ISSUE 16.15.0 • 2019-04-22

Help: customersupport@askwoody.com

---

In this issue

---

INTRODUCTION

Longtime Windows Secrets readers may remember our four-issues-a-month rule.

In other words, we skipped any fifth publishing day that fell in a particular month. (Then, it was any fifth Thursday; now it’s Mondays.)

We’re keeping that tradition, here at AskWoody. As such, there’ll be no new issue in your email inbox on Monday, April 29. Your regularly scheduled programming will return on May 6.

Yours truly has a special reason for taking a week off. From the start of 2019, the editorial office of the AskWoody Plus newsletter has been a three-by-three-foot table, in an 11-by-19-foot, semi-insulated cabin, on a 67-acre tree farm. My desk has doubled as a food-prep and dining table, shared workstation with my wife, and a place for every other task we might do sitting down.

It’s been an adventure — especially the days with 18 inches of snow and no power — but within the next few weeks, we’ll be finally moving into our completely rebuilt farm house — where I’ll once again have a real office, dedicated to publishing the weekly newsletter.

There’s much to do for the move. So the newsletter bye week comes at a good time.

Thanks to all for your continuing support!

— Tracey Capen, editor in chief

---

WOODY’S WINDOWS WATCH

By Woody Leonhard

For many Windows 7 and Win8.1 users, April’s Patch Tuesday brought calamity. Numerous admins managing Windows Server 2008 R2, Server 2012, and Server 2012 R2 shared in the pain.

An unknown conflict between six April updates and installed antivirus products resulted in major system failures. If you were running AV apps from Sophos, Avira, Avast, or McAfee on any of the above systems, and you installed the April updates, your machine may have bluescreened on reboot or turned into virtual sludge.

The story unfolded in a rather bizarre way. April’s updates arrived on Patch Tuesday in their usual, seemingly innocuous fashion. But when the updated systems rebooted — typically the next day — users were greeted with locked-up or slow machines.

As I reported in a Computerworld article, the pattern of failure became clear almost immediately. Machines running Sophos Endpoint anti-malware wouldn’t boot — or they’d slow down interminably.

In the following days, we saw reports of more clobbered systems — machines running other brands of antivirus software. Then, a week later, McAfee chimed in, stating that many machines running its AV product had slowed down after installing the patches.

As of early this morning (April 22) — nearly two weeks after the patches went out — here’s where we stand.

These patches —

— are causing the following collateral damage:

We know that Microsoft hasn’t, so far, changed the patches. The company isn’t budging, except to block the patches on some machines. So the problem has to lie with the way antivirus products access and protect Windows.

Although the symptoms vary, it’s now clear that a deadlock condition is part of the problem — the antivirus product is trying to do a task that’s delayed indefinitely.

Unfortunately, neither Microsoft nor the antivirus manufacturers are talking.

Not much. But good on you if you delayed the April updates.

I’ve long recommended sticking with Microsoft antivirus products — Microsoft Security Essentials (MSE) for Win7, Windows Defender in Win8.1 and Win10 — simply because they’re “good enough” and traditionally don’t suffer from Windows incompatibilities. That’s not, as they say, a guarantee of future performance; it’s just an observation of past results.

But using MS AV products will become a problem for Win7 users — eventually. The company will stop issuing definition updates for MSE sometime after Win7 reaches its end of support next January.

How long after? We don’t know and Microsoft isn’t saying. The company continued distributing definition updates for MSE on Windows XP until July 14, 2015 — fifteen months after XP officially expired. Will Microsoft afford the same courtesy to Win7 customers? We can only wait and see.

Bottom line: If you’re sticking with Win7, and MSE definition updates stop, you’ll certainly want to change to another antivirus manufacturer. (Ah, but which one?)

Again, everyone’s tight-lipped about what caused the failures. But the following seems clear to me:

Here’s what really concerns me. There has to be a group inside Microsoft that gives the final A-OK on specific patches. In the case of April’s debacle, that entity either:

a) Didn’t know that the patches would cause these problems, or

b) Didn’t care.

I don’t know which case is worse.

Questions? Comments? Thinly veiled prognostications of impending doom? Join us on the AskWoody Lounge. Bring your sense of humor.

Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.

---

LANGALIST

By Fred Langa

There are solid reasons to force an upgrade to Win10 1809 now — and equally solid reasons to wait for Version 1903. Here’s how to decide what’s right for you.

