Have some anti-virus firms lulled us into a false sense of security?

In a recent commentary, ZDNet Australia’s Fran Foo takes Symantec to task for not appropriately responding to a flaw discovered in Symantec’s Norton Internet Security 2004.

Read Foo’s commentary on Virus Threat Center:
http://www.virusthreatcenter.com/article.aspx?articleId=130

The flaw allows an unprivileged user to disable the software’s auto-protection feature. When asked about the flaw, a Symantec spokesperson told ZDNet Australia that the company would “know more in 24 hours”.

Is this an appropriate response from Symantec?

While few, if any, guarantees exist in computer security, how much ‘security’ do anti-virus vendors owe their customers?