ISSUE 16.8.0 • 2019-03-04

Help: customersupport@askwoody.com

---

In this issue

---

LANGALIST

By Fred Langa

Microsoft’s massive, four-month-long series of Windows update screw-ups and outages has left some readers’ PCs in the weeds. Here’s how to see if you’re affected.

Plus: Whole-disk encryption options and a free collection of 16 automated fixes for a variety of Windows issues.

In “Some nice additions in Win10’s Task Manager” (AskWoody Plus, 2019-01-21 issue), I described new Task Manager features included in Win10’s October 2018 update.

But reader Charles Breitzke ran into a major snag, due to a missed Windows update. The same issue affected my primary PC in December, and one of my older PCs last month. It could also be affecting your PC right now.

You might become aware of the problem only after discovering missing or broken features. That’s how it came to light on Charles’s machine. He asked:

Aha! You’re looking in the right places, Charles, but you’re not running the latest version of Win10, which included the Task Manager enhancements. It’s likely your PC, like many others, was the victim of Microsoft’s screwed-up October 2018 Update, which was supposed to bump everyone from Version 1803 to 1809.

The October Update was cursed from the start. It was withdrawn just days after its release, when major flaws came to light. But by then, the buggy version had been installed on boatloads of PCs. The lucky users rolled back to Version 1803, while others left the update as is. In mid-November, Microsoft released a “fixed” version of Win10 1809, starting yet another round of rollouts. The amount of update churn was phenomenal!

The problem was made far worse by Microsoft’s typical update-rollout process; major Win10 updates usually take months to trickle out to everyone. It starts with PCs believed to have the fewest compatibility issues — newer, mainstream hardware, natively running the most recent version of Windows. Over time, the updates roll out to progressively older and less-standard machines, along with systems running pre-Win10 1803 releases.

Here are some real-life examples. I thought my PC was up to date — but it didn’t get Version 1809 until December. An older PC that I keep set to auto-update didn’t get the October Update until mid-January 2019! And the AskWoody Newsletter editor still hasn’t received Win10 1809 on his older ThinkPad notebook.

I’m sure there are millions of other PCs still waiting in the queue.

As if that weren’t enough, there were still more Win10-update troubles in the offing, such as a February patch that impacted network infrastructure and made Windows updating impossible for a while.

With all that churn and confusion, it’s entirely possible your PC isn’t as up to date as you think!

I recommend that all readers take a moment to check the Windows version and build you’re actually running.

It only takes a moment: Type or say winver into the search/Cortana box and click Enter — a box will pop up with version information. As of this writing, fully up-to-date Win10 Home and Pro systems are on Version 1809, Build 17763. Anything less, you’re due for an update.

If you need to, you can force an immediate update to the latest version of Windows 10 — now or anytime you like. Here’s how:

When it’s done, you should be running the most recent Windows version available — currently 1809.

And then, Charles — getting back to your original question — your system should finally have the new Task Manager in all its glory!

After reading my reply to “What happens if Windows is infected with ransomware, but the files are already encrypted with TrueCrypt?” on my Langa.com site, reader JG asked:

Thanks, JG! To your questions: The open-source TrueCrypt project is thoroughly dead. It was discontinued in 2014, and the software has not been updated since.

That said, an independent security audit in 2015 found no “significant flaws” in the final release — Version 7.2. But that was ages ago in digital time. Moreover, the original TrueCrypt developers explicitly stated that “Using TrueCrypt is not secure, as it may contain unfixed security issues.” They suggested migrating to BitLocker, which is built into Pro and Enterprise editions of Windows.

Fortunately, there are many other disk-encryption tools to choose from: the free and open-source VeraCrypt (site), for example. When TrueCrypt was in its final days, another group of developers used its core code to create a new version — a “fork.” VeraCrypt has been actively maintained and enhanced, to this day. The app can even work with old TrueCrypt volumes, and its code has been independently audited for security issues — a major plus.

Another group of developers created a second TrueCrypt-derived fork called CipherShed (site). It, too, is free, open-source, and still being updated. But it has not yet been subject to a full, third-party, independent security audit.

