Get all security patches without WGA nightmares

Find a great company whether you need it or not

Our free bonus this month is based on Andy Lester’s new book, Land the Tech Job You Love. It’s packed with helpful how-tos on writing killer résumés, completing job applications, securing those valuable employment interviews, and more. The printed book won’t be available until June, but all Windows Secrets subscribers can receive an excerpt of two enlightening chapters simply by visiting their preferences page, after which a download link will appear. Hurry, we can only offer this for free through June 3. Thanks! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

Get all security patches without WGA nightmares

By Susan Bradley

If you’re a legitimate Microsoft customer, you can download and install all the Windows updates you need without running Windows Genuine Advantage (WGA) and exposing yourself to the false positives it’s become known for.

In today’s article, I explain how to install Windows XP and upgrade it with every available security fix and many optional updates as well, without ever installing WGA.

In an April 16 Windows Secrets story, contributing editor Ryan Russell argued that WGA poses a risk to the world because Microsoft prevents machines that fail WGA validation from getting some security patches through Windows’ Automatic Updates mechanism. Unpatched machines are vulnerable to remote attacks that enroll them in hackers’ bot armies.

In today’s Known Issues column, several WS readers report that WGA wrongly disabled software they’d legitimately purchased. (An Ars Technica article back in January 2007 estimated at least 5 million WGA false positives, based on Microsoft’s own numbers.) However, other readers defend the technology.

In the Windows Security Blog last month, Microsoft developer Paul Cooke claimed in a post that “all security updates go to all users,” whether or not their machines have failed WGA validation.

As Ryan pointed out in his article, it’s true that Microsoft posts all security updates to various Web pages, and that an advanced user could find each page in turn and then install each patch manually. Few users are likely to do this, however. The risk to the world arises because:

• If a machine fails WGA validation, Automatic Updates installs only those security patches Microsoft rates as “Critical,” not those rated “Important” or lower (some of which are just as crucial to a user’s security, in my opinion);
• Many users turn off Automatic Updates out of fear that their machines will be disabled, which was Microsoft’s policy in the original release of Vista (as explained in a February 2007 article by Adrian Kingsley-Hughes);
• If WGA has labeled a system as “nongenuine,” Microsoft prevents the user from running Windows Update or the more extensive Microsoft Update, which are the official methods to patch a system on demand.

Because unpatched PCs are a threat to everyone, and because some people fail WGA validation due to false positives, I set out to determine how to fully patch a Windows PC without installing the WGA Notifications tool. Microsoft stated in a recent MSDN blog post that the company is focusing its antipiracy measures on XP, the most-widely used version of Windows. Therefore, my tests focused on XP Service Pack 2 and the more recent XP Service Pack 3.

It’s important to note that in my tests, I entered a valid Windows product key and activated the operating system. I believe every user should legitimately activate a paid-for copy of Windows.

Bear in mind that Windows activation to date has been a completely separate process from WGA validation. This will change with the release of Windows 7 later this year, however. In Windows 7, WGA is being renamed Windows Activation Technologies (WAT).

Microsoft’s Genuine Windows blog indicates that validation will be more streamlined in Windows 7. You’ll need only enter a valid product key during activation. Your system will then be tested by WAT for “genuine” status at that time. Look for more information on WAT in an upcoming Windows Secrets column.

When a legitimate, paid-for XP system is flagged as counterfeit, the PC may require reactivation because significant hardware changes were made. An excellent summary of reactivation can be found in Alex Nichol’s article, “Windows Product Activation (WPA) on Windows XP,” which is posted on the Windows Support Center (AumHa) site.

Let me go on the record: using a counterfeit copy of Windows is asking for trouble. Paying for Microsoft software makes you less likely to end up with malware, according to an IDC whitepaper being distributed by Microsoft’s Download Center. (On this page, you’ll be prompted to register with Microsoft, but you can download the files without registering.) For example, it’s been reported that some BitTorrent versions of the Windows 7 beta have been found to contain Trojan horses.

Regardless of how you obtained Windows, I recommend that you set Automatic Updates to Download but do not install, as I describe below in Step 2. This setting allows you to wait two or three days before installing patches that cause more problems than they prevent.

Two days after Microsoft Patch Tuesday each month, Windows Secrets publishes my Patch Watch column with information about which patches cause incompatibilities. You can then choose which updates to install and which to postpone. That includes the WGA Notifications tool, which Automatic Updates ordinarily installs as though it were a “critical” security patch.

