Indeed, many people don't quite understand what "rules of war" mean. They seem to think along the lines of "don't kill them TOO hard," and hence think the idea silly.
Rather, it's all about what's justified. Yes, the countries of the world (though not the terrorist organizations) do follow the rules of warfare. Soldiers are punished for murdering or raping civilians, or otherwise attacking/stealing from them. Chemical, biological, and nuclear weapons aren't used. Certain groups, like the Red Cross, cannot be targetted.
Why do militaries follow this? Because they fear the retaliation should they do so. They might already be at war, but they don't suddenly want all of the world's counties against them, and all given justification to use even nukes against them; it's an unwinnable situation. It's like robbing a bank to steal money, but then having the whole army come after you.
The open question here is where cyber-warfare comes in. For those not unfamiliar with the situation, Stuxnet is a novel, unprecendented and first-of-its kind "virus" that explicitly targets and disables/destroys certain factories. It's so complex, powerful, and stealthy that it was floating around for months before it was discovered, and mutates fast to avoid detection. Chances are >99% it was developed by a military body, and it appears to specifically target Iran.
So is this virus an act of war? Is it allowable as a form of warfare? What retaliation is justifiable in response to it: merely counter-cyber attacks, limited air strikes, invasion, or nukes? These are questions that we don't have an answer to.