Best of breed: Win10’s hybrid backup system

Best of breed: Win10's hybrid backup system

Win10 blends the best parts of Win7’s and Win8’s backup/restore tools to create a new hybrid that could well be the best archive-and-recover system ever.

When set up properly, Win10 gives you redundant, automatic, local, and remote backups of user files, making them effectively loss-proof.

Plus, there are three built-in ways to restore damaged system files — or to totally rebuild your system. They make it easy to clear up even the worst types of software trouble and malware infections.

Unfortunately, Microsoft doesn’t provide a simple, comprehensive explanation of how Win10’s backup components are supposed to work together. That’ll leave many former Vista and Win7 users needlessly baffled — and also leave those who’ve upgraded from Win8 wondering why some favorite backup features are now missing.

This article remedies that problem.

A mix of old and new features and functions

Because Win10’s backup and restore mechanisms build on those in Win7 and Win8, this article will focus mainly on the features, concepts, and techniques that are new or different.

For the features that haven’t changed from previous versions, I’ve provided links below to earlier articles and information sources.

Combined, this information will give you a complete understanding of what Win10 offers — and you’ll see why it truly might just be the best desktop backup-and-restore system ever.

And if you decide that Win10’s built-in systems aren’t for you, you’ll also find links to good third-party alternatives that work fine with Win10.

One way or another, by the end of this article, you’ll have the information you need to safeguard your Win10 files and system setup from just about any disaster.

A general overview of Win10’s backup and restore

The key to understanding Win10’s backup functions lies in recognizing that it has two different but interconnected sets of mechanisms to handle different types of files. They are:

• User-file backup and recovery: The built-in File History and OneDrive components are geared mostly toward the routine, day-in and day-out preservation and recovery of user-data files: documents, spreadsheets, photos, music, and so on.

  Together, the two tools can automatically make both local and remote copies of important files, helping to ensure that you won’t lose any of your data, no matter what might happen to your PC or its hard drives.

• Operating system, apps, and settings backup and recovery: A separate set of built-in functions — two Reset options and a system-imaging option — are geared mostly to the preservation and recovery of your operating system files, applications, and settings.

  These functions are intended mostly for emergencies — rebuilding all or part of your system after a serious software malfunction, malware effect, or human error.

As you’ll see, there’s some overlap between these two systems, but, for the most part, they operate independently. So we’ll look at each separately.

Local user-file backup and recovery

File History is Win10’s primary mechanism for providing local backups of all user data. It’s set from the start to automatically back up the default Documents, Music, Pictures, Videos, Desktop, and Favorites folders. But you can adjust what it backs up — and what it skips — via File History’s add and exclude options.

Once it’s fully configured, File History makes incremental, near-real-time backups of selected user files. It stores changed files off the main hard drive; backups are stored on USB-attached drives, network drives, and so forth. If a working file on your main hard drive is damaged or accidentally erased, it can be quickly and easily restored from the local File History backups.

A basic subset of File History’s functions is available via Start/Settings/Update & security/Backup. But the complete array of File History’s functions is accessed via Control Panel/System and Security/File History (Figure 1), just as with Win8.

Win10’s File History operates mostly like Win8’s, though with one huge improvement I’ll describe in a moment. But first, if you’re unfamiliar with File History, you can get up to speed with its basic concepts and operation via the following articles:

• “Understanding Windows 8’s File History” – July 11, 2013, Top Story
• “How File History creates reliable local backups” – a section in the Jan. 15 Top Story, “Mastering Windows 8’s backup/restore system”
• “Protecting user files with File History” – MSDN article
• “Windows 8: File History explained” – TechNet article
• “Set up a drive for File History” – MS how-to
• “Customize File History’s backups with ease” — Oct. 9, 2014, LangaList Plus (paid content)

Now to address that major change of Win10’s File History: Microsoft brought back — and enhanced — the convenient Restore Previous Versions (RPV) function from Win7. (RPV is MIA in Win8.)

To understand what RPV is and what it does, see the June 16, 2011, Top Story, “RPV: Win7’s least-known data-protection system.”

As with Win7’s RPV, the version in Win10 gives you almost instant access to the cached local backups automatically created by System Restore. But Win10 also lets you access the complete library of user files in File History’s long-term storage.

To do so, right-click any data file or folder whose contents have changed and select either Restore previous versions or Properties — both options open the selected file’s or folder’s Properties dialog box. You then click the Previous Version tab to see all available older versions of that file or folder. Figure 2 shows versions of a changed Word file, saved when File History or System Restore previously ran.

The RPV system lets you select a previous version, view its contents, and restore it either to its original location or to the alternate location of your choice.

If you prefer, you can still restore user files via the full File History interface at Control Panel/System and Security/File History — just select Restore personal files from the left side of the dialog box. Similarly, the normal System Restore interface also is available. Open Control Panel and enter Recovery into the search box; then select Recovery when it appears and click the Open System Restore link.

But as you can see, simply right-clicking a file or folder to access RPV is much more convenient.

Remote user-file backup and recovery

Although local backups are critical, they won’t provide true data security. A serious software error or a major physical problem (e.g., fire, flood, theft, electrical surge, etc.) might destroy both your main hard drive and your local backups.

The second leg of a complete backup-and-restore system is cloud storage, which maintains copies of your files on protected data servers, far removed from your PC.