In my tests, I started from scratch by installing XP SP2 and XP SP3 on clean machines. If you’ve already installed WGA on XP but no longer want it, you must remove the so-called patch KB905474. In KB article 921914, Microsoft provides manual removal instructions only for the “pilot” versions of WGA Notifications: 1.5.0527.0 through 1.5.0532.2. The article says higher-numbered “release” versions cannot be uninstalled.

Note that without WGA, you can’t download Windows Defender, Windows Media Player 11, Network Diagnostics tools, and other Windows extras. Microsoft describes the products that are affected by WGA on its Genuine Microsoft Software page.

How to patch without running WGA validation

The following steps will allow you to install all Windows security patches on a new build of XP, without installing or running WGA on the machine:

• Step 1: Install and activate XP. For XP SP2 only (not XP SP3), you must also download and install the patch described in KB article 898461, which updates the installer program and ensures that your system will receive future updates.
• Step 2: In either version of XP, click Start, Control Panel, Security Center, Automatic Updates. Choose Download updates for me, but let me choose when to install them.
• Step 3: Whenever you see a yellow-shield icon in the notification area (previously known as the system tray), click the icon and then choose Custom install.
• Step 4: Scroll to the bottom of the patch window and uncheck Windows Genuine Advantage Notification (KB905474), as shown in Figure 1. (For more info, see Microsoft KB article 905474 to read the company’s description of WGA Notification.)

  
  Figure 1. Uncheck KB905474 to prevent WGA from being installed on the system.

• Step 5: After you click Install, check Don’t notify me about these updates again in the resulting dialog to prevent WGA from being included in future Windows updates (see Figure 2). Click OK.

  
  Figure 2. Check this option to avoid being offered WGA Notifications as part of future updates.

From this point forward, every time you update your system, review the patches being offered to you and deselect those you don’t want before proceeding with the installation.

Microsoft occasionally updates the WGA Notifications tool, so you can count on its being offered to you again, despite your choice in Step 5 above. The explanation Microsoft officials gave me for this decision is that the company feels it’s wise to reinstall WGA periodically to ensure that customers haven’t been the victim of unscrupulous consultants who use illegal media when reinstalling your operating system.

There’s a flaw in this thinking: the reason many of these consultants use the wrong media is that Microsoft doesn’t make it easy to get replacements for your Windows installation discs. It’s also difficult to get up-to-date installation media unless you’re one of Microsoft’s enterprise-level customers.

Microsoft’s recommendation that you set your machine to update automatically as the best way to protect it is also flawed. These days, our PCs aren’t just simple e-mail and Web terminals. They’re crucial to all our work, and if they’re disabled we can’t make a living. For example, if a Windows update causes our Internet connection to break because of a conflict with a third-party security program — as has happened many times in the recent past — we might be unproductive for hours or days.

Also, if you enable Automatic Updates, you may be as dismayed as I was to learn that Microsoft treats legitimate customers like thieves. The WGA Notifications patch described in KB article 905474 automatically installs if Automatic Updates is empowered to act without permission. In that case, you either have to run the WGA tool the next time you reboot or press Cancel every time you start your system. (See Figure 3.) Is that any way to treat a customer?

Figure 3. If you install WGA Notifications on XP, this dialog box will reappear each time you reboot until you click Next and run the process.

Use a third-party patch testing tool

The WS Security Baseline page is periodically updated to describe a bare-minimum set of defensive tools that home users of Windows should install. The page currently recommends, among other things, that you regularly test for OS and application patches that vendors have released but you haven’t yet installed. Secunia.com’s Online Software Inspector is listed as a third-party service that tests for app patches in addition to Windows updates.

However, I personally prefer the free Shavlik Patch Google Gadget. I’m not thrilled with Shavlik’s use of Google Desktop as the platform for its update checker. But Shavlik’s tool recently informed me about an update to Adobe Flash Player on a test PC, whereas Secunia’s tool had missed this fact.

I’ll bring you a detailed report on the two services in a future article soon. In the meantime, to get Shavlik’s program, visit the company’s download page. For more information on Secunia’s online and downloadable software inspectors, visit the company’s vulnerability scanning page.

To recap: the best way to keep your system up-to-date is to set Windows’ updater to download patches but not to install them automatically, deselect WGA Notifications updates, and run a tool such as the Shavlik Patch Google Gadget at least once a month to verify that your software is fully patched.

Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

WGA affects legitimate MS customers differently

By Dennis O’Reilly

Following an April 16 Top Story on the Windows Genuine Advantage (WGA) copy-protection scheme, Windows Secrets heard from several readers who have — to put it mildly — a range of opinions.

Several readers couldn’t pass Microsoft’s WGA validation, despite having purchased Windows legitimately, while other readers have had no bad experiences and defend the testing system.

One subscriber with first-hand experience of Microsoft’s anti-copying technology is Aaron Fox:

• “I am in WGA hell. I have a completely valid copy of Windows XP Pro. Our company (to remain unidentified) buys a site license from Microsoft. I can install Windows on as many machines at work as I please.

  “I replaced the motherboard on an old working computer. I wanted to keep the hard drive intact, so I deleted the drivers. My intention was to install the motherboard and then reinstall the drivers. Because the hard drive had not been altered, all my programs and data files would be intact.

  “Except for WGA. After I replaced the motherboard, Windows asked me for my password and then informed me that ‘this copy of Windows must be activated with Microsoft. Do you want to activate Windows now?’ If I answer no, my computer is kindly rebooted by Microsoft and I’m back at the Windows log-on screen.

  “If I answer yes, I get an ‘activate software’ screen. I tried to activate the software over the phone by calling Microsoft, but the Microsoft technical people (it’s pretty funny that they are called ‘technical people’) told me that my computer was generating an ‘installation ID’ that tells the activation people that I have an illegal version of Windows. So I read to them my Windows XP Pro installation-disc product key, and they agreed that it’s valid. But there’s nothing they could do.

  “In effect, WGA software has hijacked my computer. I can’t log on. I can’t run programs. I can’t do anything. I need my computer, and I don’t want to reformat and reinstall everything. I have now been e-mailing and calling Microsoft for two weeks. I’m no closer to having a functional computer. I’ll probably break down soon and reformat the hard drive and reinstall Windows.”

Charles Cunis experienced a different form of Microsoft-activation responsiveness:

• “I installed MS Office 2003 Student Version — purchased from Office Depot — and activated it in 2006. Fast forward to January 2009, when I installed a new motherboard and a hard drive. Last week, I needed to do some work that required Office 2003, and I tried to activate it using the same key code of the original install. No go.

  “Tried to activate again via the Internet. No go.

  “Got on the telephone, keyed in the eight or so groups of numbers. No go.

  “Got back on the phone and went through the whole eight-groups-of-numbers routine with an MS rep. No go.

  “He switched me to the next level. Line disconnects. Tried the whole routine again — including reciting the numbers to the rep while he ate lunch. Line cuts off.

  “Tried to find someone to call at MS Web site. No go.

  “Gave up.

  “My tale of woe is only one of thousands. Something has to be done with MS. This is wrong. The only way they’re going to move is if you folks keep the pressure on. Great article.”

One reader who perceives WGA as a boon to legitimate software users (not just to Microsoft) is Rio Zuni:

• “I’ve been in IT since 1980 in a wide range of corporate and private positions, ranging from early adopter to executive IT administrator. There has never been an instance in which I thought WGA was a mistake or thwarted users.

  “At one point in my career, I was a software manager for the California State University system. At CSU, student piracy of everything — software included — was rampant. The networks and data storage were so clogged with unlicensed software being downloaded, stored, and traded among students, friends, and faculty that an endless supply of money was thrown into expanding them so as not to upset the ‘freedom’ accorded tuition-paying students. In other words, the university looked the other way and piracy was allowed to flourish.

  “During this time, WGA was introduced. It never impacted campus systems, since our licenses were institutional. Student-owned systems were impacted, but only where students were trying to install pirated OS or applications on them or where their systems were infected or misconfigured….

  “Most systems I have pulled out of the ditch had one or more of these issues:

  “Pirated software, viruses, spyware, adware, no WGA, OS and application software updates missing, fragmented hard drives, unnecessary OS and application tweaks, antivirus software, antispyware software, anti-adware software, mismatched system resources (such as not enough memory to do the expected job), etc.

  “The list of horrors in personal systems goes on and on. People abuse their personal systems more than I could imagine. But the ‘helping’ anti-whatever software is often the cause of the problem.

  “WGA is not the problem, nor is it a problem. It is certainly a symptom when it fails. WGA is Microsoft’s way of protecting their revenue stream so they can bring us more marginal software in the future. I can’t justify a lot of product decisions that Microsoft makes, but I can appreciate some of their business decisions.”

