Anti-virus vs. Non-Admin

This may be controversial, but I truly believe it and I'll say it:

With today's threat landscape and the way malware works today, you are better off running as non-admin WITHOUT anti-virus than you are running as admin WITH anti-virus.

If your anti-virus/anti-spyware/anti-malware software requires that you run as administrator in order to protect you, GET RID OF IT. It is not worth the cost. As Paul Coddington put it, it's "sort of like having a burglar alarm that only works when your house is unlocked and the doors are open."

Most if not all of the most prevalent malware out there today simply will not work if it runs with non-admin privileges. That will change over time -- especially after the release of Windows Vista -- which is why I preface my assertion with "With today's threat landscape". Hopefully by then, anti-malware solutions will have changed, too.

[Addendum - June 4, 2006, 2220 EDT] I would like to clarify one point: If you are running as non-admin, you are better protected if you have good, up-to-date anti-malware that works well as non-admin than if you have no anti-malware protection at all. (On the other hand, if the anti-malware contains bugs in high-privilege code or exposes other elevation of privilege paths, maybe you're not!)