Llama, you know I respect your opinion and respect you as well, but in my support role, I have had so many problems with Norton I cannot, in good faith, ever recommend it to anyone.
Some of the most irritating problems are corruption of our game files. This occurs even if the application is disabled because Norton really does not stop scanning, they simply stop reporting.
Could this be a configuration issue with Norton? I certainly cannot rule that out. However, does that mean people do not understand how to configure Norton and ESET does a better job with its user interface/configuration front end? Certainly possible.
Then I have one more bone to pick with Norton and McAfee for that matter. Removal. If you do not know you have to go to the WEB sites of the companies to get a special tool to remove the applications, you will be forever under thier spell.
ESET, I have had zero problems reported from anyone using it. Everytime I deal with anyone running Nortin, I have to cringe. It is a painful process.
No offense taken, Skuzzy. You know I think you're one of the Good Guys.
I understand why you don't care for Norton, but I haven't ever seen the corruption you're speaking of. That said, my test machines are in top condition and are built with good hardware, and it is fair to say you're taking care of computers that aren't. ;-) Plus, there's a situation that YOU are likely to see that I am not. Keep reading.
Removal is another sore spot I can empathize with you about. Dedicated removal tools are a royal pain, and it seems silly to me that a "normal" uninstaller can't do everything that needs to be done. The fact that even more normal utilities (like Nero, for one) now sometimes need dedicated removal tools is insane.
So why do I still like Norton, when ESET does such a great job without headaches?
The answer is Symantec's "Norton Insight." It is amazingly clever and I believe the way of the future. Here's the summary:
Right now, many virus executables are unique. Not just slightly unique, but VERY unique. In fact, some infected websites spit out unique variants of the same family of virus for every unique visitor in real time, and the number of sites doing this is growing exponentially. The variants are different enough and numerous enough that it is getting harder and harder to push out definition updates fast enough to catch up. And relatively soon, it will become impossible to do so.
So what do you do? How about this? Have all the Norton products take fingerprints of every executable they see (sort of like MD5's, but faster to compute), and regularly phone home with these fingerprints to a master database that Symantec maintains. Over time, you see the following: non-unique executables like word.exe are very common, in use by millions (or thousands, or hundreds) of users, and odds are if they aren't caught by the definitions, they aren't infected. However, if in all the millions of Norton users, a computer encounters an executable that NO ONE, or just a few dozen, have ever seen before, AND it isn't in the definition file, Norton products know to be very cautious, alert the user of the potential problem, and suggest the user allow Norton to quarantine it. 9 times out of 10, this is really the right thing to do.
All this happens almost instantaneously over your internet connection as you download new files, BTW.
Now as a software developer like yourself, regularly pushing out new versions of executables and DLLs to around 15,000 users (my guess), I can see how Norton Insight's behavior of quarantining your files for the first few AH users who download and install patches would be annoying (if not disastrous), but after the first few users, this behavior should stop.
But as a user facing these new generations of threats, this technique is probably the way to go, and it is already starting to be copied by other AV programs.
So what should you do as a developer? When I last spoke with Symantec developers, they told me there was a program for 3rd party developers to notify Symantec when new executables are coming out, and not to treat them as potential viruses. I don't know what is involved, but I could try and find out for you if you like.
So I think this reply explains both why I like Symantec and (at least one of the reasons) why you hate it. Its just that we're looking at this problem from two different sides.
-Llama
