How to get Windows software at half-price

How to get Windows software at half-price

By Scott Dunn Despite hacks and cracks you can find on the Web, the only legitimate way to run Windows XP or Vista is to purchase a licensed copy. But you can get copies at half-price or less using “educational discounts” — and qualifying is a lot easier than you may think.

Even kindergartners qualify for discounted software

The good news about educational software discounts is that you usually don’t have to be a full-time student to qualify (although you must have some link to education).

For example, Academic Superstore offers its discounts to students and parents of students currently attending classes from kindergarten through college, as well as faculty and even janitorial staff of a K-12 or university. For students beyond the K-12 level, many retailers require that a student be enrolled in a degree-granting program, not merely taking a single class or seeking a certificate.

Academic Superstore is the only seller I found that specifically mentions parents. But almost all such sellers provide discounts for students as young as kindergarten age. (And how many kindergartners have credit cards?) The fact that parents can purchase for students is merely implied, in most cases. For example, Campus Tech lists among its qualifying documents a parent’s ID for students K-12.

Most sites selling academic software will accept home-schooled students as well.

Some retailers offer discounts for other nonprofit organizations that aren’t strictly schools, such as public museums and libraries. These offers apply to most, but not all, discounted software. Some institutions, such as nonaccredited schools, hospitals, and training centers are specifically ruled out, depending on the software publisher. Furthermore, such institutional discounts usually only apply to volume purchases, although “volume” means as few as five copies, in some cases.

Generally, stores that give these discounts are following the policies of the software publisher. Microsoft has made its eligibility requirements available on its Web site, as has Adobe.

Several retailers offer education-discounted products

Many software publishers provide dramatic discounts on their products for educational purposes. These include popular products such as Microsoft Office as well as Adobe Acrobat and others.

Discounts on Windows itself are the hardest to come by. Windows XP Professional (with Service Pack 2) and Vista Business Upgrade are available at steep discounts (U.S. $27 and $62.50, respectively, from CCV Software, compared with $299 and $200 list.) But these prices are only granted to academic institutions, not to individuals, via Microsoft’s Open License volume sales program.

However, individuals with the right credentials can easily get educational discounts for Windows XP Professional Upgrade (with SP2) and Windows Vista Home Premium Upgrade. I’ve found the following academic discounts:

• XP Pro SP2 Upgrade: $86 to $117 (compared to $192-239 street)
• Vista Home Premium Upgrade: $65 to $90 (compared to $146-167 street)

At least one online reseller asks for no documentation at all. A pop-up message at VioSoftware.com says, “We do not require any proof that you will be using academic software for academic use, nor does the manufacturer.” Examples:

• Office 2007 Pro Academic Full: $200 (compared to $500 list)
• Office 2007 Standard Academic Full: $180 (compared to $400 list)

At roughly half off list price, VioSoftware is not the cheapest seller of academic software. But it still offers prices well below retail versions.

The software sold at these discounts is the same as any you would buy in a retail store. In most cases, you are limited to buying a single copy. And you must meet the documentation requirements.

How to document your claims

Unlike ordinary retail purchases, buying software using an academic discount usually requires that you document your eligibility. Most sites require that you mail, e-mail, fax, or upload a .gif or .jpg image of the necessary documents. These typically include one or more of the following: student or faculty ID (showing current semester or year), copy of current class schedule, registration receipt, letter of enrollment or employment on letterhead, recent report card, recent pay stub, or recent teaching contract. Many stores keep your documentation on file for a year (or until the dates on the documents expire) for future purchasing.

Qualifying documents for home schools and their students may be harder to come by. Letters from state departments of education, local school boards, or school districts recognizing the home school are likely to be accepted. In addition, it may be useful to have receipts of purchases of a home-school curriculum from a nationally recognized provider of these products.

