Are system/Registry cleaners worthwhile?

Are system/Registry cleaners worthwhile?

As Windows and third-party software have evolved over the years, Windows Secrets has periodically put various Registry- and system-cleanup products through their paces to examine the claims made by and about them.

For example, most cleanup software claims to streamline and shrink the Registry by removing obsolete, erroneous data and broken links stored there. Other products claim to do more, such as removing junk files, reducing boot times, and improving overall system performance.

Back in the days of Windows XP, third-party system cleaners were of real value in removing detritus from the operating system. But the current versions of Windows have many more built-in tuning and self-repair options. So do third-party cleaners still deliver any real-world benefit? Do they live up to their impressive claims?

Updating the WS cleaning-tools tests

Windows Secrets’ previous coverage of cleanup tools has laid an extensive foundation.

See, for example:

• “The Windows Maintenance Challenge: Part 1” – Aug. 14, 2014, Top Story
• “The Windows Maintenance Challenge: Part 2” – Aug. 28, 2014, Top Story
• “Test-driving ‘free scan’ tune-up suites” – Aug. 9, 2012, Top Story
• “Putting Registry- /system-cleanup apps to the test” – Nov. 10, 2011, Top Story

This article builds on that previous coverage; it was prompted by several factors.

► Reader questions: A new release of Macecraft’s jv16 PowerTools X (free/paid; site) generated a flood of reader email asking about the product’s extraordinary claims.

For example, an ad mailing from a “Macecraft Software — PC optimization expert” carried the subject line “Make your computer at least 47 percent faster.”

I thought the “at least” might be a misprint, but the claim was repeated and expanded in the text of the advertisement, which stated:

“I personally ran jv16 PowerTools X in the Windows 7, Windows 8.1, and Windows 10 (Technical Preview) operating systems, and, on average, it made the PC system start 47 percent faster. This amazing tool also improved the system’s overall performance by 13 percent, as measured by the PCMark 7 benchmark software.”

Those claims prompted many Windows Secrets readers to write in, asking for some objective tests of the new version.

► Major upgrades to an often-recommended tool: Heavy-duty cleaning tools can actually damage a PC with too-aggressive cleaning. They might remove data and Registry settings that appear to be unneeded but that actually serve a useful purpose.

Because of this, for several years now, I’ve been recommending — and using — safer, less-aggressive cleaning tools. Regular Windows Secrets readers will know that my primary choice has been CCleaner (free/paid; site). But the last version to undergo formal testing in Windows Secrets was Version 3.12; CCleaner is now at Version 5.07. It’s time for a fresh look.

► Emergence of new cleaning tools: Over the years, Windows Secrets has also reported on a wide range of other cleaning tools, including Crossrider’s Reimage, Corel’s WinZip System Utilities Suite, Norton’s PC Checkup, AVG’s PC TuneUp, iolo’s System Checkup/System Mechanic, and PC Pitstop’s PC Matic.

But the popular — and heavily promoted — IObit Advanced SystemCare (free/paid; site) hasn’t been covered in Windows Secrets. So I have included it in this article.

Strengths and limitations of tests like these

It’s important to note that all reviews of PC-cleaning software share a major shortcoming. The results of performance tests principally apply only to the machine tested. Your system likely has a very different configuration and will produce significantly different results.

Consequently, published test results are best used only as a general guide; you can’t use them as the definitive word on what might work best with your specific combination of hardware, software, skills, and personal preferences.

To help you find the “best fit” utility for your unique circumstances, I’ll provide information on how you can adjust and adapt the data shown here to make it more representative of your setup.

But for the very best results possible, I recommend that you run similar tests on your own PC. For a safe test methodology, see the concepts and procedures described in the aforementioned Top Story, “The Windows Maintenance Challenge: Part 1” and the follow-up, Part 2 Top Story.

Again, the results of my tests can serve as a useful, general guide. But only your own tests on your own PC will definitively show which tools are right for you — using both the utilities discussed below and any others you might run across.

(Warning: Before running a third-party cleaner on any PC used for live personal or work computing, always make sure you have a recent and full backup.)

Establishing the baseline setups and timings

To help ensure fairness and repeatability in my tests, I used two long-established, plain-vanilla, virtual PCs (VPCs) as baseline systems. One runs Win7 SP1 and the other runs Win8.1, upgraded from Win8.0. Both are real-life Windows setups I’ve used routinely for work for years.

To begin, I cloned their hard drives and setups to be certain I could restore the exact same VPC configurations for each test.

I then uninstalled all third-party software and performed thorough maintenance on both VPCs, using the techniques and tools documented in Windows Secrets articles such as the Jan. 16, 2014, Top Story, “Keep a healthy PC: A routine-maintenance guide,” and the Jan. 10, 2013, Top Story, “Let your PC start the new year right!”

If you’ve followed the recommendations in those and similar Windows Secrets articles, your PC will share at least some rough similarities with the test VPC setups.

Once the test VPCs were set up and running lean and clean, I took some baseline measurements of three of the main factors that Windows cleanup tools usually purport to improve: startup/shutdown times, disk clutter, and Registry bloat. Here’s how:

• To accurately determine startup/shutdown times, I used the fully automated timing method described in the Aug. 28, 2014, Top Story. I performed each timing test a minimum of three times; I then averaged the results, rounding to the nearest whole second.
• To determine disk bloat, I used File Explorer to measure the total amount of disk space in use, rounding to the nearest 0.1GB.
• To gauge Registry bloat, I exported its contents and noted the size of the resulting .reg file, rounding to the nearest 1MB.

