When I used Windows XP Pro (I now use CentOS and Debian), I set the system up such that I didn't need AV...I basically applied what I learned from Linux.
(1) Set up a Limited User Account (LUA)
(2) Software Restriction Policy (OR if you're using XP Home; use => http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm
(3) Install only the apps you need.
(4) Online Armor Free Edition. (Software Firewall with HIPS...ie: It warns you something is trying to execute or "dial out", and gives you the option to stop it.)
(5) Removed or disabled Services, etc you know you'll never use.
Of course, the "Cons" to this approach is that XP isn't forgiving when it comes to using LUA...So you have to use something like SuRUN to allow certain apps to run with Admin privileges. A little testing is required before putting it into "production use".
Complement the above with "security aware" computing habits, and you're largely fine. (I used AutoPatcher to pull down updates).
I set this approach up for my dad's XP box and spent a few hours with him on correcting his poor computing habits. This was in early 2008. Its been a year. No infection or complaints from him. He can still use his PC, but he's now much better off than most people.
I don't trust AV implementations for 3 reasons:
(1) AV companies use FUD because most people are ignorant on computer security matters.
(2) AV apps are cures to a problem, not prevention. As long as people continue with cures, AV companies remain profitable.
(3) They have been proven unreliable in the real world. (You are reacting to threats! You are already at a tactical disadvantage!)