And the evidence that antivirus by its very nature cannot protect against zero-day threats? And the incontrovertible evidence that the deep hooks put into any OS by AV software presents increased and significant attack surface that directly leads to compromised systems?
This isn't a black and white issue. If it was, many smart people wouldn't disagree with you about it, including Steve Gibson. You can't just declare a debate over because you've decided you're right.
I never said the debate was over, or that it was a black-and-white issue. Going over your points:
1) Signature-based malware detection indeed cannot protect against zero-day threats, or even against polymorphic malware. But almost all antivirus software is much more than just signature matching these days. The real mark of a good AV suite is how well its various behavioral and code-inspecting tools can stop zero-day malware. Some of our top-rated products stop all of it in lab tests.
2) AV software does create a huge attack surface, which is why it's very important that AV software makers take care to make sure that their own products don't become the vector for an attack. But you know what's even more dangerous? Web browsers, browser plugins, Java and Microsoft Office software. If you didn't run any of those products, and never connected a PC to the Internet, you could probably live without AV software. But most people definitely need it.