Figure 1 shows the baseline results.

Note the quick startup/shutdown times. One way that my VPCs might differ from your setup is that they live on a speedy solid-state drive (SSD). One benefit of using an SSD is significantly faster startup and shutdown times. In a moment, I’ll provide information on how you can adapt my timing results to estimate performance on your system — though that’s a poor substitute for performing tests on your own system.

Adding software to create a used, “dirty” system

Next, to simulate a real-life system, I downloaded and installed 15 popular apps on both test VPCs. To select which apps to install, I used the then-current user-popularity ratings reported by Download.com.

Where software conflicts were likely, I selected only one app for each category. For example, although AVG AntiVirus Free 2015 and Avast Free Antivirus 2015 were both extremely popular downloads, installing more than one full-time antivirus app on a given PC is known to cause system trouble — including excessive system slow-downs. Therefore, I selected just one AV app.

The selected apps include:

• AVG AntiVirus Free 2015 (site)
• IObit Malware Fighter Free (site)
• IObit Smart Defrag (site)
• betternet VPN (site)
• Mask Surf Pro (site)
• Google Chrome (site)
• Mozilla Firefox (site)
• Opera browser (site)
• PrimoPDF (site)
• CorelDRAW Graphics Suite Trial (site)
• NexusFont (site)
• Audacity (site)
• Express Burn Disc Burning Software Free (site)
• VLC Media Player (site)
• Driver Booster 2 (site)

In each case, I allowed the apps to fully set themselves up the way the software publishers intended. For example, I accepted the default settings and options, and I didn’t meddle with the setup parameters. Both VPCs received exactly the same software selections, in the version appropriate to each VPC’s Windows version (7 or 8).

As expected, loading the system with this software changed all the baseline measures, as shown in Figure 2. In particular, the startup/shutdown times (relatively speaking) went through the roof — the Win7 boot times increased roughly sixfold!

Note that the differences in startup/shutdown times between “clean” and “dirty” systems include the percentage change. This is intended to provide a rough comparison for what you might see with your specific system.

For example, if your PC normally takes, say, one minute for shutdown/startup, and one of the following tests shows a 100 percent increase in time, you can guesstimate that your PC might take around two minutes for its shutdown/startup under similar circumstances. (But again, you’ll get the most accurate results by performing your own tests.)

A Control Panel uninstall leaves behind debris

After installing and running the 15 apps, I then uninstalled everything via Control Panel’s standard uninstall applet. Because this is not an aggressive tool, it typically leaves behind at least some orphaned files, excess Registry settings, and so forth.

This is borne out by the test results shown in Figure 3. Win7 was able to return the startup/shutdown time to the previous condition (within the limits of the one-second timing sensitivity), but the disk and Registry gained some modest bloat. Win8 kept the Registry clean but allowed some disk bloat and a small increase in startup/shutdown time.

Taken alone, these measured differences are small — one round of software installs/uninstalls doesn’t result in huge changes. But each cycle of software setup and knockdown can leave behind digital debris. It adds up over time and can become a significant source of slowdowns and clutter.

That’s where cleanup tools can come in handy — at least in theory.

To see what common third-party cleanup tools could do, I cloned the final Win7/8 VPC setups — in the somewhat dirty, freshly uninstalled apps condition. I then set loose the different tools, each on its own identically cloned setup, to see how they would affect startup/shutdown times, disk clutter, and Registry bloat.

Test 1: jv16 PowerTools X

I installed and ran jv16 PowerTools X (free trial/$30; site) on the cloned Win7 and Win8 VPCs.

It reported alarmingly poor conditions on both setups. For example, on the Win7 VPC, it stated that “Overall System Health” was just 23 percent, “Registry Health” was only 1 percent, “Startup Health” was 54 percent, and “File System Health” was 87 percent.

Drilling into the details, it reported 263 Registry errors plus various other issues, as shown in Figure 4.

I selected the one-button “Clean and fix my computer” option and let the software perform its self-assigned tasks.

When it was done, I again measured my virtual Win7 and Win8 systems. Figure 5 shows the results.

In fairness, some of the file and Registry bloat is due to the installation of jv16 PowerTools X itself, and that can’t be avoided. But I can think of no excuse for the disparity between the promised and delivered startup/shutdown times.

Your tests will, of course, yield somewhat different results. They might show significant system-performance improvements, but on my machines, jv16 PowerTools X didn’t come close to delivering on its extravagant promises.

Test 2: Advanced SystemCare

Next, I installed and ran Advanced SystemCare (free trial/variable cost thereafter; site) on freshly cloned copies of the Win7 and Win8 VPCs. In other words, it had exactly the same starting point as jv16 PowerTools X.

Advanced SystemCare reported many problems on both the Win7 and Win8 setups. For example, on the Win8 VPC, it reported 263 Registry errors and 58.6MB of junk files, plus 16 unspecified “performance issues,” four “security holes,” 100 “privacy issues,” 33 “Internet problems,” and a whopping 9,798 “browser security issues. ” See Figure 6.

I let Advanced SystemCare run to completion (which included downloading a number of Windows Update items to the already fully updated test machines) and then took new measurements. Figure 7 shows the results.

As you can see, Advanced SystemCare wasn’t useful for clearing the test systems’ Registry and file bloat nor for trimming startup/shutdown times. (However, as with jv16 PowerTools X, some of Advanced SystemCare’s file and Registry bloat is unavoidable — from its own added files.)

Again, your tests, on your system, might yield better results — or not.

