OneCare in Vista – Shot Through
First published—25 November 2006.
Updated—07 January 2008.
Introduction
Microsoft, for the first time, has delivered a security suite OneCare, which comprises of antivirus, advanced firewall, backup interface, and some other useful utilities simply gathered in one place to provide “tune-up” of your operating system. For Windows Vista, in the content of this website, there is a beta version of Windows Live OneCare, current version 1.5. Everyone who is interested can download and install it for 60 days of evaluation. So, let’s have a look how it fits Windows Vista RTM, aka Gold.
As in the previous reviews, I’m focusing on usability (Graphic user interface design) features, as well as software effectiveness. Where it is appropriate, I make a simple test to challenge core assumptions (safe or not safe, e.g.).
What is really new in this suite is antivirus. Firewall in its standard Microsoft Windows Vista flavor (not in OneCare package), is so-so firewall, better than nothing. Although standard firewall in Vista should be better than Windows XP firewall, claiming outbound traffic control, in reality outgoing connections are not filtered by default and straight way to make them filtered is unknown to me, like I described in my review. Therefore, firewall in OneCare should contain wizard-like interface (at least) to configure outbound connection rules as well as inbound.
So let’s have a look.
Installation
Installation did not give me any surprises, although worth mentioning is the fact that you should not try to hit “Activate” button, as it will have no effect, unless cancelling your 60 days evaluation period. So, don’t. [screenshot]
![[screenshot]](img/onecare/notyet.png){kind=link}
OK, here is the front GUI (Graphical User Interface). [FULL screenshot].
![[FULL screenshot]](img/onecare/front_gui.png){kind=link}
Right away, let me comment the default look of OneCare front appearance. I’ve got a big and bright 19 inches monitor, but I have to break my eyes to recognize any useful information or links from that panel.
What is this “Protection Plus”, “Performance Plus”? Plus what? “Firewall Auto”, as a term, does not say anything. Is “auto” safe? Why in common tasks (left panel) I see “Change OneCare settings” options, if in the top it says “No actions to take”? I mean, it is fine that I’ve finally found settings in this puzzled interface, but the fact it is in common tasks section makes me think I have to do it regularly. So, something is wrong with its “good” status…
OK, let’s switch to that “OneCare settings”. Look at the tabs’ names: Tune-up, Backup, Viruses and Spyware, Firewall, Logging. Does anything seem strange? That “Viruses and Spyware” name is inconsistent with the others. It should say “Antivirus”, or “Malware remover”, because otherwise the others should be different: “Degradation” instead of “Tune-up”, “Lost data” instead of “Backup”, “Trojans” instead of “Firewall”.
See what I mean? Inconsistency. And too much text instead of information.
Antivirus
Once the installation was complete, I started scanning my hard drives. Believe or not, it took almost 9 hours (!) to scan my 200 Gb of data. I usually ignore the fact that one scanning engine is faster in tests than the others, because I’m not in the hurry when it comes to personal security matters, but 9 hours is unbearably long! Besides, OneCare antivirus did not find the newest virus I got from torrent.[screenshot1] [screenshot2]
![[screenshot1]](img/onecare/scan_report.png){kind=link}
![[screenshot2]](img/onecare/scan_report_details.png){kind=link}
Look at its Quarantine.
What I was happy about OneCare antivirus is emulation, the feature that failed in Nod32. The Microsoft antivirus passed my simple test with flying colors. It even indicated that ASPack was used, please see the screenshot:
Firewall
Here comes the firewall. I would not care much about antivirus, but the firewall should be perfect. And OneCare firewall is simply not.
Look at the all possible states: Off, Ask, Automatic, Restricted. [But in reality “Restricted” mode does not restrict too much.] [update 28.11.2006]: /From Help of OneCare 1.5 (not beta): "The restricted setting provides higher security and privacy by disabling certain features such as discovery and sharing. In the restricted setting, file sharing and remote desktop is disabled and other open ports in the advanced settings are closed."
“Block everything” mode does not exist, although to me it is much more probable than “Off”. When the firewall asks your permission, it only tells you basically the version number, program location/name, and publisher name [screenshot], which is not enough. What kind of connection is that? Inbound, outbound, tcp, remote address, etc. Controlling the firewall could lead to some serious consequences even for a Joe user, so why not to let him know? Even the Windows Defender is much more descriptive about network connections, and the OneCare shuts it down (literally).
![[screenshot]](img/onecare/dreamweaver.png){kind=link}
OK, let’s take a look at the Firewall’s advanced settings:
[screenshot1], [screenshot2], [screenshot3]
![[screenshot1]](img/onecare/firewall_advanced_settings_01.png){kind=link}
![[screenshot3]](img/onecare/firewall_advanced_settings_03.png){kind=link}
Can you figure out how to tweak outbound connections for the programs allowed? I just can’t. It is a major disappointment to me. If anybody has a clue—please share. Here’s another user experience quirk: look at this grey-out tick boxes—you can actually select/deselect them! Isn’t that misleading?
Connection tool looks interesting though.
Test port scanning has shown that all ports are stealth, which is very good. Simple leakage test also confirmed our secure status [screenshot].
![[screenshot]](img/onecare/leakage_test.png){kind=link}
What brought me to the state of sorrow was the pc-audit test. It demonstrated OneCare Firewall was not protected from DLL-injection. [screenshot]
![[screenshot]](img/onecare/pc_audit.png){kind=link}
Conclusion
If you need a full armored protection, OneCare is maybe not for you. The ones who care should avoid semi-solutions even for a little price.
If the guys at Microsoft ever improve it, it can be a great security suite due to its integration potential. But, so far, McAfee and Symantec—rejoice! You can do better.
Popular Searches
OneCare in Windows Vista