Hide sensitive files with Alternate Data Streams

Hide sensitive files with Alternate Data Streams

By Scott Dunn Almost every small business and individual PC user has some sensitive or private files to keep away from prying eyes. If you’re running a modern version of Windows, you can use a little-known feature called Alternate Data Streams to hide your confidential files inside other files or folders.

What the heck are Alternate Data Streams?

For many years, a feature called Alternate Data Streams (ADS) has been supported by drives formatted as NTFS (Microsoft’s so-called New Technology File System, which is typical of Windows NT, 2000, XP, and later).

Using NTFS, which is an improvement over the older FAT-32 file system, data can be stored in a separate “fork” or “stream” of any file or folder. This makes Windows more compatible with Mac operating system files (which consist of a resource fork and a data fork). The separate stream can also be used to store other things, such as information you can enter on the Summary tab of some files’ Properties dialog boxes.

When data is stored in an NTFS stream, it is essentially invisible to Windows Explorer, text searches, and most of Windows’ other routine file functions. For example, you can store a 5MB .zip file inside the stream of a 1K text file. When you do, Windows Explorer still displays the size of the text file as just 1K!

Because streams are such an effective hiding place, some malware may try to hide in the NTFS stream of an otherwise innocent-looking file. Fortunately for honest Windows users, the “stream” portion of a file is lost during browser and FTP downloads. This means that streams aren’t typically used by malware to distribute itself, but to hide files within streams only after the malware has already infected your system.

Because NTFS streams are hidden from most Windows file functions, it’s a good idea to make sure that your antivirus software is capable of scanning for malware hiding in ADS. Major antivirus products, such as ZoneAlarm and McAfee Antivirus, have this capability.

If you have a legitimate reason to hide files — a parent who doesn’t want children or casual visitors to run across certain information, for example — you can easily copy any file into a stream using simple commands that are built into Windows.

It’s true that you can protect private information by converting it, for example, into a password-protected .zip file. But if this file can be seen by others, and has a name like ProposedMerger.doc, your co-workers could ask you to explain it or decrypt it. Or an intruder could use password-guessing tools to try to open the file, which could expose you to insider-trading charges. If the encrypted file is hidden within a stream, it’s less likely to be seen by casual users in the first place.

Removing or copying your data out of a stream requires special tools. Fortunately, these products are free and, as I explain below, easy to download and use.

How to create a file with a hidden stream

A simple example shows us how to hide an application inside a file stream. You can create a hidden application using a command prompt, in which file streams are always referred to using the format filename:streamfile. Armed with this knowledge, here’s how to add a stream to a file:

Step 1. To get a command prompt, press Windows+R (the Windows key plus the letter R) to open a Run dialog box. Type cmd and press Enter.

Step 2. Enter a command using the following format:

type file1 > file2:file1

where type is the old DOS command, file1 is the file to be hidden in the stream, and file2 is the file that will contain the stream. The redirection symbol (>) writes the contents of one file into another location. You may need to include the full path of the files involved when you enter the actual file names. Press Enter to create the resulting file.

Step 3. Type exit and press Enter to close the command window.

Example: To copy the Windows Calculator program into a text file named eula.txt in a folder named c:doc, use the following command:

type c:WindowsSystem32calc.exe > c:doceula.txt:calc.exe

If you use Windows Explorer to look at the eula.txt file (or the doc folder where the file lives), you won’t see any difference in its size. The only difference is that its date attribute will change to reflect the date when you executed the command. You can, of course, modify the date of a file using any of a variety of downloadable utilities.

You can launch the embedded program (and confirm that a working copy of the Calculator app has, in fact, been embedded into the stream of eula.txt) using Windows’ start command:

start c:doceula.txt:calc.exe

The start command is quirky in this case. You must include the entire path to the file2:file1 combination, even if you’re in the same folder when you run the command.

Unfortunately, Windows Vista apparently doesn’t support this use of the start command to launch apps hidden in streams. You’ll need to use one of the techniques described below, all of which work in all NTFS-compatible versions of Windows.

It’s not necessary for you to name the streamed copy the same as the original file. For example, in the case above, the stream version of Calculator could have been named eula.txt:xyz.exe and the app would work just as well.

