But it is a layer of the defense. Very effective if I can say.
People don’t want to be annoyed and then get infected…

Of course, malware tries to bypass it. And zero-day infection did it. Microsoft patches and updates (for instance, http://www.microsoft.com/technet/security/bulletin/ms10-073.mspx). It’s a cat and dog war like any other security program. It could fail, but, generally, it is a very very strong antimalware defense layer.