Where to shop for academic discounts

Using your favorite search engine, you should have no difficulty finding software retailers that offer academic discounts. The ones I’ve found that have the best prices and selection are, in alphabetical order:

• Academic Superstore
  Campus Tech
  Creation Engine
  CCV Software
  JourneyEd
  School World
  VioSoftware

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

More ways to prevent phantom devices

By Fred Langa Windows Secrets readers are talented ghostbusters! That’s been proven time and time again in the Windows Secrets reader mail, and was shown once more in the discussion on preventing and removing phantom devices.

Reader tips on eliminating phantom devices

You folks are great! After every issue, suggestions, and questions flow through our Web-based contact form. (Incidentally, if you send in a tip or trick that we print, you’ll receive a $25 gift certificate good for a book, CD, or DVD from Amazon!)

This week, I received additional info that amends my discussion on the items "Keep phantom devices at bay" and "Restoring the HotPlug Manager," both of which appeared in the Apr. 5 issue.

Several readers (Rick Winterton was the first) suggested that another way to safely remove a USB drive (and thus prevent it from appearing as a left-behind ghost item in the Drives listing) is to right-click a removable drive and select Eject from the context menu. Indeed, this can work, albeit not quite as reliably as the methods we previously discussed. Only some USB drives respond to an Eject command (I have a couple of Flash drives that won’t disconnect that way), and most other USB devices simply ignore the command. But, if the normal, officially sanctioned methods aren’t available to you, it may be worth trying the Eject option.

Reader Larry Hoium also pointed me to a Knowledge Base article I’d never seen before. It’s KB 315539, which describes an obscure XP command:

set devmgr_show_nonpresent_devices=1

That command allows the View/Hidden Devices menu in Device Manager to list not only currently connected hidden devices, but also hidden devices that have been connected to the system at any time. Any ghost devices that are shown can then be uninstalled directly through Device Manager itself.

Figure 1. KB 315539 shows you how to force Device Manager to display hidden devices that once were connected to the system, but that are not currently plugged in. In this example, note the three grayed-out drives, which Device Manager normally would not show at all.

Thanks Rick, Larry, and all who wrote in! Keep those e-mails coming!

How to get 130+ browser shortcuts free

Those of you who’ve read Brian Livingston’s excellent Windows Vista Secrets book have probably noted the references to keyboard shortcuts — those special two- or three-keystroke combinations that let you perform an action or access a software feature much faster than wading through the menus.

For example, you almost surely already know that Alt+Tab lets you switch among open windows faster than by accessing the same windows via the Taskbar. But there are probably dozens or even hundreds of other time-saving shortcuts that you may not know about!

Brian’s Vista book covers everything in Vista, including IE 7, and he lists IE 7 keyboard shortcuts on pages 487-489. If you’re using Vista, that’s the place to go for the best information.

If you’re not running Vista, but are using IE 7, then you should take a look at TechRepublic’s PDF download 60 keyboard shortcuts to move faster in Microsoft Internet Explorer 7. Note that free registration is required.

If you’re using Firefox, then 70+ keyboard shortcuts to move faster in Mozilla Firefox will be of interest to you. It’s also available for download after free registration.

Patch cord saves USB headaches

In this and other recent issues, I’ve discussed some of the software-based problems that can befall USB devices. But it’s worth mentioning another, purely physical danger that can totally cripple a USB device: wear and tear on the USB plugs and sockets themselves.

I’ve seen this mostly in Flash drives: Unless they’re plugged in to and pulled out of USB sockets with great care, repeated off-angle insertions and removals can stress the plugs and sockets, causing them to flex. In time, the internal electrical connections can break, leaving you with a dead socket. Unless you have the skill and inclination to open the case and do some very delicate soldering, the socket is gone for good.

An inexpensive "patch cord" can help. A patch cord is a kind of USB extension cord: a length of cable with a USB plug on one end and a socket on the other. Because the cord is lightweight and flexible, it’s much easier to align to the permanently mounted plugs and sockets on your PC and USB devices. Sometimes, you can even leave the patch cord connected to your PC, so all the wear and tear happens on the inexpensive patch cord’s socket, rather than the harder-to-replace PC’s socket.

