Hi Chabbo,
What I discussed on so-called "long overdue" does not concern riskware and particular adware as the avast PUP or riskware detection does not show in VT results generally. That is why I stated that VT results does not give a good picture of all that avast av detection covers (PUP-detection, avast various shields' detection, etc.). So VT results as a means is not the right tool to measure av detection and av detection patterns.
Then there is also the vulnerability window to be considered. At the beginning there is one, or there are two, three av solutions that detect, then others follow within a couple of hours to a couple of days for the av solutions that are slow to pick up. When 5 av solutions detect we speak of 100/100 % malware (zulu Zscaler)
Then we have malware that is being launched uniquely every time. There the launch sites or migration sites should be blocked period. Malware knows various ways to circumvent detection and that is an ongoing chess game between the good and the dark forces on the "Interwebs".
Furthermore we have potential suspicious files, detected by the fact that some script is running with anomalities together with IDS alerts other sources of malcreation can be determined and listed (Quttera's, wepawet, file viewers, urlquery etc.). Then there are blocklists where blocked ranges are only to be lifted if proven to be benign over some timespan (Google Safebrowsing for instance). Another factor is the possible insecurity of websites and how easily they could be (re-infected) (sucuri scans, safersite, dorks, vendor vulnerability lists) because server abuse through misconfiguration or outdated website software or bugs in the website software.
There we are running behind the facts always and all of the time because there is an enormous amount of unawareness from website owners/website admins and hoster staff even as how to protect the average user not to get infected by visiting their infestious websites. And then we have to add malware launching sites per se driven by cybercrime and co on bulletproof and FastFlux webservers with malware that is hard to close down. Here in browser added security through extensions like NoScript and RequestPolicy could protect the browser user to quite an extent.
So as the odds are against us, still with the right insight users can be online free of malware for years and years . To educate others how to achieve this is why we are here and do what we do,
polonus