Tell me what is "malicious code"...
Even if it was possible to say what a program really does by a quick analysis (which is not), how would you say it's a virus? Does it modify executables? Well, maybe it's a hex editor, some programming utility... or even antivirus software healing infected files. Does it send e-mails? Maybe it's an e-mail client. Does it copy itself to shares? Maybe it's a communication program supposed to install this way to target machines. Does it format your harddisk? Maybe it's a partitioning program expected to do exactly this thing...
I'm not saying you can't look for suspicious things used in the viruses and hope you'll detect a new variant of an existing virus before you add it to the database, but detecting a truly new virus, just by some heuristics, is something you can only dream of. Besides, any heuristics increases the number of false alarms, of course.
If you wish, you can block some of the 'suspicious' actions, often done by a virus, in the Standard Shield - Behavior blocker.