House Call 2012: Fixing a sluggish PC

Spring sale: Win7 and PC-maintenance guides

Get the two-volume Windows 7 set plus the PC Maintenance Guide for $19.90 Got PC Troubles? This three-volume e-book set gives a wealth of tips and techniques for making your PC run smoothly. No matter what your skill level, this collection will save you time and money — and we hope also minimize the stress that comes with maintaining PCs. The Windows 7 Guide, Volume 1: Setting up, optimizing, and using your Win7 system In Volume 1, you’ll learn about installing, upgrading, and optimizing Win7. It includes step-by-step instructions for making a solid backup of your new, fully tuned Windows system. And once you have Win7 singing, this e-book provides a profusion of tricks for working faster within Windows. Read more» The Windows 7 Guide, Volume 2: Troubleshooting, tuning, and securing your Win7 system Windows 7 is a significant improvement over Windows XP and Vista, but things can still go badly wrong. Volume 2 provides the tools and knowledge you need to never lose data again. It also covers advanced topics such as making Win7 play well with XP and Vista systems on a network, the pros and cons of HomeGroup, and improving overall network performance. Read more» PC Maintenance Guide: Simple effective tips for tuning, upgrading, & repairing your Windows PC Many of us still live in an XP/Win7 world. This e-book provides general information on keeping Windows PCs running smoothly. It also recommends useful third-party utilities that make PC computing easier and more productive. It covers important topics such as checking your PC’s overall health, keeping Windows and application patches up to date, and cleaning your system inside and out. Finally, it tells you what to do when your system has a digital meltdown. Read more» All subscribers: Purchase the three-volume set e-book set for only $19.90.

House Call 2012: Fixing a sluggish PC

By Fred Langa

It was a typical winter day in Seattle — gray, rainy, and raw — when I visited Windows Secrets reader Gary Nobel.

Gary’s system would occasionally slow “to a crawl.” I was there to find out why.

This was the first in a new series of House Calls, an occasional project where I visit a reader’s home or business and attempt to diagnose and cure real-life PC problems. The idea behind House Calls is simple: selected Windows Secrets readers and I collaborate to learn new techniques for analyzing, maintaining, and improving personal computers — which we then share with all Windows Secrets readers.

It works like this. Some months ago, I issued a call for volunteers for a personal, onsite, PC troubleshooting session. From time to time, I select one of the more interesting problems plaguing a reader — a problem that might apply to a wider audience. And rather than diagnose the problem remotely, I pay the reader a personal visit to his or her home or place of business — at my own expense. I do whatever I can in one day to solve the problem (or problems) and make the hardware and software run as well as it can.

Each House Call article, like this one, will explain what we found and how we fixed it. I hope that will give you the information you need to perform similar diagnoses and repairs on your system — or on systems you maintain for others.

The problem: Slowdowns with no clear pattern

When I asked for House Call participants, Gary Nobel sent this:

• “I have a desktop computer with a 2.5GHz Pentium Dual Core CPU and 2GB of system memory. I’m running Windows 7 Home Premium.

  “The computer occasionally slows down to a crawl. I think Outlook 2007 or IE — or both — might be involved. Rebooting solves the problem, but I have to reboot every few days. Sometimes I get the rotating ring with IE. Clicking the red X doesn’t close the window, and I resort to a forced close using Task Manager.

  “I run Microsoft Security Essentials and occasionally things like Malwarebytes and Ad-Aware. But they rarely find anything except cookies.”

Gary’s note caught my eye because it’s a nearly universal problem — almost everyone experiences unexplained PC slowdowns from time to time.

When a slowdown follows a clear pattern, it’s usually not too difficult to figure out cause and effect. But slowdowns that occur only occasionally — or have no clear pattern — are much tougher to track down. Finding the culprit in Gary’s PC would be interesting!

Figure 1. Seattle’s Gary Noble — and his problem PC

Also of interest, Gary’s system had 2GB of RAM. That’s well above the 1GB minimum Microsoft recommends for Windows 7 (see MS’s Win7 system requirements page) but smaller than the 4GB systems I typically use. Working on Gary’s system would verify that my recommended diagnosis and repair techniques are still valid for lower-RAM systems. (And I’d modify them if they weren’t.)

