They recommend it because Norton has gotten much much better than it used to be. It's actually a good suite now. McAfee still sucks.
The truth however though is that millions of iterations of malware are rehashed every day and definitions cannot keep up. Even heuristic detection can only do so much. Sometimes you need to use a boot disk scanner as well because root kits can hide from Windows API, be sure to turn off restore points first so they don't hop right back out of it. Looking at your processes can also help with process explorer or something similar. Or if your really hardcore you can look at network traffic leaving your machine and see if your PC is communicating with command and control servers for known botnets.
We catch them like that at work every week when traditional AV misses them. Once we see the malicious traffic at the network gateway we can run a gammit of tools to find out where the infection is on the machine. But the truth is you can lock down your machine, no admin privs, firefox, noscript, adblock and the like and that helps but you can never be 100% protected.
And they keep getting my info from games I played like Rift and Champions Online when their servers get penetrated. And their is **** all I can do about that except to use unique passwords and watch my credit and whatnot to make sure no one is taking out loans in my name.