anti-virus doesn't work on such a linear path. Anti virus look for certain combinations of code, or access to specific files. Since there are a finite number of languages that they can be written in at any one time, the software simply checks the program for potentially dangerous code, and if it finds some, flags it and brings it to your attention.
At the same time, it is true that anti-virus and firewall software are ALWAYS one step behind. The hole or mistake must be found before it can be fixed, and sadly most of these holes are exploited by viruses much sooner than the developer can find them themself.
Take Windows XP for example, when it first came out, it was declared 'hack proof' MS quickly took that back and released updates within 72hrs of distribution as there were reports of as many as 86 seperate backdoor and other type of hackable enterances into XP.... this all happened 12hrs before Windows XP was officially released, lol.
So basically these softwares are based on a set of rules, and rules can always, ALWAYS be broken. The idea is to cover as many basis as you can as to make them bent instead of broken, thus the destruction is minimal.