Test 3: Piriform’s CCleaner

As with the previous two products, I installed Piriform’s CCleaner (free/$30 and up; site) on Win7 and Win8 VPCs, cloned from the post–Windows uninstall systems. Figure 8 shows the basic CCleaner interface.

Unlike jv16 PowerTools X and Advanced SystemCare, CCleaner reported finding a relatively modest number of deletable temp files and Registry entries. For example, it noted only 88 invalid Registry Keys on the Win8 setup.

As with the other tools, CCleaner’s own installation added some disk and Registry bloat, but not so much as the other products. Notably, only CCleaner returned the Win7 and Win8 VPC startup/shutdown times to their baseline levels. Figure 9 shows the results of CCleaner’s efforts.

Summarizing the post-cleaning test results

For your convenience, Figure 10 shows the aggregate results, with the best and worst cleaning-tool results in each category highlighted in green and red, respectively.

Bottom-line conclusions and caveats

One of the key takeaways from these tests isn’t about the tested products themselves. Rather, it’s that Windows systems regularly maintained with the operating system’s built-in tools are already running relatively lean and clean. Based on the above tests, third-party tools probably won’t improve system performance by much — if at all.

It proves the value and validity of the common, free, do-it-yourself maintenance methods I used to set up and maintain those baseline systems.

Those maintenance techniques and tools are thoroughly documented in Windows Secrets articles such as the Jan. 16, 2014, Top Story, “Keep a healthy PC: A routine-maintenance guide,” and the Jan. 10, 2013, Top Story, “Let your PC start the new year right!”

If you follow the recommendations in those articles, then your PC will most likely also be lean, clean, and running well — without the assistance of any third-party cleaning tool.

A second related takeaway from these tests: If your PC is at all healthy, it’s unlikely you’ll see miraculous results from any commercial cleaning tool — and certainly no “47 percent faster boot times.”

My third and final takeaway: I’ll continue using — and recommending — lightweight tools such as CCleaner for routine cleanups. As mentioned earlier, this test (one cycle of software setup and knockdown on already-clean systems) didn’t leave a lot to clean up. But each cycle of software installs, upgrades, and uninstalls leaves behind some digital debris. Over time, it adds up and can become a significant source of slowdowns and clutter.

These tests tend to confirm that the manual cleaning methods mentioned above, plus lightweight cleaning from third-party tools such as CCleaner, might be all you need to keep a PC operating at or near best-available levels of performance.

I also worry about over-cleaning. I have to wonder about the high fault numbers reported by jv16 PowerTools X and Advanced SystemCare and what the two products are actually cleaning. (In some cases, the cure might be worse than the disease.) It’s difficult to know whether some of those “faults” are misdiagnoses, minor errors that have no real effect on system performance, or true issues — or possibly exaggerated numbers designed to make the product seem more valuable than it really is. I just don’t know. (Again, a recent full backup is your safety net for recovering from any damage done by overly aggressive cleaning.)

But those are my personal conclusions. As before, I recommend drawing your own conclusions, using the test concepts and procedures described in “The Windows Maintenance Challenge” Part 1 and Part 2.

That’s the true test for definitively answering which tools are right for your own unique mix of hardware, software, skill level, and personal preferences! Testing these products in virtual machines will provide a safe platform and let you make your own customized analysis.

Final countdown for the release of Win10

Microsoft has apparently gone quiet as it approaches the Windows 10–release deadline; the folks in Redmond are likely putting in some long hours.

Still, there’s much to be revealed about the new OS — not just on launch day, but over the weeks to follow.

In the home stretch to the Win10 launch

Microsoft’s next Windows formally launches in two weeks. Not surprisingly, there’s still a raging debate over when to upgrade — among those who wish to or must upgrade. (Every PC journalist has to install the official version as soon as possible.) There’s dissension even among Windows Secrets contributors, based on the emails that float into my inbox.

The when-to-install camps seem to fall into three rough categories: the eager, “I want to stay ahead of the curve and trust Microsoft, so I’ll put it on my machines on July 29”; the prudent, “I think I’d play with it for a while longer on my test systems”; and the skeptical, “I’m not going to look at it until it’s had a least two major revisions.” There is no right or wrong choice here — it all comes down to personal preference. (I fall in the second camp.)

That said, Windows Secrets readers aid and influence many PC users who only want to know how to get tasks done. Again, based on emails we receive, there are still many of those folks who believe they must upgrade soon. Feel free to reassure them that they can wait for up to a year.

Looking at build 101652, I think Windows 10 is shaping up well. My one standing complaint, however, is the start-menu box for Universal (Metro) apps. When open, it still takes up a good portion of the screen. Would it be that difficult to have it automatically shrink to fit the number of displayed tiles? Perhaps I’m missing something. If so, I’m sure I’ll hear about it.

Windows Secrets will, of course, have lots of Win10 coverage over the weeks that follow the launch. Feel free to post comments on what you’d like to know about the new OS, using the link at the bottom of this column.

Touring Microsoft’s Digital Works demo day

This past Friday, Microsoft held an event debuting the latest crop of entrepreneurs participating in Microsoft Ventures. MS Ventures provides financial and technical support for a select group of product developers. Interestingly, most of the apps on display are not necessarily Windows-dependent. (Most of the new offerings are still in beta or have been released only in the past couple of months — and most of the companies are still trying to drum up money to get their products to market.)

The new products and services vary hugely in scope and complexity. For example, GoSKIP is a new checkout service now being tested in smaller grocery stores. Simply put, you enter your shopping list in a mobile app. You then use your mobile device to scan products as you put them into your shopping cart (a real cart). When you’re finished shopping, you simply walk out of the store — no waiting at the checkout stand.