The first step is always a thorough tune-up

Junk files aren’t harmless. They occupy space and require servicing by the operating system — which tracks and indexes them, defrags them and backs them up, and more. Removing junk files reduces the operating system’s overall file-management burden and can improve performance.

To get the junk files off his system, Gary and I used the techniques described in the Nov. 10, 2011, Top Story, “Putting Registry-/system-cleanup apps to the test.” In particular, we used the enhanced mode of Windows Disk Cleanup plus the free version of CCleaner [site].

We then reduced the size of the system’s default recycle bin, Internet Explorer’s temp-files storage, and the System Restore area — three notorious space hogs whose voluminous contents can cause a system to bog down. (Need more info? See this Oct. 6, 2005, item.)

When we were done, Windows had about 1.4GB fewer files to keep track of — a nontrivial amount, for sure!

Small systems might need big pagefiles

Next, I poked through various system settings to see whether anything was amiss. Gary’s pagefile size caught my eye.

A pagefile (or swapfile) is a temporary scratchpad area on the hard drive that stores code and data when Windows is juggling more stuff than will fit into system memory. It lets Windows operate as if the system had more RAM than is actually installed.

But hard drives are usually orders of magnitude slower than system RAM, so any significant use of a pagefile always produces a performance hit.

Windows tries to compensate by keeping the most-used, most-essential code and data in system RAM and inactive and lower-priority code and data in the pagefile’s virtual RAM on the hard drive.

The proper sizing of pagefiles used to be somewhat of a manual, black-art task. But there’s no mystery to it anymore: as detailed on an MS TechNet page, Microsoft recommends that a pagefile be no less than 1.5GB on systems with 1GB or less of RAM and no less than the amount of RAM, plus 300MB, on larger systems. Note that these are minimums.

The default maximum is three times the amount of system RAM, but you can go larger — much larger. Windows 7 can support pagefiles as large as 16TB (assuming a hard drive had the free space). Clearly, Microsoft isn’t looking for minimalistic pagefiles. Windows needs room.

By default, Win7 sets its pagefile size at or near the RAM-times-three maximum, then automatically manages pagefile size dynamically — growing or shrinking the pagefile as needed.

In most cases, it works well. Since the advent of Windows 7, I’ve recommended leaving the pagefile defaults alone and letting the system manage it.

However, Gary’s pagefile settings were set by the OEM to a fixed, 3GB pagefile (150 percent of the amount of RAM in Gary’s 2GB system). That’s within spec — but at the low end. Aha!

That meant Gary’s PC had dual space constraints: its modest 2GB of system RAM and its smallish pagefile. Normally, Windows can use the pagefile as abundant virtual RAM. But when Gary used his system heavily, the virtual-memory system became saturated with read/write requests, bogging down the entire system with Windows’ data-swapping. In effect, the pagefile was a bottleneck, causing his PC to run at inefficient hard-drive speeds instead of high-speed RAM rates.

Gary’s system had plenty of empty space on the hard drive, so there was no reason to constrain the pagefile that way. We reset the system to let Windows automatically manage pagefile size. As the cited TechNet page states, it’s easy to do — via the Windows Control Panel or this handy, undocumented shortcut:

• Step 1. Click Start and type systempropertiesadvanced (with no spaces) into the Search programs and files box. Then press Enter.
• Step 2. Under the Advanced tab, click the Settings button in the Performance section.
• Step 3. In the Performance Options dialog box, click the Advanced tab.
• Step 4. In the Virtual Memory section, click Change. Then, tick the box to Automatically manage paging file size for all drives (highlighted in yellow in Figure 2).

  
  Figure 2. If you let it, Win7 will do a good job of automatically managing its pagefile.

Gary’s virtual memory system now had some additional elbow room. We hoped that would be enough to improve memory-use performance and prevent slowdowns.

A few more tweaks, cleanups, and tunings

Next, we stepped through Gary’s software and — via Window’s Uninstall or change a program applet — uninstalled several pieces of old software that he no longer used.

One gave us some trouble — some obsolete BlackBerry software that offered no obvious way to uninstall it. We eventually exorcised it from his system by a brute-force, manual deletion of the files, followed by use of a Registry cleaner to repair the damage.

We ran Windows Update, then installed and ran Secunia’s free Personal Software Inspector (PSI) (site) to make sure all his software was current.