No one who writes for Windows Secrets is in favor of counterfeiters, who profit by making unlicensed copies of Windows. But, as WS contributing editor Ryan Russell pointed out in his April 16 article, WGA doesn’t prevent counterfeiters from producing and selling thousands of systems.

Machines that fail WGA receive via Automatic Updates only those security patches rated “Critical,” not those rated “Important” or lower — and the affected users are prohibited by Microsoft from running Windows Update at all. The unpatched machines are easily infected and become part of bot armies that attack legitimate users.

Readers Aaron, Charles, and Rio will each receive a gift certificate for a book, CD, or DVD of their choice for sending comments we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.

This food's out to attack more than your heart

By Katy Abby We’re taught from a tender age not to play with our food. Still, many of my formative years were spent slyly sculpting fortresses out of mashed potatoes and creating formidable moats of gravy — those green beans never stood a chance! Watch what happens when some valiant victuals get their own ideas about who’s at the top of the food chain in this incredible stop-motion short. The video shows that war isn’t healthy for any of the major food groups. John Belushi’s got nothing on these morsels. Warning: gastronomically explicit! Play the video

Fix power-management glitches in XP and Vista

By Fred Langa When your PC’s power-management systems malfunction, don’t just throw up your hands and prepare to pay a higher electric bill. Restoring your power options in XP may be as easy as running a downloadable script, or if not, you can bring the options back via a manual Registry tweak.

If XP’s Power Options Properties are grayed out

Eric Bloch got a surprise when he went to adjust the power-management options on his XP Home PC:

• “I’m running WinXP Home, fully updated. Recently, when I tried to modify the Power Options Properties, all I saw was this useless dialog [shown in Figure 1]. Help!”

Figure 1. Eric Bloch’s Power Management options mysteriously became grayed out.

The most common cause of this problem in XP is a software update — especially driver software — that goes awry. Many of your PC’s hardware components tie into the Windows power-management system, but alas — hardware makers don’t always write great drivers.

For example, let’s say you install a new video driver. If the driver is buggy and interacts improperly with your settings to blank the screen or put the monitor to sleep — well, you’ve got trouble. In XP, the loss of your power-management options is one possible outcome.

Kelly Theriot’s excellent Kelly’s Korner site has a click-and-run fix for this problem in XP. The Restore Power Schemes/Configurations script is in the right column of line 204 on the site’s “Registry Edits for Windows XP” page.

If you prefer something other than Kelly’s “black box” repair script, The Elder Geek site (also excellent, but what a name!) has a manual Registry fix posted in comment T10478.

Either one should get your XP power options restored in a jiffy!

By the way, problems like these explain why Microsoft periodically changes the hardware-driver model in Windows. In early Windows versions, a bad driver could crash the whole OS. In XP, system crashes are less common, but misbehaved drivers can and do still cause trouble. Vista’s driver model makes this particular kind of problem very rare.

Restore Vista’s missing hibernation function

The hibernate option that’s part of Windows’ power-management system can sometimes go on the fritz. That’s what happened to Peter Sands’ Vista system:

• “I was very interested in your comments about “Managing Vista’s various power options” [in the May 7 LangaList Plus]. I find that when I put my desktop PC (Vista Home Premium) into hibernation, if the power is subsequently lost, the boot-up gives me the options of Safe Mode, etc., and doesn’t restore my workspace to its prehibernation state.

  “So hibernation doesn’t work for me. Is there some software to allow this?”

Vista’s hibernation — and the hibernation portion of the OS’s “hybrid sleep” option — can fail if there’s a problem with either the hibernation settings themselves or with hiberfil.sys, the file that stores the contents of RAM and the CPU’s registers.

For example, if you use the Vista Disk Cleanup Wizard, you can tell it to remove the hibernation file to save space. That’s fine as far as it goes, but removing the file doesn’t automatically change the Power Configuration settings. This is a bug; the OS shouldn’t leave any hibernation options enabled if the hiberfil.sys file is missing.

But because the hibernation subsystem doesn’t verify that hiberfil.sys is available, you can end up with a PC that thinks hibernation is enabled but has no place to store the data. In such cases, hibernation will fail.

Similarly, if you play with various power-configuration options and select a value of Never in any dialog box that offers a choice of Hibernate after, the hiberfil.sys file will be deleted. If you have hibernation enabled in another dialog, the same bug can pop up; the system may think hibernation is enabled but has no place to store the data. Once again, hibernation will fizzle out.

