At first, I considered the following issue to simply be a lacking and something to ask for in next year's product. Further thought made me think it is a bug because it perpetuates a dangerous situation. See what you think:
The situation:
My wife got one of those Threat-detected notices on her computer, so I examined the report and learned that she had been sent a three day barrage of high-level threats as embedments in zip files attached to email in her Outlook account.
It was reassuring that NIS found and quarantined the file, particularly since it was named in a way consistent with her work and there was a high chance that she might have tried to open the zip file and then open the booby-trapped images inside.
All that was fine, but what was missing was any information about the email itself, particularly the address of the sender. It seemed likely that somone my wife need had an infection on their computer, and my wife was a target because she was in their address book.
Since my wife didn't know who this person might be, she couldn't check for future mailings -- what if that person was then the source of a booby-trapped email with a new Trojan not yet on Norton's list?
Without knowledge of the sender, my wife could do nothing to protect herself, including the very simple act of emailing the sender giving them a heads-up.
So here is a copy of my suggestion for 2011, but I am changing it from "suggestion" to "bug repair" because I think it must be considered a bug in the design of the product:
I've noticed that when NIS identifies a Trojan as part of a zipped attachment and gets rid of it, it does not save an information about which email is was attached to. This is absurd! I want to know who is sending me booby-trapped email. Even if they don't know it on their end, it will give me the opportunity to warn them or to block them.
I would like the following to be saved when an email has a threat inside or attached:
Actual Email address of sender
Subject of email
Date and time-stamp of email
Text version copy of email contents
Name of attachment
Name of infected component
Nature of the infected component
One way to keep this from becoming an information bottleneck on my computer is to save this information in a special folder in txt format so that I can read it with Notepad and delete it when done with it.
The sequence of events for NIS (and 360) would be:
1. Same detection and behavior as now (in terms of deletion or quarantine)
2. Creation of the text summary I suggested above and placement in a special folder
3. History functions as it does now with one addition: It tells the user that a summary exists and where to find it (maybe even provides a link that is removed after first viewing).