IF
1) your ISP filters your email for spam and viruses
2) you use Mailwasher to pre-check your email
3) you're ultra-careful about what email you open and only view it as text rather than HTML
4) you've set Windows NOT to hide extensions for known file types
5) you have an up to date HOSTS blocking file
6) you always run as a user with minimal priviledges (rather than as Administrator)
7) you enforce proper password security with regularly changed 7 character alphanumeric passwords
8) you're running with a absolute minimum of services active
9) you run Windows Update religiously
10) you're using NTFS and have disabled Simple File Sharing and tightened things up
11) you're behind a tightly configured, preferably hardware, firewall (and most firewalls are NOT tightly configured out of the box)
12) you have a
verified off-site Backup strategy
13) you have enabled and configured security auditing and review your logs regularly.
14) you use a non-Microsoft browser and email client.
15) Etc., etc., etc. you get the idea.
THEN you might consider running without AV in Windows (
though no AV will protect you from Windows default insecurities).
There are
dozens more security tweaks that you can apply, AV or no AV (such as changing the Administrator name from the default). I use most of them and I'd STILL be reluctant to run Windows without AV software.
A properly hardened Windows installation is quite a chore, but Windows can be made pretty tight.
A truly hardened Linux installation is also a chore, but then you're talking about security of a different order of magnitude!
Suggestion: Use AV software in Windows - Grisoft's AVG -
http://www.grisoft.com/doc/1 - is my choice.