Files aren’t the only resources that have streams. You can embed a file inside a folder. The following example embeds a picture file in a folder stream. In this case, the syntax is foldername:file1.

In the following command, note that the quotation marks around the paths that contain spaces are required:

type “c:My Picturesblue hills.jpg” > “c:doc:blue hills.jpg”

To confirm that the picture is there, I can launch it using Windows’ MS-Paint accessory:

mspaint “c:doc:blue hills.jpg”

As another example, if you embed a text file into a stream, you can open it with Notepad. If you stored a plain-text list of passwords in a stream, you could open it using a command like this:

notepad “c:doc:passwords.txt”

Unfortunately, not every application can read streams the way Paint and Notepad can. For instance, it’s easy to store a .zip file in a stream, but I haven’t found any application that can open it directly from the NTFS stream.

You can use this fact to improve the effectiveness of your hidden files. If your information is sensitive, put it into a .zip file and password-protect the file before copying it to a stream. Delete the original file, using a “wipe” program to destroy all traces of the original. (I discussed “shredder” utilities in my Oct. 18 story.)

Finally, use one of the tools described below to extract the hidden file the next time you wish to unzip it.

The hidden nature of the stream makes it hard to find and, if you use a long, strong password, your data will be safe even from a skilled attacker.

How to manage files hidden in data streams

You can easily copy, update, and delete files that you’ve stored in data streams. The trick is that, in some cases, you may need special software to do the job.

Retrieving a file from a stream

If you need to retrieve data from a stream, and you don’t have an application that can read the embedded file type (such as .zip), the free command-line tool called Cat is very useful. You can download it from the DarkSquall Web site.

Cat is only 92KB and requires no installation or decompressing. Just put it in a folder of your choice and run it from a command prompt. To copy data out of a stream, for example, use the following syntax:

cat filename:streamfile > streamfile

Naturally, you may need to supply the paths for each file.

Example: To extract a file named diary.zip that has been embedded in the status.doc file, your command line might look like this:

cat “c:docstatus.doc:diary.zip” > “c:my stuffdiary.zip”

Note that this only copies the file. It doesn’t remove the stream. The original diary.zip file is still embedded in status.doc.

Updating a file in a stream

To update a file, first make your changes in a normal copy of the file. Second, use the type command, as explained above, to insert the updated copy into your hiding place.

The updated file will overwrite any existing one that has the same name in the stream, and you’ll see no warning of that fact.

Locating and deleting files in streams

If you have Windows Vista, the dir command has a new switch (/r) that shows which files in a folder have stream data. At a command prompt, just type dir /r and press Enter.

However it’s much faster to use a utility like ADS Spy from the SpywareInfo Web site. This utility works in Vista and also in XP.

Like Cat, ADS Spy requires no installation; just copy its executable file from the downloadable .zip file and put it in any folder.

ADS Spy has an option to ignore common, legitimate uses of streams, such as the “Zone Identifier” found in files downloaded using Internet Explorer. This means you can look only for files whose data streams contain suspicious or unexpected content.

ADS Spy can also delete the streams of any files you select in its search results.

Beware of accidentally deleting streams

Using the type command with a redirection symbol, without specifying any stream, deletes any data that may have been in the stream. For example, the following command creates a copy without any streams:

type original.doc > backupcopy.doc

If you then use a “wipe” utility on the original copy of the file, any data that may have been in the stream will be permanently destroyed.

Many common ways of handling a file that includes a stream will also delete the stream from the resulting copy. For instance, no stream data will survive when you copy a file to a FAT-32 drive (which includes most flash drives) or you e-mail a file as an attachment.

Other tips for hiding files with ADS

Here are some other things to keep in mind when using the ADS feature to hide sensitive materials:

• When hiding data inside a file or folder, be sure the file or folder you’re hiding things in is not likely to be deleted by anyone using your computer.

• You can add more than one file to a single file’s stream. Just use the type command for each item you add.

• Remember that the type command copies (rather than moves) data into a stream. If you’re hiding a file in a stream, remember to wipe the original once the copy is in its hiding place.

• Don’t use this hiding technique on the only copy of any file you can’t afford to lose. It’s best to use this trick to protect copies of files that might easily be lost or stolen, such as on laptops. Test the procedure and make sure you’re comfortable with it before you take any risks with important files.

