Don’t pay for software you don’t need — Part 2

Don't pay for software you don't need — Part 2

An imponderable, maybe, in the Lounge

By Kathleen Atkins

Why did an Access query produce a different sort order?

One test of a good forum discussion is the solution of a problem brought to it. Another test might rest in general illumination.

Lounge member alifrog accomplishes the feat of posing an Access database question that is met with practical help and perhaps an equally valid shrug from a fellow Lounge member. If you want to test your understanding — or view — of optimizers, take a look at alifrog’s problem and have a go at it. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

Mountain bike racer has camera: you travel

By Revia Romberg What’s good about the recorded action from a mountain biker’s helmet-cam? You get to go along for the ride as he jumps, dodges, and otherwise careens down a difficult track. What’s bad about it? Going along as he jumps, dodges &#8230. In this video of a race through a small Chilean town, the hazards are positively palpable. Watch your stomach! Play the video

MSE delivers mixed results in antivirus tests

By Fred Langa Malware researchers are now finding the same kinds of Microsoft Security Essentials problems reported earlier in Windows Secrets. Clearly, MSE is far from perfect. Should you dump it? Let’s sort out the facts.

Mediocre scores prompt debate over keeping MSE

Charlie Vanderford was disturbed to read about Microsoft Security Essentials’ performance in a noted AV lab’s tests, reported in another publication.

• “Hi, Fred. I have been one of your readers since day one, so I feel compelled to write about this subject. I’d appreciate it if you could get someone at Microsoft to fix this problem with MSE; otherwise, I’ll recommend to everyone in my computer user group to uninstall this product.”

I understand your concern, Charlie. I also was concerned when I read second-hand reports of the test results. But I was relieved when I went to the original source, AV-Test.org’s Test Report 110968 (PDF) and read it carefully.

For example, one of MSE’s lowest Protection scores is in the area of Web or e-mail threats — exactly what I found and reported in the April 7 Top Story on the Liza Moon infection and in follow-up reader comments in the April 28 LangaList Plus column. (The links are intentionally left out; see why in the May 5 Windows Secrets Introduction.) Both articles detailed how Microsoft Security Essentials failed to block this Web-based malware. It was disappointing that MSE did not catch it.

But as I reported, malware like this often depends on user error. For example, before Liza Moon runs, users have to click four separate times past various Windows security prompts and dialog boxes. Users have plenty of opportunties to avoid infection. So, although I can’t argue with AV-Test’s MSE scores in this area, I do disagree with the importance they give it.

Similarly, I just can’t get worked up about their low ranking for MSE’s handling of zero-day threats, which is malware so new there’s not yet any standard protection. Yes, zero-day threats are real; it’s one reason why columns such as Susan Bradley’s “Patch Watch” and Robert Vamosi’s “In the Wild” are so valuable.

But as a practical matter, zero-day attacks have a low probability of affecting any given user. In fact, in 35 years of intense computer use, I’ve never personally encountered trouble from zero-day malware — not once.

Once a threat has been identified, AV-Test’s results show that Security Essentials gets scores of or near 100 (100 being perfect).

So again, although I don’t dispute AV-Test’s low rating for MSE in zero-day protection, I disagree with the emphasis they place on it.

I don’t want to sound like I’m defending MSE. Hardly — I’m the guy who wrote those stories highlighting MSE’s failures! But I suggest that you go through the original report and weigh the results by your own criteria and experience. That’s the best way to use information like this.

For me, here’s the bottom line:

It’s no surprise that MSE is an imperfect AV tool — no AV tool ever is perfect. (Depending on your circumstances, such as protecting a small-business system, other security tools may be better for you.)

I’m still using MSE on all my office and home PCs. The areas in which MSE is weak aren’t ones that are likely to affect my systems. I suspect MSE’s deficiencies also won’t affect most Windows Secrets readers.

But you may feel differently — and that’s perfectly OK. There are many good security tools to choose from. (For example, see those mentioned in Robert Vamosi’s February 17 PC Security Baseline.)

Pick any mainstream security tool that fits the way you use your PC, keep it (and your system overall) fully up-to-date, and watch what you click. You’ll be fine!

‘dciman32.dll is not a valid Windows image’

Courtney Lai-Hing is getting a cryptic error message:

• “I started receiving the following error message about a month ago after cleaning and updating some of the programs on my XP Pro system:

  WindowsSystem32dciman32.dll is not a valid Windows image

  “I have not been able to fix it. Can you shed any light on this problem?”

dciman32.dll is Windows’ Display Control Interface Manager. It’s gone through many, many revisions. You may have an older version, or you might have more than one copy, which are in conflict with one another.