On the other hand, GeoSafe is a collaborative communications system for first responders. It’s apparently already in use in 16 cities in Oklahoma (think Tornado Alley), helping coordinate rescue efforts in disasters.

Naturally, some of the new companies are finding new ways to target ads. Outleads, for example, states that it “enables brands to target online advertising based on offline activity.” Next time you sign up at a new gym, you might want to give a false name.

The strange case of the reappearing iPad

Like many PC users, I own an iPad for reading the news, playing the occasional game, and watching Netflix. I had no intention of spending my money on Apple’s original iPad, but I was given one and soon found it useful. So much so that when the iPad 1 started having problems, I couldn’t resist buying a new iPad Air.

Still, the iPad demonstrates one of the most common complaints about Apple products — premature obsolescence. There was nothing wrong with the original device; the hardware worked perfectly, and so did most of the apps. The problem was with software updates.

It started with the last iOS updates for the iPad 1. Quite simply, the hardware wasn’t up to the task of supporting newer versions of iOS. The most egregious fault was the frequency of Safari crashes. Reading the New York Times was a trial, and viewing other news sites was impossible. The last straw fell when I tried to download Kindle Reader and was informed that I needed a newer OS. (At this point, Apple has stopped offering iOS updates to its original iPad.) I couldn’t download a simple book reader? Really? After many bad thoughts about Apple, I broke down and upgraded to the iPad Air. Sure, I could have purchased an Android tablet, but the familiar exerts a strong pull.

Not one to toss out still-working hardware, I went online to see about recycling the old iPad. A company down in Florida claimed it would pay me $35 for the machine. Good, I thought, they will know how to put it to use. I sent my iPad off … and never heard from the company again, except to say that the offer had expired.

So where was my iPad? Two days ago — and a couple of months after I sent it off — it showed up in my mail with a “Return to sender sticker” on the wrapping. Where it’s been all that time is a mystery.

Not one to give up on old hardware easily, I did a bit more research. Currently, I’ve restored an old backup of the tablet that was sitting on one of my other machines. I also discovered a trick for installing Kindle. You first download it from the Apple Store onto a newer system (in this case, the new iPad Air). Then you go back to the Store on the old tablet and click the “Purchased” tab. The download will ask whether you want to install an older (and compatible) version.

If it works sufficiently well, perhaps my spousal unit will adopt it for reading on our commutes out to the farm — and I’ll start thinking again about some upgrades to my aged PCs.

How to correct even deep-seated IE 11 problems

Repairing Internet Explorer 11 is usually relatively easy, but some of the steps depend on the version of Windows you’re using. Here’s how.

Plus: A reader gets locked out of his system’s administrator account, and an attempt to set up a Wi-Fi hotspot disables a PC’s wireless networking.

IE 11 failures resolved by quick browser reset

Reader Rick Kirchoff’s IE 11 setup is seriously malfunctioning, and he needs help fixing it. But the solution to Rick’s problem doesn’t apply just to IE 11 — it can help repair all major browsers.

• “My Internet Explorer 11 crashes many times a day.

  “After reading your story about Microsoft’s fix-it site [“Free first aid for a wide range of Windows ills,” June 11 Top Story], I tried to find a fix for my browser problems.

  “My search turned up two potential solutions. However, based on the fix-its’ descriptions, I decided they’d not work; they were only for IE 7, 8, and 9.

  “I hate the crashes, but I want to continue using IE 11. I’ve not found another Web browser to my liking. Can you help?”

Browser problems are almost always caused by compatibility issues between the core browser and installed add-ons, extensions, toolbars, custom settings, and so forth.

When things go seriously wrong with a browser, the first step should be a full browser reset — i.e., returning the browser to its pristine, just-installed condition.

In all major browser brands and versions, a full reset takes just a few clicks and is completed in a minute or two. Here’s how to do it in IE 11; if you’re using a different browser, check its help pages or support site.

• Close all tabs and windows, and then shut down IE.
• Reopen IE.
• Click the tools button (the gear icon), and then click Internet options.
• Click the Advanced tab; then click Reset.
• In the Reset Internet Explorer Settings dialog box, leave the “Delete personal settings” box unchecked to preserve items such as stored website passwords. Click Reset to start the process (see Figure 1).
  

  Figure 1. A simple reset (IE 11 shown) typically removes common browser malfunctions and poor performance. In IE, uncheck Delete personal settings.

• When Internet Explorer finishes restoring its default settings, click Close and then click OK to exit the Reset process.
• Restart your PC.

Odds are, IE 11 will now work normally, without the glitches you were experiencing. If not, try the same steps (above), but this time check the box for “Delete personal settings.” This should remove corrupted or incorrect personal settings that are causing trouble. But you’ll also have to restore items such as saved passwords.

When IE appears to be working well, add back your favorite add-ons and customizations — but do so carefully, making one change at a time. Exercise your browser after each change, visiting any pages that previously caused trouble. If or when the trouble reappears, you’ll know that the last add-on you installed or modification you made is the likely culprit. Uninstall/remove that last change, and IE 11 should then behave properly.

But what if resetting the browser doesn’t work?

The next steps depend on the Windows version you’re using; IE 11 is managed differently in Win7 and Win8.

► Windows 7: Uninstall and reinstall IE 11.

