Hypponen noted that the antivirus industry has frequently missed well conceived malware such as Stuxnet, Duqu and Flame. These attacks weren't run-of-the-mill malware since they were created by governments to target oppressive regimes.
Indeed, antivirus missed those attacks---but did ultimately find them---but let's not get crazy with the bashing here. Why? Simply put, antivirus is being hung out to dry. Newfangled defenses---notably business grade IDS and IPS---all missed Stuxnet, Duqu and Flame. If we're going to rant about antivirus it may be time to take out a few other defenses as collateral damage.
Meanwhile, it's worth considering the consumer alternatives to antivirus. Alternative approaches aren't commercialized.
The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers, and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose....It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.
Hypponen didn't declare the end of antivirus. He was just noting that the security industry is outgunned.
Now what? The Technology Review argued that it's time to demote antivirus. Going forward, antivirus is just part of the equation. Startups are cooking up new defenses, but commercialization appears to be distant.
In the meantime, antivirus, which may indeed be outgunned, is the best we have. And given the risks involved antivirus software will continue to sell. Passwords suck too, but you still use them. Antivirus will ultimately be demoted, but before we declare the end of an era I'd like to see the alternative defenses first.