• If a file or folder contains a stream with material you’re hiding, don’t e-mail it or move it to a non-NTFS disk. Doing so will destroy the stream. Many backup programs will fail to preserve the stream in the backup copies, as well.

• As an added precaution, keep the ADS tools mentioned here (Cat and ADS Spy) on a separate disk or flash drive so anyone snooping on your machine doesn’t use them against you. These applications are small and will easily fit on removable media.

Privacy is a big concern for many users. Snoopers can’t pry if they never see your private files and can’t decrypt the information if they do. ADS provides one more technique for preserving data for your eyes only.

Reader Rand New will receive a gift certificate for a book, CD, or DVD of his choice for suggesting this topic. Have a tip about Windows? Send us your comments via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine’s Here’s How section.

Microsoft to cut WGA 'kill switch' out of Vista

By Brian Livingston Microsoft has announced significant changes to its trouble-prone Windows Genuine Advantage technology, beginning with the upcoming Service Pack 1 for Windows Vista. Unlike Vista’s behavior today, WGA will not disable functions of Vista SP1 if the instance is seen as “nongenuine,” but will instead merely display hourly nag screens inviting users to buy another copy.

Reduced-functionality mode proves problematic

Microsoft announced its changes in WGA only days after Windows Secrets associate editor Scott Dunn published a lead story on Nov. 29 describing problems that have remained in the technology since it was introduced. Among other issues, numerous reports of valid copies of Windows being misidentified by WGA have surfaced. More than 500,000 “false positives” are acknowledged in Microsoft’s own figures, according to a Computerworld article by Gregg Keizer published almost a year ago on Jan. 23, 2007.

Currently, if an instance of Windows Vista is found by WGA to be “nongenuine,” a number of features are disabled. This includes the Aero user interface, Windows ReadyBoost, and portions of Windows Defender.

If users don’t resolve the matter within 30 days, “reduced-functionality mode” takes over, crippling nearly every Windows function except the browser. This is also known as the Vista “kill switch.” This mode continues for an hour, after which the user is logged out without warning. (WGA is often downloaded and installed by XP users, too, who are required to run it to get some Microsoft downloads. But the negative consequences of failing WGA validation are not as severe as with Vista.)

The Draconian measures will be history for those who install Vista SP1, which is expected in the first quarter of 2008, according to a report in Computerworld.

Under the new scheme, rather than losing some features, a “nongenuine” instance of Vista SP1 will start up with a black screen and a dialog box prompting users to “activate” the operating system or postpone activation to a later date.

Users who choose to postpone will be able to log in and use all of the Vista features, although the desktop background will remain black. Thereafter, users will receive pop-up prompts every hour to complete the activation process. The background will also revert to black if the user changed the color.

The changes are based on feedback from some of Microsoft’s largest customers, many of whom reportedly won’t upgrade to Vista until SP1 is released.

In addition to the change in reduced-functionality mode, SP1 will also attempt to prevent two common hacks that are designed to get around requirements for Vista product activation and WGA validation:

• One trick, known as the OEM BIOS exploit, fools Vista into thinking a computer’s motherboard came from a recognized Microsoft OEM system builder, such as Dell, which doesn’t require activation.

• Another hack, the Grace Timer exploit, resets to a later date (such as 2099) the deadline when Vista will require activation.

“SP1 will include updates that will target those exploits and disable them,” comments Michael Sievert, corporate VP of Windows product marketing, in a Microsoft press statement. Sievert also says the changes will be part of Windows Server 2008, to be released next year.

Although the company’s goal is to combat privacy, Sievert says, “we always want to be mindful of our customers and their experience with Windows, and operate the WGA program to be as responsive as possible to feedback we hear.”

WGA and product activation hit ‘personal use’

In my view, it’s questionable whether product activation and WGA validation, as practiced by Microsoft, are more of an inconvenience for mass pirates or legitimate, individual users. True large-scale pirates know how to produce thousands of copies that will validate (at least long enough to sell the copies to hapless consumers). Product activation, as it’s implemented in Windows, is primarily designed to keep families from purchasing one copy of Windows and making a second copy on a kid’s PC.

