PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Windows Live OneCare

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
- Windows Live OneCare
2.5 Fair

The Bottom Line

OneCare is cheaper than current security suites, but it offers less. Its antivirus is good, its spyware protection so-so. Backup is a bonus, but security-as-a-service offerings from other vendors will soon eclipse OneCare.

Pros & Cons

    • AV certified by independent labs.
    • Firewall blocks outside attacks, controls Internet access.
    • Spyware protection from Windows Defender.
    • Includes backup and "PC health" features.
    • Lacks antispam, privacy, parental control.
    • Spyware protection not effective in testing.
    • Malware disabled OneCare in testing.
    • Backup destinations limited.

Windows Live OneCare Specs

Type: Personal
All Specs

When I evaluated the Microsoft Windows Live OneCare beta this past January, it wasn't quite ready for the real world. The antivirus hadn't been certified, the firewall had glitches, and the antispyware component was MIA. The product's final release fixes most of the problems I found in the beta, but it's still not a substitute for a full-scale security suite like those offered by Zone Labs, Symantec, or McAfee. Yet the security-as-a-service model, which seemed unusual at OneCare's inception, is now almost commonplace. Symantec's Norton 360 (formerly Genesis) and McAfee's Falcon project are both moving toward release, and AOL has unspecified plans to offer a similar service to both members and nonmembers.

Firewall protection is central to a security suite, and OneCare's firewall successfully puts a system's ports in stealth mode, making them invisible to outside attackers. So does the Windows XP SP2 firewall, but OneCare's firewall also limits outbound Internet and network access to authorized programs. Even when it's nominally turned off, OneCare's firewall leaves all but a handful of ports in stealth mode. The beta firewall left some crucial ports open and interfered with file sharing; these problems have both been fixed. The firewall's program-control feature recognizes thousands of valid programs and automatically allows them access. OneCare's handling of unknown programs is a bit different from the usual. Where most personal firewalls ask the user whether to block or allow an unknown program, OneCare always blocks unknowns. After blocking a program, it asks whether to continue blocking it or allow it in the future. Thus, you'll often need to relaunch a program after telling the firewall to allow it. I was quite surprised, though, to find that the firewall recognizes and allows programs from adware vendor 180solutions, only to have them immediately removed by Windows Defender, the suite's antispyware solution! It seems as if there's more integration work to be done.

The OneCare firewall doesn't attempt to block sneaky malware that evades program control by manipulating or imitating approved programs. I ran ten leak-test utilities that exercise these techniques and the firewall didn't stop any of them—but the antivirus detected and eliminated two. That's teamwork! This final version seems somewhat more resistant to direct attack by malware. I "killed" all its processes using Task Manager, but they mysteriously rose from the dead to continue their protection. However, when I stopped and disabled the corresponding services (something a malware program could conceivably do) the firewall was stymied.—Continue reading

Sometimes It's All About the Crud

Though malware may be responsible for slowing down your system, sometimes the real problem is just system crud—a fragmented drive, useless files, and so on. OneCare's Tune-up module automates the process of de-crudding your system. It defrags the hard drive, runs virus scans, looks for files that need to be backed up, and even checks to be sure all your automated updates have been installed properly. You can optionally have it remove unnecessary files (such as the Windows XP Disk Cleanup), though this feature is disabled by default. It doesn't do anything that you couldn't do for yourself; it just automates the process. Tune-up runs automatically every one to four weeks (four weeks is the default).

Microsoft purchased antivirus technology from the Romanian company GeCAD back in 2003, and they're finally putting it to good use in OneCare. West Coast Labs gives OneCare's antivirus Checkmark certification for virus detection and removal as well as Trojan detection. ICSA Labs also certifies it for virus detection and removal. In addition, OneCare just got the VB100% aware from Virus Bulletin. The antivirus checks files any time they're accessed; it wiped out a couple of my malware samples the moment I opened the folder. You can trigger a full virus scan at any time, but there's no scheduled scanning other than through the Tune-up mechanism. An option to look for virus-like behavior (heuristic scanning) is turned on by default. That's the only setting you have to think about, unless you want to limit the scope of a full scan, for example to omit a partition used only to hold the Windows swap file. Under the beta version, I managed to restore some quarantined files manually; that was scary, because malware could do the same. I couldn't duplicate that result with the final release.—Continue reading