At that point, the day was drawing to a close. We set Gary’s system to defrag itself (MS defrag Help), and I left feeling confident that cleaning and tuning his system — especially loosening the constraints on the pagefile — would at least ameliorate the occasional slowdowns his system experienced.

Follow-up: One more thing to do — an upgrade

A week or so later, Gary wrote to tell me:

• “Things seem pretty normal, except it’s taking longer than expected to start new programs. But there are none of the long waits for webpages in IE that sometimes used to happen.”

Gary and I discussed the new-programs, slow-start issue. I suspected it was related to limited system RAM. Each time he loaded an additional program, data and code would have to be swapped out of RAM to make room. Increasing the size of Gary’s pagefile meant his virtual-memory system was working as well as possible; the only way to reduce overall dependence on virtual memory is to increase the physical system RAM.

I recommended that he flesh out his system to 4GB, which is the maximum amount of RAM that 32-bit systems can access.

He wrote back:

• “I took your recommendation and did buy some memory. I am running quite well now, and I’m using your CCleaner and Windows Disk Cleanup routines regularly. Thanks again for your help!”

Some of the important takeaway lessons

There are three key points that came from this House Call:

• Cleanups work. Regular use of cleanup techniques, as discussed, will help keep your system junk-free and running lean.
• The Win7 defaults are mostly good. In fact, in the case of pagefile sizes, letting Windows manage things almost always yields better results than manual tweaks.
• RAM still matters. If you have a 1–2GB Win7 system, consider investing in another gig or two of RAM. At the time of this writing, a 2GB stick of RAM is in the neighborhood of U.S. $10-30. It’s money well spent!

Thanks, Gary, for letting us all learn from your system.

Stay tuned for the next House Call installment!

'Tell your beloved to uninstall his adapter'

By Kathleen Atkins

As with sniffles and bad moods in a family, if one householder has computer trouble, most likely it will spread one way or another to her relatives.

Lounge member sylviesinc thought IE 9 was responsible for failed connections to websites when she checked in to the Internet Explorer forum for assistance. Soon, she was benchmarking DNS servers — and soon after that, her computer was working fine again.

But along the way, her husband’s laptop lost connection — whereupon her Lounge advisor offered tips by proxy for the husband’s machine. Follow the trail of solutions, one by one. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board.

Glamorous Vancouver, B.C., can take a joke

By Kathleen Atkins We at Windows Secrets live in Seattle, which is practically next door to one of the most beautiful cities on the planet — Vancouver, British Columbia. But we think very highly of our city, too, which might explain why we’re eager to spread less-flattering (but true, of course) facts about Vancouver. Some of these you’ll find in this week’s video. But just so you know, Canadians made this video and thoroughly documented the stereotypes you’re about to see. Stylish Vancouver, stuffed to the skyline with civilized people of the British Commonwealth, can also laugh at itself!   Play the video

Safely send sensitive information over the Net

By Lincoln Spector

All too often, we send and receive sensitive information by unsecured e-mail, leaving us open to data and identity theft.

Fortunately, there are relatively easy and inexpensive solutions for transferring personal data over the Web to friends, relatives, and business associates.

A little inattention to security can be costly

A few weeks ago, my accountant e-mailed an early version of my tax returns — and sent them in an unprotected .pdf file. I wasn’t happy about that. He’d effectively put my private information (social security numbers, bank account numbers, and so on) up where anyone might find it. Fortunately, no harm was done.

We’re so used to sending everything by e-mail that we forget its shortcomings — one of which is that almost anybody can read it. Yes, using an https connection encrypts mail as it travels between PC and mail server, but then it might sit on a server, unencrypted. Moreover, messages typically pass through multiple servers and remain on those servers for extended periods of time. If you want to ensure your messages are secure from end to end, you’ll have to take extra steps.

I’ll discuss two solutions to this security problem: how to send encrypted e-mail that the recipient can easily decrypt, and a Web service that goes around e-mail.

Although I’ve never found the perfect solution to secure document transfers, I’ll give my view on what that solution might look like. But until it comes around, these will do.

The first problem is the person on the other end

In researching this article, I found a great many workable solutions well within the capabilities of most Windows Secrets readers. In the worst cases, I’d have to walk you through one or two somewhat unfriendly setup wizards.

