Most of my useful experience, for what it's worth was derived from my negative experiences with computer security software more than positive. This is because most positive experiences seem to be based on absence of evidence. There's really no way to be sure whether a good security application is doing it's job, or just reassuring you all the way along.
When I read testimonials about such products, and most of the positive comments are based on: "nothing happened, so I feel safe," that's pretty much worthless to me, because its based on absence of evidence. Most of the negative comments are based on real experiences. If security software is truly doing battle with malware, there should be more evidence than "potential issue blocked," but some actual dialog about the specific threat, and how it was stopped.
Since it's only the really sloppy and bad malware that shows its presence, the good ones reside on your system unnoticed, waiting for a chance to steal your personal information, a second-rate security app merely has to look like its doing its job, and keep reassuring you that "all is well." You never really know how well it works until your computer is locking up, your bank account has been compromised, or all your friends got sent a link to a website in Libya.