[pentel-0_5]

The problem with the traditional antivirus signature model is that it's reactive rather than proactive. Once it's been identified by human or automated submission for human and/or automated analysis, the damage has likely already been done if it ran on a clean machine(s) already. But that's only the fraction of malware that will ever be identified because a large but unknowable fraction goes by unidentified, perhaps for all time. (When I was a Windows SA 20 years ago, I saw all sort of customer machines infected by advanced persistent threats that used evasion without any sort of antivirus signatures because they were novel threats.) What may be scanned by N vendors and deemed "safe" today and/or 10 years from now could be in fact malware by behavior.

PSA: Never run untrusted code on important machines. This might mean forbidding the use of third-party extensions for common applications until they are audited, something Microsoft clearly isn't doing.