ISSUE 16.33.0 • 2019-09-16

Help: customersupport@askwoody.com

In this issue

ASKWOODY.COM EVOLUTION: Coming soon: Windows Secrets archives!

BEST OF THE LOUNGE: Upgrade leads to lost disk space

LANGALIST: A ‘tip of the iceberg’ problem with RPV

DROLL TALES: LABS: Meet the Quantum Bot — Part 2

PATCH WATCH: The patch waiting game — September edition

BEST UTILITIES: Freeware Spotlight — TweakPower

ASKWOODY.COM EVOLUTION

By Woody Leonhard

One more big piece of the Windows Secrets legacy is about to drop into place.

If all goes as planned, in the next few days we’ll have the full catalog of past Windows Secrets newsletters available, right here on AskWoody. You’ll need an AskWoody Plus membership to see the most recent two months of newsletters, but all the rest will be free to one and all.

As many of you know, the AskWoody Plus Newsletter and its previous incarnations and branches — Windows Secrets, Brian’s Buzz on Windows, Woody’s Windows Watch, LangaList, Patch Watch … (you get the idea) — have been around since 2003. The Top Story (and only story) in Issue 1 was Brian Livingston’s report: “XP passwords rendered useless.” The next issue covered the confusing world of Microsoft’s software licensing.

Some topics fade away over time; some never die.

The AskWoody Plus/Windows Secrets archives still contain true classics of personal-computing reportage. Take for example one of the most popular articles ever published in the newsletter: Fred Langa’s “Win7’s no-reformat, nondestructive reinstall” (Issue 297 / July 14, 2011; see Figure 1). To this day, readers still ask about that immensely helpful story!

Figure 1. The new AskWoody archives include such classics as nondestructively reinstalling Windows 7.

Again, when the new Newsletter/Alert section is posted, everyone will have access to nearly every issue, going back to Brian Livingston’s earliest Brian’s Buzz (see Figure 2). Browse through the archives, and you’ll see contributions from many writers whose work you may fondly remember. If they published in Windows Secrets or the AskWoody Plus Newsletter, they’re in the mix.

Figure 2. Ready for some computing nostalgia? The AskWoody Newsletter/Alert archives go back to the earliest issues.

Unfortunately, the archives are incomplete in a couple of aspects. None of the issues published prior to 2019 includes images — we didn’t get them in the handover from Penton. That’s also the case for author bylines, which we’re working to rectify.

Also, keep in mind that some links inside articles will no longer work. But judicious use of Google (or your search engine of choice) should bring much of it back. No doubt, the search-engine spiders will take a day or two to index all of it. But when they’ve finished crawling, you’ll be able to look for that LangaList article that’s on the tip of your tongue, or that classic Thurrott zinger — or even my obscure diatribes. And if you can’t, we’re here to help.

AskWoody Plus members might wonder what’s in it for them. First, only Plus (paid) readers will receive emailed issues. And second, as currently planned, Plus members will have exclusive access to issues for two months after publication.

So welcome back to the future — and stay tuned for more improvements on askwoody.com.

Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.

Best of the Lounge

After upgrading to Windows 10 1809, AskWoody Plus member CADesertRat noticed that 5GB of free hard-drive space went missing. A search revealed that the “lost” space was taken up by CBS.log (component-based servicing) files.

He wants to know if it’s safe to delete these files. And if it is safe, how do you delete them when denied access? If you’ve got an answer — or you have the same question — join the discussion.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

LANGALIST

By Fred Langa

Win7’s and Win10’s Restore previous versions (RPV) applets normally work in the background, so you might not notice when they’ve failed.

But an RPV failure can be a symptom of deeper problems — especially in Win10, where RPV is intimately linked with other recovery components.

Plus: “Bad penny” drivers and (ahem) “asking for a friend” about browser trouble.

A subscriber (anonymity requested) wrote a very succinct note asking for help with a nonfunctioning file-recovery tool.

Two years ago, eh? That means you almost certainly are running some version of Windows 10.

That’s important because RPV in Win10 might look and act much like earlier editions (see MS Win7 RPV info), but it’s different under the surface.

Win10’s RPV actually draws on data gathered by File History (introduced with Win8; MS article). And that linkage holds the answer to your question: To see previous versions, File History must be enabled and running properly before enabling RPV.

Note that other Win10 features and components also depend, at least in part, on File History — for example, Office’s and OneDrive’s Version History, Task View’s Timeline, and of course File History itself.

