This has been my sector for most of the past 25+ years. These days, I fund security product startup companies, so I track developments fairly closely.

I'd say they're right on the mark about anti-virus and probably also firewalls. The rest is subject to significant disagreement by reasonable people.

It might best be said that quite a few of those other things, by virtue of running on a system, are subject to compromise if the underlying system is compromised.

There are movements toward something called "zero-trust networking," which I would generally laud as constructive developments. Some of the analysis by Rick Holland at Forrester (industry analysts) is enlightening on this prospect, as is some of the commentary that folks at Google have penned about how they view the operation of their enterprise internally.

The bottom line is that even while there are some very challenging problems in securing networked information systems, we have dropped the ball even on some of the trivial cases.

My personal take is that the "Internet of Things" (your car included) is going to force this issue somewhat. The government legislators are already all aflutter about the dangers of connected vehicles and medical devices, and the truth is, they probably should be. Vendors of those things have been engineering for cost, and the buyers/users/implantees of them haven't exactly been witting with regard to the exposures they have from these devices.

There have been some theatrics, even on the part of the security research community, but they have largely been driven toward having vendors actually sit down together with security professionals and discuss how to improve our collective lot. It will happen privately before the USG makes it happen.