(CLICK HERE for Borepatch's thoughts on Java)
I have disabled Java on my browser and I will disable it on my wife’s system when I get the chance. Each of us experienced a Trojan attack, FakeSysdef, on separate days, which MS Security Essentials failed to prevent. I am sure mine came in via Java during a website visit. While we both were hit with the same Trojan, the variation I had was very aggressive and it took me all day on Wednesday for me to fix my system.
MS Security Essentials did catch a Trojan downloader, Java/OpenConnection.NC, for me the other day, and was able to remove FakeSysdef from each of our drives although it did not prevent the attacks. Overall, Security Essentials has been a good workhorse.
In case you were wondering, both of our computers are automatically updated once a week.
EDIT: The reason I suspect Java is because the Java icon appeared on my browser during my visit to a website just before all heck broke lose.