Originally posted here by catch
The real question here isn't which approach is 100% perfect. The question is, is AV software needed. Clearly the answer is "no."
That's where I don't agree with you. (yet) If it's not 100% secure, you have to assume there is a small chance a virus could get through...!

Let's make a little scenario here. You have your "99%" secure MS network. A new virus comes out, utilizing an unknown vulnerability, no patch exist against it yet. Some how it enters your network, and compromises one machine...

In that scenario, if you did have or didn't have an A/V solution you would probably get compromised either way. The big difference here though is once the definitions come out for the A/V solution, it will at least hopefully detect that virus at that point, while a company without an A/V solution might not discover the compromised system until way later... with maybe a whole lot more damage done...