I wouldn't assume the machine and factory image are secure.

Many of us wouldn't even use the Norton to be honest. It's well known for being inadequate and bloatware.

I decided to break out the big guns. I ran a Nessus scan and NMAP againts my W520. The same ports weren't open when compared to the scan by Advanced Port Scan by RAdmin. These are the results of nmap which mirror the open ports Nessus found. Keep in mind, I had the firewall turned off since I am testing Bitdefender's Internet Security 2012. I used TCPViiew to link the process to these ports and found:

135 
139 
443 - VMWare Worksation
445 
902 - VMWare Workstation
912 - VMWare Workstation
5357 - svchost.exe
49152 - wininit.exe
49153 - wininit.exe
49154 - wininit.exe
49155 - wininit.exe
49165 - wininit.exe

When I enable the firewall, none of the ports are visable. I am looking at using the BitDefender or Kaspersky's Internet Security Suites. Thoughts from other security folks appreciated!

I've just ran an nmap scan against my W520, mostly fresh from the factory except for Windows Live Messenger and Google Chrome installed (which shouldn't affect the results much).

ds@ds61:~$ sudo nmap -sS -O -p0-65535 192.168.1.100 -v
[sudo] password for ds: 

Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-06 21:20 SGT
Initiating ARP Ping Scan at 21:20
Scanning 192.168.1.100 [1 port]
<snip>
Nmap scan report for DS-W520 (192.168.1.100)
Host is up (0.0066s latency).
Not shown: 65529 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
554/tcp   open  rtsp
2869/tcp  open  icslap
5357/tcp  open  wsdapi
10243/tcp open  unknown

7 ports open, scanned from within a LAN. Not sure what those ports are for though..