As long as security uses a blacklist, it will be possible to evade it pretty easily. There are products that use a whitelist such as bit9.com, but that approach mostly works in corporate networks where they can set policy about what executable files can be run--period.
Has it ever worked against these kinds of techniques though?
I only ever thought that windows antivirus software was a sticking plaster for non-sensitive machines to make them get sick a little slower, not something that would you would use to safeguard valuable commercial data.
