When my SOHO-type fleet was on Win7, we used MSE and I recall one email whose attachment was marked malicious by MSE. I uploaded it to VirusTotal and Microsoft's engine was the only one detecting it, out of about 40. But on any given day, those stats could go any direction. My take: use antivirus software, but keep your expectations realistic. Look at how many years malware like Flame evaded every antivirus vendor in the world simultaneously. Including anyone's favorite brand.
I think this is part of Microsoft's rationale. The best A/V (for them) is the one that does not 1) get turned off because it's in the user's face, or 2) expire and become worthlessly out-of-date.
On the original topic of "what antivirus/antispyware do you use on Win8", this is what I use:
1. a CPU that features SMEP, which currently means Ivy Bridge and later. SMEP is like a specialized version of DEP, and Win8 is the first desktop Windows to make use of it.
2. a motherboard that supports, and is configured to use, SecureBoot. SecureBoot will not allow the system to boot if the boot record has been tampered with, a very dangerous and increasingly prevalent tactic of bootkits. Win8 is the first desktop Windows with this capability.
3. Software Restriction Policy. Indiana Jones gives a fairly succinct demonstration of how SRP works in this clip:
http://www.youtube.com/watch?v=4DzcOCyHDqc Your antivirus software wishes it were anywhere near as effective against new malware and exploit payloads as SRP is. If you're ready for big-boy protection, here's how to set up SRP:
http://www.mechbgon.com/srp
4. Microsoft EMET with the EnableUnsafeSettings=1 tweak and all settings maxed *ASTERISK!*. Nobody expects the Spanish Inquisition, and nobody expects your copy of Popular Software X to be a genetic freak that their precious exploit won't work on, either.
5. NO JAVA. And for that matter, no Adobe Reader; the built-in Microsoft Reader suffices for my needs, runs in an AppContainer, has little attack surface, and updates automatically FOR REAL.
6. IE Enhanced Protected Mode, particularly effective on 64-bit Windows where it can also use High-Entropy ASLR. Puts each tab process in its own super-restricted AppContainer sandbox. I also have my launch shortcut set up with the -P command-line switch, which launches IE in InPrivate mode, and use ActiveX Filtering to opt in ActiveX only on sites where I want it to work.
7. Windows Defender antivirus/antispyware, with a repeating update task that ensures it updates when I log on and every several hours thereafter, and a nightly full scan. Because hey, the CPU would be bored otherwise
8. I use the CWDIllegalInDllSearch tweak to block DLL shenanigans that try to ride a legit app's coattails. This is defense-in-depth since SRP would blow away that approach regardless. It is capable of freaking out certain software like my antique image-editing program, but exceptions can be made:
http://support.microsoft.com/kb/2264107
9. I have AutoRun/AutoPlay disabled system-wide. If *I* want it launched, by golly, I will launch it myself.
So that's my Win8.x security gameplan. Obviously, the bulk of the protection is simply to use the hardware's and OS's capabilities to their full extent. Fretting about whether antivirus X is __% better on average than antivirus Y is like worrying about what type of paint you're going to use on your
BattleMech Before worrying about the paint, make sure you've actually put all 12.5 tons of armor on it
*ASTERISK* I have discovered at least one popular program that cannot launch if system-wide ASLR is set to Always On: EA's Origin. If I want to get my Crysis 3 fix, I have to back EMET down to the "safe" setting: Application Opt-In.