This is the case only for the first few hours. Sure, the new releases are checked against the current AV engines. But there's no magic that will prevent them from being detected in a week. And unless you're being actively targeted or extremely unlucky, that means AV will catch most things for you.
Agree, but doesn’t that mean that heuristic based AV is useless, only creates annoyance by flagging legit software , when a list of known malware would be good enough if response time to add to that list is high enough.
Heuristics are often good. The very basic one "has a significant number of users ever seen this file before" is both annoying for development and probably the best possible first line of defence for larger companies.
