in the real world....
where does all of this stupid binary thinking come from?
AV = bad, whitelisting = good...
AV definitely has its uses protecting users from commodity malware. The only problem is people thinking it will protect them from ALL malware. Doesn't make it useless though.
Whitelisting is a better approach, but unrealistic except in tightly regulated environments. Want to implement it in a large, diverse organization with finite support budget? - good luck with that.