All Win10 users have access to at least 15GB of free, private, cloud-based storage (with more space available at low cost) via Microsoft’s OneDrive (MS info) app/service. There are, of course, many other cloud-storage and backup services that will let you restore lost files, but OneDrive and File History can work cooperatively to provide automatic, local and remote backups of all important files.

With a combination of File History and OneDrive, your files are automatically saved to three separate locations: your primary data drive, your external File History drive, and your secure OneDrive account — all in near-real time. This virtually guarantees that you’ll never lose an important file again!

Once set up properly, OneDrive automatically syncs files between your PC and the OneDrive servers. No special steps are needed either to store or retrieve your files. But if you wish, you also can visit OneDrive.com, sign in, and manually browse, view, and download your files.

(For more information, see Microsoft’s “OneDrive How-to” page and the section, “How OneDrive adds another layer of data security,” in the Jan. 15 Top Story, “Mastering Windows 8’s backup/restore system.”)

Note: If you have concerns about the privacy of cloud storage, you can use free and paid encryption tools to render your remotely stored files impervious to snoops. I currently use and recommend the free 7-Zip (site) to encrypt all sensitive files on my hard drive and in the cloud. For more information on this technique, see the May 15, 2014, Top Story, “Better data and boot security for Windows PCs.”

Some versions of OneDrive also have their own built-in encryption. See the April 16 LangaList Plus column, “Clarifying OneDrive’s two types of file security” (paid content).

OS, apps, and settings backup and recovery

Win10 provides three separate, built-in methods to back up and restore the operating system — with or without retaining your desktop apps and user files.

The first two methods are Win10 Resets; they’re fast and easy but have some major limitations:

Both resets are available by clicking Start/Settings/Update & security/Recovery. Then click the Get started button under the Reset this PC option. Next, choose either Keep my files or Remove everything (Figure 3), and then follow the on-screen prompts.

The Keep my files option lets you perform a kind of nondestructive reinstall of the operating system while leaving your user files alone. (This option was called Refresh in Win8.) However, most software that you added from sources other than the Windows store will not survive a Reset process; you’ll have to manually reinstall these apps. Fortunately, Win10 will tell you in advance what apps won’t survive; it also places a list of deleted apps on your desktop to facilitate manually reinstalling these files after the reset is finished.

Remove everything is essentially a “from-scratch” reinstall of the operating system. It deletes all user files and user-installed software and returns all system settings to their default state.

This method also has an option to wipe the hard drive, making all deleted files virtually unrecoverable. This can be a handy option when you sell or give away a PC — or if you need to send it in for service.

Win10’s third option for software backup and recovery is the classic system image, which retains everything: all apps, settings, and user files. Restoring an image returns your system and files to the exact condition they were in when the image was made.

Win10’s imaging system replaces the powerful-but-awkward, manual custom-recovery image feature available in Win8. (You have to use the Recimg command-line tool to manually create a special WIM [Microsoft Windows Imaging] file; see the Oct. 10, 2013, Top Story, “Creating customized recovery images for Win8.”)

(Note that Win10 uses a different kind of compressed WIM that’s incompatible with Win8’s WIMs. See the Windows Experience Blog post, “How Windows 10 achieves its compact footprint.” In fact, the Win8 Recimg tool isn’t present in Win10 at all.)

With Win10, Microsoft resurrected the tried-and-true, point-and-click, Win7-style of system imaging. It’s very easy to use: Click Control Panel/System and Security/Backup and Restore (Windows 7), as shown in Figure 4.

When the Backup and Restore window opens, select the Create a system image link in the left-hand column.

From there, the Win10 tool operates virtually identically to Win7’s system imaging. For more information, see “Step two: Create a full-system image” in the May 12, 2011, Top Story, “Build a complete Windows 7 safety net.”

Restoring a Win10 system image is easy:

• Boot your PC using any standard Win10 installation/recovery/rescue disk or flash drive (see the Sept. 17 Top Story, “Learn to use the Windows 10 Recovery Drive”).
• Select your language. If Repair my computer appears on the next screen, click it. Otherwise, click Troubleshoot/Advanced options/System Image Recovery.
• Choose the target operating system — i.e., the Win10 drive you’re restoring.
• In the Select a system image backup dialog box, navigate to and select the image you wish to restore.
• In most cases, you can skip the Choose additional restore options dialog box; just click Next and then Finish.
• Your PC will churn for a while, but when the process is finished, your system will be in exactly the condition it was in when the image was made.
• Restart your system.
• Bring your user files up to date. Make sure the secondary drive that holds your File History files is connected; in many instances, after a short delay, File History will automatically begin repopulating your main drive. If it doesn’t, reopen File History from the Control Panel and click the Restore personal files link in the left-hand column. Next, manually select the files you want to restore.
• Alternatively, use OneDrive to bring your user files up to date.

If needed: Many alternative backup systems

I think the Win10 backup and restore system is the best Microsoft has ever offered. I use File History and OneDrive to back up my user files, and I use the Win7-style system imaging to back up the OS, other apps, and my preferred settings.

But no one set of tools works for everyone. If you’d rather not use Win10’s tools, here’s a sampling of well-regarded, third-party tools that are Win10-compatible.

• Macrium Reflect – free and paid (with free trial) versions
• Paragon Backup & Recovery – 30-day demo and paid versions
• Acronis True Image – paid with 30-day free trial
• EaseUS Todo Backup – free and paid versions.

