Firefox should make BlackSheep a recommended add-on
1. Yes someone could update FireSheep to make it resist BlackSheep -- that would be undeniable proof they are black-hats.
FireSheep was alleged created not for publicity, not for malicious kicks, but to encourage websites to use HTTPS. Updating FireSheep to get past BlackSheep would serve no such purpose. Hence proof of black-hat mentality and criminal intent.
While increasing security necessarily involves more processing cycles, and thus greater green house gases and pre-mature obsolescence of hardware, in the case of sites like Facebook where people are supposed to be using their real names I must agree that HTTPS is long over due.
But I argue generally the distribution of malware as free-ware to encourage higher security expenditures is equivalent to (as criminal as) handing out spring nail sets or rusty nails to teenagers passing by a crowded parking lot in the middle of the night, along with the advice "There is no CCTV protecting this parking lot, so if you decide to commit vandalism you won't get caught. I am only doing this to force auto-makers to use scratch proof paint and shatter proof windows."
Malware makers with just intentions could achieve the same goal of making their point without causing serious theft and vandalism damage to innocent third parties by restricting the distribution of their malware to bona fide trustworthy security companies and the maker of the insecure software.
2. While I agree that 100% of the time FireSheep will have been installed with the computer users permission, remember that in some cases computers have more than one user, or the computer may be administered by an organization (i.e. company computer).
Because those limited cases do sometimes occur, there is a point to adding FireSheep detection to anti-virus software.
If MS is the only AV maker to realize this I'd be surprised.