Anti-virus to protect against anti-virus vulnerabilities

No root access will protect the system from the users and users from other users.

In a server environment then this is very good and is ideal situation to have, but a typical PC is a single user environment. The most important items to a user is in their home directory.

The inconvience of having to re-install a operating system is nothing compared to getting your bank account emptied because somebody pulled the password for your online banking from a Firefox session.

So if your goal is building a desktop operating system then your priorities, in terms of security, differ from a multiuser or server environment.

So your priority shifts from "limit the damage a user can do" to "protect that user's files and secrets at all costs". That single user's information is the priority.

Those files and such are the most important parts of the system. If those get violated then what does not having root matter? The attacker has everything they wanted without even thinking about becoming root. Root is immaterial.

Plus in addition the tendancy for distros like Ubuntu to ship with 'sudo' enabled by default pretty much defeats the whole user seperation thing anyways. Even if there were no exploitable local user hole (which is very unlikely) then it still is pretty easy to lift the password from the user if you control their home directory environment.