Again, there are plenty of whole-disk encryption tools available; there’s really no reason to stick with TrueCrypt. If I had to pick one whole-disk encryption tool today, I’d go with VeraCrypt, due to its independent security audit and broad compatibility.

After reading “Unraveling Win10’s file ‘permissions’ issues” in the 2019-02-04 AskWoody Plus newsletter, member Jim suggested some useful software.

Thanks, Jim! Windows Repair (All In One) is a nice collection of 16 different mini-fixes for a variety of common problems. It’s available in free and pro versions, and in normal (installable) and portable (self-contained) versions.

But a word of caution: All-in-one tools like that operate somewhat as black boxes. Specifically, Windows Repair (All In One) relies heavily on a built-in collection of scripts that alter your Registry. From what I saw, while poking around the app, it appears well made and safe — it even prompts you to make a backup of your Registry before allowing any changes.

Still, when you let their scripts run free on your PC, you’re placing a lot of faith in the hands of the programmers.

So don’t stop with just backing up the Registry. Before any serious repair, especially with a black-box tool, back up your entire PC!

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback is also always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

---

PATCH WATCH

By Susan Bradley

Microsoft’s newest release of Windows 10, Version 1809, is now sufficiently patched to make it safe on most consumer machines.

But if you’re relying on a rock-solid Windows installation for your business, Version 1809 isn’t quite there yet.

Microsoft is changing the rules again on how it handles Windows updating. According to a recent Windows IT Pro blog post, the company will no longer declare the change from Semi-Annual Channel (Targeted) to Semi-Annual Channel. For business applications, Semi-Annual (Targeted) will simply go away.

Although this channel-naming convention might have little or no meaning to many Windows users, it’s important to me and other IT professionals — it’s the point in time when Microsoft deems Windows 10 “ready for business.” In other words, Microsoft has had time to patch any significant problems that showed up shortly after a version’s first release.

So that AskWoody/Windows Secrets newsletter readers aren’t Microsoft beta testers, I’ve always recommended that all Win10 Pro users set their machines to Semi-Annual — not to the earlier Semi-Annual (Targeted) option. That ensures you won’t receive the major feature update until most of the bugs are worked out.

With the upcoming Win10 1903 release — sometime in March or April — you’ll want to rethink your feature-release settings. Instead of choosing the “Semi-Annual” date as the starting point for pushing off updates, I recommend delaying the installation of feature updates for at least 180 days after their initial release.

Again, I don’t feel that Version 1809 is business-ready — especially due to its painful release history and because the most recent monthly “fix-up” patch was late. KB 4482887 was posted on Friday, March 1. It should have been released three days earlier, on the regular second Patch Tuesday.

Is it any wonder that consumers are confused by updates (as noted in an AskWoody post)? Any patch that lands on a Friday is usually a critical “out-of-band” security update. But KB 4482887 is a so-called “preview” patch for “seekers” — typically folks who have clicked “Check for updates.” The patch contains numerous fixes for Version 1809.

Install KB 4482887 only if you’ve had any of the following bugs:

Not entirely surprisingly, the patch has introduced some new issues. The first primarily affects remote-desktop sessions in Server 2019 — it causes authentication problems with Internet Explorer.

Second, you might run into “Error 1309” when installing or uninstalling applications using standard MSI installers. While Microsoft works on a fix, you can simply ignore the error.

Microsoft recently released its annual Security Intelligence Report, a document the company says was created from “6.5 trillion threat signals that go through the Microsoft cloud every day, and the research and real-world experiences from our thousands of security researchers and responders around the world.”

The report’s takeaway: Amazingly, ransomware is on the decline. Instead, many attackers have moved to cryptocurrency mining. So instead of taking over your machine for ransom, they’re merely using the power of your CPU to mine Bitcoins. Because this isn’t seen as quite so malicious, it often goes unnoticed — and is certainly not as thoroughly investigated by the FBI.

As noted in the report, attackers are using websites as their gateway. They add JavaScript code to malicious pages and mine cryptocurrency in the background, while users are visiting the sites. Obviously, the best way to prevent this scenario is to be judicious about the sites you visit — and, of course, keep your browser up to date.

