The bbc report today that Iranian officials have recently discovered a new weapon being targetted at Iran - a spy virus aimed at government institutions.
The problem with this very specific virus is that it would not have proliferated onto a large variety of computers worldwide, so won't have been caught by natural predators - the virus scan companies.
All of which begs the question - could we ever have a computer operating system which identified a virus without a library of viruses to compare against?
It seems simple enough - get the user to confirm what processes (i.e. programs) should be running. This was the idea with Windows Vista. The problem is that a number of processes work on the operating system level - organising files and folders, listening for network access, and so on. Typically dozens on a modern computer. You simply can't ask the user to confirm all of those - or if you did, they'd probably happily confirm the presence of running viruses, which wouldn't necessarily run under recognisable names.
The operating system itself cannot simply identify its own processes as legitimate. For one thing, hardware-specific process may be running (the battery manager for your laptop, for example), and who's to say a virus won't successfully disguise itself as a native operating system process?
My feeling is that computers have a long way to go before they can deal with this properly. I think we need a generation of operating systems which are more self-aware and therefore harder to fool and more robust.