Here’s how to put a fresh copy of IE 11 on a Win7 system:

• Open Control Panel/Programs/Programs and Features.
• On the left side of the window, click View installed updates.
• Scroll down the resulting list. Under the Microsoft Windows heading, locate Internet Explorer 11, as shown in Figure 2. (Alternate method: Enter “Internet Explorer” into the upper-right search box.)
  

  Figure 2. In Windows 7, IE 11 is a Windows Update item that can be uninstalled.

• Right-click the Internet Explorer 11 listing and then click Uninstall.
• In the “Uninstall an update” dialog box, click Yes.
• Click Restart now; Windows will remove IE 11 and reactivate the version of IE you were running before you installed IE 11.
• After the reboot, use any browser to download and install a fresh copy of IE 11 for Win7 (free/site).
• When the fresh installation is complete, open Windows Update (Control Panel/System and Security/Windows Update) and click Check for Updates. Let IE get whatever updates are offered.
• Reboot. IE 11 should now be running normally.

► Windows 8: Verify IE 11 integrity.

IE 11 can’t be uninstalled from Win8; it’s an integral part of the operating system. As such, however, IE 11 can often be repaired by using sfc.exe, Windows’ built-in system-file checker. The tool replaces bad or corrupted system files with known-good copies.

To run sfc.exe, open an admin-level command window and then type:

sfc /scannow

Let the scan run to completion; then follow any on-screen instructions that appear.

If you encounter difficulty or would like more detailed instructions on using sfc.exe, see Microsoft Support article KB 929833.

If after you follow the preceding procedure, IE 11 is still malfunctioning, the problem is most likely caused by some third-party software outside the browser. For example, an aggressive anti-malware tool, a VPN client, a password-keeper/form-filler, third-party firewall filters, or something similar could be interfering with the browser.

Open the Windows uninstaller tool and, one by one, try disabling or uninstalling any such software that might be messing with your browser. Test the browser after each uninstall, until you’ve identified the software that was causing trouble.

Once you’ve found the problematic software, don’t reinstall it — find an alternative and use that instead.

Can’t access mangled Administrator account

Reader JG Reid tried to activate Win8’s hidden master admin account, as described in the May 14 Top Story). But JG seemed to end up locked out of all administrative privileges!

• “I’m running Win 8.1 64-bit. I set up an admin account but didn’t set a password until I made sure things worked. I followed your directions, but now I can’t get to the Administrator account using either of the methods in that article. I can see the Administrator account, but I can’t sign in to it. Help!”

Relax, JG. It’s unlikely you’re permanently locked out.

When you first set up Windows, whatever account you originally used was automatically designated as a full administrator.

None of the steps in the “Activate Windows’ hidden, master admin account” article discussed demoting or altering your original accounts in any way.

What’s more, Windows takes steps to help ensure that there’s always at least one admin account present on every system; a normally functioning Windows setup won’t let you delete or demote the only remaining admin account.

So, even if the formal Administrator account isn’t working, your original user account should still be there and still be designated as a full administrator — just as it was before you tried setting up the separate, master Admin account.

Here’s what to do now:

Reboot your system. Select your original account from the sign-in screen, and sign in normally. Once you’re in, go to Control Panel/User Accounts to delete the new, malfunctioning Administrator account that you were trying to create.

Then, if you wish, re-create a new master Admin account, following the directions in the article exactly as listed.

If for some bizarre reason or malfunction you can’t sign in to your original account, you can reset a standard Win8 password — the one associated with your Microsoft account — by submitting a form on the online password-reset page via your smartphone or another PC.

If you’re not using a Microsoft account for your sign-in — i.e., you’re using a local account — and you’ve forgotten your password, use the password hint you created when you set up the local credentials. That should trigger your memory for the proper password.

If you forgot what the hint means, use the password-reset disk you were prompted to create when you set up your local Win8 sign-in.

No password-reset disk? Okay, things get tougher.

You can probably get into the system and reset the admin password by hacking Windows’ utilman.exe app. As you might expect, it’s not a simple process. Here are the steps.

Boot your PC from a Windows repair or setup disk and select Repair my PC when it’s offered. Open a command window and navigate to utilman.exe on your hard drive. Normally, it’s C:\Windows\System32\. Now follow the directions in the related TechNet blog to reset the Administrator password.

If even that doesn’t work, you’re probably looking at a Windows reinstall.

But again, none of that should be needed. Absent a truly major malfunction, a Windows setup will always have at least one functioning admin-level account. In your case, the original account should still have admin privileges and still be working fine!

Setting up a Wi-Fi hotspot kills all wireless networking

Donna was following the steps in “Turn your Windows PC into a Wi-Fi hotspot” (Sept. 10, 2014, Top Story) when something went awry.

• “Please help, if you can. I followed your instructions but got interrupted at the netsh command and didn’t complete the final step.

  “Now, if I go back to the command prompt, netsh states: ‘There is no wireless interface on the system.’

  “How can I get it back? Please help!”

Because this problem was caused by an errant change to your PC’s wireless networking, it should be simple to fix. Just return your wireless setup to its default condition.

The process is a soft uninstall, and it’s usually easy. Note that it does much more than fix Wi-Fi issues; it can be used to clear up a huge range of problems with other hardware subsystems and PC peripherals — including USB, Bluetooth, printing, and so forth.

Here’s how:

• Exit or suspend any software that uses the problematic hardware or subsystem. Donna’s problem is with wireless networking, so I’ll use that as the example. She should shut down all online-related activities and apps such as browsers, email, etc.
• Next, open Device Manager (Control Panel/Device Manager, or enter device manager into the Control Panel search box).
• Expand Device Manager’s listings to show all devices or subsystems within the category that’s causing trouble. Right-click the specific device or adapter that’s malfunctioning and select Uninstall. (In Donna’s case, that would be the wireless adapter listed under Network Adapters — see Figure 3.)
  

