About Symantec's technology, it is worth noting that antivirus scans are based on identifying malware in one place, then being able to recognize that malware everywhere. This does not particularly help you recognize malware that was custom made to only be installed in one location. Particularly not when the people who were making that malware themselves have access to your anti-virus scans prior to deployment and can verify on their own computers that you do not detect them.
Therefore there is no surprise that Symantec failed to provide any meaningful protection during this attack. They know this. But they hardly want to admit it in front of all of their customers.
"It's okay to blink, because we never do – SONAR technology and live 24x7 Threat Monitoring watch over your PC for any suspicious behavior to quickly identify threats."
"Protection from the future, available today – our exclusive reputation and behavior antivirus technology are so advanced that they can stop online threats that bad guys haven't even created yet."
Yes. And if you engage in suspicious behavior like connecting to a botnet and then spewing spam, SONAR likely figures out that something is wrong.
But remote command and control through a covert channel can be done in ways that do not look particularly suspicious. And a sophisticated attacker should be assumed to know what behaviors SONAR is looking for.
Therefore there is no surprise that Symantec failed to provide any meaningful protection during this attack. They know this. But they hardly want to admit it in front of all of their customers.