I’ve also seen instances where third-party or OEM power-management tools — such as those that ship with some laptops — can work at cross-purposes with Windows’ built-in power-management tools. A “who’s in charge here?” conflict can happen, and hibernation quits altogether. To prevent this, I avoid OEM tools whenever possible and instead let Windows work on its own.

Whatever the cause, the fix is easy: click Start and type cmd in the Vista Start Search box. In the results list, right-click cmd under Programs (or Command Prompt) and choose Run as administrator. (If you get a nag dialog from the User Account Control, click Continue.) At the command prompt, type the line below and then press Enter:

powercfg.exe /hibernate off

This will disable hibernation and delete the existing hiberfil.sys file. Next, type the following line and then press Enter:

powercfg.exe /hibernate on

This will re-enable hibernation and create a fresh, empty hiberfil.sys file. You’re done!

If these steps don’t restore your system’s hibernate feature, or if you need more info, the Microsoft support article 920730, “How to disable and re-enable hibernation on a computer that is running Windows Vista,” has more detail. The related Knowledge Base article 929658, “How do I enable hibernation on my Windows Vista-based computer?” offers a Fix It button for a one-click automated repair. Nice!

Protect USB devices by using an extension cable

Writing from Scotland, reader Keith Guthrie offers the following good advice:

• “Re: Fred’s article ‘USB devices unrecognized due to bad cables’ [in the March 5 Langalist Plus]. I always recommend to friends and colleagues that they use a short USB extension cable rather than plug anything directly into a PC or laptop. This reduces strain on the device and socket and also helps prevent damage if the laptop slips off the lap!”

You’re right, Keith. Extension cables cost only a couple of bucks, and it makes a lot of sense to let them incur the damage rather than the devices they connect to. Good tip, thanks!

‘I got them new-netbook-backup blues!’

Dennis Creeden’s new netbook is proving to be a bear to back up:

• “I couldn’t resist the temptation and bought one of those $299 Acer Aspire notebooks with no CD or DVD drive. Loaded with XP, it’s a nice little computer. But …

  “Image for DOS V2.02 will not allow a disk image to be made onto an external hard drive or DVD. Partition Commander Version 9.01 doesn’t work. I can’t partition the disk the easy way. Hard drive is a standard Western Digital. Nothing in Device Manager out of the ordinary …”

Well, $299 is a great price, but as I described in “Laptops with no CD or DVD drive” in the April 9 LangaList Plus, portable PCs with no CD or DVD drives come with inherent drawbacks. The lack of an easy way to make safe, off-system backups is one of them. But Windows Secrets readers are nothing if not resourceful, proving that there are options and workarounds for almost any PC (or netbook) problem!

For example, you say that your DOS-based imager won’t work with external — I assume USB-based — mass-storage devices. While OS-independent disk imaging is the gold standard for backups, a native Windows-based tool can still be adequate and is certainly better than nothing.

So one option would be to abandon the DOS-based imager and switch to a Windows-based backup tool, one that uses “shadow copying” to process in-use and locked files and folders. There are literally dozens of such tools available. (Reviews of the best programs are available on Windows Secrets’ best free backup apps page.)

An alternative is to track down some DOS-based USB drivers and see whether you can alter your DOS-based imaging setup to work with the external drives. There are several sites that offer USB-for-DOS drivers, including the popular BootDisk.com. Two separate methods for using USB drives under DOS are described on the site’s DOS USB Drivers page.

Georg Potthast’s site in Germany offers the DOSUSB USB controller for DOS. You’ll find a download link and more information about this free product on its Web page). An article by Fernando Cassia in the U.K.-based tech publication The Inquirer discusses how to use Panasonic’s usbaspi.sys file to provide DOS support for some USB devices, even ones that aren’t made by Panasonic.

If you go the DOS route, you may also need to refresh your skills in editing old-style config.sys and autoexec.bat files. Microsoft offers basic how-to info in KB article 232558. Somewhat more detail can be found on such third-party sites as Computer Hope.

A third option is to find a partition manager that will work on your system, despite Partition Commander’s failure. I still get good use from TeraByte Unlimited’s U.S. $34.95 BootIt Next Generation, a combination boot manager, partition manager, and drive imager; you’ll find more info about the product on the vendor’s site.

