People who use Symantec security products need to be particularly careful that they keep the product, and not just the pattern/signature files up to date.

http://www.snpx.com/cgi-bin/news55.cgi?target=191288405?-2622

It seems that there is at least one malware author who has "got it in" for Symantec (Norton) and is specifically targetting their products.

I would suggest that you should take this approach with all widely used applications that you have, as there has been an increase in application rather than operating system based exploits.

Yeah, application vulns are becoming a big problem.

When I built this PC, I took the opportunity to create a spreadsheet with every bit of software it has installed, the version, the date I last checked for an update (or a note that I have enabled and trust the automatic updater), and the URL to check. It's a bit of housekeeping, but it's probably the only way I'm going to be able to keep up with these things.

I don't want to sound like a prophet of doom, but "free" software such as AV and firewalls would seem likely targets given that they usually function with elevated privileges?

Right now I would say that the lowest hanging fruit has to be Adobe Acrobat?

Folks might like to give this a try:

http://www.visagesoft.com/products/pdfreader/

It is an alternative free PDF reader ;)