Zen: You have some great points but I think the problem is much larger.
I manage 100s of hosts running UNIX, MS, Novell, and so on. Properly configured, they all
run as intended with very little downtime, viruses, worms, spyware yadda yadda yadda.

I think the focus should start getting away from network operating systems and their supporting softwares, and move towards the fact the TCP/IP and IP4 in particular with their many protocols and sub protocols whos RFC's are still held in high regard is garbage. We continue to limp along with SMTP for example. The vast majority of Inet traffic + problems is SMTP based. Garbage is garbage regardless of how many band-aids you strap on it. IDS, IPS, AV, PFW they are all just bandages to try to stop the bleeding.

Zen, nice work on getting a decent discussion going. While this forum is too often MS bitchfest cliche, discussions like this are a great addition.