But it’s one thing to tell you to download and install a program (and deal with creating and backing up public and private security keys) and quite another to have you do the same for some relative who panics when his browser opens a new tab — or for a business associate such as your accountant.

That means the solutions have to be simple, free, and — even better — already installed on both your system and the recipient’s.

Passwords are almost always the weakest link

You can protect your messages with the best encryption algorithms ever devised, but it’s still worthless if someone can easily guess the password. Cyber thieves have no shortage of tools for cracking passwords. The more common the word (such as a popular name) and the shorter it is, the faster it can be cracked. (Some of the most spectacular computer break-ins were enabled by unbelievably simple passwords — such as “Password1234.”)

The perfect password would be a long, meaningless string of numbers, punctuation marks, and upper- and lower-case letters. Swordfish is not a good password, but 5.ytT#0_xn0ATzQVN|_yeGk2+0vFC2]ndZ is — good luck trying to remember it.

It’s relatively easy to make secure passwords that are easy to remember. (For more on this topic, see Robert Vamosi’s Jan. 19 In the Wild story, “Lessons learned from the Stratfor files.”)

And then remember the second rule of password security: use a different password for each service and site you connect to. To make that task easier, you’ll want a password manager. I’m quite happy with Password Safe (info), but you can find others on the Net such as 1Password, Imation Personal, and RoboForm.

(For the third rule of passwords, see the Sept. 15, 2011, Best Practices story, “Passwords — don’t take them with you.”)

Software-based security: AES-encrypted ZIP files

Almost anyone who’s used a PC has compressed and decompressed .zip files. And most of us have e-mailed and received them from time to time. The ZIP format had password protection for years but without strong encryption. Which meant that a password-protected .zip file could be easily hacked.

Fortunately, that deficiency has been addressed. Most compression programs, such as the venerable WinZip (info), now support 256-bit AES encryption — a standard that’s essentially unbreakable, assuming you use a strong password.

To take advantage of this compression, both the sender and the recipient must have compression programs that support AES-256 encryption. A popular alternative to WinZip is the free, open-source 7-Zip (info; see Figure 1), and there are similar apps available for Linux and the Mac.

Figure 1. Setting high-strength AES-256 encryption in 7-Zip.

Unfortunately, the most common .zip program of them all, Microsoft Windows, doesn’t support AES.

One minor catch to this technique: the recipient will need the password to open the file — and obviously, sending it by e-mail is not ideal. You’ll have to dictate your password to the recipient over the phone. (Try verbally telling someone h0kgHM@d]_x%r6A@QOZRrwt^ while making sure that he gets it right.)

Web-based solution: To each her own password

If the recipient doesn’t want to install software, you can bypass e-mail and use a Cloud-based file-sharing service. Most of them still require a shared password, but here’s one that doesn’t: Sendinc.

You start by creating a password-protected account at the Sendinc site. Your recipients will also have to sign up for their own password-protected accounts. But you don’t need to know their passwords and they don’t need to know yours.

Sendinc is truly the no-brainer solution. It’s simple, and anyone who can surf the Web can figure it out (see Figure 2). The free version is good enough for almost anyone’s needs.

Figure 2. Sendinc has a simple interface for sharing files.

Here’s how Sendinc works:

You upload files you want to share via a secure, SSL Web connection (the same way you send your credit-card number to a retail site). Sendinc saves the file in an encrypted form on its server and sends designated recipients an encryption key in the form of an e-mail link. Before recipients can retrieve the files, they must sign in to their Sendinc accounts. According to Sendinc, it removes the file-encryption keys on its server after sending the link to recipients. So in theory, there’s no internal access to your files.

It’s all-around very good encryption, but not perfect. Between the time you upload and the recipient downloads, both the encrypted file and the key to decrypt it are on the Sendinc server. It’s possible, but not likely, that someone could hack the system during that time.

Not that this bothers me a whole lot. I now use Sendinc for personal business, for the simple reason that I’ve never encountered a recipient who had trouble getting the file.

With the free Sendinc version, files remain on its servers for seven days and there is a 100MB limit. (Message size is limited to 10MB — which is insufficient if you’re sending large digital images.) For a U.S. $5 monthly fee, single users get unlimited message retention, 2GB of storage, and a file size limited to 100MB. Sendinc also offers corporate accounts.