When I run random Google searches, I do so on a non-Windows device. Likewise, my sister has had far fewer browser-related issues since she started searching for online images on an iPad — and not on her PC.

Also in the report, phishing attacks increased an astounding 250 percent between January and December of 2018. Attackers are using hosted platforms and file-sharing sites to launch their attacks. So be extra careful of any file-sharing invitations, and ensure your key applications (e.g., banking apps) have two-factor authentication enabled.

Needless to say, the report is an interesting — and really scary — read that should remind us all that the bad guys are still out to get us.

Version 1809 finally showed up on my laptop, as I predicted it would in the previous Patch Watch. The update caused a few “Oh yeah, I forgot about that” moments this week. One such had to do with a default action when running a post-update, disk-cleanup process: specifically, removing the Windows.old file after the update completes.

After updating to a new version, Windows prompts you to run the disk cleanup tool. With Win10 1809, when you right-click your C: drive and run the app, note that the option for clearing downloaded files is now checked by default, as shown in Figure 1. It almost tripped me up, and it might do the same to you, too.

Figure 1. The option to remove downloaded files is now pre-checked in the Windows Disk Cleanup tool.

So be aware: When running the “disk cleanup” tool, ensure you don’t lose something you intended to keep. From now on, don’t consider your downloads folder as a permanent place to save files.

I’m ready to give the go-ahead to install the following updates. Keep in mind that these are the primary security updates released at the beginning of February.

If you’re impacted by Access 95 issues, the backslash issue in IE, or the Japanese era issues, install the following updates:

What to do: Install the main security updates for February. Install the second set of updates only as needed.

As with Win10, February’s follow-up patches for Win8.1 and Server 2012 R2 fix the problems with Access 95, backslashes in IE, and the Japanese era naming. But it, too, introduces the aforementioned side effects: IE authentication and the install/uninstall “Error 1309.”

February’s Win8.1 followup patch is KB 4487016 — a non-security rollup preview.

What to do: Start by installing February’s main updates: either the KB 4487000 rollup or the KB 4487028 security-only patch. Next, install KB 4487016 if you’re affected by the Access 95 problem or one of the other issues the patch fixes.

By now, you’re probably noticing a pattern. No problems with Access 95, backslashes, or the Japanese era change? Stick to the primary updates.

Otherwise, follow up with KB 4487028 to fix any of those three issues.

Note: The bug that prevents Windows’ Event Viewer from showing some event descriptions for network interface cards hasn’t been fixed.

Nevertheless, go ahead and install February’s Win7 updates:

I’ve not tracked any side effects from February’s .NET fixes — which is a great thing. Remember, as with Windows, you’ll need to choose between the security/quality rollup or the security-only patches.

In this Patch Watch, as in the previous edition, I’ve not listed all February .NET updates; just those for the major platforms. They include the following:

What to do: It’s safe to install these updates.

If you’re an on-premises Exchange Server patcher, you’ll be happy to know I’ve not come across any issues with the following updates:

What to do: As always, make sure you have a thorough and working backup of your server before installing these updates.

The primary Office patches, released February 12 and listed below, can include various security and non-security fixes in the same update. February’s patches include:

Office 2016

Office 2013

Office 2010

Office 2007

Note: If you’re on Office 2016, Office 2019, or Office 365, you’re running the “Click-to-Run” versions, which don’t get individual updates — it’s an all-or-nothing deployment. As noted in Office-update documentation, these Click-to-Run updates are installed in the background, though you might see a notice in Office apps that there are new features.

What to do: February’s fixes are good to go.

The following non-security updates came out on February 5:

Office 2016

Office 2013

Office 2010 (mostly fixes for Japanese era bug)

What to do: Install these updates at this time.

Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

Susan Bradley has been the one and only Windows Secrets Patch Watch diva for many years. In real life, she’s a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

---

Best Utilities

By Deanna McElveen

There are so many useful and free tools and games offered on the Internet, it’s like a candy store.

But it’s a store that can throw rocks into your candy bag.

