Where are you most likely to pick up the problem ?
Typical places such as E-mail attachments, P-P sharing, Etc; ?
Those are likely places, but more often than not, they are "caught" by browing on the Internet. Most newer infections target specific vulnerabilities in many software (IE, FF, Java Runtime, Adobe Reader, Quicktime, the list goes on and on...) and actively check to see whether the computer is susceptible to those attack vectors. Some use what is called an "exploit pack" that searches through known and common vulnerabilities and will actively exploit the first one that triggers. The importance of being patched fully (and not just Windows!!!!
- can't say that enough!) is even more emphasized with today's threats. You are by no means invulnerable even if you are fully patched and up to date, but the number of possible infections drops significantly by keeping on top of software versions and updates.http://secunia.com/vulnerability_scanning/online/
<- is a good place to start. This will scan your currently installed software and show you what needs updating.
I would be interested to know which security software cannot prevent these infections?
Which Programs are most often running on computers which become infected and are failing to detect and stop installation of malware?
mcaffee and norton let me down
The answer to this is two-pronged. First, no software
can fully (100%) prevent ALL of the infections. Security begins with the user. ALL software will be vulnerable to specific infections, they do NOT catch everything and aren't meant to. With the speed at which the malware writers develop new variants and versions, it is impossible to keep up for antivirus/anti malware vendors.
The second part is the statistical portion... While I do not have statistics, I can tell you right now, and if you read my first point above you'll understand this, ALL brands/types of antivirus and anti malware are vulnerable and will let stuff through. There is no 100% security when it comes to a one application aspect.
As a side note I had run SAS and Malwarebytes prior to the Microsoft scan and they had come up clean. Maybe they have not been added to their definitions.???
That is entirely possible. It could have been a brand spanking, all shiny looking, new malware threat. There really is no way to know for sure. Also, from the looks of the report, all of the found threats by MSE were in the cache folder of Java. I am not sure if you understand the purpose of the Java cache or not, so I'll just briefly outline why you may see threats there that certain programs pick up and others don't. In short, when you visit a website that has any kind of Java content, all of the files from that content will be downloaded to the Java cache for future run. This makes Java applets/servlets run quicker. Java is an interpreted program, and as such requires the full code to be read before it is executed (this also explains why some Java programs on the web - like the chat on this site for example - take so long to launch on first run; the entire program is being read and interpreted before a single line of code is executed). It's a bit more involved than that, but you get the idea...
All this to say, that the code in those cache files might never have been executed, and their payload (if any) was never applied. Anti-malware programs tend to focus on active threats, remnants playing second fiddle. It is absolutely possible that those were just dross files from an infected website that contained an exploit pack which attempted to exploit vulnerabilities in Java. If your Java runtime was updated (as you mentioned it was), the chances of an infection through one of those is immensely reduced.
Hope this answers your questions.