So in Win10, to enable “Restore previous versions” and several other useful restore/rollback features, enable File History!

(Need a Win10 File History refresher? See the MS support article “Use File History to backup and restore in Windows 10.”)

AskWoody member Ken Slotkowski’s PC is plagued by unkillable “ghost” drivers.

Is the hardware in question still present in the PC? If so, that’s usually the problem.

“Uninstalling” a hardware device in Device Manager just strips out the software driver — the actual underlying physical hardware isn’t affected at all. If that specific hardware is in place and electrically active at the next startup, Windows will re-detect it, then try to get it going again by installing at least a generic driver (if one’s available).

To prevent this from happening, you must prevent Windows from “seeing” the old, no-longer-needed hardware.

In some cases, it’s easy: If the hardware is on a separate circuit board or module (say, a plug-in graphics card, some Wi-Fi cards, etc.), you might be able to open the powered-down PC and simply remove the old hardware. On the next restart, if Windows can’t see the old hardware, it won’t try to reinstall drivers for it.

But some hardware devices are actually part of the PC’s mainboard — especially in small-form-factor PCs, tablets, and laptops. Some of these on-the-mainboard devices and subsystems may be controllable through BIOS/UEFI settings; for example, some PC designs let you disable an unneeded on-board graphics system in a PC that has a separate, add-in graphics card. With the on-board graphics subsystem turned off at the BIOS/UEFI level, Windows usually won’t see it and won’t try to install drivers for it.

But some mainboard devices and subsystems simply can’t be turned off or disabled. They’re a permanent part of that PC’s hardware — whether you need them or not.

Because there’s no way to hide these devices from the operating system, there’s no way to pre-emptively tell Windows that you don’t want or need that hardware. All you can do is use Device Manager to disable the hardware after it’s been detected, as you’ve already done.

In short: If you can’t electrically or logically isolate the unneeded hardware, you simply have to live with it.

This note also arrived anonymously:

“Someone?” Are you “asking for a friend?” No problem!

You mention that the bug opens tabs, so I’m guessing you mean your friend’s browser is running amok. Usually, the fix is simply to reset the browser. It only takes a minute, and it will return the browser to its default, unmodified, as-if-just-installed state.

Resetting is easy; it’s usually just a few clicks in the browser’s Settings or Advanced menus. For example, here’s info on resetting Chrome, Edge, Internet Explorer, Firefox, and Opera.

For more complete info on removing even recalcitrant software, see “What to do when Windows can’t run EXEs,” AskWoody Plus Newsletter 2019-09-02.

And a final thought: You might suggest that your, uh, friend use a better anti-malware tool, too. It sure sounds like something made it past whatever AV app he’s currently using!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all Fred’s current projects.

DROLL TALES

By Aaron Uglum

LABS / Twitter / Instagram

PATCH WATCH

By Susan Bradley

For those of us in the northern hemisphere, September can be a time when days seem to be noticeably shorter — the daylight hours more precious.

Time has value, too, when it comes to patching our systems. As regular Patch Watch readers know, we need some time for the monthly updates to sort themselves out. In the days following Patch Tuesday, some updates get reissued due to significant issues, while others need clarification.

That last point is important because patch problems are fickle — many often affect a subset of Windows users. For example, the August VBA bug affected some users of Visual Basic and VBScript; and the earlier remote-desktop protocol threat mostly impacted those who relied on remote connections to their desktops. There many other examples.

So here we are — another Patch Tuesday and another potential round of update questions. I’ve already seen posts about the lingering side effects of KB 4512941, the August 30 preview (and optional) update for Windows 10 1903. As you might recall, it was flagged for causing spikes in CPU use.

Now there are new reports that the patch causes problems with some Lenovo computers — specifically, an interaction with the vendor’s Vantage application triggers red- or orange-tinged screens. (Vantage is, among other things, Lenovo’s driver-updating utility.) If the Vantage app is uninstalled or the screen display is adjusted, the issue goes away.

Why should we worry about side effects in a preview update? Those optional patches are supposed to be very close to the final, Patch Tuesday release. A problem in a preview might carry on into the “real” patch. The majority of Windows users will never see the Vantage problem, but to some Lenovo customers, it’s really annoying.

September’s cumulative patch for Win10 1903 — KB 4515384 — was released on the 10th, and there are already reports that the update breaks the Start menu and search — on some systems. Currently, the only fix is to uninstall the update.