Use a search tool to scour your system for any instances of dciman32.dll. Normally, you should have only one copy in the WindowsSystem32 folder. Delete or rename any other copies (for example, as dciman32.old or .bak).

Check each copy’s properties, such as version number and creation date. Right-click the file name, select Properties, then work through the tabs. The General tab gives file length and creation date; the Version or Details tab lists file version, internal name, product name, and so on. (See Figure 1.)

Figure 1. The current dciman32.dll for XP SP3 systems is version 5.1.2600.5512.

If you have an outdated version of the file, you can simply copy and paste dciman32.dll Version 5.x.5512 from any other XP SP3 box you have access to.

Or, you can reinstall XP SP3 (free download/info). It contains the correct version of the file and will overwrite the old version.

(Note: I often recommend various online DLL download sites. But as I researched this answer, the several DLL sites I checked were offering older versions of dciman32.dll — even when they were labeled as 5.x.5512. It may be best to avoid these resources at this time.)

When you have the correct copy of dciman32.dll in the WindowsSystem32 folder, reboot. Run a Registry cleaner to correct any bad dciman32 references there. Then check your disk for errors with CHKDSK /f (Microsoft info).

With one current, known-good dciman32.dll in the correct folder and with Registry and disk errors gone, your system should no longer have this problem.

Can’t get Java to install or uninstall

Carl Todd is justifiably frustrated at a messy Java failure.

• “There are not many problems I run into I can’t solve on my own, but I need outside help with this.

  “My problem computer runs Windows XP Professional, SP3. Until recently, I was able to run Java-based software. Now, I just get a pop-up window indicating that Java is not present. Several diagnostics also agree that there is no Java installed.

  “But when I tried reinstalling Java, I got an “already installed” message. Java is listed in Control Panel’s Add/Remove function. But there’s no remove line to allow removal.

  “I removed the Java files manually. I then looked in the Registry and did find a key saying Is Installed, and I removed that. (Perhaps I should have replaced it with a zero.)

  “I tried Java removal tools, but still I get the same error messages. Apps that try to use Java say Java is not installed but Control Panel and the Java installer say it is.

  “Do you have any suggestions?”

I think you were almost there, Carl, except for one more step that probably would have fixed things.

Java is really an entire subplatform with its own main files plus software pieces that integrate with your browsers and other Java-enabled software on your system (along with additional Java system components to keep the whole shebang updated). It can be hard to pinpoint exactly where a nominal Java failure resides.

Note also that Sun (Java’s creator) was acquired by Oracle. All of Sun’s former software has gone through or is undergoing update churn for rebranding and repositioning. It’s a wonder more setups aren’t hosed.

But here’s the fix to it all: give your Java setup a truly fresh start. You clearly know your way around a system, so I’ll go fast.

• Back up your system.
• Open Control Panel and uninstall all Oracle and Sun software on your system that you can. If you need product keys for reinstallation of any commercial apps, copy them first.
• Search your hard drive once for Oracle and then a second time for Sun. Uninstall (or manually delete, if necessary) any remaining folders containing Oracle or Sun software.
• Next, use XP’s Regedit.exe (how-to) or a similar tool to search for and totally delete all Registry keys referring to Sun or Oracle software. (This is the step I think you missed — completely eliminating all the old Registry keys.)
• Reboot. Run a Registry Cleaner to repair any bad links there. Reboot again. Your PC should now be totally Java- (and Sun- and Oracle-) free.
• Go directly to Oracle’s download page (not to a third-party download site). Download and install Java. Reinstall any other Oracle/Sun tools you need.

You should now be good to go!

The Windows Update utility doesn’t complete

Chris Tanner had to disable Windows Update. That’s not good.

• “I’ve had an ongoing problem for about nine months now that I can’t solve.

  “I am running XP, and I keep getting the pop-up alert telling me that I need to restart my computer to finish an update. But you can restart the PC all you want, and the message continues to come up.

  “I can’t determine what Windows thinks hasn’t finish updating. If I run a net stop wuauserv command, it temporarily stops the pop-ups but doesn’t fix the problem. It also means that my PC no longer gets any security updates from Windows. I can only imagine how far behind I am on updates.

  “Any advice?”

That’s an all-too-common problem with XP, Chris, but there’s plenty of help available.

