The problem I seen from norton AV is about the old virus signature engine. The OLD core engine pattern seems hogging most PCs. With the integration on explorer, net browsers and the likes, it eats up most computer's resources(even the new version to work for an old machine). My idea is to put it an a VM Appliance or a separate "hardware" as an antivirus server(USB or Network hardware). with this, norton will make an administrative account from PC and as "hidden" from welcome login and is given a root credential from that PC.(norton as I think, is working more on prevention than cure.. I see more success on excellence of a software than perfection. Don't make everything automated). This way, controlling piracy of software is greatly controlled and the machine will be a read-only from viruses etc.. The only downside of this, is that it will traffic the network.. but will greatly cure/remove the infection once it has triggered. As I handled most of viruses from many office, it seems that infections triggers most on user's interactions. Making a good popup message(with colors to identify high or low) near the clock before they proceed on any suspected virus triggering actions will give them ideas what to do - instead of giving them a selection box to decide. most of my life, I handles manual removal of viruses, worms and rootkits. as a user with such awareness, it is avoidable.