I have tested the Avast 6 Free Antivirus in VirtualBox. It don't asked the user every time an unknown malware is executed, only in some cases.
Well, it's the same as saying that the antivirus doesn't detect
every piece of malware out there, just some of them (which is true, there are unknown malware files).
Sure, that's how it is and how it always will be - there's no magic to achieve 100% detection, no matter if for "ordinary detection" or autosandbox heuristics.
The difference between autosandbox and ordinary detection is that the autosandbox heuristics is "more generic" - marks more files. Sure, marking more files brings more false alarms - but they are not that "bad" in this case; the file is not reported as infected, not removed automatically... the user is just offered to run the executable in sandbox, which shouldn't hurt even if the file is OK/clean.
But - you probably wouldn't be very happy if for
every executable you started (clear or not), you were asked whether you want to run it in sandbox, right? So, there always will be files that are not autosandboxed, and yes, some of them could be malicious. Nothing is 100% in the AV area, I'm afraid.
Yes, the heuristics will definitely be improved in the future - and it will be done via virus definition updates, i.e. no need for program updates in this case. But again, if you're expecting 100% efficiency, you're expecting miracles.