An interesting threat to WUDO: As noted in a Dustin Childs Zero Day Initiative post, the September security patches fix a Windows 10 vulnerability (CVE-2019-1289) in Windows Update Delivery Optimization. This Win10 feature lets IT pros distribute updates through a network, without using Windows Software Update Services (WSUS). By using WUDO for patching, a business can prevent huge hits to its Internet connection as dozens or hundreds of systems download the same update code from Microsoft’s servers.

Not surprisingly, malicious hackers found a flaw in WUDO that lets them overwrite system files they’d normally not access. Assuming you’re deferring September updates for a week or two, I recommend opening Win10 Settings, selecting Update & Security/Windows Update/Advanced options, and then clicking the Delivery Optimization link. Ensure that the feature is disabled — at least until you roll out the September updates.

Regular Patch Watch and AskWoody readers might notice that I tend to give the all-clear for cumulative patches sooner than does Woody. My focus is primarily on small-business settings, where there’s a greater risk of targeted attacks. We also typically have a spare computer or two that we leave unpatched while we roll out updates to the rest. Thus, we can often recover from patching issues more quickly than can home-PC users.

In short: If you’re managing one or two personal machines, wait until Woody gives his all-clear. (Those of us in businesses — both small and large — muddle through as best we can, hoping to get through another patching phase as unscathed as possible.)

What to do: It’s early days for September patches. As always, ensure that updating is paused on your daily-use machines. But if you want to join the “unofficial” Windows-patching beta-test team, keep an eye on askwoody.com for new developments.

Here’s the list of most recent updates for Windows and Office.

Expect to see four patches on every Win10 system: a servicing stack, a cumulative update, a .NET Framework security patch, and an Adobe Flash Player fix. The following updates were released on September 10:

September also included servicing-stack updates for all supported versions of Windows. (Note: If you patch via Windows Update, servicing-stack patches are installed automatically.) Windows 10 releases include:

Microsoft also released cumulative .NET Framework updates for Windows 10 to fix various security issues. They are:

If you also receive KB 4480730, a “Reliability improvement to Windows 10 update components” patch, it’s a sign that your system hasn’t been getting updates as it should. The patch’s information page states: “This update will be downloaded and installed automatically to Windows 10 devices [that] haven’t installed the most recent cumulative update in a timely manner.”

I recommend not installing it. Instead, consider it a warning that you should probably upgrade to a newer version of Windows 10. To do so, hop over to the Microsoft Software Download page and click the Update now button. Be aware, however, that it will automatically bump you to Win10 Version 1903.

Adobe Flash Player: We might be counting down the days until Flash disappears from our browsers, but the patches keep coming. In this case, it’s KB 4516115.

Windows 8.1 has the only update with an official “known issue” — so far. It’s a longstanding bug with renaming files on cluster-shared volumes, and it’s one that few Win8.1 users will ever see — in other words, it’s not an issue. (Here’s hoping it stays that way.)

In any case, hold back on the following patches until we give the all-clear sign.

Note: There are reports that Internet Explorer stops working after installing KB 4516067 on Surface RT devices, so be sure you’ve blocked updates on those machines. If you’ve already installed the update and IE failed, the only fix at this time is to uninstall KB 4516067. Apparently, this problem isn’t showing up on other platforms.

September brings a servicing-stack update to Windows 7, as well. Look for the following:

Microsoft is also re-releasing the SHA-2 code-signing support update. It includes boot-manager files needed to avoid start-up failures on Versions Win7 SP1, Server 2008 SP2, and Server 2008 R2 SP1. If you installed KB 4474419 the last time it was released, you’ll see it again.

More on Win7 servicing-stack update KB4516655: Microsoft states that it makes “quality” improvements to the servicing stack — the component that installs Windows updates. But the info page doesn’t say specify what exactly it does. I’m guessing that one of these servicing-stack patches for Win7 will add the ability to receive the extended security updates — for those that purchase them.

September’s updates include:

September’s updates include:

Once again, the latest Office patches include several fixes for phishing-style attacks. If you think they’re out to get you … yes, they are!

Office 2016

Office 2013 SP1

Office 2010 SP2

The following Office non-security enhancements and fixes were released on September 3.

Office 2016

Office 2013

Exchange 2019 and 2016

Unless noted, these updates fix one or more vulnerabilities.

Stay safe out there.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

Best Utilities

By Deanna McElveen

PC “cleaning” tools have had a long and often notorious history.

Many of these apps were little more than marketing ploys designed to con users into paying for a dubious service. It usually started with a free PC “scan” that would “discover” thousands of “system errors.” Next would come the pitch: “For just $49.95, we’ll make your PC run 10 time faster!”