Once you’ve found a partition tool that works, create an empty partition large enough to hold your image backup. Make a backup with your DOS-based tool and store the drive image in the newly created partition. When you’re done, boot normally and use Windows to move the image file — via a network, USB storage device, or other method — to a safe place off your netbook.

So the lack of the right kind of drive isn’t a backup-showstopper with netbooks or with any PC, for that matter. I’ve used some of these same tricks to back up standard systems that had dead or missing optical drives. If you’re willing to take a couple of extra steps or do a little hoop-jumping, there’s almost always a way to get your backups made.

And again, any backup is better than no backup at all!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Software improves lighting on digital photos

By Ian “Gizmo” Richards A common cause of poor-quality digital photos is the lighting conditions present when the photos were taken. While there’s no magic solution for photos that are already ruined, with the help of some clever software you can get superb digital photos from near-impossible lighting conditions that would normally be regarded as impossible.

Digital photography’s dirty little secret

Digital technology has certainly brought about a revolution in the cost and convenience of photography. But amid all the hype about megapixels, image stabilization, and other technological wonders, there’s little mention of digital photography’s relatively limited ability to correct areas that are too bright or too dark.

This weakness is present not only in digital photography but also, to various degrees, in other digital media. Digital TV has a similar problem, and even audio CDs are challenged when reproducing volume ranges from very soft to very loud.

The problem lies not in digital technology itself but in the implementation of the technology. That’s good news, because it means we can expect enhancements over time. For example, when plasma TVs were first introduced, they were almost laughably poor at reproducing highly illuminated areas. Today’s models have improved greatly. Similarly, LCD TVs have always reproduced black and dark tones poorly, but the latest models give quite acceptable results.

Digital cameras have also improved, although most mass-market models still have serious limitations when reproducing scenes with stark contrasts in lighting. For example, try photographing a white Persian cat lying in the sun on a black velvet lounge. Almost certainly, all the details of the lounge or of the cat will be lost — and quite possibly both.

Old film cameras are generally better at handling these stark contrasts than digital cameras, but even they fall far short of the performance of the human eye, which is quite remarkable in its ability to handle huge ranges in brightness. Consider, for instance, how well the eye deals with a situation such as driving on a dark road at night while encountering an oncoming car with its headlights on. Most cameras would simply display such a scene as two formless white spots on a black background. Yet, thankfully, we humans still manage to see a considerable amount of road detail.

The superb performance of the human eye lies at the heart of many of the problems of digital photography. What the eye effortlessly sees may simply not be reproducible with a digital camera.

The limitations of digital image editors

Most digital cameras include free image-editing programs that can be used to improve the quality of the photographs they create. There are also some excellent free image editors whose features range from the most basic to fully professional tools comparable to Adobe’s Photoshop. However, I’ll focus here on what image editors can’t do.

Most digital editors allow you to make the dark areas of a photo lighter and the light areas darker. On the face of it, this seems like an easy way to fix photos that suffer from having some areas too dark and others too light.

Alas, it’s not that simple. You can indeed lighten the dark areas and expose more detail, but in the process those areas often become grainy and flecked. And when you try to darken the white areas, you may find that they stay white with no more detail revealed. The two images in Figures 1 and 2 are a rather extreme example of this phenomenon.

Figure 1. An image of fireworks on a bridge, prior to enhancing the lighting.

Figure 2. The same image with its light areas darkened and its dark areas lightened.

As you can see, it’s possible for a digital editor to recover some detail from dark areas, but it’s much more difficult to recover detail from white areas. This means that, when you take digital photos where the subject has a lot of light-and-dark contrast, you’ll generally have a better chance of improving the picture with a digital editor if your photo is on the dark side rather than too bright.

If your camera allows manual adjustments, try reducing the exposure. If it’s completely automatic, you may — if the light is good enough — improve the image by turning off the camera’s flash.

There’s a far better solution to this problem, however. It involves using advanced computer software.

New image editors improve picture balance

Figure 3. These three images show the same scene captured at different exposures by a digital camera.
__________

In the past few years, two new digital photo-processing techniques have become available to amateur photographers: high dynamic range (HDR) photography and tone mapping. Both techniques are related and indeed often combined.

The idea behind the technologies is to combine two or more shots taken at different exposures into a single photograph. If one photo is underexposed (too dark) and the other overexposed (too white), the computer can take the best information from each to produce a well-balanced composite.

