Why dont norton include a new layer of security, naming the layer to something like NOS : norton object simulator or norton sandbox which will keep all bad and low reputed executables in a restricted environment and warn users of suspicious activities. Another side is use this layer to testrun all downloaded files ( possibly clean files like pdf, word, spreadsheet, jar and other files ) upon their first run and check if they have any bad files / scripts embedded in them.