We’re constantly testing new and updated utilities for inclusion on our OlderGeeks site. As you might imagine, some of those utilities can be hard on our test machine. To help protect it, one of our essential tools is PrivacyRoot’s Safe Startup (site). In fact, we use it on all our systems — and on our parents’ computers, whether they like it or not.

Safe Startup is relatively simple: it notifies you of any recently installed programs that will launch at startup. That includes those annoying tagalong apps that get added to your system with little or no notice. For example, let’s say Dad installs “Super-Duper Free PDF Reader”: Safe Startup will let him know that an add-on such as “BonziBuddy” (see Figure 1; more info) was installed along with the intended PDF software. (Apps that typically install without your explicit consent are so-called PUPs — or “potentially unwanted programs.”)

Figure 1. Now defunct, BonziBuddy was an app that might install along with another program and launch on startup.

Safe Startup’s initial setup splash screen promises that the download won’t include any spamware, viruses, or PUPs (see Figure 2). The installer’s next screen (shown in Figure 3) offers several other free and useful PrivacyRoot utilities, but only Safe Startup is pre-checked.

Figure 2. As with all good downloads, Safe Startup is free of potentially unwanted programs.

Figure 3. PrivacyRoot’s installer includes several utilities, but only Safe Startup is checked.

The main interface gives you a list of all programs that will launch on startup. Think of the utility as a bulked-up version of Windows’ built-in startup manager — Task Manager/Startup.

This screen is where you enable or disable specific startup apps by choosing “REJECTED,” “NO DECISION,” or “APPROVED” (see Figure 4). “No Decision” selects the default state of a startup app, and “Approved” means you always want an app to launch at startup — “so stop bugging me about it!”

Figure 4. Safe Startup’s main screen lets you manage all apps set to launch at startup.

Clicking the Settings button gives you some choices for how Safe Startup runs. By default, it launches on startup, notifies you of any changes to the list of startup programs, and then closes. However, that’s insufficient for non-geeks such as Mom and Dad. For them, we enabled “Run periodical checks: Safe Startup will be located in PC memory all the time” (see Figure 5).

Figure 5. Safe Startup offers numerous customization options.

If you really want to give some users a scare, check “Show message in the center of the screen.” The other default settings are just the way we like them, but you may have some different requirements — such as another language.

A Pro version of Safe Startup includes more help, the ability to disable app-update notifications, and a recovery option — should you mistakenly delete a startup item. The Pro version costs a modest U.S. $14.95 for a one-year license. (The Pro versions of the other PrivacyRoot apps are also $14.95.) The current Safe Startup 4.12 supports all versions of Windows from XP on, and it requires .NET Framework 3.5.

As always, the installation files can be downloaded from an OlderGeeks.com page — as can the other helpful PrivacyRoot apps.

Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

---

Best Practices

By Michael Lasky

Wouldn’t it be handy if we could quickly transfer documents, pictures, and even entire folders from one PC to another nearby PC, no strings attached — no cables, no Wi-Fi, no Internet connection?

And how about making those transfers conveniently seamless and almost instantaneous?

You might not have noticed that you can do most of those tasks in Windows 10, starting with Version 1803. The Nearby sharing feature is Microsoft’s take on Apple’s nearly decade-old AirPlay. It lets us move files between PCs that are within 30 feet of each other — without cables, Wi-Fi, or Internet connections. And in the near future, Microsoft will reportedly extend Nearby sharing to Android and iOS devices.

Along with Nearby sharing, Windows 10 offers other ways to transfer files and folders. More on that below. But first, here’s how Nearby sharing works.

Pop quiz: So, what’s the only wireless technology for transferring data that isn’t Wi-Fi, conventional Bluetooth, or cellular? The answer is a quasi-cheat: Bluetooth LE — short for Bluetooth Low Energy (more info). BLE exists alongside classic Bluetooth on versions 4.0 and higher, and it saves power in part by remaining in sleep mode until a connection is initiated. Its low-power consumption lets it work on small devices with limited battery power, such as Bluetooth-connected earbuds.

The catch: Both devices need to support BLE — it’s not backward-compatible with standard Bluetooth.