One excellent reason to try Win10’s backups

One way or another, as a Windows user and Microsoft customer, you’ve already paid for Win10’s built-in tools. So why not at least give them a try?

You just might find that Windows 10’s combination of Win7 and Win8 backup tools has everything you need to get your entire system fully backed up — more thoroughly, more reliably, and more automatically than ever before.

Opportunistic scam via new tool: Win10 Upgrade

Lounge member Coochin wrote to the Security &Scams forum to describe scam artistry recently practiced on one of his clients.

Coochin’s customer, an elderly man, believed the “Microsoft Support” person who called one day and claimed he could fix infections on the client’s Win7 computer.

It appears that the caller convinced the client to download and install TeamViewer. The “tech” then apparently upgraded the client’s machine to Win10, set up new passwords, and demanded more than U.S. $900.00. You’ll undoubtedly feel sorry for the senior citizen — until you read how Coochin restored his client’s computer to health.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Sit/stand setup for productivity
Word Processing	Can’t save files; marked “read only” when they aren’t
Spreadsheets	Excel dates to Outlook reminder
Databases	MS Access 2013: Compare tables, append data
Presentation Apps	PowerPoint: Print notes with larger fonts; flow to next page
Visual Basic for Apps	Hide column if all cells are empty?
Microsoft Outlook	Outlook 2016: Reduce spacing on left-side folder list?
Non-Outlook E-mail	Text not wrapping in forwarded message
Other MS Apps	OneNote 2013, Win 10, and notebook not synching
Windows
General Windows	How to correct many broken internal links?
Windows 10	Windows 10 erased all old files
Windows 8	Windows Update Troubleshooter: Repeated errors
Windows 7	Windows 7 can’t delete file
Windows Vista	Neither recovery partition nor disks work
Windows Servers	Internal database 17113 event ID 7024
Internet/Connectivity
Internet Explorer and Edge	Support ending Jan. 12, 2016 for several IE versions
Third-Party Browsers	Stop Chrome multiple windows
Networking	Wi-Fi connection limited
Other Technologies
Non-Microsoft OSes	Virtual machine vs. partitioning
Security & Scams	Scammers taking advantage of GWX?
Maintenance	Notebook display problem
Hardware	How to partition new SSD?
Graphics/Multimedia	Replacing Polderbits Sound Recorder

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Fashion and other tips from Jeremy Lin, NBA star

You might be aware of the basketball career of Jeremy Lin, a Chinese-American playing presently for the Charlotte Hornets under Michael Jordan. He’s the object of Linsanity, a frenzy of fandom that arose while he was playing very well indeed for the New York Knicks a few years ago. Then there’s Lin’s YouTube videos, in which he spoofs, among other matters, the requirements of fitting in — to the fraternity of professional basketball players and to Harvard (from which he graduated with a degree in econonics in 2010) — as well as the challenges of mean tweets and Papa Lin’s extreme workouts. This video sheds light on the nuances of life among NBA athletes. Enjoy! Click below or go to the original YouTube video.

Running ancient apps in Windows 7, 8, and 10

There’s almost always a way to get older software — even obsolete XP, Win3x/9x, and DOS apps — running on currently supported versions of Windows. Here’s how.

Plus: What to do when Win7 drops its mapped-drive connections, and how to correct display problems with Office and other apps on high-resolution screens.

Tools for running old software on new Windows

Reader Bob’s job requires him to deal with ancient software that’s hard-wired to run on XP. But he wants to use a modern OS, as he should for safety.

• “Many of my clients have proprietary programs written for XP. Does Win10 work with XP software?”

There’s almost always a way to get older software to run safely inside newer Windows versions. Here are the two main methods.

The simplest way is to use Window’s built-in compatibility mode, which instructs Windows to provide the software interfaces and identifications that the old app expects. In effect, it lets Windows 7, 8, and 10 fool the software into thinking it’s running on the older Windows it requires.

In general, each version of Windows offers out-of-the-box compatibility modes for several earlier Windows versions. How far back the compatibility goes depends on when the current OS was released and whether it was a clean install or an upgrade from a previous Windows version.

That last point is important: Upgraded versions of Windows might retain the compatibility settings of the versions they upgraded from!

For example, a clean install of Win7 normally offers built-in compatibility modes for Windows 95, 98, ME, XP, NT, and Vista. But a clean install of Win8.1 typically offers compatibility modes for just Win7 and Vista.

However, I have a Win8.1 system that originally started as a Win7 PC. It was later upgraded to Win8.0 and then to Win8.1. This upgrade process allowed Win8.1 to inherit all the compatibility settings of the Win8.0 and Win7 setups it was upgraded from.

As a result, I have a fully current Win8.1 setup that retains the original Win7 compatibility settings — going all the way back to Win95! (See Figure 1.)

Here’s how to see and use the compatibility modes your current setup offers:

• Navigate to whatever executable (e.g., .exe) program file is causing you trouble.
• Right-click the file and select Properties.
• Open the Compatibility tab.
• Tick the box in the Compatibility mode section and select the Windows version that the old software requires. If the exact Windows version you seek isn’t listed, select the closest available.
• Click OK.
• Try running the troublesome software.

If that doesn’t work, your next option is to use the Program Compatibility Troubleshooter applet, built into all Windows versions. You can access it several ways.

The most direct method is to navigate to the executable (.exe file) that’s causing trouble. Right-click the file and select Troubleshoot compatibility (see Figure 2).