Spy vs. Antispy

Spyware protection in OneCare is provided by Windows Defender, which is on a different development track. You have to install Windows Defender separately, but once you've done so, OneCare integrates its protection—mostly. Spyware scanning isn't part of the Tune-up sequence, and, as noted earlier, the firewall seems to disagree at times with WD's conclusions, actively allowing programs that WD then blocks. This is the same beta 2 version of Windows Defender that I evaluated in February, but I re-tested it in hopes that with help from other OneCare elements, it would do a better job.

To test malware removal, I installed OneCare and Windows Defender on eight virtual machines containing over two dozen samples of commercial keyloggers and current spyware. Six installations went fine, but the malware on one infested system deleted OneCare right after installation and terminated the Windows Defender installer before it could start. That's one vicious program! I managed to run other security software on a snapshot of this same system by installing in Safe Mode, but neither OneCare nor Windows Defender can be installed in Safe Mode. Microsoft's tech help experts recommended running the Malicious Software Removal Tool; it didn't help. Neither did the online scan at http://safety.live.com. As of this writing, the malware has defeated OneCare; Microsoft anticipates handling the problem with a signature update. Another infested test system prevented OneCare's user interface from loading, but Windows Defender installed and ran just fine—still, cleaning by WD didn't fix the problem with OneCare's UI.

Between Windows Defender and the antivirus, OneCare managed to remove a tad over half my spyware samples, and recognized but failed to remove another quarter of them. It removed just one commercial keylogger and noticed but failed to remove half of the rest. I then tested its ability to prevent malware installation on a clean system with OneCare and Windows Defender already in place. In several cases, the antivirus jumped in to wipe out the installer; Windows Defender also halted some installations in midstream and then cleaned up the remnants. But overall, it wasn't pretty. OneCare prevented one keylogger's installation, failed to prevent another, and missed the rest. Though it blocked almost two-thirds of the spyware installations, it completely missed a fourth of them. I'm not impressed with these results, especially given that the malware completely won the battle on that one infested system.—Continue reading

Who's Got Your Backup?

As I was working on this review, I got an e-mail from a self-proclaimed "little 76-year-old lady in tennis shoes" praising OneCare's backup. During the beta period, she backed up every Sunday morning—and when the drive died, she had no trouble recovering all her files. As long as you have an external hard drive available, backup can be totally automated. If you back up to "shiny media" (writable CD/DVD) you'll have to handle the backup and disc-swapping manually, but OneCare will let you know when a backup's needed. OneCare seeks out your music, e-mail, pictures, documents, and other important data files and offers them as a default backup set. You can, of course, add other files and file types. By default it makes a yearly full backup and then backs up only changed files. You can restore all files or a subset to the same computer or a different one; a shiny media backup includes a built-in restore utility on the first disc of the backup set. I'd still prefer the ability to choose any local storage for backup—a spare internal hard drive, a high-capacity Flash drive, or a network drive, for example.

At $49.95 direct for three computers, OneCare is cheaper than current security suites, but it also offers less. There's no antispam protection, securing of private data, or parental control. Its firewall is functional but limited, and it doesn't protect well against spyware. McAfee, Symantec, and possibly others will soon offer subscription-based protection as powerful as their existing suites and will add backup and "PC health" features—eliminating OneCare's key differentiators. I can't see how OneCare will survive without a major overhaul.

Sub-ratings:
Firewall: Antivirus: Backup:
Antispyware: Antispam: N/A Privacy/Parental control: N/A

More security suite reviews:

Final Thoughts

- Windows Live OneCare

Windows Live OneCare

2.5 Fair

OneCare is cheaper than current security suites, but it offers less. Its antivirus is good, its spyware protection so-so. Backup is a bonus, but security-as-a-service offerings from other vendors will soon eclipse OneCare.