Wished-for solution: Easy public-key encryption

Public key-encryption (PKE) allows you to encrypt a message on your computer that the recipient — and only the recipient — can decrypt. And it doesn’t require a shared password.

When you set up public-key encryption, you get two keys — basically very long, very secure passwords. The public key encrypts data, but only a private key can decrypt it. Thus, you can safely share your public key with anyone.

Here’s how it works. Before you send a sensitive file to someone, you ask for her public key. When she provides it, you use it to encrypt the file. Then she uses her private key to decrypt the file.

The program that accomplishes this trick — Pretty Good Privacy (Wikipedia definition) — has been around for more than 20 years. Yet in all that time, apparently no one has developed a truly easy, universal way to use public-key encryption. Setting it up is always too difficult for the average user.

I don’t know why no one has already set up a service as easy as Sendinc’s but that uses public-key encryption. It would probably require some serious thought about usability — as well as a browser add-in to do the encrypting and decrypting locally. But those aren’t insurmountable problems.

While researching this article, I found one service — Senditonthenet (site) — that promised all this. Unfortunately, it’s still in beta and far from ready for use. When I tested it, it didn’t actually download the file onto the recipient’s computer. Yikes!

Easy public-key encryption will no doubt come. But until then, we’re left with solutions such as ZIP files and Sendinc. Although not ideal, they’re still far better than sending unencrypted, sensitive information while hoping it doesn’t cross the wrong path.

Targeted, but limited, attacks on text docs

By Susan Bradley

Microsoft’s most critical patch this month is one I recommend holding back on.

I trust that savvy Windows Secrets readers running custom line-of-business applications won’t open unknown Word documents.

MS12-027 (2664258)

ActiveX control vulnerability threatens RTF files

In its April 10 Security Research & Defense blog, Microsoft describes how a flawed ActiveX control in all 32-bit versions of Office allows attacks via malicious Office documents. The first examples of this exploit use RTF-format files.

The blog goes on to say that there have been limited attacks, so far.

Rated critical, this update also affects numerous other MS applications such as BizTalk Server 2002, some versions of Commerce Server, Visual FoxPro, Visual Basic 6.0 Runtime, and supported versions of SQL Server 2005 and 2008. MS Support article 2664258 has a long list of possible issues with the update.

I anticipate that some line-of-business applications might be impacted. The update requires searching your computer for .exd files and removing them from temp-file locations, so that your applications will work properly. I’d rather your business-application vendor guide you on this process.

► What to do: Search your computer for .exd files. If you have any, hold off installing KB 2664258 (MS12-027) until I can revisit this update in the next Patch Watch. For example, those of you running accounting applications based on FoxPro 9 or who use customized Office applications should hold back this update and not open unknown Word or text files.

MS12-023 (2675157)

A round of hotfixes for Internet Explorer

Internet Explorer updates seem to come about every other month, and they invariably fix attacks launched when visiting websites. This Patch Tuesday is no exception, but we also have several IE hotfixes. Even if you use Firefox or Chrome as your main browser, patch Internet Explorer — it’s an integral part of the Windows operating system.

This update impacts all supported versions of Internet Explorer, including the Developer Preview of Windows 8.

Here’s a summary of the hotfixes:

• KB 2688200: JavaScript “Access Violation” error in IE 9
• KB 2683391: Printing problem in IE 9
• KB 2678028: IE 9 failure with HTML elements embedded in Office apps
• KB 2659410: “Access Violation” error in IE 8
• KB 2688188: “Invalid Pointer” script error in IE 8

► What to do: Install KB 2675157 (MS12-023) when offered. All the aforementioned hotfixes are included in this one update.

MS12-024 (2653956)

Tampering with signed software installers

When downloading and installing software, most of us blithely click through the entire process. Fortunately, vendors using best practices safeguard software installation by having their code digitally signed. We see this as an installation message stating we can trust the software.

In most cases, that’s a safe assumption. However, attackers have recently found a technique for injecting malicious code into installers that does not break the digital signature. You have no indication or warning that you’re getting compromised code.