Plus: Why are there still 8.3-format filenames, in this day and age?

A number of LangaList readers have requested clarification on what seems to be conflicting advice. For example, Peter Vincent writes:

Similarly, Ralph Nelson writes:

Peter and Ralph, it’s not just you — or everyone else in this situation. The past six months of Windows Updates have been truly awful, resulting in no small amount of confusion.

If you’re still running Win10 1803, you can certainly make a strong case for holding off on upgrading to Version 1809 — especially if you’re managing a significant number of PCs. Waiting until Win10 1903 (the spring 2019 release) is out and proven safe avoids the trouble-plagued Version 1809 entirely — including the tedious PC-by-PC troubleshooting and repair that might well ensue. In that case, waiting sounds perfectly sensible to me!

But I think the equation changes somewhat if it’s your own PC or you’re managing a relatively small number of machines — say, a home-office or small-office setting.

When the upgrade to Version 1803 fails, it seems mostly due to subtle incompatibilities and/or circumstances that Microsoft didn’t anticipate — and that Windows Update can’t handle.

With that in mind, you might ask yourself: “Will the rollout of Version 1903 be better?” If Microsoft tried and failed for six months to successfully upgrade your PC to Win10 1809, why would you expect the Version 1903 upgrade to be any different? Whatever delayed the move to Version 1809 will likely still be present in your PC when you try the 1903 update.

It is possible that Microsoft learned some important lessons with 1809 and will get it right with the next release. Maybe the upgrade to Win10 1903 will be as smooth as silk — maybe!

I’m not that trusting, especially given Windows 10’s recent update history. If your setup caused the Version 1809 upgrade to choke, there’s currently no evidence that upgrading to Version 1903 will go more smoothly. Only time will tell.

Moreover, moving directly from Win10 1803 to Win10 1903 will be, in effect, a double upgrade. It’ll require back-filling any prerequisite code and features in Version 1809 that 1903 will depend on. (You might see many more interim “compatiblity” updates.) So any issues that delayed Version 1809 might be even more problematic when leapfrogging to Win10 1903.

Bottom line: If you skip Version 1809, it could be a long, long wait between Windows 10 upgrades (which isn’t necessarily a bad thing).

So: Force Version 1809 or wait for Version 1903? It’s really a judgment call only you can make.

Personally, if I were managing dozens, hundreds, or thousands of PCs that are still on Win10 1803, I’d take the conservative approach and wait until 1903 is proven safe and stable.

But if it’s just a small number of PCs, I’d choose the possibly surer approach of forcing the upgrade to Version 1809 now. It might help you identify and correct issues that could delay Version 1903, and it gives you a system whose bits are closer to the next release’s.

That’s why I’ve forced the 1809 upgrade on my Version 1803 PCs.

In short: There’s no single, correct, one-size-fits-all answer to Windows upgrading. It’s up to you!

LangaList reader Steve Fleckenstein wonders about a steadfast holdover from the earliest days of DOS.

In a word: Compatibility!

Different file systems — DOS, Windows, Linux, Apple, CDs, DVDs, and so forth — have different expectations and requirements for filename length, allowed characters, path inclusion, and so on. (See the Wikipedia Comparison of file systems page.)

But the plain-vanilla DOS 8.3 format is so old and entrenched, it represents a kind of “lowest common denominator” that virtually all file systems can understand and handle properly. The 8.3 format helps to ensure that a file’s name will always remain intact, no matter where the file is copied to — or what device is using it.

Microsoft’s use of long file names dates back to Windows NT 3.5. All current Windows releases automatically store two versions of each filename. If you save a file with a long, human-friendly version of the name (e.g., something like “Start of Grand Canyon Vacation.jpeg”), Windows will automatically create a short, internal-version of the name — such as STARTO~1.JPE.

Apps like File Manager use long file names by default; but internally, Windows works with the short, compatible-with-everything name.

Want to see? Open a command window in any folder that has files with long names. (Need help? See the HowToGeek article “10 Ways to Open the Command Prompt in Windows 10.”) At the command prompt, type dir /x — you’ll then see a list showing both the long name you’re probably familiar with and the automatically generated, 8.3 version alongside it (see Figure 1).

Figure 1. In a command prompt, entering dir /x displays both the short and long versions of each file’s name.

Getting back to the main point of your question, neither you nor software developers have to use long file names. You also don’t have to use 8.3 names — unless you want to ensure compatibility with a very wide range of file systems and standards. It’s the safest choice.

