To clarify, note that Symantec did not pick the test samples for the test -- rather, the independent testing organization selected the samples (see page 11 of the report). The definition of “compromised” used in the report is “Malware continues to run on an infected system, even after an on-demand scan” (page 16). I believe the intent of the use of the term “compromised” is to denote a case where the malware bypassed the anti-virus product to at least the point where it was installed on the PC. I’m not sure I understand the issue. The report defines “defended” as “Malware was prevented from running on, or making changes to, the target” (page 16) -- it seems quite clear. If Norton Internet Security 2010 successfully “defended” the PC, then there would be no alert/effect/threat report for a scan. Note the repetition of “None” for case 5 for AVG, for example, indicating that the same standards were applied across the set of tested products. Unfortunately, these results are for the 2009 (not 2010) version of Norton Internet Security, and thus are not applicable to the current discussion. Provided that the PC configuration was constant for testing all anti-virus products (which it was), then the test is fair and the results are not impacted. Again, note that Symantec did not pick the test samples for the test -- rather, the independent testing organization selected the samples (see page 11 of the report). According to the report, the test “was configured to allow access to the internet so that products could download updates and communicate with any available ‘in the cloud’ servers” (page 14). This same procedure was implemented for all anti-virus products tested, giving none an advantage, and thus seems completely fair -- correct?