KB 2653956 is designed to plug that vulnerability. Rated critical, it’s for all current versions of Windows and Windows 8 Developer and Consumer Previews. (Note: some software-installer apps might fail after this update.)

► What to do: Install KB 2653956 (MS12-024) on all Windows platforms, from XP SP3 on.

MS12-025 (2656368–2656370, 2656372–2656374)

Another Patch Tuesday, more .NET updates

This will sound all too familiar to regular Patch Watch readers: a .NET update that might not go smoothly. For example, when I tried a test update on one of my servers, KB 2656373 (one of several patches in this update) failed the first time but installed just fine on the second try.

When .NET updates fail, you often have to either run a repair installation of .NET 4 or use the Aaron Stebner rip-out tool (site) to remove and reinstall .NET 2 and/or 3.5.

► What to do: Although this update is rated critical for most current versions of .NET, I recommend holding off until I can give the all-clear. For more info on the vulnerability and links to the specific patches, see MS12-025 (2671605).

MS12-028 (2596871, 2680317, 2680326)

New threat from malicious MS Works files

We don’t often see patches for Microsoft Works, which was installed on many retail Windows systems. But if you have Works 9, Works 6–9 File Converter (WFC), or Office 2007 SP2 installed, you should accept this update. Rated important, it prevents system attacks using doctored Works .wps files.

Office 2010 users might also see this patch — it’s not unusual to have Office 2007 and 2010 updates on the same machine.

► What to do: Install KB 2596871 (Office 2007), KB 2680317 (Works 9), or KB 2680326 (WFC) if offered. For more information and download links, see MS12-028 (2639185).

2553248, 2553267, 2553406, 2679255

Another pass on nonsecurity Office updates

Once again, Microsoft is pushing out Office updates that are not critical and not security-related. I typically suggest waiting a couple of weeks before applying these types of patches. Any problems they might have should surface in that time.

KB 2553248 fixes a problem with recurring meetings scheduled in Office 2010.

KB 2553267 and KB 2553406 are updates for the Social Connector, built into Outlook 2010. (For more on OSC, see the Nov. 18 Outlook blog.)

KB 2679255 is a patch for most current versions of Windows that corrects a SQL Server data-corruption problem.

► What to do: I’ll report any issues with these patches in the next Patch Watch column.

Adobe Acrobat and Reader get a Flash fix

Yes, we’re updating Adobe Acrobat and Reader again. But this time it’s for an excellent reason. As announced in Adobe Security Bulletin APSB12-08, Adobe uncoupled Flash from Acrobat and Reader in Versions 9.5.1. Both updated apps now use the Adobe Flash Player plugin typically installed on Mac and Windows systems (rather than the player component built into earlier previous editions of Acrobat and Reader).

This should make Adobe’s apps more resilient to attacks. It also means you won’t have to upgrade Acrobat and Reader every time there is a Flash update. Adobe plans to add Flash uncoupling to Acrobat X and Reader X in a future update.

In that same bulletin, Adobe noted that it’s moving to a monthly patch cycle, aligning its updates with Microsoft’s Patch Tuesday schedule. (Previously, Adobe was on a quarterly update cycle.) So expect more reminders of Adobe patching in the coming months.

► What to do: Ensure you have the latest version of Acrobat or Reader — either Version 9.5.1 or 10.1.3. Adobe’s April 10 Security bulletin includes download links.

Regularly updated problem-patch chart

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

The Patch Watch column reveals problems with patches for Windows and major Windows applications.

A vexing Web-browser security warning

Web pages that mix secure (https) and unsecure (http) elements are a problem.

Here’s how to reduce repetition of “Security warning: Do you want to view only the Web-page content that was delivered securely?”

Silencing those bogus HTTPS ‘security warnings’

Reader Keith Baldwin writes:

• “I keep getting a security-warning panel. It says, ‘Do you want to view only the Web-page content that was delivered securely? This Web page contains content that will not be delivered using an https connection, which could compromise the security of the entire Web page.’

  “This is very annoying. Can I disable this? How?”
  

It is indeed a bother, even more so when you realize that this particular error is often the result of nothing worse than sloppy website design or coding.

All recent versions of all major browsers let you safe-list or white-list or allow specific websites, though the methods vary somewhat. (Check your browser’s Help.) Here’s how in IE 9:

• Open Internet Explorer.
  