I know what you’re thinking: “Why not simply take one photo that’s correctly exposed to start with?”

As I explained above, it’s not easy to do this with digital cameras when there are both very dark and very bright objects in the same scene. For this situation, HDR is an excellent solution.

Look at the examples in Figures 3 and 4, which are taken from HDRsoft’s Photomatix site. The three photos in Figure 3 were taken at different exposure levels and are combined into the single, superior image in Figure 4.


Figure 4. The three images are combined via HDR to create a single one with improved detail in both the dark and the light areas.

As you can see, the HDR composite has much better balance than any of the three photographs used to generate it. It’s also livelier and more appealing.

Taking two or more photographs at different exposures is not that difficult. In fact, many modern digital cameras have a feature called exposure bracketing that automatically takes a specific number of shots one after the other, each at slightly different exposure levels. Even if your camera doesn’t have this feature, you may be able to capture various exposures manually — providing, of course, that your camera has manual exposure controls.

For best results, you must use a tripod when taking your multiple photos. Still, acceptable results are possible if you hold the camera very steady.

Once you’ve taken the photographs, you need special HDR software to combine them into a single HDR photo. There are many HDR packages available, but before you buy any of them, try the free Qtpfsgui open-source package. (The name is derived from the Qt application framework and pfs back-end library, while gui stands for graphical user interface.) Qtpfsgui is all that most users will need; as a bonus, the program does tone mapping as well.

Qtpfsgui is available for Windows as a 3.8MB .zip file, which can be unzipped and run without an installation routine, or as a 9MB installer package. If you use the .zip version, you must also download a separate .zip file containing DLL files the program requires. Full details can be found in the readme.txt file included in the Qtpfsgui archive.

Please do try Qtpfsgui. Although free, it really is an outstanding program. Download your copy from the Sourceforge site.

Superficially, tone mapping works much like HDR, even though the underlying processing is quite different. Unlike HDR, tone mapping can be applied to a single image, though the results are usually inferior to those obtained using multiple images. However, if you don’t have multiple images, tone mapping is worth exploring. Just don’t set your expectations too high.

The best results I’ve obtained by tone mapping a single image were with Re-DynaMix, a commercial Photoshop plug-in (U.S. $16). You’ll find more information about the plug-in on the MediaChance site.

I suspect that Re-DynaMix is doing a lot more than straight tone mapping. As you can see in Figure 5, the resulting image is noticeably livelier and better balanced than the original. In many ways, the output is similar to an HDR image.

Figure 5. The Re-DynaMix plug-in for Photoshop improved the quality of the image on the left by applying tone mapping and other effects.

One thing’s for sure: HDR photography is here to stay. Indeed, the next generation of digital cameras is likely to include HDR processing in the camera itself. That’s fine, but personally, I like the flexibility of making the fine adjustments I want by using software running on my PC.

Ian “Gizmo” Richards is senior editor of the Windows Secrets Newsletter. He was formerly editor of the Support Alert Newsletter, which merged with Windows Secrets in July 2008.

Microsoft improves AutoRun and AutoPlay features

By Woody Leonhard By disabling AutoRun and changing the wording of the top entry in the AutoPlay dialog, Microsoft has made the forthcoming Windows 7 more secure without significantly inconveniencing Windows customers. The company also promises to make similar security changes in AutoRun and AutoPlay available for XP and Vista users, although it hasn’t yet said when this will happen.

The problems with how AutoRun and AutoPlay work

The Conficker worm, which was widely hyped in the last couple of months, illustrated a huge security hole in Windows’ AutoRun and AutoPlay functions. In a nutshell, AutoRun automatically executes instructions it finds when a removable drive is inserted, and AutoPlay automatically plays audio and video files. Either function can silently install malware if an infected disc or USB drive is used.

One major problem involved a small text file known as autorun.inf. WS contributing editor Susan Bradley’s March 5 Top Story explained some steps Microsoft has taken to mitigate the security threat. She also explained why the official fix fails to completely protect Windows systems. (The patch finally makes it possible for Windows users to easily disable AutoRun — not just appear to have turned it off — but the patch doesn’t actually disable anything.)

