also horrendous security holes in their products
Google security researcher Tavis Ormandy just discovered a load of security holes in code used in Norton antivirus, Symantec Endpoint (All Platforms), SMSME, SSE and probably other products of the "when your antivirus scans a file from email/web/usb-stick software in the file can get running on your machine with full privileges" variety, thus making your machine more vulnerable than it would be without security software.
Sadly this is not going to affect their business.
i seem to recall that around twenty years ago someone found a way to get thunderbyte antivirus to run code from a file that it was scanning, it's not a new problem. Almost nobody is able to usefully assess security software or pays any attention to it's problems. In a rational market McAfee (now Intel security) and symantec would be out of business instead of making billions.