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback is also always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

---

Best Utilities

By Deanna McElveen

Our Windows desktops are much like a physical desktop — we have them organized just the way we like things.

Some of us like a clean desktop with all folder and application icons placed neatly in the Start menu and taskbar. Some of us prefer to spread things out across the desktop, organized in a way only we can understand.

We’re comfortable with our particular organization — until the day we boot our systems and discover a desktop that appears to belong to someone else. Grrrr!

How did that happen? It’s possible something got scrambled when you or some app changed screen resolution — or you updated video drivers, or you installed a new video card. For whatever reason, Windows developed icon-placement amnesia.

Midiox.com’s Jamie O’Connell created a solution for that problem. Desktop Restore is a small application that records where icons live on the desktop; if they get scrambled, it can quickly put them back where they belong.

Desktop Restore is, of course, available as a no-cost download on our site. You know our motto: If it’s not free and comes with crapware, it’s not recommended by OlderGeeks.com.

Desktop Restore is not a traditional program. It’s a Windows Shell Extension — typically a custom tool or option added to File Explorer’s drop-down or context menus. Dropbox and 7-Zip are just two of the many apps that add shell extensions to File Explorer.

In this case, Desktop Restore appears when you right-click on the desktop, as shown in Figure 1.

Figure 1. Once installed, Desktop Restore appears as a new menu option when you right-click the desktop.

Selecting Desktop Restore displays a submenu (Figure 2) containing various save, restore, and customization options. To quickly save your current layout, simply click Save Desktop and then click OK in the popup Desktop Save and Restore dialog box (see Figure 3).

Figure 2. Desktop Restore’s submenu of icon-management options

Figure 3. Click OK in the Desktop Save and Restore window to save the current layout.

Now, should your desktop icons suddenly become a jumbled mess — say, after a screen-resolution change, you can simply click Desktop Restore/Restore Desktop to bring back the last saved desktop layout.

Desktop Restore’s options go beyond simple icon-layout recovery. You can, for example, have custom layouts for different users on the same PC — or change the desktop for different tasks.

Start by selecting Desktop Restore and then Custom Save/Restore. You’ll get a popup window with a list of previously saved layouts (Figure 4).

Figure 4. To access other saved desktop layouts, select the Custom Save/Restore option.

Let’s say you want to create a desktop designed for a child — one that has very few icons visible, and with your icons stuffed into a desktop folder. Using Custom Save/Restore, you can save multiple layouts by giving each an easily identifiable name.

Start by saving your preferred layout. Right-click the desktop and select Desktop Restore, then click Custom Save/Restore. Now click the Save button and give the layout a logical name — something like “Not Jethro Safe.”

Now simplify the desktop and repeat the above steps. However, this time give the saved layout a name such as “Jethro Safe.” At this point, it’s easy to use the Restore button to choose the specific layout you need.

Some of our regular customers are now using Desktop Restore on their machines. While the PC is in our shop, it’s attached to different monitors, which can change the desktop layout. With this utility, customers can easily restore their preferred setup when the machine is back in the office or home.

If icons are added between saves, they’ll be placed in an empty area of your screen. To make them easier to find, choose the “Highlight Unmatched Icons” option in the submenu. But in our experience, it’s easier to just save your layout whenever you add or delete desktop icons.

Also, when using multiple monitors, click Save Desktop in the submenu whenever you rearrange the desktop.

Note: Don’t use this utility if your desktop is set to “Auto Arrange” because … well … what would be the point? Also, the developer recommends turning off the desktop’s “Align icons to grid” option (right-click desktop/View; see Figure 5). But I’ve not had any issues with leaving this setting turned on.

Figure 5. Desktop Restore might work better if you turn off the Align icons to grid option.

That’s it. Go grab the utility from its download page at OlderGeeks .com.

Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

---

WINDOWS SECURITY

By Lance Whitney

There are many reasons to hate passwords. Fortunately, Microsoft’s Windows Hello offers quick and easy alternatives.

Passwords are the most common method for securing our personal information — they’re also the biggest chink in our digital armor. Too often, our passwords are either exceedingly simple — making them easily cracked (yes, there are people who still use “1234”) — or they’re so complex we can’t keep them in our personal, random-access memory. (And resetting passwords is a bothersome, time-consuming, and sometimes chancy task.)

Having to use a password every time we sign in to Windows is especially annoying. The easy alternative is to set up a PIN. But Win10’s Windows Hello feature also lets you set up other sign-in options.