Almost all electronics retailers sell USB patch cords, and they can cost as little as $2 for the shorter lengths. If you frequently plug in and unplug your USB devices, a patch cord can be cheap insurance!

Another way to tune your Internet connection

An item on semi-automated Internet connection tuning in the Mar. 15 issue generated a great reader suggestion on a nearly fully automated method. That tip appeared in the Apr. 5 issue.

Yet another good suggestion comes from reader Vuong Phung. He recommends an incredibly detailed manual method described in the Navas Cable Modem/DSL Tuning Guide. The benefit of the manual method is that you have complete control over every variable and can fine-tune your connection parameters to whatever degree you wish. It’s a more laborious way to tune, but one that gives you the ultimate in flexibility and adaptability.

So now, with a full spectrum of free connection-tuning options available — manual, semi-automated, and fully automated — we all should be able to find a solution that delivers the best-possible performance from our Internet connections.

Thanks, Vuong!

Fred Langa is editor of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

Summertime and the living is tasty

Summer is coming, and for many folks that means time for a barbecue! Leave it to the folks at Neatorama to round up the “Ten Coolest BBQ Grills.” The offerings range from gigantic and industrial to artistic stone or ceramic. For tailgate parties, there’s the Swing-A-Way grill that attaches to the back of your truck. For real power, check out the Hemi engine-powered grill whose V8 engine can roast 240 hot dogs in three minutes. More info

Vista SP1 is coming, but not anytime soon

By Mark Joseph Edwards Microsoft is busy working on Vista Service Pack 1, and while the company would prefer you not know about it right now, there is some advance insight available. This week, I show you where to get a sneak peak into what Vista SP1 is likely to contain.

Vista SP1 will fix dozens of problems

Any time new software is released, you can bet your bottom dollar that a number of patches and updates will be released sooner rather than later. This happens because there’s no way for a software developer to test all possible usage scenarios in advance, and because developers make mistakes. It’s as simple as that.

Microsoft is busy working on Service Pack 1 (SP1) for Windows Vista, which will undoubtedly include a long list of patches and updates to correct various problems. It will possibly even introduce new features.

Recently, I came across a Web site that claims to have a list of fixes that will be included in Vista SP1. The site operator says he has an “inside contact” who helps him get information about SP1. The site lists more than seven dozen fixes, along with links to related Microsoft Knowledge Base articles that explain each fix in more detail.

Keep in mind that it’s not an official list of what will definitely be included in SP1 — it’s only well-informed speculation at this point. Microsoft is being very quiet about SP1, probably because the company only recently released Vista, and it’s still a bit early to be talking about a major update to the new operating system.

If you’re interested in Microsoft’s response to the Vista SP1 Web site, head over to PC World and read its related story.

How to test-drive Windows Vista

You’ve heard a lot about Windows Vista so far. If you haven’t bought a copy yet, maybe you’re curious what it might be like. If so, there’s a relatively simple way for you to take a test drive of Vista without installing or changing anything on your computer.

Check out the Windows Vista Business Test Drive site, where you can log in and use a copy of Vista Business Edition over the Internet. When you use that site, you’ll be using Vista in a remote desktop environment that works in a Web browser. What you see on the screen is basically the same thing you’d see after loading Vista on your own computer.

There are a few things to keep in mind before you try the test drive. You must use Internet Explorer (IE), since the site relies on plug-ins designed for IE. You also need a reasonably high-speed Internet connection, since a lot of data is sent back and forth. Also keep in mind that the test drive lets you use Vista Business, which is somewhat different than Vista Home or Vista Ultimate. Regardless, you’ll still be able to get an overall feel of what using Vista might be like.

Finally, keep in mind that while you can actually log in and use Vista at the test-drive site, the Vista system that you’ll log in to has no outbound Internet connectivity, so you won’t be able to surf the Internet from inside the virtual Vista desktop.

Get free malware removal help from Microsoft

Removing malicious software (commonly referred to as malware) from your computer can sometimes be a huge problem &#8212 if not completely beyond your level of expertise.