For Microsoft’s Nearby sharing to work, both computers need to have Win 10 1803 or 1809, and both need to support Bluetooth LE. It’s relatively common on PCs released within the past couple of years. But if your computer doesn’t have at least Bluetooth 4.0 installed, there are USB-Bluetooth adapters available online, some for less than U.S. $7.

To get started, open Win10 Settings (Windows key + I). Click System and Shared experiences, then switch on both the Nearby sharing and Share across devices buttons (see Figure 1).

Figure 1. For short-distance file transfers, Nearby sharing and Share across devices must be switched on in Win10’s settings.

Both settings offer two options: “My devices only” or “Everyone nearby.” For those who are suitably cautious or just chronically paranoid, the latter option is best switched off when your system is in public settings — such as a coffee shop or airport. In either case, when you receive a notice that a file is ready to come your way, you can always decline it.

Note: Win10 doesn’t tell you whether your system supports Bluetooth LE. To check, you can dig it out of the Device Manager or use the small app: Bluetooth Version finder. A Sordum.org page tells you how to use either one.

Starting in File Explorer, choose a file you want to transfer to another PC. Right-click that file’s icon and choose Share in the shortcut menu (as marked in Figure 2).

Figure 2. To transfer a file, use the Share option.

Wait a few moments. Any Nearby sharing–enabled systems within 30 feet should appear in the Share panel. Select the target PC and, in a second or two, a notification will pop up on the target system requesting that its owner accept or refuse the transfer.

By default, the file will be saved in the Downloads folder, but you can change this behavior in the Shared experiences settings panel.

Bonus tip: If you select a file to share but haven’t switched on Nearby sharing in Settings, the Share panel will offer “Tap to turn on nearby sharing.” Click or tap this message to enable the share.

Alas, Nearby sharing will not let you share folders. Nor will it let you open a file on another PC. And yet sometimes you might want to open, view, and edit files on other computers. If they’re on the same network, you can do so by jumping through some simple, extra hoops.

From File Explorer, select the folder or file you want to share. On the Ribbon at the top of Explorer, select the Share tab and choose the person you want to share with (see Figure 3).

Figure 3. You can share files or folders via File Explorer’s Share tab.

If you want to share with more than one person, select Specific people and highlight the recipients from the list of names. You can also customize what type of permission each person has: Read or Read/write. This is also the place where you can “Remove” sharing rights. (Your name is listed as Owner.) Keep in mind, however, that others can’t see your shared items if your PC is asleep.

Click “e-mail” or “copy and paste” to send a share’s link to the chosen recipients. Note: If you’re sending the link over an email system that’s not the default, use the “copy” option. For example, my default system is Hotmail (Outlook), but I also use Gmail as a secondary email app.

IDrive’s RemotePC (site; Figure 4) is a free app that, like its name suggests, lets you connect to and use your PC from any Internet-connected device, including iOS and Android. You can sign in to your office or home computer from almost anywhere, manage your files, and work on your computer — just as though you were sitting in front of it. You can also invite an associate to access your computer to work on a presentation or help troubleshoot it.

Figure 4. RemotePC‘s main connection window

After installing the app on each device, you can also share files and folders, using the Internet as the “switchboard.” Access is completed with a personal key (i.e., passphrase) used at both ends of the connection.

Unlike other Internet-based connect apps such as GoToMyPC and LogMeIn, RemotePC is free — for connecting to a single computer. As I write this, a license for up to 10 computers is only $7 for the first year’s subscription. (The fine print: You won’t see the $7 price until you download the app. Otherwise, the site’s pricing for multiple computers is $52.12 for 10 devices.)

The app can be customized to accept one-time users or to remain always on for all comers. And the screen you see on each PC or device — such as on an iPad — is as if you’re actually at your default PC.

One downside of accessing your computer from, say, an iPad, could be the loss of custom settings for your Windows desktop. When I closed RemotePC, my default desktop images were lost and had to be re-selected. But overall that’s a minor peeve for the convenience it provides.

Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

Michael Lasky is a freelance writer based in Oakland, California. He has over 20 years of computer-magazine experience, most recently as senior editor at PC World.