and they were patched before they could be properly exploited. Its odd to expect AV to be defect free but to excuse defects in other software. I think we're holding AV up to a quality level that's unrealistic here and also dismissing its everyday benefits for average users.
I think that "Don't run several pieces of years-old third-party software with multiple publicly-known code execution vulnerabilities as root/SYSTEM on possibly malicious input" is a bare minimum requirement to demand of a piece of software whose entire purpose is to analyze untrusted data to prevent malicious code from executing on our machines.
If it's unrealistic to ask that of AV software, then I'm not sure how this works out to be an argument for AV.