You can also access the troubleshooter by opening the Control Panel and typing compatibility in the search box. Click the Run programs made for previous versions of Windows link, as shown in Figure 3.

If none of the built-in compatibility modes or troubleshooters solves your problem, then your best bet is to install virtual PC (VPC) software on your PC.

A tool like Oracle’s VirtualBox (free; site) works on all versions of Windows, from Vista on. Once VirtualBox is installed, you can use any legitimate Windows setup disk — all the way back to Win3.1 — to create a complete virtual PC that runs on a host system such as Windows 10. (VirtualBox also supports Linux and some Mac hosts.)

Figure 4 shows a full, normal installation of XP SP3, running as an app inside a virtual-PC window, on a host Win10 system.

Virtual PCs are great, but they can’t resolve all compatibility problems, especially if the old apps you’re trying to run are poorly coded or require specific hardware devices that no longer exist. But barring issues of that sort, a VPC can and does resolve almost all normal, software-related compatibility issues.

A VPC also protects your real, host system from crashes, malware, or other issues caused by the old software. It’s extremely unlikely that a problem inside the VPC will spill over to the host hardware or its operating system. After some eight years of using VirtualBox, I’ve never experienced VPC-based software issue that’s affected my host PC.

There’s rarely an insurmountable reason to stick with an obsolete operating system. There’s nearly always a way to get even the most ancient applications running safely inside newer and better Windows versions.

Win7 continually loses mapped drive connections

Donald Morgan is struggling with an all-too-common Win7 annoyance.

• “One of the ongoing problems with Windows 7 is the fact that a mapped drive will not reliably reconnect after reboot. Do you know whether Win10 will improve this situation?”

Yes, Win10 and Win8 both are better than Win7 and Vista at retaining and restoring mapped-drive connections.

But you can probably improve Win7 (or Vista’s) mapped-drive performance, without upgrading to Win10. Try the free Microsoft fix-it offered in MS support article, “Mapped Drive Connection to Network Share May Be Lost.”

For more information and alternative methods, see “Preventing unwanted mapped-drive disconnects” in the Feb. 13, 2014, LangaList Plus.

Hi-res display problems with Office

George L. Althouse’s copy of Office 2007 simply won’t display properly on his newly upgraded PC.

• “I purchased a new laptop and upgraded to Windows 10. When I try to install a program such as Office Enterprise 2007, it starts in a tiny window. I’m unable to enter my product key, and I can’t find a way to enlarge this window. How can I resolve this issue?”

According to the Microsoft Compatibility Center, all the components of Office 2007 should work fine with Win10.

So, your problem must lie someplace else — in your video system for example. That’s especially likely if your system has a very high-resolution display.

You might be able to work around the problem by running Office in Win7 compatibility mode (discussed at the top of the column) and selecting “Disable display scaling on high DPI settings.”

Other solutions, both permanent and temporary, are detailed in the Aug. 27 LangaList Plus item, “Older apps cause QHD display glitch in Win10.” Check it out!

Suggestions for a more dependable Windows 10

As a long-time Windows professional, I’m generally pleased with Microsoft’s latest edition of the OS.

But the company’s decision to take Windows-updating control out of users’ hands is simply wrong. Here’s why.

Getting two significant flaws in Win10 fixed

Preparing for an upcoming trip overseas, I’ve taken what I consider to be a drastic step. I booted up the Surface 3 I plan to take with me and turned off Windows 10’s updating service. I did so because I know that the machine will be offered updates while I’m away from home.

I’m not just worried about updates soaking up my mobile-data allowance; I’m more concerned that an update will crash my Surface, and I won’t be able to fix it while on vacation. (As most Win10 users know by now, unlike previous versions of Windows, the new OS doesn’t give you full control over which updates are installed and when.)

I had good reason to worry. Recently, the Surface ended up with a blue screen of death that was fixed only after the updating system installed an Intel video driver. That’s not something I want to cope with while in a foreign land. So to prevent any unwanted updating surprises, I applied the options detailed in an AskVG post.

Getting the Surface ready for travel highlighted the two things that annoy me about Win10 — and they’re both related to the OS-updating process. This is not just a personal gripe; many Windows professionals are complaining about the same two issues: lack of information about updates and our inability to control the updating process.

But, as someone who must maintain critical Windows systems in a small-business setting, I feel so strongly about these two problems that I’ve decided to take action. I’m sending a message to Microsoft chief Satya Nadella that the company needs to take a step back and truly understand the problems with Win10’s forced updating system — both for consumers and IT pros.

I’m sending that message via an online petition on the change.org site, and I’m asking for your help. One voice won’t move Microsoft to change; many voices might. If you’d like to join me, see the petition link at the end of this article.

Why forced auto-updating is a potential disaster

As noted in the petition, I — and I assume many others — have two requests of Microsoft: First is a return to the level of updating control we have with Windows 7. My BSoD event is just one example; updates fail and there are times when we simply can’t take a chance of a system crash. That Sept. 30 patch, a Surface firmware update, wreaked havoc on Microsoft’s own hardware, as reported in MS Community forum posts. Windows configurations vary widely, but you’d think a Surface update is one that Microsoft could not get wrong.

My second request is for the company to provide more information about what’s in Win10 patches. Currently, most changes to the OS have been lumped together in cumulative updates. This is a welcome change: it makes it easier to get the operating system fully up to date quickly. If, for example, you do a clean install of Win10, you no longer need to install hundreds of updates to be current.

