I see the reaction with extreme hostility as erring on the side of caution.
When presented with something new, the state of the art in malicious software, consider the potential outcomes.
One can say "I have 20 years of experience so therefore any new malware I see must obviously behave the same as what I've seen in the past." The positive outcome may be a quick AV scan that manages to catch any lingering malware. The negative outcome is missing a trick you haven't seen before resulting in data loss or wasted time revisiting the same infestation.
One can also say "I have 20 years of experience and have learned that software is ever evolving. This may be something new or something old with new tricks. I should treat it with the assumption of being state of the malware art." The positive outcome is that you catch all of it and discover that it is something new and interesting; you learn something. The negative outcome is that you spend more time than expected to find out it's only something old and nearly harmless now like Slammer.
In one case, your making the choice to be surprised by a negative because you ignore the possibility of it being something new or ignored the possibility of using a specific tool due to OS religion or whatever rationalization you gave yourself. In the other case, your making the choice to be surprised by a positive outcome by assuming the worst and taking appropriate steps for that worst case scenario. If I'm going to assume, I'd really like the be surprised by a good outcome; better for the user I'm supporting and more opportunities for happy surprises.
These days, pulling the drive as a first reaction may be over the top unless you have pre-imaged replacement drives to slap back in (and assuming that kind of uptime requirements). It's not like the days before easily bootable OS on removable media where getting at a drive through a secondary OS did usually mean a second workstation.
Also, I wouldn't hold Norton up too proudly. No AV catches everything and Norton isn't ranking as high as others for detection. It used to be back and forth between Norton and McAfee but both have been outclassed. Even given an AV ranking at the top of the list, I'd still confirm with two or three different scanners. Things may be different if AV companies where sharing signature data but with the scanning engine and signature data both being considered competitive advantage, it's not as simple as picking a single brand name.
Keep Up with TechRepublic