You might want to start with the October 28, 2010, article, “What to do when a patch won’t install.” And Microsoft Support article 943144 offers a one-click automatic repair (in addition to lots of manual options) that should do the trick.

Your solution should be just a few clicks away!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Four free hard-drive maintenance tools

By Lincoln Spector Your hard drive contains your digital life: music, photos, and personal documents, among other things. So you better take care of it! Here are four key — and free — programs that let you partition hard drives, check their internal health, and find oversized folders.

I’ve tried, as much as possible — though without complete success — to stick to portable programs that you can run off a flash drive. After all, you don’t want to install something on your hard drive when it’s giving you problems.

Organize hard drives via partition management

Separating your hard drive into multiple partitions (which act as virtual drives) allows you to organize the drive more efficiently as well as install multiple operating systems. A good partition manager allows you to resize, move, and create partitions without losing data. You can also delete partitions you no longer need.

Windows Vista and Windows 7 have decent partition tools built in, but these apps have some annoying limitations — for example, they sometimes refuse to shrink a partition as small as that partition’s free space should allow it to be shrunk.

EASEUS Partition Master Home Edition (info) does almost everything a good partition manager should, all through its exceptionally easy-to-use user interface. (If it did everything, no one would buy the $40 Professional version, which adds the ability to manage partitions from a bootable CD.) Just make your changes and click the big check-mark icon to finish the job. (See Figure 1.) Selecting a checkbox shuts the computer down when the utility’s done.

A well-designed user interface makes EASEUS easy to work with.

You can browse a partition (even a hidden one) to see what’s in it, edit its label, hide it, unhide it, and make it active (bootable). You can also copy a partition. And if deleting a partition doesn’t seem secure enough for you, you can use the wipe tool, selecting from one to 10 passes.

Note: Although the free version doesn’t offer a bootable CD tool, it still includes an icon to launch it. Clicking that icon brings you to an ad for the Pro version.

You have to install EASEUS Partition Master onto your PC; it’s not portable.

Or use a portable, bootable, partition manager

If you’re okay trying a product that’s harder to use, Parted Magic (info) is a portable partition manager that can run as a bootable CD. It has a few other tricks up its sleeve as well.

Parted Magic is actually a Linux distribution with some built-in disk-care tools. You download the utility as an ISO file, which you then burn onto a CD. Don’t copy the ISO file to a CD; double-click the file, and an app should automatically install Parted Magic on the disc. If it doesn’t, you’ll have to first install another app such as the free ISO Recorder (info). You can also use the Universal USB Installer (info) to put Parted Magic onto a flash drive.

When you boot your PC from the Parted Magic optical or flash media, you automatically launch a specialized Linux environment that has a reasonably friendly user interface. To start partition management, you launch the Partition Editor app from its icon on the Linux desktop.

Figure 2. The Parted Magic Partition Editor launches from the Linux desktop.

Unlike using EASEUS, you sometimes have to figure out how to do something in Parted Magic’s Partition Editor. For instance, in EASEUS, you can simply right-click a partition and select Set active. With Partition Editor, you right-click the partition and select Manage Flags (not the most intuitive choice of labeling); that in turn pops up a dialog box in which you check the boot option.

Other tools in Parted Magic include a hard-drive diagnostic program and a system profiler that provides the stats on the PC’s hardware. And if Windows isn’t booting, Parted Magic can help rescue files trapped on the hard drive and move them someplace else.

Get a comprehensive check of hard-drive health

You don’t have to boot into Linux to check for hard-drive problems. EFD Software’s HD Tune (info) runs just fine inside Windows.

Yes, I know: you’d expect a program called HD Tune to play some special, high-definition audio format. But this small and simple utility works nicely to benchmark drives, show vital statistics, report on overall hard-drive health, and scan the disk surfaces for errors. It also displays a drive’s current temperature — a good warning of overheating that can lead to premature drive failure.

Figure 3. HD Tune checks a disk for errors.

Much of the information it offers is pretty geeky, especially on the Health tab — how many people understand what a Reallocated Event Count of 200 signifies? (On the other hand, anyone can understand a status of OK, which HD Tunes also displays and is all you really want to know.) Better documentation would be helpful.

The results displayed under the Health tab come from your hard drive’s S.M.A.R.T. (Self-monitoring, Analysis, and Reporting Technology (definition). Most modern hard drives support S.M.A.R.T.

