They both seem to be a necessary evil. AntiVirus software is notorious for wrecking applications. Support always has a sneaky suspicion that your Antivirus program is actively working against your business applications but you are obligated to run it. On the flip side, patching applications might just break them. It's a gamble. Fix one thing, break two more. You just can't be sure without properly testing.
Antivirus programs are mini patch managers. There probably is no better example of a program that needs almost constant updating and patching than an Antivirus program. Those definition files come out at a furious pace sometimes. Centralized patching and Antivirus definitions are critical to not bringing your network to a crawl during peak times.
Both Antivirus and Patching strategies have a security angle. They actually work hand in hand. One knocking down threats that probe and attack and the other closing holes and reducing attack surfaces for threats that are already there.
*Reply to this post to earn 50 points and 1 entry to win an iPod Nano