WinSock layer is impractical because it's too high on the stack. A program can easily bypass WinSock, thus bypassing the protection. A typical example of a network application that totaly bypasses WinSock is IIS 6.0. A number of AV companies use the Winsock layer to provide network AV shields but they never tell you that their solution is far from perfect.
A better way to do this is in a TDI (filter) driver -- i.e. in kernel mode -- and this is how avast will eventually work... However, development of such module requires quite a lot of time and testing is also very demanding... Therefore I don't want to disclose any time frames at the moment...
Thanks
Vlk