While that’s well and good, Microsoft currently doesn’t provide any details about what’s been added to each cumulative update. If you’re experiencing an issue with Win10, it’s difficult to know that a particular update addresses the problem. And if the update causes a failure, you won’t know which specific patch included in an update was to blame.

Here’s what I posted on the Change.org petition

“To effectively implement and use Windows 10 in our homes and businesses, Microsoft must make changes to both the operating system and the policies the company put in place to support the new OS. Those changes fall into two categories:

“1) Microsoft must give Windows 10 users more control over when updates are installed. We need the ability to delay or hide damaging updates that impact the computing experience, have undesirable side effects such as blue screens of death, or reduce the functionality to attached devices. Under the current system of mandated updates, we have been adversely impacted by forced driver and firmware updates plus other patches; we’ve wasted hours dealing with the unwanted side effects. As long-time Windows users, we understand the need to have quicker and more agile security updating. But this agility should not introduce additional risks to our systems. Windows 10 updates have already caused loss of system functionality, video and display issues, and other significant issues.

“2) Microsoft should provide detailed information on what’s in each update — along with what system changes we should see with each cumulative-update release. We applaud the cumulative-update model, but the lack of documentation doesn’t let us to perform the due diligence required for safely deploying and maintaining Windows 10 systems in our organizations.

“We have expressed our concerns on the Windows Uservoice feedback platform here and here. We now use change.org‘s petition platform to express our concerns more broadly.

“We need control using our existing patching methodologies.

“We need communication.

“Sincerely,

“Your Windows customers”

Why it’s important to stay fully patched

Make no mistake; we need to ensure that all our software is up to date. That will help maintain our protection from attackers. But as has been widely and all-too-frequently reported, patching is not without risk. In some cases, the cure is worse than the disease.

So while we all need to update, we also need to decide for ourselves when the best time is to install updates on our systems — especially small-business machines running critical applications. Lumping all unmanaged consumer and small-business computer users into one pot is simply unrealistic, on Microsoft’s part. It could, in fact, shift some of the cost of updating Windows from Microsoft to its customers.

On non-enterprise systems, Microsoft currently gives only Win10 Pro users some control over updates — and then only the ability to push off feature upgrades. There’s no way, short of drastic group-policy and Registry edits, to delay security updates and minor fixes.

As most long-term Windows users know, there are times when we can’t rely on the benevolence of Microsoft and the diagnostic tools in Win10 to manage our updates. We need the ability to delay and/or avoid faulty updates, just as we can now in Win7.

In short, we in the unmanaged computer ecosystem need a way to control our own updating destiny.

Knowledge about Windows updates was power

As best I can tell, Microsoft’s shift in providing update information began last year. In the process of reorganizing its Trustworthy Computing group, Microsoft stopped releasing its heads-up emails alerting IT Pros and other interested parties about upcoming Patch Tuesday releases. Microsoft also stopped providing monthly security-bulletin webcasts and detailed information included in various security-related blogs.

Yes, in this age of social-network sharing, webcasts might not have the value they once provided. But the Windows-updating webcasts were the one place where we could ask questions about security bulletins and know that participants included members of the Microsoft security team. We now lost that direct connection to Windows-patching sources. (The webcasts also provided reminders of software life-cycles, information on support policies, and discussions of upcoming security-tools releases and updates.)

Enterprises might have direct lines to Microsoft support, but the rest of us — advanced consumers and IT pros, alike — still need timely updating information from Microsoft. The problem is compounded by the frequency of Win10 updates. The cumulative releases don’t come on the past and predictable Patch Tuesday schedule. Microsoft might send fixes at any time.

Again, it’s difficult to tie a fix for a Win10 problem to a specific update. Our only option is to blindly accept that something in the cumulative update will take care of the problem — or not. (Every other software vendor I interact with is more forthcoming about bug fixes and releases.)

Back in August, Windows representatives, told Windows IT Pro’s Rod Trent that enterprises will be given update change lists. But, again, we all need to that information — and the knowledge that specific Win10 flaws are getting fixed and we can truly trust that the automatic feedback system built into the OS is sending useful data back to Microsoft. Without this validation, we can’t truly trust the software-as-a-service environment newly applied to Windows.

Put another way, if Microsoft expects feedback from our systems, we should get feedback from the company that it’s acting on that the information it’s gathering. Despite the telemetry and the Windows Insider program, it’s still hard to know whether we’re being heard. A simple change log of what’s included in each cumulative update would go a long way to providing the information Microsoft customers need.

How to get the message out to Microsoft

If you feel as I do about Win10 updating, please join me in urging Satya Nadella to make a few simple change to the Win10-patching system. Simply go to the change.org site and sign my petition.

Changes coming to the Windows Secrets newsletter

In the Oct. 1 issue, I noted that Windows Secrets subscribers will see changes in the newsletter. Here’s what we’re working on.

If all goes as planned, starting in mid-/late November, we’ll publish the newsletter twice a week, which will let us publish trending and time-sensitive stories sooner.

The format of the newsletter will also change, bringing it up to modern standards. Instead of full stories in a long email, you’ll see a portion of each of the articles most recently published on the website, along with links back to the full versions on the Windows Secrets site. The newsletter will also include links to interesting stories in our sister site, SuperSite for Windows.

I’m sure some readers will miss having the full newsletter in their mailbox each week, but this is the first phase in a longer-term plan for Window Secrets. (For those who like to print out the newsletter, there’s some good news: we’re planning to make it easier to print the online stories.)