For hundreds of years, buyers have enjoyed a legal right to make copies of copyrighted works for personal use only, as I previously described on Mar. 8, 2007. Honoring this principle, various versions of MS Office permit up to three copies to be validated. Windows, which is used by far more people than Office, has never observed a fair-use exemption.

The very fact that I need to use the redundant term “mass piracy,” when what I mean is “piracy,” shows how far lawyers for Microsoft and other large software companies have come in redefining fair use as piracy. By definition, copying isn’t piracy unless it’s done in quantity and for commercial gain. But this isn’t what we hear in the mainstream media about piracy, because Microsoft has a long-running campaign to make personal-use copying of a product that a family has legitimately purchased seem to be piracy.

For this reason, I don’t consider it accurate to call WGA an “anti-piracy” technology (which is the tagline written into most press accounts). It’s certainly an “anti-copying” tool, to use a neutral term, but is arguably more of an “anti-fair-use” scheme. Windows should be seen as improperly restricting age-old consumer rights that have long been explicit in copyright laws.

In addition to the philosophical concerns, product activation causes serious technical problems as well. Both XP and Vista require a new activation round when too many hardware changes are made over time. This has caused many systems to go into shutdown mode simply because of routine modifications. (If this ever happens to you, calling the 24-hour number that Microsoft displays and explaining your situation will usually get you a new activation code, gratis.)

In my opinion, Microsoft has lost more in sales due to the hassles of product activation — and loses more money on telephone support — than it gains by preventing fair use (personal-use copies) by families.

Have a tip on Microsoft Windows? Send us your comments via the Windows Secrets contact page.

But, my mom said I could!

In real estate, location is important. In the stock market, patience is key. When asking your mom if you can take a chainsaw to school to cut your desk in half for show-and-tell, timing is everything! The little boy in this hilarious French advertisement has asking for things down to a science. If only he knew what his mom was really agreeing to! Play the video

The secret life of 3D Pinball

By Woody Leonhard Of all the features in Windows XP that have gone missing in Vista, many of you most lament the passing of 3D Pinball. Really. Well, strap on your pearl-handled phasers, Space Cadet: here’s a holiday treat that can help you cheat and hack 3D Pinball to your heart’s content in both XP and Vista.

How 3D Pinball became so popular

Windows 3D Pinball Space Cadet started out as a state-of-the-art 3D game called Full Tilt! Pinball, from Cinematronics LLC, way back in 1995. Maxis swallowed Cinematronics in 1996, and Electronic Arts bought Maxis in 1997. If you look closely at the lower left corner of the Windows 3D Pinball window, you can still see the name “Cinematronics,” and “Maxis” appears in the lower right corner. (See Figure 1.)

Figure 1: 3D Pinball is a classic Microsoft PC game, but it isn’t included in Windows Vista — unless you know the secret.

Microsoft bundled a scaled-back version of Space Cadet, one of the Full Tilt! playing fields, in the Windows 95 Plus! Pack, thus contributing to a worldwide glut! of! exclamation! points! in the mid! 1990s.

Windows 3D Pinball Space Cadet proved quite popular at the time: some folks (present company included) felt that Pinball was the major selling point for the Plus! Pack.

Microsoft shipped 3D Pinball Space Cadet in Windows 98, Me, and XP, but somehow neglected to include it in Windows Vista. Many of you tell me that it’s just another example of the “downgrading” of Windows, a lump of coal in the Vista stocking. You can grouse about the Grinch, if you like, but — at least in this case — you can get your Pinball back.

How you can port Pinball to Vista

Microsoft won’t tell you this, but it’s easy to get 3D Pinball to work with Vista. On every Vista computer I’ve seen, you just have to copy the program from a Windows XP (or 2000, 98, or Me) computer to Vista. While the legalities may vary, depending on where you live, if you own a copy of Windows XP, and you own a copy of Vista, it’s highly unlikely that the Software Police will come knocking at your door.

Step 1. On any Windows XP computer, click Start, My Computer, and navigate to C:Program FilesWindows NT.

Step 2. Copy the folder called Pinball to any convenient location — a USB drive, or if you’re on a network, into the Vista computer’s Public folder. You can even zip up the contents of the folder and e-mail it to yourself.

Step 3. On the Vista computer, log on with an administrator account, then copy the Pinball folder to some appropriate place. I put mine in C:Program FilesMicrosoft Games. You have to suffer through several User Account Control hiccups.

