After reading more of the discussion in here - i'd also like to point out that a lot of malware doesn't NEED a password. A password would really only be useful for executing against certain protected parts of the system.

As far as the iOS model - sure it could help screen some things, but frankly I think that is the exact wrong approach to take. I shouldn't need, and certainly don't want, an annoying big brother telling me what's okay and what's not. It absolutely kills innovation, and forces you to conform towhat someone else thinks you should be doing with your system. Apple for one is absolutely horrible with this. Many years ago for example I wrote some warehouse management software. We wanted to use iPod touches hooked up to some sort of barcode scanner to use with our applications. Could not get it to work, at all. Reached out to apple, they said it was a great idea - they loved it, but they wouldn't give us access to the functionality we needed to make it work. It didn't fit their current goals for the devices, and they just didn't want them being used commercially like that. It wasn't for some years before they finally opened it up and started allowing stuff like that to be done with their devices. Why on earth would you want a company like that telling you what software you can or cannot use? ANY company for that matter. You can make arguments about the principles and philosophy of some of these companies, but at the end of the day even "don't be evil" is just words, and companies can decide to do whatever the heck they want (within the law).

Frankly, there isn't anything wrong with anti-virus software and system monitors. They're a good idea. Why? Not because your system might not be secure or to make up for problems elsewhere in the architechure - but because the biggest threat to security are the problems we don't know about yet. Zero day exploits are the holy grail of the black-hat world. It means you have something that you can use, that nobody knows about yet, and nobody can stop yet. Heuristic scanning allows software to identify malicious code not based on a signature, but based on suspicious activity. That makes those zero-day (unknown) issues far less dangerous.