  Figure 3. Problems with hardware settings can often be fixed by a 'soft' uninstall — in this example, a wireless adapter.

  Don’t panic: As you’ll see in a moment, nothing’s going to be actually uninstalled.

• When the confirmation dialog box appears (Figure 4), do not check the box labeled Delete the driver software for this device. In other words, leave the drivers in place. (That’s what makes this a ‘soft’ uninstall.) Click OK.
  

  Figure 4. For a soft uninstall, leave the Delete the driver software … checkbox empty.

• Next, either reboot your PC or, on the Device Manager toolbar, click Action/Scan for hardware changes. (I think a reboot gives more reliable results.) Whichever way you do it, Windows will rediscover the uninstalled device and set it up with its default settings — and without the mangled settings that were causing the problem.
• Reconfigure the device in the normal manner. For example, enable Wi-Fi, connect to your router, and enter your Wi-Fi password.

Voilà! Your networking — or whatever device or subsystem you reset via the above method — should now be working normally!

The good, the bad, and the sheepishly busted

It’s summer in North America, and we’re approaching state-fair season: fruit pies, fried cheese, livestock, rides, and excitement — especially for kids. What better way to prepare children for life in the country than by teaching them to ride? How about beginning on galloping sheep? This video records an Iowa State Fair event, Mutton Busting, for the five-and-under set: six seconds or less of rodeo glory for each young contestant. Say what you will about sheep mentality: they’re all brisk about unloading their riders. Click below or go to the original YouTube video.

No shortage of morals to software stories

Lounge member petesmst uses the system-management tool Belarc and was recently disturbed to see it displaying the wrong product keys for most of his software.

The situation wasn’t catastrophic: he still possessed the original and correct product keys, so he wasn’t facing a tool failure or misinformation.

But he was curious. So he asked fellow Lounge members in the Other Applications forum for their opinions on why his third-party inventory tool is now misinformed — and how it might be obtaining its wrong data. Tool testing and Internet research ensued. The short answer: “The method of using third-party software to retrieve product keys is [no longer] supported.” There’s also a moral to the story: Don’t lose your product keys!

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	What to do about email spam?
Word Processing	Word section headers not working as expected
Spreadsheets	Import Data date changes
Databases	How to send Access forms through Outlook email?
Visual Basic for Apps	Preserving original formatting when inserting text into new document?
Microsoft Outlook	Creating whitelist for Outlook 2013
Non-Outlook E-mail	No ‘Recipients’ in Vista Windows Mail
Windows
General Windows	“Extended attributes are inconsistent” error message
Windows 10	User account issue
Windows 8	Sleep mode: Hardware or software problem?
Windows 7	Any control of anti-malware possible?
Windows XP	Service Packs 2 & 3 custom install?
Windows Servers	Backup always full instead of incremental
Internet/Connectivity
Third-Party Browsers	Web of Trust on Firefox
Networking	New PC unable to join home network
Software Development
Web Design & Development	Website to capture details from another website
Other Technologies
Non-Microsoft OSes	Apple computer training?
Security & Scams	Warning about AVG 2015
Maintenance	New Adobe Flash update
Hardware	Seems like 5TB should be more than 500GB
Graphics/Multimedia	Why do video downloads require so much memory?
Other Applications	Belarc Advisor shows incorrect product keys

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Adobe and MS scramble to fix new Flash threats

Microsoft is undoubtedly focused on putting final touches on Windows 10, but it’s still cranking out plenty of updates — including several to fix a Flash vulnerability that threatens IE.

The Flash threat is considered so severe that Mozilla took steps to block Adobe’s media player in Firefox. The Fourth of July might be just a pleasant memory, but maybe now’s the time to declare our independence from Flash.

MS15-065, MS15-066

Flash suddenly persona non grata with Firefox

If it seems like there’s been a spate of Flash updates the past few days, it’s not your imagination. And it’s all due to an unusual turnabout: the hacking of reported spyware developer Hacking Team, as reported in an Ars Technica story. Security researchers revealed that Flash had several zero-day vulnerabilities already in use by attackers. The situation is so dire that Mozilla temporarily blocked all versions of Flash in Firefox (see Figure 1), according to a tweet reproduced in a Tech Report story.

As I wrote this (the evening of Patch Tuesday), Microsoft hadn’t released an update for the Flash component embedded in Internet Explorer for Windows 8, 8.1, and Windows 10 Preview. It took until the following afternoon to finally get the Flash component — KB 2755801 — released.

Perhaps we should borrow the July 14 National Holiday from the French and declare it Flash Freedom Day. (The National Holiday is known as Bastille Day only outside of France.) In Win7 and earlier versions of Windows, Flash Player is easy to uninstall via the usual Programs and Features tool. It’s not so easy in Win8 and Win10 Preview — Flash is effectively embedded in the operating systems. You do, however, have a couple of options.

A ZDNet article tells how to disable the Flash plug-in in IE 10 and 11. However, that won’t block Flash use in Office 2010 and 2013. Instead, use the following steps, as noted in Microsoft Security Advisory 2755801.

• In an Office app, click File/Options/Trust Center; then click Trust Center Settings.
• Click ActiveX Settings in the left-hand pane, and then select “Disable all controls without notification.”
• Click OK to save your settings.

