Well, when I read this, I did not interpret the information the same as you.
'140 million IP addresses' to me means that the number of nodes reporting into GTI. Thus, the likelihood of your node being the first to see a new piece of malware is small. This is a large database, giving better accuracy for new and unknown files getting the analysis needed to update signature files, quicker than without the GTI reporting. The law of large numbers is acting here. Probably the only larger database is MS, but mostly collected monthly (via MSRT), whereas McAfee is collecting constantly. That is as long as the On-Access Heuristics (Artemis or GTI) are ON.
But even if you completely disable GTI, the fact that others do not, decreases the time it takes for analyzing newly discovered malware. As a result, .DAT files may get updated signatures sooner, thus the On-Demand scan will catch that malware even though the On-Access scan missed something. The delay between new (zero-day) exploits and updated signatures is where On-Demand scan will catch things that the On-Access scan missed.
If the Signatures have yet to be updated for very recent malware, it is less likely that during boot the read of the file will catch the malware during it's startup (especially if VSE has yet to load). It's also unlikely that GTI can help much there as well, as many files may already be running before the network interface is active.
The one big downside to GTI is that when enabled, it is possible for VSE to mistakenly delete or force the deletion at next boot, a critical file causing the OS to now not boot. A False-Positive on a critical file can make for a very long day. So, GTI should not be set higher than Medium unless the security administrator is actively working on an outbreak within the network. Personally, I keep GTI set to Low.
With or without GTI, the On-Demand Scan does catch malware missed by the On-Access Scanner. For my customers, I recommend a Weekly scan, though this is debatable. Also, what is included in the On-Demand Scan can cover more items that might significantly impact performance on the On-Access Scanner. Thus, the on-demand scan may catch things that got through the more liberal On-Access Scan settings. It's a balancing act.
Anyway, just my thoughts.
Good point on the 140 million IP addresses - I suppose it is the way that you read it :-) I would agree with your interpretation. I also agree with your comments on the scenario where GTI is disabled. Thanks for your thoughts and interpretation on this - I think the journal article could have been worded slightly better, but I still think the journals are a very good thing.
Regards your comment on balancing acts - I wholly concur! The number of clients I have been to that think that VSE can simply be installed and left is quite scary :-)