I use MSE, and this graph has done nothing to change my mind about using it, since it doesn't say how these machines were compromised or what they were compromised with, how diligently certain non-antivirus software was updated, what kind of risky behaviors were simulated, or even what "compromised" means.
Does being able to visit a "malicious" website without being infected with anything, still qualify it as being compromised merely on the basis of being able to view that website?
How about e-mail attachments? Does merely receiving a malicious attachment that is downloaded to your machine when retrieving e-mail via POP3 (a perfectly normal thing to happen to one that does not use webmail or IMAP), qualify as being "compromised", even if the e-mail or attachment was never opened?
How about opening an e-mail containing a link to a malicious website, even if the link was never actually clicked? Does that qualify as "compromised"?
Was the vast majority of malware that slipped through of the type that would typically end up only on a machine of someone that routinely downloads "cracks" and "keygens"?
Does merely having a perfectly safe .ico file extracted from the executable of an old piece of spyware, without actually having the executable on the system, qualify as "compromised"?
All this graph did was cause me to add another anti-virus to the list I won't ever consider using, based on its insanely high rate of false positives [F-Secure].
That list already contained at least 6 other products mentioned on that graph, that ended up on my "don't use" list due to previous negative experiences with them, some of which had nothing to do with their ability to detect malware. Some are on that list for efficiently detecting malware, claiming it successfully removed it (when in fact it had not), and interfering with my ability to manually remove it from infected machines (they produced as many annoying popups as the malware)[Avast, AVG, Avira]. Others are on the list by successfully preventing all possibility of infection by slowing the system down to an unusable state (you can't get infected with anything if you can't use the machine) [Kaspersky, McAfee]. And another is on the list due to ethical reasons, for their policy of placing all known websites on their "malicious" list by default, until the owner of the site contacts them to complain about it (and their lost revenue, lost business, and damage to their reputation), and have their site manually evaluated and removed from the list [Trend Micro].
MSE is doing its job, as far as I am concerned, by keeping everyone I have recommended it to (IRL) from phoning me to come over and clean up their systems. And as long as my phone isn't ringing and my own systems stay clean, I will continue to use it.