But HD Tune’s Error Scan tool doesn’t trust S.M.A.R.T.; it checks drives itself — including any hidden partitions the drive might have. It ran a quick scan of my 500GB drive in about 32 seconds. A full scan took 96 minutes.

HD Tune is not officially a portable program. But I copied its folder onto a flash drive and successfully ran it on another computer from the flash media — which makes it effectively portable.

It looks like HD Tune has not been upgraded in years, but I’d be hard-pressed to think of a replacement that works better.

Know the size of folders; free up some space

When it comes time to clean old files off the hard drive to make room for new ones, the job gets easier if you can see the size of each folder — and the size of the folders inside that folder. You can find that information in Windows Explorer, but not easily.

The better solution is MindGems’ Folder Size (info) utility. This free program can show you, numerically and graphically, the location of the files that are hogging your hard-drive space.

The program couldn’t be easier to use: launch it, select a hard drive, and click the green icon that looks like a DVD player’s Play button. (There’s another icon for scanning a folder rather than the drive.) Then you wait a few minutes.

When the scan is complete, the top part of the window contains a list of folders and files in the root directory — or folder — you just scanned. The list contains relevant data on each folder’s size, percentage of disk space, number of files and subfolders, and so on.

The bottom pane displays folder sizes in a more attractive, easier-to-read-but-not-as-informative pie chart. Clicking a folder listing on the top, or a pie slice on the bottom, drills down to information about that folder. Changes to the pie chart come with some pleasant animation, courtesy of Adobe Flash — which the program requires for its graphics.

Figure 4. You can display information about your folders and files in a couple of different ways, using the Folder Size tool.

If you want to put Folder Size on a flash drive so you can use it on other computers, go to the download page and look for the Folder Size Portable (experimental) version. There’s always a bit more risk with beta products, but it worked fine for me.

Tools such as EASEUS Partition Master Home Edition, Parted Magic, HD Tune, and Folder Size make it easier to tend your hard drive. And a healthy hard drive is an important part of keeping your data safe.

Lincoln Spector writes about computers, home theater, and film and maintains two blogs: Answer Line at PCWorld.com and Bayflicks.net. His articles have appeared in CNET, InfoWorld, The New York Times, The Washington Post, and other publications.

The complicated world of antivirus testing

By Robert Vamosi Don’t shoot the messenger when it comes to AV test results. The fact that MSE barely got certified by AV-Test.org shouldn’t be easily dismissed — not without considering all the facts.

Free products are rarely the best products

Since the 1980s, antivirus engines have used signature-definition-file databases to detect malware on infected systems. For this to work, new malware has to be discovered and analyzed, then have its specific signature added to the database. That means frequent database updates. Antivirus vendors typically charge a fee for the software engine and an additional fee for a signature-file update subscription. Most AV vendors make their products obsolete every two to five years, forcing users to update to the latest engines.

Until recently, free antivirus software was not recommended for the average PC user. It was often more complicated to install and maintain. Then a few big-name vendors, such as AVG, started offering older versions of their paid products for free. When Microsoft discontinued its OneCare service, it replaced it with a free antivirus product, Microsoft Security Essentials (MSE). But MSE had a rough start. Although its traditional signature-definition-file model worked well, it fared poorly with new (zero-day) malware — viruses, Trojans, and so on, all with undefined signatures and circulating in the wild. That conclusion was based on AV-Test.org results (as reported in a 2009 ZDNet column) and remains true today, as summarized in a May 4 PCWorld story.

Quick updates and heuristics protect best

Elsewhere in this newsletter, my colleague Fred Langa addresses the lackluster report card given to MSE by AV-Test.org, a German testing lab. Although I agree that the one test is not sole grounds for removing MSE from your computer, I disagree with Fred when he states, “as a practical matter, zero-day attacks have a low probability of actually affecting a given user.”

In an April 21 column, I described how a new Adobe Flash zero-day attack forced Adobe to rush out a new patch. Within 24 hours, the big antivirus players — McAfee, Symantec, and Kaspersky — all had updated definition files to protect their users. These products also had the ability — using heuristic technology — to detect new malware based on its behavior alone. (Companies commonly targeted by new and specialized malware definitely want effective heuristics as part of their antivirus strategy.)

Microsoft’s MSE (along with numerous other AV products) didn’t have signature-definition files for the Adobe zero-day threat until more than a week later. Nor does it have a highly developed heuristic engine. The PC World story quotes Andreas Marx, director of AV-Test.org:

“The product [MSE] is missing effective e-mail and Web protection … That’s the big problem with this tool — the majority of the other products tested includes such protection features, so they are performing better in our tests. And we expect that they are performing better in the ‘real world’ as well, which is the focus of our tests.”