Last month, Microsoft announced on its Security Response Center blog that the company had decided to disable AutoRun in Windows 7. Microsoft has also changed the way AutoPlay works. The details, as provided on the Engineering Windows 7 blog, are a bit difficult to follow, but here’s how things stand right now:

As I explained in my Jan. 22 Top Story, a few well-written lines in an autorun.inf file on a USB drive, CD, or DVD can trick just about anyone into running a hacker’s program. Such a custom-made autorun.inf file causes Windows to display an option titled Open folder to view files at the top of the AutoPlay menu. (See Figure 1.) In reality, if you click this option, the hacker’s program will silently install rather than simply running a file viewer. It’s easy for users to overlook the fact that this option is located in the dialog box’s Install or run program section.

Figure 1. The Windows AutoPlay function allows a hacked autorun.inf file to say “Open folder to view files,” but in reality a malware program will be installed if the option is clicked.

The autorun.inf text file on the removable drive controls the options that appear in the AutoPlay dialog box. In existing versions of Windows, the file is executed whenever you insert any removable medium, including USB and U3 drives, CD and DVD discs, and SD cards (in other words, a camera’s memory card could infect any computer it’s been inserted into). The specific actions depend on which version of Windows you’re using and whether you insert a CD or USB drive. (See Table 1 for examples.)

Table 1. How versions of Windows react to autorun.inf on a removable drive.

What’s changed in Win7’s AutoPlay and AutoRun

In contrast to XP and Vista, whenever Windows 7 finds autorun.inf on a USB drive or SD card, it ignores the file. Nothing happens. You can create the most diabolically clever autorun.inf file in the history of mass infections, but when a user sticks an infected drive into a Windows 7 machine, the file won’t do squat. The AutoPlay dialog box doesn’t display any options from autorun.inf, and nothing runs automatically.

After inserting a USB or SD device while running Windows 7, users will have to hunt around and manually start programs. But that’s better than being offered an infected program on a silver AutoPlay platter.

Unfortunately, when Windows 7 finds autorun.inf on a CD, DVD, or U3 device, there’s not much difference from the behavior in XP and Vista. Win7 still shows an option from the file in the AutoPlay dialog box.

Figure 2 shows the dialog box that appears when I insert into Windows 7 RC a CD with a tricky autorun.inf file created according to the description in my Jan. 22 Top Story. Windows 7 doesn’t stop the bad program dead in its tracks, but the extra phrase Install or run program from your media (my italics) might be enough to give you pause.

Figure 2. In Windows 7, the “Install or run program” text adds the words “from your media,” which is slightly more informative than in XP and Vista, but a fake folder icon can still be displayed.

The new AutoRun/AutoPlay fixes in Windows 7 don’t work with so-called U3 drives, which are special USB drives with software that helps you launch programs.

If you insert a drive with the U3 launching system installed, Windows 7 assumes you inserted a CD and reacts accordingly. This means autorun.inf files on the “CD part” of U3 drives will display an option in the AutoPlay dialog, just as autorun.inf files on actual CD discs do.

The bottom line: U3 on USB drives makes it easier for malware to propagate. (WS associate editor Scott Dunn examined U3 drives in an Oct. 11, 2007, story and gave them a lukewarm review compared with other ways to carry portable software.)

The changes Windows 7 makes to USB and SD devices aren’t trouble-free. Some people will be put out by them. For example, PortableApps.com offers a program that makes it easy to place your applications and data on a USB or external hard drive. With the changes to AutoPlay and AutoRun in Windows 7, you’ll have to manually run the program; it won’t start itself. (For more information on the program, see the PortableApps vendor’s site.

Microsoft dropped the ball by letting an autorun.inf file on a CD or DVD take over the top position in the AutoPlay dialog box. MS needs to reconsider whether an autorun.inf file should be able to offer a deceptive icon that looks legitimate and trustworthy.

That said, one gaping hole has been filled: infected USB and SD devices won’t be able to spread malware as easily.

Safer AutoRun/AutoPlay coming soon to XP, Vista

Microsoft has already made these changes to Windows 7 — they’re in the Release Candidate that you may already have downloaded.

Just as importantly, Microsoft says it will release fixes for Windows XP and Vista that will make those OSes behave the same way. The company hasn’t yet said when the revisions will be available, but I’ll let you know as soon as I hear.

At the risk of sounding like a Microsoft fanboy, I say bravo to these changes. They’ll save some novice users from unpleasant surprises.

At the same time, there’s no reason for advanced users to rely on AutoRun or AutoPlay at all. Get used to launching programs from your file manager, and teach your co-workers to look at the contents of removable media before running anything. To disable AutoRun and AutoPlay completely, see Susan Bradley’s March 5 article.

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.