The most significant of the early changes will be Window Secrets’ subscription model. Going forward, only paid subscribers will receive the newsletter. Subscription payments have always kept the lights on at Windows Secrets and will continue to do so in the future. No matter how you slice it, Windows Secrets is still one of the best bargains on the Internet. It’s your subscriptions that compensate the excellent efforts of Fred Langa, Susan Bradley, Lincoln Spector, and all our other contributors.

In short, we want to ensure that those who contribute funds get even more value in the future.

(Free subscribers will still have access to all parts of the Windows Secrets archive available to them now.)

Another reason for these changes is our integration into the Penton Technology group and its wider resources of news and information on personal and professional computing.

Eventually, Windows Secrets will become the paid section of SuperSite for Windows. As such, we will continue our mission of providing excellent perspectives and how-to information on Windows and digital technology for advanced consumers and computing professionals.

Most important of Windows Secrets’ qualities is that it’s a community. Many of you have subscribed for years, and there’s a strong sense of ownership amoung our readers. We see that in the emails you send us every week. And that sense of community goes two ways. Unlike most other newsletters, Windows Secrets contributors not only provide important guidance and perspective in their articles, they regularly reply to reader concerns and questions, as time allows.

Maintaining our community is essential to Windows Secrets — as is making available to you lucid, timely, and useful information on Windows and related topics. But we also plan to expand the breadth of our computing coverage. We have no doubt that you’ll tell us how to make the newsletter’s content even more valuable to you. Send us your thoughts via email to editor@windowssecrets.com.

Change is always difficult, especially when it works on something old and familiar. But we’ve needed to renew the newsletter for some time. As I noted in my previous column, technology has evolved remarkably over the past decade. Windows Secrets must adapt and reflect how we use digital devices now and in the future.

We thank you for your contributions to the newsletter, and we hope you’ll continue to support our future efforts to make your computing experience easier and more rewarding.

   — Tracey Capen, editor in chief

Watch for lots of Office patch goblins in October

Based on the number of IE vulnerabilities patched each month, that browser would appear to be one of the most unsecure applications on our PCs — second only to Adobe Flash Player. But Chrome has its issues, too.

But Office — including Office 2016 — is also getting more than its share of both security and nonsecurity fixes.

MS15-106 (3093983), MS15-108 (3094996), 3099406

The regular, monthly browser updates

October’s IE cumulative update, KB 3093983, addresses 14 vulnerabilities in IE 7, 8, 9, 10, and 11. The update is rated critical for all workstations.

According to the update’s description, the vulnerabilities could give remote attackers the same rights as currently signed-in users. (Another reminder that it’s better to do your daily computing in a standard-user account.) That would be relatively good news, except that three of the vulnerabilities could allow elevated privileges — exploits typically use in conjunction with other forms of attack.

More specifically, the patch changes the way objects are handled in memory — not just in IE, but in JScript and VBScript, too. Finally, Microsoft is tackling the elevated-privilege vulnerabilities with more permissions validations.

Vista users might also see KB 3094996, which fixes the same vulnerabilities in VBScript and JScript on systems running IE Version 7 or earlier, or that don’t have IE installed.

As usual, there’s an Adobe Flash Player update in October. KB 3099406 updates the version of Flash built into IE for Windows 8, 8.1, and 10. It also applies to the Edge browser. For all other systems, the fix is to update to Flash Player 19.0.0.207; use the Adobe Flash Player site to check your currently installed version. As noted in Adobe Security bulletin APSB15-25, the update fixes 13 vulnerabilities.

A new version of Chrome (more info) not only includes the Flash update, it fixes 24 other security issues.

What to do: Install KB 3093983 (MS15-106), KB 3094996 (MS15-108), and KB 3099406 if and when offered.

UPDATE: According to a Trend Micro post, a new Flash zero-day vulnerability is in use for the Pawn Storm threat. Expect yet another Flash update release soon.

MS15-107 (3097617)

Edge gets its own vulnerability fixes

KB 3097617 is a Windows 10 cumulative update that includes a cumulative update (KB 3096448) for the new Edge browser. The description for the two affected vulnerabilities in Edge is a bit confusing: The flaws “could allow information disclosure,” which could then lead to an attacker acquiring the same rights as the current user. In any case, the update is rated only important.

KB 3097617 includes both nonsecurity and additional security fixes — the latter include:

• KB 3096441 (MS15-106): The aforementioned IE cumulative update
• KB 3096443 (MS15-109): A fix for the Windows Shell
• KB 3096447 (MS15-111): A Windows kernel fix
• KB 3097966: Digital-certificate spoofing

What to do: This cumulative update for Windows 10 will require a system reboot.

MS15-109 (3080446, 3093513)

Watch out for malicious Windows toolbars

When I hear “malicious toolbar,” I typically think of those unwanted apps that sneak into our browsers — typically when we download free software. But KB 3096443 fixes a threat from compromised toolbar objects in Windows. If a user opens a bogus toolbar — possibly sent as an email attachment — or clicks malicious content online, an attacker could take remote control of the system.

This update patches two object-handling issues: one in Windows Shell and the other in Microsoft Tablet Input Band, a process built into Windows. The updates are rated critical for all supported versions of Windows. Win7 users will see two separate updates: KB 3080446 and KB 3093513.