Only a few independent AV test organizations

Independent antivirus organizations are hard to come by. Earning a certification from testing facilities such as West Coast Labs and ICSA is not the same as undergoing rigorous antivirus testing with live malware — certification means only that the product met predesignated criteria established by the certifying agency. A certificate does not represent real-world threats and doesn’t necessarily mean one product is better than another at real-world malware detection.

Three leading, independent organizations that do test antivirus products with live malware are AV-Test.org, AV-Comparatives.org, and Virus Bulletin’s VB100. All three test for on-demand (user-initiated) and on-access (automatic) detection of malware. Only AV-Test and AV-Comparatives run additional tests for scanning performance, rootkit detection, heuristics capabilities, and spyware detection.

AV-Test and AV-Comparatives have begun incorporating the Anti-Malware Testing Standards Organization (AMTSO; info) testing recommendations. A collaborative effort among antivirus vendors, testing organizations, and reviewers, AMTO’s goal is to develop common AV-testing standards.

AV-Test.org: For the past ten years, Andreas Marx has run the most thorough AV testing lab. However, the lab does not typically release its full set of test results to the public. Those results are commissioned by antivirus companies and by magazines for use in product reviews.

The AV-Test data that is public shows that most of the antivirus products tested come close to 99 percent detection; typically, the top products differ by less than one percent. For zero-day testing, AV-Test exposes AV products to newly created malware through malware-laden URLs. Although not perfect, it’s considered acceptable by the antivirus community.

In the latest published tests, Microsoft Security Essentials 2.0 scored a perfect 100 percent in detecting widespread in-the-wild malware and a respectable 97 percent of recent malware samples. However, it received low scores in the zero-day category, detecting only 50 percent of new malware (samples with no defined signatures on hand).

MSE was not the only AV product to have poor zero-day results: McAfee Total Protection 2011, CA Internet Security 2011, Comodo Internet Security 5.0/5.3, Norman Security Suite 8.0, and PC Tools Internet Security 2011 (all paid products) earned lower scores.

AV-Comparatives.org: Led by Andreas Clemente, AV-Comparatives also has a reputation for thorough AV testing. Unlike AV-Test, AV-Comparatives releases its test results quarterly and publishes them on its website in two sets: one for on-demand and on-access malware detection and the other for retrospective/proactive testing, which is used for zero-day testing. (To test zero-day threats, AV-Comparatives freezes the antivirus product (that is, it doesn’t update the product) for three months and then sees whether the product can detect newly created malware with undefined signatures.

Unfortunately, the most recent tests are for on-demand/on-access detection (detection test index page), which most AV products do well on. The most recent retrospective/perspective test results were completed in November 2010 and used MSE 1.0. Retrospective/proactive tests on MSE 2.0 are due at the end of this month.

Virus Bulletin VB100: This organization uses a simple pass/fail system administered by VirusBulletin magazine. You must register to view the full set of testing results (summary page), but it’s free. A pass means that a product detected all malware and there were no false positives. Misses in either category earn products a fail score.

Microsoft Security Essentials has been VB100-tested four times; it has passed three times and failed once (April 2010, Windows XP). So far, VirusBulletin has not published MSE 2.0 results.

Finding your personal security comfort level

Malware testing is cyclical: AV products tend to fare badly at first, then rock the next time they’re tested. It doesn’t, however, mean the tests are unreliable — they’ve been vetted for the past 20 years. The down-and-up cycle is more reflective of the changing nature of the threats and the changing nature of the products themselves.

Some people swear by their free antivirus products and say they’ve never been infected by malware. Others do without anti-malware protection altogether. Each of us has different levels of comfort and skill when it comes to keeping our machines clean. But the tests described in this article provide the only empirical data that can be used to compare AV products. If the results don’t match your experience using anti-malware software, it doesn’t mean that the data is wrong.

One last note: Not all anti-malware products actually remove the malware from your machine; most only neuter the malware so it’s no longer a threat. AV-Test.org also provides removal data in its full set of test results. Having seen those results over the years, I can say that only a handful of AV products actually remove traces of the malware from an infected system. But that’s the subject of a future In the Wild column.

WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008 and winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers. He is the author of the forthcoming book When Gadgets Betray Us (Basic Books, April 2011)