I'm really not surprised by these findings. The number one and biggest problem with any security software like you're typical Internet Security Suite is it's a 'Reactive' technology. This means its always behind the curve never in front of it. This means the best you can hope for in terms of detection rates is 98-99% but never with 100% certainty.
Whenever I talk with users and explain this fact they are always shocked. Why is this so surprising to people? Vulnerabilities exist because code is written by humans; therefore you will always have mistakes in code creating the smallest openings for exploitation. Security software is written by humans therefore it will never be perfect and because its a reactive technology it will never catch the latest and greatest zero day exploit.
However security software vendors can help by implementing one small change. Stop marketing their tools as the best and only tool for a safe and secure Internet experience because such marketing hype creates a false sense of security leading everyday users to believe they can do no wrong. Such false sense of security makes people complacent and not think about security. I wish government would wake up and force vendors to disclose such details. We have labeling laws for everything else why don't we have it for software or security appliances. Users should know what they're getting up front before they're taken in by all the hype and spin.
In fact I don't believe things will change anytime soon but only get worse. That is until users wake up from la-la land and become aware their actions have consequences. Ultimately the security fight will not get any better until users take responsibility for their actions and actually think about email, attachments, web sites and general computer best practices.
Until that day security software will fall farther behind and a new sucker will be born every nanosecond. We've all been taught lessons by our parents 'don't talk to strangers' type stuff. Why is it so hard for people to learn similar lessons when it comes to computers and Internet safety?