As Joe says, the AV vendors can not keep up. The alternative is to whitelist applications and block everything else. It's a much smaller job to generate a whitelist than it is to keep trying to identify viruses and trojans that make trivial changes to their code every time they propogate to avoid detection. You need to make the default action in any popup when an unknown program tries to run to be block, and probably an "are you sure? did you get this program from a safe source?" popup.
Symantec Endpoint Protection for one puts up a "<program_name> is trying to make a connection to <ipaddress>:<port>. Block permanently? Block once? Allow once? Allow permanently?" popup.