I just got done making a video review of Microsoft’s OneCare. OneCare has recently been hailed as one of the best anti-malware solutions on the market today. See how well it performed on a highly infected PC!

The video is broken up in 3 parts. The total length of the review is 13 minutes.

Part 1: The Install

Part 2: Starting and Running OneCare

Part 3: The Conclusion - did OneCare Work?

How we tested:
We used VMware Workstation and created a Windows XP sp2 pc. Malware was installed by visiting known malicious websites (drive-by downloads). OneCare was installed and fully updated in an effort to remove the malware on the Virtual Machine.Measure of Success
I measure success in a few ways:

1. Removed Rogue Anti-Malware
2. Removed Trojans/Viruses
3. Removed Pop Ups/Unders
4. Removed Website/Search redirection
5. Normal Port Activity

I’ve heard a lot of hype about OneCare (from Microsoft) and I must say it did not perform well on our infected VM.  OneCare removed about half the malware on the Virtual Machine and left all the rogue anti-malware with their fake system alerts still going off like crazy.

I think the most disturbing part about OneCare is that it does not work in safe mode!!!  Unacceptable.   OneCare may keep a system clean (prevent infections), but don’t count on it for cleaning existing infections.

Currently (as I’m writing this) Microsoft Anti-Malware applications such as OneCare are still Detecting Skype as a Trojan ( specifically Vundo ).  Skype is not a Trojan (or Vundo).  You can safely ignore this warning from any Microsoft security applications.  Microsoft is working on a fix for this false positive.

Malware hides in only a few spots (typically). The folders below should be manually scanned with an anti-virus (kaspersky or Windows OneCare) and an anti-malware application (malwarebytes’ anti-malware) on a daily basis.

In Windows XP:

C:\Documents and Settings\

C:\Windows

In Windows Vista:

C:\Users

C:\Windows

Most of the very malicious malware resides in C:\windows\system32

As a IT consultant I need to move from appointment to appointment. Scanning the folders above with manual scans allows me to clean up the infections quickly instead of waiting to scan the entire PC. Once the manual scans are complete and the malware from those folders has been neutralized I set their on-access scanners to clean and then quarantine anything left (if there is anything left…there usually isn’t).

VB100 (an organization that does independent, unbiased anti-malware testing) just completed their tests of Vista Anti-virus software packages and briefly stated that Windows Live OneCare stopped EVERY piece of malware thrown at it…very cool, I’ll have to see how Windows Live OneCare does against my infected VM.

Here’s the article