• Click the Settings icon (the gear) and select Internet options.
  
• When the dialog box opens, click on the Privacy tab.
  
• Click the Sites button.
  
• Type or paste the exact URL (Web address) of the site you wish to allow.
  
• Click Allow.
  
• Click OK.
  

You can turn off the warnings for all sites, not just for ones you believe to be safe. I don’t recommend doing that because you’ll stop valid alarms along with the false ones. But if you want to take your chances, there are two ways to disable the warnings in IE 9 (or use similar steps in other browsers).

► Or you can proceed even more globally. On the Security tab of Internet Options, change the Internet Zone to the lowest setting, which for some odd reason is called Medium (and which lowers other security options).

Reader needs to downgrade from Win7 to XP

Jessica Whitten’s in a bind.

• “My computer originally had XP, but the previous owner upgraded to 7 with what might have been a bootleg copy of the OS. I have a different, legitimate copy of XP. How do I go about downgrading my OS?”
  

Those two Windows versions are sufficiently different that you can neither upgrade directly from XP to Win7 nor roll back (or downgrade) from Win7 to XP.

To go back to XP on a Win7 box, you have to start over and give XP a clean slate to work with. Here are two ways to do this:

• If you have sufficient disc space, you can try dual-booting XP and Win7 — that is, installing XP alongside Win7 but in its own otherwise-empty partition. (Need help? See Lincoln Spector’s May 6, 2010, Insider Tricks article, “The absolutely safest way to upgrade to Win7.” Its instructions for setting up a dual-boot system work for downgrading, too.) This way, you’ll be able to copy files from the Win7 setup to the XP setup, keeping both operating systems available until you’re sure you’ve stripped the Win7 setup of everything you need.

• You can also make an image backup of the Win7 system. Then separately copy all user files and data to CDs or DVDs. Make a list of all the software you use and note all serial numbers, product keys, sign-ins, passwords, and so forth on the Win7 system. When you’re sure you have everything, reformat the drive containing the Win7 system and install XP from scratch.
  

Sorry; there’s really no other good way.

Win8 Consumer Preview on 2GB systems

Steve Zimmerman has a smaller laptop but would like to try the Windows 8 Consumer Preview (info page).

• “I am about to embark on a Win8 Preview VPC installation following the Windows Secrets instructions [March 14 Top Story, ‘Step by step: How to safely test-drive Win8’]. Thanks for taking the time to write the very detailed piece.

  “My only computer with sufficient HD space is my Win7 netbook. But it has only 2GB of RAM. Is that enough RAM to do the job and still have a functioning Win7 installation?”
  

It will be marginal, Steve, but it might work. Assuming there are no other issues, you should be able to assign 1GB to the virtual machine and have Win8 boot and run in that memory space.

When you’re done exploring Win8, shut down the virtual machine, and the 1GB you assigned to the VPC will be released for use by your Win7 system. Virtual machines consume RAM only when they’re actually running.

Reinstalling Windows on a RAID system

Jonathan Bello writes:

• “My Win7 machine completely blew up on me, and I’m having issues with Windows Update and Search. I’m contemplating using your methodology in Windows Secrets to reinstall the OS. [See the July 14, 2011, Top Story, ‘Win7’s no-reformat, nondestructive reinstall.’]

  “My [original Win7] install failed because I set up RAID 1 in the BIOS. Once I disabled RAID, the OS installed fine. I then created the RAID using Intel Rapid Storage. I’m wondering whether I should disable RAID again before the reinstall.”
  

As a general rule, the greater the complexity of an initial setup, the greater the risk that something will go wrong. I suggest setting up the OS on the simplest, nonRAID setup you can. After the OS is up and running properly, add back the complexity of RAID.

After your data is safely backed up off the RAID system, you can try installing the OS with RAID enabled from the get-go. If everything works, you’re golden. If it fails, you still have your off-system backups to rely on.

Is a router-based firewall all you need?

Jeff Sedlock asks:

• “I’ve read different articles about whether to have Windows’ firewall active when you have a hardware firewall on your router. I’d like to know what you recommend.”
  

I use both firewalls. In fact, I regard my local, Windows-based firewall as my primary defense. My router firewall works as a pre-filter that screens out the routine hack attacks.