Here’s the thing, and I speak as a man that has used Mac (7,8,9,X.1,X.4), Linux (too many distros to list) and Windows (98SE, 2000,XP)… Anti-Virus software is only necessary if you’re a dumb-ass. Those same SysAdmins that look at you mouth agape also secretly harbor the opinion that you’re a knuckle-dragging moron that will click on every banner, download from every prompt and install every open-ended malicious piece of software you can get your mitts upon.
And if they’re a typical user who doesn’t understand saftey, well, they’re probably correct. Not that they mean to be that way, it just happens through lack of education. But if you’ve got a good knowledge of your system, understand what you’re downloading and from whence it comes, you’re pretty safe. If you’re unsure, run a virus scan pre-install and post-install. No need to have constant vigilance if you’re not installing some crappy new thing or another every single day.
I keep a copy of AVG Free 7.1, which I almost never allow to run its automatic scan. I know what I’ve installed on my system, I know what’s malicious and what isn’t. If it’s malicious, I avoid it. I use a closed browser, FireFox, with additional security measures added into the mix. I avoid file-sharing, gray-area downloads and the like. I don’t have virii on my computer simply because I don’t let them into my system. GMail protects my email (and it being web-based means I have access to it anywhere, any time, and as long as I’m using FireFox, I’m basically secure).
Most users, however, aren’t educated. I educated my parents: time and again I told them “If you aren’t sure, ask me. If you are sure, ask me. If you’re 100% positive, just ask me.” Then I explained. After awhile, they stopped needing to ask me. As far as I know, they never get viruses anymore. Of course, I pounded the basics into their head early. AVG, SpyBot, Ad-Aware, HijackThis. I make them install HijackThis, but they still have me look the list over before they disable anything.
Frankly, an informed user is a safe user. The only thing you really need is a simple firewall, because DoS attacks are just /so/ 1993.