Originally posted here by thehorse13
Very good point, however, if you have 60,000 nodes, how would you defend against contractors and end users plugging in a laptop that has been infected from external sources? In addition to that, not every department is as vigilant about patching and definition updates.

See where I'm coming from? It's very tough to keep a large userbase clean. It makes it even worse when the leading software vendor on the planet is advising you to disable virus protection without so much as a mention that it may be a bad idea or even more so, a violation of your organization's security policy.
I totally agree. My company currently has an employee base of around 75k people and we have a very very hard time securing the desktop. That is why we place a much higher emphasis on securing the other areas of our network. We've taken the standpoint of blocking all traffic from a suspected contaminated computer first, and asking questions later. It is really the only way to deal with non standard infected machines being plugged into the network.

I can see where some clarification of the original technet article would be good for the end users well being. I guess we are not confident enough in our users to tell them to go look at technet themselves. Instead we have built up extensive internal documents and help sites that we recommend our user base go to before calling a helpdesk.