A common comment being made is that a Vendor who creates and sells and OS, 
and then sells security applications to protect their OS is a conflict of 
interest.

Consider the Anti-Trust law suits filed against MS by AOL regarding IE and 
RealNetworks regarding Windows Media Player back in 2003, lets say for 
discussion, MS now turn around and offer up their 'Security Applications' 
for free.  You know exactly what is going to happen.

(I believe the main issue with AOL and Real Networks was that IE and WMP 
were bundled within the OS.)

I guess my point is, whilst I appreciate the common comment, what other 
options are available to an OS vendor.  Offer it up as a free download (not 
bundled within the OS) allowing the end user to make the decision, or to 
carry on charging for it ?

Another common theme has been, that the OS should be secure in the first 
place.  Again I agree with this, but as someone indicated developers 
schedules are being dictated by their marketing departments with shipment 
dates, so regardless of their intentions to code securely a vulnerability is 
likely slip through.

With regard to third party security solutions outside of the OS vendor, in 
reality how many new security issues does their software introduce to a 
fully patched OS.

Cheers

Mark