikiLeaks of a serious, recent, nuclear accident at Natanz. Natanz is the primary location of Iran’s nuclear enrichment program. WikiLeaks had reason to believe the source was credible however contact with this source was lost. WikiLeaks would not normally mention such an incident without additional confirmation, however according to Iranian media and the BBC, today the head of Iran’s Atomic Energy Organization, Gholam Reza Aghazadeh, has resigned under mysterious circumstances. According to these reports, the resignation was tendered around 20 days ago."
A centrifuge full of uranium hexaflouride turning at 15k RPM failing and spewing its contents widely throughout the facility due to someone messing with the speed controls via the computer which controls the PLCs is indeed a serious nuclear accident which could end the career of whoever is in charge.
All of this implies that it was more than 10 months that Stuxnet was out there completely undetected by antivirus.
What malware is on the computer you read this on that you won't know about for 10 months?