Antivirus realtime protection: case in point.
For years, I've been bemoaning people's ignorance toward computer viruses. There's this general misconception, that existed for as long as I can remember, that, hey, all you need to do is to scan your computer from time to time and you'll be fine.
The reality of the situation is, as I've been pointing out, is that by that time it may be too late. There have been viruses known to encrypt your entire hard drive in background, destroy your motherboard BIOS without a chance of recovery, and, most importantly, a self-respecting virus, upon activation, will do whatever's necessary to one-up whatever antivirus programs you may have installed on your machine, as well as your future attempts to remove it, including changing local policies to cripple Task Manager or encrypting themselves.
That's why realtime protection is _mandatory_. You get the virus before it is executed.
Two days ago this was demonstrated to me in crystal clarity. I've been running Kaspersky on my parents' machines, however, for performance reasons, I only set it to scan files on execution.
That was a big mistake.
Somehow, my father was emailed a dropper for NTOS.EXE virus, which he executed. The dropper itself is a harmless program - all it does is secure NTOS in place, making sure it executes before anything else (from several places). The file also changes the viruses' length randomly to fool your crappy Uncle Bob's Virus Signature Scanner.
Even after I cranked up Kaspersky to scan files on both write and read, and turned on heuristics, the virus was undetectable because it has secured the first spot in being executed, and because it manipulated security permissions to be unreadable, yet still be executed.
The only reason I was tipped off to a virus' presence is because my father's machine would hang everytime I would change network settings. You see, NTOS.EXE hooks itself into your networking, captures the keyboard, and attempts to steal your login credentials to a few major online banks.
Once I recognized NTOS.EXE and the folder it created inside SYSTEM32, I blanked its security permissions and restarted the system - it failed to execute. Then I gave it back normal permissions. Kaspersky instantly perked up, notified me that its heuristics detected a trojan, and deleted it.
Morale: use a background filesystem scanner. Enable heuristics as well - (I've had cases where I would run a freshly downloaded "greeting card" virus and the antivirus would ONLY stop it when heuristics allowed it to detect it as a variation of something it already knows; its default setting, which only relies on pattern matching, just let it execute).
If you're concerned with performance... well, in case of Kaspersky, I can set it to turn off realtime scan when I run Quake Wars or WoW, or just make it skip scanning the folders containing them. With today's disk access speeds and CPU speeds, realtime scan isn't that much of a bother compared to the risks you run otherwise.