For example, through Windows Hello, you can create a picture password; or, with the right hardware, you can set up fingerprint or facial recognition to verify your identity. Moreover, you can use any of these methods to sign in to both Microsoft and local accounts.

Let’s check them out, so you can see which ones might work best for you.

A PIN is the easiest alternative to both set up and use. Although “alternative” isn’t precisely accurate — for any of the Hello options. You’ll always have a Win10 password. That’s important, because on those occasions when a PIN isn’t sufficient, the OS will insist you enter your password.

You might have established a PIN when you first set up Windows 10. If not, no problem; you can add one at any time. Click through Settings/Accounts/Sign-in Options. Look for PIN under Windows Hello and click the Add button (see Figure 1).

Figure 1. The option for adding a PIN is in the Settings/Sign-in options window.

Hold on a second! Before you enter the new PIN, consider this: You might be accustomed to concocting simple PINs with just four digits. Sure, they’re quick to type and easy to remember, but four-digit PINs aren’t that hard to crack.

A longer, more complex PIN will provide significantly better security. The trick is to create a more secure PIN that’s still easy to use. Unlike most PINs, Windows PINs can be made up of both numbers and other characters. To do so, check the box labeled Include letters and symbols — this will also pop up a handy guide to PIN requirements (see Figure 2).

I typically use a PIN made up of eight characters that are easy to remember but hard to crack.

Enter your PIN, enter it again to confirm it, and then click OK

Figure 2. A good Windows 10 PIN is complex — making it hard to break — yet still easy to remember (sort of like a secure password).

Again, the best sign-in method is both iron-clad secure and easy to apply. That’s truly the goal of the Picture option. It works by having you draw specific gestures on a favorite picture each time you sign in. You can create and use a picture password with your mouse, but the feature really lends itself best to touch-screen devices.

To set up a picture password, open the Sign-in options screen, scroll down to the Picture password section, and click the Add button. You’ll then be prompted to enter your MS or local-account password as verification. Click the Choose picture link and select a photo or other image stored on your PC. You can drag your picture around the screen to position it. Now, click the Use this picture button.

Next, follow the prompts to create three different gestures. You can choose from a combination of circles, straight lines, and taps. Draw one of those gestures on a memorable spot on the picture. Do this twice more, as prompted (see Figure 3). To confirm your gestures, redraw each of the three. When you’re done, click Finish.

Figure 3. To sign in with a Picture password, you create three gestures on a chosen image.

If your PC has a fingerprint reader — USB-attached, keyboard-based, or built-in — a quick swipe is the fastest and easiest way to unlock Windows. The Fingerprint option should show up under Windows Hello only if you have a supported reader attached or built in. If you do, click the Set up button and then Get started.

When asked, enter your PIN as verification. Next, repeatedly touch or swipe the reader as prompted (see Figure 4). Continue until your fingerprint is accepted.

Figure 4. If your system has a fingerprint reader, a simple swipe can give you quick access to Windows.

Fingerprint readers are, in theory, very secure. But they can have difficulty reading your print — especially if your fingers tend to take a beating from gardening or other physical activities.

Facial recognition can be as quick and easy to use as a fingerprint reader and should be more reliable. But your PC’s webcam has to support Windows Hello. At this point, very few desktop cameras are compatible, and those that do are often expensive.

Two USB cameras that work with Windows Hello are the Logitech Brio (around U.S. $180) and the Creative BlasterX Senz3D ($100). The webcams built into some laptops — certain Dells, for example — also support Windows Hello. As with fingerprint readers, if your camera is Windows Hello–compatible, the Face Recognition option will appear (see Figure 5).

Figure 5. With the right camera, the Face Recognition option will appear under Windows Hello.

To add Face Recognition, click Set up/Get started and then enter your PIN. Next, you’ll be asked to look at the camera to have your face scanned. Keep your head still until the scan completes. If the scan doesn’t go properly, simply try it again.

When it’s time to sign in to Windows, the lock screen will let you choose among the methods you’ve established — PIN, picture password, fingerprint, and/or facial recognition. Pick one, give the correct response, and Windows signs you in (see Figure 6.)

Figure 6. In this example, Windows is asking for my PIN.

Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

Lance Whitney is a freelance technology reporter and former IT professional. He’s written for CNET, TechRepublic, PC Magazine, and other publications. He’s authored a book on Windows and another about LinkedIn.

---