I believe the value of av is much overrated. There's no av that detects all active viruses or malware that runs in the wild.
Everyday, new malware is released which is not recognised by av, despite heuristic analysis.
It takes at least a couple of days before the new malware has been reported, analyzed, added to the av-list and updated to the clients.
In the meantime many pc's are already infected.
One could argue that it's better to have just three pieces of malware installed on your pc instead of hundred, but in the end I don't think it makes much difference...
Rootkit detection is difficult because a rootkit may be able to subvert the
software that is intended to find it. Detection methods include using an
alternative and trusted operating system, behavioral-based methods, signature
scanning, difference scanning, and memory dump analysis. Removal can be
complicated or practically impossible, especially in cases where the rootkit
resides in the kernel; reinstallation of the operating system may be the only
available solution to the problem.
Operation "Red October" was able to stay under the radar for five years:
https://securelist.com/blog/incidents/57647/the-red-october-campaign/Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded.
http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.htmlAntivirus tools are a useless box-ticking exercise says Google security chap
Advocates whitelists and other tools that 'genuinely help' security
http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/Several Symantec AV products allow an attacker to run arbitrary code under Linux, MacOS and WIndows. Yes, it's really bad. Affected products are Symantec Endpoint Protection Cloud Client, Symantec Endpoint Protection Small Business Enterprise Client, Norton Family, Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security and Norton 360.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161117_00#_SYM16-021_/_SymantecDoubleAgent: Taking Full Control Over Your Antivirus
http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/http://cybellum.com/doubleagent-taking-full-control-antivirus/http://www.theregister.co.uk/2017/07/31/ai_defeats_antivirus_software/https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/