I disagree about the "always low detection rates".
First you have to understand from where you hear those "rumors". Mainly I guess from sites testing AVs. Many are in the security business one way or another (noone does it for free), meaning all this malware/virus craze is good for them : they get more traffic and more money from ads, more money from security sponsors, etc... So you have to take all their testing with a grain of salt.
Now MSIE is very good at what it does : detecting known threats. When testing AVs, the focus is on modified viruses (new ones not directly registered in the av signatures database, but still based on known ones) where 3rd party shine, they use heuristic algorithms based on known signatures to expand them to possible threats. This comes usually at the cost of cpu usage, the more complex the algorithm the "heavier" the program is on resources, and the more fake positives are shown....
Still the main virus definitions from MSIE is one of the best since MS has so many users who report to base it on. If a new virus shows up in the wild, the first to know will probably be MS. That's why their database is actually used by most AV vendors.
The main problem is new threats show up exponentially and more and more are totally brand new (meaning the base signatures are useless) so even all those great AVs aren't that good against them. When you have an exponential number of threats turning up every day, a strategy based on blacklisting (basically you try to list all known malware and check it against the user files), is rapidly becoming useless even with heuristics. Now all the big names are turning instead to hips or behavior analysis to try and check if an application displays any malicious activity... But by then the malware/virus is already installed, probably has administrative rights to your system and can basically do you a lot of grief.
MSIE when launched was actually lauded for its efficiency, and recommended by many. Just google the tests from the time and you'll see many reviews affirming so. In my opinion this actually turned against MS because security products aren't its focus, so they were stepping on their partners toes without real benefit. This might explain this perceived lack of interest of MS in their AV : since it's becoming futile to try and predict new viruses with a regular signature system, MSIE only protects against known ones with very low overhead, and let MacAfee, Norton and others do their business if users want something a bit more proactive.
But overall if you want protection against malware I think the best solution isn't any 3rd party AV but actually a whitelist based strategy (compared to the blacklist by regular AVs) which is completely doable with built-in windows tools :
Software Restriction Policy (Deny All), or Applocker plus Limited User Account, UAC, and integrated sandboxing (
Low Integrity Level introduced with vista I think)... When done right this restricts any unknown executable from running, protecting from most current malware. For example if when browsing a site, a virus executes itself (drive-by download), it will be either blocked completely (SRP/Applocker) if the user doesn't approve, or given low rights (Low Integrity Level, User Account/UAC) and won't be able to change your system or install its payload. When you are suspicious of a new program, then before installing you can always calculate its hash and send it to
VirusTotal (
sigcheck from sysinternals does it automatically if you're lazy) and you get a much better preventive security than any known single AV.
Here are a few guides on how to implement some good security basics. You can apply most on them even on windows xp, even on home versions but you have to manually edit the registry to implement SRP (I might add a guide if some people want)... :
mechBgon's guide for first-time PC builders... Best practices for ongoing security
How to make a disallowed-by-default Software Restriction Policy
Hardening Windows 7 Guide. Part 1 | Harden Windows 7 for Security
And if you want a nice read to illustrate why AVs isn't the solution to the malware problem, check
The Six Dumbest Ideas in Computer Security, especially Enumerating Badness which is basically the main concept of AV.