The top three antivirus programs — from Symantec, McAfee, and Trend Micro — are less likely to detect new viruses and worms than less popular programs, because virus writers specifically test their work against those programs:
On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed — along with the skill of malware authors.
“We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers,” said Ingram.
However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.
It's interesting to watch the landscape change, as malware becomes less the province of hackers and more the province of criminals. This is one move in a continuous arms race between attacker and defender. [Schneier on Security]