This article is one of the best description of the current situation that I've seen out there. Some of juicy bits:
This comfort and confidence is the problem - if this user had learned the basics about how malware works and is spread, and been educated on the simple day-to-day activities which put them at risk, I would argue that at some point, this knowledge would be more effective at stopping the infection than the anti-virus software.
So does anti-virus software make us less secure? Not really, it's the false sense of security it invokes and confidence in these solutions to make us 100% secure that make us less secure.
Go on and read the rest of it.