Quick opinion (sorry)
I never had any problem regarding Virus/Malware/Spyware/Addware/... in any of my computers, and almost never have installed any antivirus locally, or if installed, it's with the lowest level of security just to check pen drives/CD/DVD's/...
But my e-mails are checked on the server side (Exchange), and we are about to move this check to outside servers.
I entirely agree with your considerations, and will just reinforce it:
Rule #0 Windows Update: Allways turned on in maximum power to not miss any, and receive all asap
Rule #1 Email: Shift-Del to any unknown received e-mail
Rule #2 Websites: Avoid to navigate into any website of the kind you mentioned (social, file-sharing), and particularly key crackers
Rule #3 Download: Even less install download managers from content sites or file sharing
99% of the infected Pc's are caused by human curiosity (that don't kill the cat, but the Pc
)
But it's very hard to convince everybody to follow this so, obviously we have antivirus installed in our customers Pc's trying to keep them secure, but at the same time we must not hang their Pc's, to what we follow other basic rules:
1 - Do not mix windows firewall with antivirus firewall, we never use the antivirus firewall (and keep all computers fully updated regarding all software in use)
2 - Adjust antivirus settings to not scan on reading files, but on writting (how to handle this may vary depending on which antivirus you're using)
3 - Special attention to not scan folders related to printer spool (most antivirus already do this by default, but...)
4 - Again updates, antivirus must be updated to both virus lists and particularly the engine. Very often, antivirus hang (wasting high CPU) during a non well succeded update