I'm no fan of AV (I think they've totally failed to improve quality for decades, and now live off of fear-mongering) and not an expert but that seems too harsh.
At the time this arrangement was designed, getting any kind of automatic software update was unusual, let alone regular updates or communication back to the update system. It's hard to imagine an AV doing this successfully at the time. What if the user installs a new version of a program and you have no internet connection? Ask them? Do you trust their answer? At the same time, the number of unique new viruses was substantially smaller and slower-spreading so easier to "detect" (it was never clear to me how much "detection" really happened vs pure signature matching).
It's shameful that OS security updates still aren't applied automatically and AV was useful when viruses were simple.
However, AV vendors started pushing heuristics that look for things like contacting IRC servers. Any application that moves large amounts of data around will run into hash collisions and developers have to run around asking to be added to a whitelist.
These heuristics do not scale and mislead consumers into thinking that their computer is safe because it has antivirus. In reality, we need to re-architect operating systems to be safer.
At the time this arrangement was designed, getting any kind of automatic software update was unusual, let alone regular updates or communication back to the update system. It's hard to imagine an AV doing this successfully at the time. What if the user installs a new version of a program and you have no internet connection? Ask them? Do you trust their answer? At the same time, the number of unique new viruses was substantially smaller and slower-spreading so easier to "detect" (it was never clear to me how much "detection" really happened vs pure signature matching).