Step 4. When the folder’s in its new location, double-click the Pinball folder and locate the file called pinball.exe. (You do have Windows showing filename extensions, right?) In Vista, click Start, Games. Then click and drag pinball.exe into the Games folder.

From that point on, any time you want to play 3D Pinball Space Cadet on your Vista computer, click Start, Games, and double-click Pinball. Easy.

Knowing the 3D Pinball rules helps to break ’em

If you’ve never played 3D Pinball Space Cadet, it’s easy to get started. Hold down the space bar to launch the ball. Press z for the left flipper, / (slash) for the right. Press x to nudge the bottom of the table to the right, . (period) to nudge to the left, and the up arrow to nudge the whole table up. If you nudge too much, you’ll tilt. Just desserts and all that.

While you can flip the flippers and bump the bumpers to your heart’s content, you may be surprised to know that 3D Space Cadet Pinball includes a sophisticated scoring strategy. Shooting targets in specific sequences dramatically increases your score, and the most advanced players try to progress within the ranks, from Cadet to Fleet Admiral.

You can see many of the rules for playing 3D Space Cadet Pinball by hitting F1… unless you’re using Vista, in which case the F1 help doesn’t, uh, help. Vista doesn’t include the old compiled Help reader — another bugaboo of the “downgrade” contingent.

Fortunately, you can still download from the University of Bristol Web site the original rule book in Word format. It goes way beyond the F1 help.

The real fun lies in cheats and hacks

Windows 3D Pinball has so many documented cheats it’ll make your head spin. The most extensive compilation I’ve found is on the GameWinners Web site.

There’s one cheat that outclasses them all: when you start a new game, as soon as the screen comes up, type

hidden test

and press the Enter key. You can then click and drag the ball all around the table: your mouse can help you hit targets, roll over the rollovers, dive down the chutes. It’s a great way to learn how the table works.

While you’re in “hidden test” mode, you can use the mouse, play normally, or:

• Type R to raise your rank one level — Cadet to Ensign to Lieutenant, Captain, Lt. Commander, Commander, Commodore, Admiral, or Fleet Admiral;

• Type H to set anyone’s high score to 1,000,000,000 points;

• Type B to get a new ball, even if you’ve used ’em all up.

How to go way beyond 3D

As you might imagine, there are plenty of free pinball programs out and about. I particularly like Chris Leathley’s free Future Pinball, which lets you build your own tables and adorn them in multitudinous ways. WildSnake Pinball has free demo versions and several interesting settings.

But I’m still partial to 3D Space Cadet. With the holidays coming up, you might sneak a copy onto that USB drive you take when you visit the family. Never know when you might find a dull Vista machine that could use a little sprrroooing!

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

Use Process Explorer to dig into your system

By Ryan Russell Microsoft’s Process Explorer tool is a convenient way to find in one spot a lot of information about running processes. In the last several months, I’ve covered in this column a lot of commercial and canned tools. Now I’ll show you how to explore on your own.

Process Explorer: like a microscope into your PC

Microsoft’s free tool, Process Explorer, is highly useful for examining programs running on your Windows computer. This is one of the many great tools Microsoft got when the Redmond company acquired Sysinternals and its main developers. PE works on Windows 9x, NT 4, Windows 2000, and later operating systems, including 64-bit and Itanium versions.

Unlike tools that scan your hard drive — looking for problems, out-of-date files, Startup items, and so on — Process Explorer concerns itself with processes that are currently running in memory.

Figure 1. Process Explorer shows running processes and child processes.

At a glance, PE provides easy-to-view information about each process, such as the executable name, description, process ID, and how much CPU each process is using at the moment. The default sort (by process) shows a tree view, which indicates which process launched other processes. You can right-click any given process and kill it (along with its child processes, if you wish). You can also change a process’s priority or run a Web search for information on it. The latter step is extremely handy for doing research on processes you don’t recognize.

If you have Microsoft’s development tools installed, such as the company’s Visual line of coding environments, you can also connect a debugger to a process or check its DLL dependencies. But the most useful item from the right-click menu is Properties.

The real power of PE: examining properties

Windows keeps track of tons of information about every running process. Every new version of Windows tracks more. For example, if you open the properties of a process, Process Explorer will show you what directory, filename, and with what command-line the process was run. This is immediately useful for helping to identify programs you aren’t familiar that are running on your system.

