How do you justify maintaining a defence against historical vulnerabilities that should be well out of common circulation or not viable against a modern system?
An infected system on the International Space Station (ISS) has demonstrated the importance of maintaining such a posture just last week when it was infected with a worm that was more than a year old.
Somewhat surprisingly, it seems that there are a number of systems related to the ISS that do not have any antivirus protection, despite this not being the first time that computer malware has gone into orbit.
Because of a general lack of direct network connectivity between the ISS and the ground, it is suspected that an infected thumb drive or other infected system was introduced with new supplies or crew.
Suggested improvements include sending up an update disk with each resupply mission, allowing for updates to be applied to whichever antivirus solutions are being run in space, and to make sure that viable antimalware solutions are actually there in the first place.
Sometimes the past comes creeping up on you without a lot of warning, bringing back malware and distribution methods that have otherwise gone out of favour.
As USB thumb drives gained more widespread acceptance, the dreaded autorun-type viruses and worms made a bit of a resurgence, as the thumb drives rely upon autorun when they are initially connected to a system. Since they could be written to and copied from easier than optical media, as well as their ability to appear almost anywhere, it is more attractive than distributing infected CDs. With FAT as the primary filesystem not only on many thumb drives, but also on many digital cards, other FAT-related malware has also gained a new lease of life.
In other cases, it isn't so much the past creeping up as it is a historical design decision that has current security implications. Network infrastructure and protocol issues seem to be the threat du jour at the moment, with Kaminsky's DNS vulnerability disclosure, and now a BGP weakness disclosed at DefCon gaining a lot of attention.
If the security of the core setup of the Internet is being called into question then perhaps the next target should be the Tier 1 peering agreements which can be arbitrarily terminated by one side or another. In terms of the everyday use of the Internet, this is more disruptive than pretty much any of the other vulnerabilities being discussed (though the DNS vulnerability is being actively attacked).