In his summary story after the Sony malware fiasco, Bruce Schneier wonders: "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers?"
Further, he is trying to claim that "this is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home."
Guess what? No! I think the dirty secret of the AV is that the answer is "no." I think every prudent computer user should run their computer(s) with an assumption that if they are hit with anything non-standard or innovative, their anti-virus will not save them.
In reality, it might save you sometimes, but you certainly cannot rely on it.