What to do: Install KBs 3080446 and 3093513 (MS15-109) if and when offered.

MS15-110 (3096440)

Another slug of important Office security fixes

As is now common, Microsoft has released numerous Office security patches under one bulletin: MS15-110. Staying with this month’s apparent theme, the patches address flaws in the way Office handles objects in memory. Exploiting these vulnerabilities with malicious files, an attacker could acquire the same rights as the current users. All the included patches are rated important.

Another vulnerability in the SharePoint InfoPath Forms Services could let an attacker view files on a SharePoint server. The fix changes the way the service parses XML files’ Document Type Definition, ensuring that Web requests are properly sanitized.

Office users will see some combination of the following patches. As you’ll see, most workstation fixes are for Excel. Note that you might see updates for versions of Office you don’t have installed. That’s because a specific — and vulnerable — Office component might be used with more than one version of the suite.

Office 2007

• 3085542 – Visio SP3
• 3085615 – Excel SP3

Office 2010

• 3085514 – Visio SP2
• 3085583 – Excel SP2

Office 2013

• 3085583 – Excel SP1

Office 2016

• 2920693 – Excel

Other workstation apps

• 3085618 – Office Compatibility Pack SP3
• 3085619 – Excel Viewer

MS Office Services and Web Apps

• 3054994 – Excel services on SharePoint Server 2007 SP3
• 3085520 – Microsoft Web Applications 2010 SP2
• 3085568 – Excel services on SharePoint Server 2013 SP1
• 3085571 – Office Web Apps Server 2013 SP1
• 3085595 – Excel Web App 2010 SP2
• 3085596 – Excel services on SharePoint Server 2010 SP2

MS servers

• 2553405 – SharePoint Server 2010 SP2
• 2596670 – SharePoint Server 2007 SP3
• 3085567 – SharePoint Server 2013 SP1
• 3085582 – SharePoint Foundation 2013 SP1

What to do: Install any of the above updates (MS15-110) offered.

Some new updates for fixing older updates

It’s never good when Microsoft has to release fixes for previously released updates. But we have several this month.

KB 3085544 replaces KB 2965282 MS15-046, originally an Office 2007 fix for a remote code-execution vulnerability. I don’t recall having issues with that update; if you did, please let me know using the WS Lounge link at the bottom of the column.

It a bit discouraging when Microsoft reissues patches for a new product. In this case, it’s updates for Office 2016, which was officially released just this past Sept. 22. It’s even more surprising that these new fixes refer back to August updates, when the new Office was being finalized. I would have expected them out sooner.

Systems running Office 2016 should see the following:

MS15-081

• 3085538 – Office
• 2920708 – Visio
• 2920691 – Word

MS15-099

• 2920693 – Excel

What to do: Install KB 3085544 (MS15-046) only if you had problems with the original KB 2965282. Install the Office 2016 updates in MS15-081 and MS15-099 as soon as possible.

MS15-111 (3088195)

Use a bit of caution with kernel updates

I always err on the side of caution when it comes to kernel updates; our final official security update is no exception. KB 3088195 fixes an elevation-of-privileges vulnerability in Windows. But to exploit the flaw, the attacker must sign in to the target system and run malicious software. For that reason, the update is rated merely important.

As I noted in previous columns, kernel updates can get hung up with running anti-malware applications. So I think it’s best to wait for an update to your AV app before installing kernel fixes.

What to do: Put KB 3088195 (MS15-111) on hold until you get an update from your anti-malware vendor.

3097966

DLink security certs lead to big risks

When a vendor accidentally lets one of its code-signing certificates fall into the wrong hands, it always leads to a mad scramble to remove the offending cert from our systems.

In this case, a vulnerable DLink certificate could cause a great deal of trouble for those using the company’s network adapters. If you have an older DLink wireless network adapter, you might need to update its drivers before installing KB 3097966.

As stated in MS Security Advisory 3097966, “Microsoft is aware of legitimate kernel drivers for D-Link products (including network adapters) that were signed by the affected D-Link certificates. These drivers include the Windows 7 drivers on the installation CD for the DUB-E100 USB network adapter. After you install this security update, these kernel drivers will no longer load, and the hardware will stop functioning. Updated drivers that aren’t affected by this issue are available on Windows Update.”

What to do: If you have a DLink DUB-E100 USB network adapter, install KB 3097966 only after you’ve made sure you have the latest drivers for the adapter. All others should accept the update if it’s offered.

3042058, 2960358

Problematic cipher-suite update reissued

Windows’ cipher suites are a set of encryption algorithms, used to create keys and cryptographic information. Back on May 12, Microsoft released KB 3042058 to add more cipher suites and enhance suite priority.

Unfortunately, the update caused problems for Web servers and network admins. Microsoft pulled the update back, did extensive testing, and then set it for manual download so that admins could test it on their platforms.

When you do test it, watch out for issues with SSL-based Web sites and other authentication. I’ll follow up in the next Patch Watch for any real-world issues we run across.

You’ll also want to test KB 2960358, an update designed to disable RC4 in Transport Layer Security (TLS). Web-server admins might see the side effects noted in MS Support article KB 2978675 — Internet Explorer-hosted managed applications no longer work correctly. To fix it, you’ll have to move away from the No-Touch methodology and use ClickOnce, where appropriate.

What to do: Test the above updates, but wait for my final report in the next Patch Watch.

The update you thought you hid: It’s back!

