The entire article is predicated on the idea that anti-virus software is effective at stopping malware.
But today, that simply isn't true. With the proliferation of web exploits and constantly-updated payloads, the traditional signature-based methods of detecting malware are almost totally useless. OK, they still pick up the odd old-school mail worm or whatever, but no-one's going to get infected by those these days; it's all about the web exploits.
(Even against the pen-drive infectors, which should be slower to mutate and easier to track, they're doing pathetically badly at the moment.)
Heuristics-based detections can pick up a few more trojans, but at the expense of user-befuddling and potentially dangerous false positives. Behaviour blocking is the only approach likely to be effective, but today's implementations are shonky and unreliable. This sort of stuff - full per-program-permissions - really needs to be provided at an OS level, not as a wobbly vendor layer on top.
Encouraging people to spend money on ineffective, performance-butchering anti-virus software is what we're doing too much of already, not something we need to be asking the Government to do more of. All it does is give users a false sense of security.