And we’re not done yet: we need several more IE updates to protect ourselves from the Hacking Team fallout. For example, KB 3074886 fixes two IE problems: OneNote notebooks can’t be opened and an ActiveX control can’t be installed. (KB 3074886 is bundled with KB 3065822 in IE 7, 8, and 9.)

You should also see KB 3075516 offered; it patches a vulnerability in JScript9.dll. Also, patches in Security Bulletin KB 3072604 (MS15-066) fix VBScript 5.6 and 5.7.

Oracle, too, is churning out fixes for Java. According to a Computerworld post, the company released a Java patch for a zero-day vulnerability plus fixes for 190 other flaws. As with Flash Player, make sure you have Java installed only if you really need it. (It would seem that all platforms are becoming increasingly unsecure.)

What to do: Install KBs 2755801, 3065822 (MS15-065), and 3075516 if and when offered. Also install any of the updates offered in MS15-066 (KBs 3068368, 3068404, or 3072604). All these updates are rated critical for workstations.

MS15-067 (3067904, 3069762)

RDP update might require two reboots

A newly revealed vulnerability in Windows Remote Desktop Protocol could allow remote attacks. The update’s description states that all Win7 Ultimate and Enterprise systems are impacted. All other Win7 and Win8 systems must have RDP 8.0 installed. Those who have RDP 8.1 installed are not vulnerable and won’t see the update.

Both patches are rated critical; they might also cause your system to reboot twice. Make sure you’ve saved any open documents before installing the updates.

What to do: Install KB 3067904 and/or KB 3069762 (MS15-067) if offered.

MS15-069 (3061512, 3067903, 3070738)

Windows Server 2003 hits the end of the road

July’s Patch Tuesday marks the final public security updates for the venerable — and soon-to-be-vulnerable — Server 2003. (Businesses with premier support contracts can pay for private updates to the OS.)

In any case, KBs 3061512, 3067903, and 3070738 fix a vulnerability that could lead to remote attacks. But to exploit the flaw successfully, an attacker needs to install a malicious DLL on the target system and then trick a user into launching a file or app that uses the DLL. Consequently, the update is rated just important.

What to do: Install KBs 3061512, 067903, and/or 3070738 (MS15-069) if and when offered.

MS15-070 (3072620)

Office patches lead to remote attacks

Microsoft has a history of bundling a bunch of Office updates into one security bulletin — and this month is no exception. July’s Office security patches fix various security issues, including some that could allow remote attacks. The update also includes nonsecurity fixes to prevent Excel 2013 crashes. The patches are rated important for Office 2007, 2010, and 2013. (The update also impacts Office for Mac.)

Look for some combination of the following patches, all rated important:

• KB 2965281 – Excel 2007
• KB 3054981 – Excel 2010
• KB 3054949 – Excel 2013
• KB 2837612 – Excel Services in SharePoint Server 2007
• KB 3054968 – Excel Services in SharePoint Server 2010
• KB 3054861 – Excel Services in SharePoint Server 2013
• KB 2965209 – Office Excel Viewer 2007
• KB 3054971 – Office 2010
• KB 2965208 – Office Compatibility Pack SP3
• KB 3073865 – Office for Mac 2011 version 14.5.3
• KB 3054996 – Word 2007
• KB 3054973 – Word 2010
• KB 3054990 – Word 2013
• KB 3054958 – Word Viewer
• KB 2965283 – PowerPoint 2007
• KB 3054963 – PowerPoint 2010
• KB 3054999 – PowerPoint 2013

What to do: Install the Office security updates in MS15-070 if offered.

MS15-072, MS15-075, MS15-076, MS15-077

A slew of elevation-of-privilege threats

Adobe might be having a bad couple of weeks, but Microsoft seems to be just as busy stomping out a bunch of elevation-of-privilege vulnerabilities. EoP exploits are typically not all that dangerous if used alone. But they are often used in conjunction with other forms of attack to let hackers take full control of systems. So even though the following updates are rated just important, they should be taken seriously.

For example, KB 3067505 addresses an EoP threat based on a vulnerability in the Windows Remote Procedure Call (RPC) component. RPC is the communications glue that ties client/server processes between applications. The patch impacts all supported versions of Windows, including Server 2003.

KB 3069392 fixes a flaw in the Windows Graphics Component that could let an attacker use malicious bitmap files. The update is for all supported versions of Windows, including Server 2003. (The update’s description does not mention Windows 10 Preview.)

KB 3072633 addresses an EoP threat based on a vulnerability in the Windows Object Linking and Embedding (OLE) component. OLE is typically used to share different types of data between applications.

And finally, KB 3077657 fixes a vulnerability in the Windows Adobe Type Manager font driver.

What to do: Install updates KB 3067505 (MS15-076), KB 3069392 (MS15-072), KB 3072633 (MS15-075), and KB 3077657 (MS15-077).

MS15-073 (3070102), MS15-074 (3072630)

Two security patches to put on hold

KB 3072630 patches a vulnerability in the Windows Installer Service. As with the above updates, an exploit that uses this flaw could give an attacker full privileges to a targeted system. This update is rated important for all currently supported versions of Windows.

There are some early warnings that some applications might not install after you’ve added KB 3072630. The online description for this update gives a workaround that involves adjusting the Windows Registry. But because we don’t know what applications might be affected, I think it’s best to delay installing the patch.

KB 3070102 is yet another Windows kernel update; it’s rated important and blocks another avenue for potential EoP attacks. As I’ve noted in previous columns, delaying kernel patches gives third-party application vendors time to update their applications (especially antivirus apps).