Most advanced Windows users know of the infamous KB 3035583 — the update that puts the “Get Windows 10” app on eligible Win7 and Win8.1 systems.

If you thought you’d hidden that update, don’t be surprised if it pops up again. On Oct. 5, the patch was refreshed and its metadata was changed. That typically triggers a reoffer. If you really don’t want Windows 10, you can review your options for blocking the update on a Charles Allen’s Blog page.

What to do: There’s no rush to update to Windows 10. You have nearly a year to download and install the free upgrade.

October’s long, long list of nonsecurity updates

Given the number of Office updates and with ongoing support for four versions of the suite, I can only imagine that the updating crew is working long hours.

Note that Office 365 Click-to-run updates are included in Versions 14.0.7160.5000 and 15.0.4763.1002

Windows 7

• 3083710 – Improvements to Windows Update Client (possibly another Win10-upgrade helper)

Windows 8.1

• 3083711 – Improvements to Windows Update Client (possibly another Win10-upgrade helper)

Office 2007/2010

• 2553388 – Office 2010; changes unknown at this time
• 3054882 – Project 2010; various fixes and improvements
• 3054886 – Office 2010; changes unknown at this time
• 3055034 – Office 2010; incorrect information in task panes in Word
• 3055045 – Access 2010; calculate-field issue after installing KB 2965300 .
• 3085512 – Office 2010; chart errors imported from Excel to PowerPoint
• 3085597 – Office 2010; TOC errors when reopening compared docs
• 3085599 – Word 2010; TOC errors when reopening compared docs
• 3085604 – Outlook 2010; various fixes
• 3085607 – Office 2010 junk-email filter
• 3085617 – Outlook 2007 junk-email filter

Office 2013

• 3039701 – Office; changes unknown at this time
• 3039720 – Office; error when opened in Win7 compatibility mode with Win8 or later
• 3039778 – Office; error when opened in Win7 compatibility mode with Win8 or later
• 3039787 – Office; room-finder error when creating a meeting
• 3039800 – Office; read-only Power Query connections in Excel
• 3054785 – Office; changes unknown at this time
• 3054805 – Office; changes unknown at this time
• 3054941 – Office; AD RMS templates fail and other RMS issues
• 3085563 – Office; faster GIF playback and chart-color errors with VBA queries
• 3085564 – PowerPoint; various improvements and fixes
• 3085566 – Office; various improvements and fixes
• 3085569 – Visio; error message when creating org chart with SQL-server driver
• 3085573 – Word; various improvements and fixes
• 3085574 – OneNote; sentence translations and error messages when recycle-bin inactive
• 3085576 – Office; changes unknown at this time
• 3085579 – Outlook; various improvements and fixes
• 3085580 – Outlook junk-email filter
• 3085585 – Office; Upload Center crashes and other download/sync issues
• 3085590 – Project; various improvements and fixes

Office 2016

• 2910957 – PowerPoint; merge failures
• 2910972 – Office; caption-button and theme updates, nav-button errors
• 2910976 – Office; various improvements and fixes
• 2910988 – Outlook; junk-email filter
• 2920679 – Office; various improvements and fixes
• 3085535 – Office; theme updates
• 3085537 – Office; weather service moved to Office config service
• 3085541 – Office; caption buttons, Save button location

Other updates

• 2880521 – SharePoint Server 2010
• 2881023 – SharePoint Designer 2010
• 2910967 – OneDrive for Business
• 3054945 – SharePoint Server 2013
• 3054970 – FAST Search Server 2010
• 3085485 – SharePoint Designer 2013
• 3085488 – SharePoint Foundation 2013
• 3085489 – Project Server 2013; cumulative update
• 3085492 – SharePoint Server 2013; cumulative update
• 3085509 – OneDrive for Business
• 3085581 – Lync/Skype for Business 2013
• 3085586 – Project Server 2013
• 3085588 – SharePoint Server 2013
• 3085598 – Project Server 2010; cumulative update
• 3085603 – SharePoint Server 2010
• 3085606 – SharePoint Server 2010
• 3085613 – SharePoint Foundation 2010

What to do: Wait on these optional updates; I’ll report any issues in the next Patch Watch.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
3088195	10-13	Windows kernel	Wait
3061064	09-08	Skype for Business Server/Lync Server; also KB 3080353	Install
3069114	09-08	Windows Journal; KB 3081455 for Win10	Install
3072595	09-08	Active Directory Service (servers, only)	Install
3081455	09-08	Edge cumulative update	NA
3084135	09-08	Windows Task Management; also KB 3082089	Install
3087038	09-08	IE cumulative update; KB 3081455 for Win10	Install
3087039	09-08	MS Graphics Component; also KB 3087135	Install
3087088	09-08	Windows Hyper-V; KB 3081455 for Win10	Install
3087126	09-08	MS Exchange Server 2013	Install
3087918	09-08	Windows Media Center	Install
3089662	09-08	.NET Framework; see MS15-101 for ful list, install separately	Install
3089664	09-08	Office; see MS15-099 for complete list	Install
3080446	10-13	Windows Shell/malicious toolbars; also KB 3093513	Install
3085544	10-13	Reissued Office 2007 fix	Install
3093983	10-13	IE cumulative update	Install
3094996	10-13	JScript and VBScript	Install
3096440	10-13	Office; see MS15-110 for complete list	Install
3097617	10-13	Edge browser, included in cumulative Win10 update	NA
3097966	10-13	Security certification fix	Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.