You can get a bunch of performance info, which is useful for identifying problems with a leaky application. You can find out about a program that’s communicating on your network — for example, which ports it’s using — and you can see what kind of security rights it has.

Here’s an example of one of my favorite uses: If you’ve ever looked at your process list, you know that you have any number of svchost.exe processes running. These correspond to various services you see in your Services control panel. The problem is that there might be anywhere from 1 to 20 services running under each copy of svchost.

Process Explorer will crack these open for you. If you’re following along, just right-click on any instance of svchost, select Properties, and click the Services tab. PE shows the services running under this process. If a process has spun out of control, experiment with stopping processes one at a time (if they are still coherent enough to allow termination) to narrow the problem down.

You can learn more about svchost in the Sept. 28, 2006, issue of LangaList, which became available to Windows Secrets subscribers when the two newsletters merged later that year.

Find out what processes are using your resources

Most Windows users have tried to delete or rename a file or directory, only to be told, “That resource is in use.” Process Explorer can help here as well. Under the Find menu, select Find Handle or DLL. In the dialog box that appears, you can type in full or partial names, and Process Explorer will search the running processes to see which ones may be holding that resource open.

This is one of the many items that Windows keeps track of on a per-process basis in order to perform standard housekeeping functions. Process Explorer makes this information convenient to find.

I’ve only scratched the surface of Process Explorer so far. In future columns, I’ll show you how to use this and other tools to track down rogue processes on your system. If you’d like to follow along with this series, I invite you to download the tool and try it out.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Service Pack 1 for Office 2007 now due Dec. 11

By Susan Bradley Despite recent statements by Microsoft that Service Pack 1 for MS Office 2007 wouldn’t ship until “early 2008,” it’s just been announced that the huge download will actually be released on Dec. 11, to the surprise of many. If your company makes any use of Office 2007, you need to look into the details of this upgrade and prepare yourself for any issues it may pose.

Office 2007 SP1 is comin’ atcha Tuesday

It seems like this is service pack season, not just the holiday season. Because of important upgrades for two Microsoft technologies — Office 2007 and .NET — I’ve written a special, short Patch Watch today to give you fair warning.

Microsoft announced this week that Service Pack 1 for Office 2007 will be released earlier than expected on Dec. 11, as described by the Redmond company’s Upstate NY technology blog.

Thankfully, Microsoft has listened to concerns from its customers. The service pack will not be automatically deployed to end users on Patch Tuesday this month, although SP1 will be released to the public on that date. Whew! That service pack, plus everything else we can expect to come out on Dec. 11, could have been a giant headache.

I, personally, plan to manually install SP1 on several test workstations. After that, I hope to widely deploy it as soon as possible, as it’s expected to include many much-needed performance benefits. But I’m very glad SP1 won’t be offered to people via Microsoft Update on the same day that I’ll be devoting to testing the new security patches.

If you have some test workstations, I recommend that you manually start your testing early — as soon as SP1 is released on the download site. But, as with any service pack, don’t immediately deploy SP1 to your production systems. Service packs should always be tested first. I’ll let you know in a future column what my testing of this service pack reveals.

.NET service packs present tricky problems

The patching of .NET is never my favorite thing. Historically, we’ve seen quite a few issues when installing these upgrades. Some folks have even needed to uninstall .NET completely and then reinstall it to get the patches to work.

Service Pack 1 for .NET 2 and .NET 3 were recently released for deployment via WSUS (Windows Software Update Services) and Microsoft Update, as described in Knowledge Base article 929300. In case you have any issues installing either of these service packs, read KB 908077, which contains recommendations on how to fix the problems.

You may be running a version of .NET without knowing it. You would probably remember it if you manually installed .NET to get some feature, such as Microsoft’s SharePoint server, which supports shared documents. But .NET may have been added to your system, without you seeing a specific notice, when you installed a third-party application such as QuickBooks 2008.

I will be installing the two .NET service packs manually and not right away. I would urge you, too, to hold off a bit until we see how well these packages are doing. Service packs should not be rushed, but tested. I’ll let you know any news in my next regular Patch Watch column on Dec. 13.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.