What to do: Delay installing KB 3070102 (MS15-073 ) and KB 3072630 (MS15-074) until the end of the month.

3057154

Security advisory includes a DES-hardening patch

Microsoft’s distinction between security advisories and security bulletins can be confusing. For example, KB 3057154 was sent out in an advisory — and is, in theory, optional — but it will show up on some systems in the important updates list.

The patch is designed to harden security when using DES encryption. (By default, DES is disabled in Win7 and Server 2008 R2.) To add to the confusion, the update’s description states:

“This update by default disables DES for the following built-in accounts:

   – krbtgt account

   –trust accounts

   –machine accounts

   – machine accounts/user accounts

“Machine accounts/user accounts may be set to enable ‘Use DES’ if required.”

What to do: I recommend installing KB 3057154 if offered to your system.

MS15-058, MS15-068, MS15-071

Some patching headaches for server admins

This past June, Microsoft didn’t issue the expected SQL Server update — MS15-058 — due to numerous issues, as noted in MS Support article 3065718. It was finally released this Patch Tuesday (July 14). It seems that the related security bulletins confused some server admins. Based on my tests, the installation process worked fine if you used Microsoft Update; it was a problem only for admins who attempted to manually download and install the separate patches.

If you’re running Hyper-V on Server 2012 R2, you’ll need to install both KB 3046339 and KB 3046359 to fix a vulnerability that could let an attacker gain access into a host via a guest system. Note: Windows 8.1 systems operating as Hyper-V hosts should see these updates as well.

A Windows Netlogon fix — KB 3068457 (MS15-071) — is another server-only update. In fact, it applies only to servers used as domain controllers; the vulnerability could let an attacker gain privileges to the primary controller by spoofing a backup controller.

What to do: Test and install these updates if offered.

July’s managable list of nonsecurity updates

As we get closer to the Windows 10 release date, Microsoft is changing some of the “optional” updates to “recommended.” Thus you might see updates offered that were first released back in June.

Look for a follow-up article explaining exactly what you should install if you want Windows 10 — and exactly what you can ignore if you have no interest in upgrading to Win10 in the near future.

For more information on July’s nonsecurity updates (below), see the related Office Sustained Engineering blog.

Windows 7

• 3065987 – Windows Update Client improvements (Stay tuned for more info on this update at the end of the month.)

Windows 8 and 8.1

• 2976978 – Compatibility update (Win10 upgrade helper)
• 3035583 – Installs Get Windows 10 app
• 3065988 – Windows Update Client improvements

Office 2007/2010

• 2553347 – Office 2010; consistent contextual messages on shared systems
• 2589282 – Office 2010; broken hyperlinks in PDFs converted from Office workbooks
• 2965286 – Office 2007; crashes due to invalid ActiveX properties
• 2965300 – Access 2010; CPU usage (read online description for additional issues)
• 3054873 – Office 2010; crashes due to invalid ActiveX properties
• 3054964 – Office 2010; various fixes
• 3054976 – Outlook 2010; various fixes
• 3054977 – Office 2010; Dutch and Polish proofing-tools update plus Ukrainian language fixes
• 3054985 – Project 2010; various fixes
• 3054986 – Office 2007; junk-email filter

Office 2013

• 3023052 – Office; crashes due to invalid ActiveX properties
• 3023069 – Office; Azure Active Directory authentication library update
• 3039762 – Office; SharePoint error when using Web query (primarily Excel and Access)
• 3054828 – Office; error when accessing VSDX file
• 3054925 – Office; various fixes
• 3054935 – Office; previews open slowly in Outlook
• 3054936 – OneNote; crashes and hyperlink issues
• 3054938 – Office; stuck in trial mode after online purchase of Office app
• 3054939 – Office; Dutch and Polish proofing tools
• 3054940 – Outlook; various fixes
• 3054944 – Outlook junk-email filter
• 3054950 – Access; various fixes
• 3054951 – Office; various fixes
• 3054956 – Project; various fixes

Other

• 3054946 – Skype for Business (Lync 2013); various fixes
• 3054954 – OneDrive for Business; high CPU use on synching

What to do: The usual drill: put off installing nonsecurity updates until the end of the month. I report on any issues with these patches in the next Patch Watch column.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
3070102	07-14	Windows kernel	Wait
3072630	07-14	Windows Installer Service	Wait
3033890	06-09	Windows Media Player	Install
3057839	06-09	Windows kernel	Install
3058515	06-09	IE cumulative update	Install
3059317	06-09	MS Common Controls	Install
3062157	06-09	MS Exchange Server	Install
3062577	06-09	Active Directory Federation Services (servers only)	Install
3063858	06-09	Windows kernel	Install
3064949	06-09	Office; KBs 2863812, 2863817, 3039749, 3039782	Install
3065718	07-14	SQL Server; see MS15-058 for completed patch list	Install
3065822	07-14	Internet Explorer	Install
3068368	07-14	VBScript scripting engine; also KB 3068404	Install
3067904	07-14	Remote Desktop Protocol; also KB 3069762	Install
3046339	07-14	Windows Hyper-V; also KB 3046359	Install
3061512	07-14	DLL threat in Windows; also KBs 3067903 and 3070738	Install
3072620	07-14	Office; see MS15-070 for complete patch list	Install
3068457	07-14	Netlogon; servers only	Install
3069392	07-14	Windows Graphics Component	Install
3072633	07-14	Windows OLE	Install
3067505	07-14	Windows Remote Procedure Call	Install
3077657	07-14	Windows ATM Font Driver	Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.