Security scanners are a joke?

I was playing with TDL3 Rootkit while testing A recovery software when I tried to scan my system with some security scanners, just for the sake of fun. The Rootkit sample I used is pretty old( at least few months)nso I though it must be detected by almost all the scanners but I was rather surprised by the results. TDL3 infects MBR but many scanners were not ble to detect this MBR infection.
I tried it on a 32 bit win 7 VM in virtual box with Ubuntu host. Installation and scanning was done with the Rootkit installed and active. I did full scans.

Scanners that detected the infected MBR:

Gmer
Avast Rootkit scanner
Emsisoft emergency USB files
Hitman pro
Kaspersky Tdss killer tool

Scanners that failed:

Dr.web( it did detect an infected svchost.exe process but not the MBR)
Comodo cleaning essentials and comodo anti virus
Windows defender
MBAM (it did stop the access of svchost.exe to malicious domain)

 

Normal AV software is with detecting active rootkit infections always behind tools like Hitman Pro, GMER and TDSSkiller, even if it is an older sample. They can add detection for the sample itself easily by adding it to the virus database, but detecting new active rootkit infections may require new techniques for which a program update is needed, and since it is an realtime program installed on lots of pc's, they will need a lot more testing before they can release it compared to on-demand tools like Hitman Pro etc. Also, with these on-demand tools, removal of active malware is the main objective whereas realtime tools have a lot wider focus with prevention, stability, bugfixes and keeping light on resources so removal of active infections takes a backseat.

 

Did you run MBAM AntiRootkit? Did you run MBAM Pro or MBAM Free? Was the realtime protection on?