In truth, there’s been just a handful of safe and effective “cleanup/tuneup” utilities. Our favorite is Kurt Zimmermann’s TweakPower, a comprehensive collection of system analysis and cleanup tools organized into a simple and easy-to-use interface. One way you know it’s the real deal is because you’ll never see a come-on to buy some other app or service.

A talented developer, Kurt offers a variety of utilities for free. A man after our own heart, he has resisted the temptation to add bundleware to his projects. Under the descriptions of his applications, he clearly states: “100% Spyware FREE – This software does NOT contain any Spyware, Adware or Viruses.”

TweakPower is a Windows-optimization program that’s stuffed full of helpful tools. The clear and nicely organized user interface makes this utility useful to all levels of PC users — from system admins running a quick workstation analysis to novice computer users who want a one-click tuneup. In other words, you can let TweakPower do the heavy lifting, or you can dig deep into settings and use it for very specific tasks.

The program runs on all 64- and 32-bit versions of Windows from XP to Win10, and you can download portable versions (ZIP files) from our OlderGeeks.com page.

After loading, the program kicks things off with a Simple cleanup or Default cleanup (see Figure 1). You can check the box at the bottom to never show the wizard again, but it really does a great job of removing unneeded browser and system files. (Note that it doesn’t try to find every “flaw” in the Windows OS — which is good!)

Figure 1. The Simple cleanup option is quick and focuses on obsolete browser and system files.

I prefer the Default cleanup option so I can choose what’s going to get scanned. You can quickly enable or disable the following tools: Browser Cleaner, System Cleaner, Plugin Cleaner, and Registry Cleaner (see Figure 2).

Figure 2. The Default cleanup option lets you define what gets analyzed by TweakPower.

Click the Settings link at the bottom of each cleanup category, and you can further refine what gets checked and cleaned. Once you’ve made your choices, click the green Analyze Now button. That’s right! Nothing gets cleaned yet. At this point, TweakPower will just report how messed up you’ve let your PC get (ha, ha). Don’t get too relaxed waiting for the analysis (see Figure 3) to finish; it should take just a few moments.

Figure 3. In most cases, TweakPower should not take long to run its system scan.

Okay — now close your eyes and imagine how insanely perfect Deanna must keep her computer. How it must hum along like a finely tuned sports car. Now open your eyes, and let’s see what TweakPower reported.

ARRRRGGG!! It found 33,797 errors? (See Figure 4.) My bad! Well … nobody’s perfect. When tested on two other PCs, TweakPower reported only 152 errors on a fairly fresh Win10 notebook — and 1,934 errors on an older, heavily used desktop.

Figure 4. Over 33,000 errors? I guess I need to sweep out my system more often.

Before hitting that big red Clean up the PC button, click the Details link at the bottom of each section. There you can pick what you want the program to clean. Figure 5 shows the cleaning options under System Cleaner.

Figure 5. You can either leave what gets cleaned to TweakPower or go into the Details sections to limit what’s removed.

Cleaning your Windows setup is only a part of TweakPower’s capabilities. There are many freeware tools left to use, as shown in the left-hand menu (see Figure 6). Starting at the top of the list, clicking Dashboard gives you a quick rundown of system status.

Figure 6. Dashboard displays a quick summary of a PC’s stats and health.

Think of the Windows section (Figure 7) as Win10’s own Settings on steroids. Take a run through the various categories, starting with Communication and Administration — I’m sure you’ll be amazed by the depth of offered controls. You might never open Windows’ Settings, Control Panel, and Networking applets again!

Figure 7. The controls under the Windows section are comprehensive, well organized, and easy to roll through.

System (Figure 8) is a one-stop shop for detailed information on your Windows setup — and for configuring and fixing the OS. (Note that the system information TweakPower reports — the Performance Index, for instance — are simply a repackaging of Windows’ own tools.) Check out what’s offered under Repairing Windows, as an example: it makes you wonder how and why TweakPower is free.

Figure 8. The System category has extensive tools for configuring Windows and gleaning information about the operating system.

Under HDD (Figure 9), you’ll find most of the tools you might need for hard-drive, file, and folder maintenance — everything from disk defragmenting to encryption.

Figure 9. The HDD section is the place to go for storage management and repair.

Check out the rest of the available tools yourself. Again, you can download TweakPower from our OlderGeeks.com site. It’s free! … why not try it out?

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com, and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2019 AskWoody LLC, All rights reserved.