Twenty years ago, IBM introduced a three level classification of attackers:
Level 1 are moderately skilled people with no specialized tools (script kiddies)
Level 2 are skilled experts with access to specialized tools (garage hackers)
Level 3 are funded attackers which can hire the best experts, create their own dedicated tools.. (government, mafia...)

Each time you design a security solution, you must define against whom you defend. Clearly, Anti virus are against level 1 and partly level 2. Level 3 is totally out of their scope. Now to be honest, I do not believe there are a lot of commercial solutions that would resist to level 3. Perhaps a few in hardware, but probably not in software.

But your discussion was more about the cat & mouse game of AV, rather than about military malware. And here also, the signature based AV are by construction purely reactive. they can only act once the virus has been known, analyzed and fingerprint. The race is inherent to its construction. The behavioral approach is more interesting but with a huge risk with false positives. If the rate of false positive is too high, then the people will not use it, or disable it.

In any case, remember law 1: Attackers will always find their way.

The IBM paper is D.G. Abraham, G.M. Dolan, G.P. Double, and J.V. Stevens, Transaction security system, IBM Syst. J., vol. 30, 1991, pp. 206229 available at http://portal.acm.org/citation.cfm?id=103494.103495.