I've been hearing how AV's are failing since the 1990s, during the BoCLEAN days. Frankly, it's FUD, marketing 101. If anything, AV's are better now, and more effective against the 'primary' threats. PUPS, PUAS are what we run into 99% of the time, and a good AV that detects those is a valuable asset (cough - Eset, MBAM). For me, when deploying security setups I look for products, and methods to stop those. I hate going to work on a machine and finding 200 PUP/PUA traces bogging everything down. A wise AV vendor would shift significant resources toward conquering PUP/PUA, anyone ignoring it is ignoring the problem, and a whole lot of AV's ignore PUP/PUA's.