You’re probably aware that Microsoft offers paid telephone support that you can use when you encounter problems with its software. But, did you know that you can get free technical support when your problem relates to the removal of malware? It’s true.

When you need help removing malware, call 1-866-PC-SAFETY. Just keep in mind that since you’ll be calling Microsoft, you can’t expect any help with third-party security software.

The call is toll-free for people in the USA and Canada. If you’re outside those two areas, Microsoft suggests that you contact your closest international subsidiary.

Easy Web Cam displays ads but isn’t malware

In the Apr. 5 edition of this newsletter, I mentioned some Webcam software packages, one of which was Easy Web Cam. One of our readers, “Randy,” wrote to say that McAfee SiteAdvisor lists the related Web site as a potential problem. It doesn’t state the precise problem, but says that when tested they “found links to uk-software.com, which we found to be a distributor of downloads some people consider adware, spyware, or other unwanted programs.”

I did a little more research and found that the perceived problem is related to adware. When you go to the download page for Easy Free Web Cam, a message on that page states that “This software contains NO adware and NO spyware.” As far as I can tell this is true — I didn’t find any adware when using the software. Furthermore, I scanned my test system using Ad-Aware after installing Easy Web Cam and it didn’t detect any problems.

I also wrote that Easy Web Cam is free, and it is. However, when you publish a Web page using the built-in publishing feature, the software will insert advertisements that people see when viewing your Web cam pages. The makers of Easy Web Cam receive revenue from those ads, and I personally don’t have a problem with that.

You can eliminate the ads in two ways: make your own HTML page that embeds your Web cam images, or buy a license for Easy Web Cam for $19.95, which removes the ads when you use the publishing feature.

How good is WildBlue satellite Internet?

There are several methods you can use to connect to the Internet, including dial-up, ISDN, DSL, cable, and satellite. One of our readers, Frank Hernandez, wrote to ask about a particular satellite Internet service called WildBlue.

Satellite Internet is probably the least common method used for connectivity, and not many people know how it works. Just like satellite TV, satellite Internet requires that you have a specialized dish installed in order to use the service. In the past, satellite Internet services used the satellite dish to receive data quickly and a regular modem and dial-up connection to send data. The download speed was much faster than the upload speed. Today, satellite Internet services have evolved to the point where they can provide two-way communication (sending and receiving) using the dish without any need for a dialup connection.

With satellite TV, you can typically install the dish yourself and tune the connection with relative ease so that it communicates with the proper satellite. But because of FCC regulations, you can’t install a satellite Internet dish yourself. In a nutshell, regulations require that a licensed technician install any satellite equipment that performs two-way communication.

WildBlue was founded in 2004 and started servicing customers in the summer of 2005. The WildBlue service is sold by a number of companies, including Dish Network and quite a number of other authorized resellers.

Frank asked about the quality and end-user experience of using the service. I haven’t used satellite Internet myself, but maybe some of you have. If you have experience with WildBlue, please send us your comments about the service.

Audacity offers free podcast recording

A friend recently wanted to starting creating a podcast but didn’t know anything about how to make audio files. If you’re in a similar situation, a little advice can go a long way to get you started.

Podcasts are basically recordings that you can either listen to online or download to listen to later when you’re offline. Podcasts are usually created in one of two file formats, AAC or MP3, so you’ll need software to help you create one of those types of files.

Advanced Audio Coding (AAC) is a relatively new file format that is core technology for MPEG-4 audio encoding technology. MP3 is much more common and is supported by every major operating system in use today. So, for the widest possible support, it’s probably a good idea to encode your podcast audio into MP3 format.

There are many audio packages available today, however, one of the best packages I’ve found is Audacity. I like it because it’s free, packed full of features, and is open source. It’s also a cross-platform application that can run on Windows, Mac OS X, and Linux. So, if you use more than one operating system, you don’t have to learn a separate application for each one of them.

You can download a copy of Audacity at Sourceforge. If you need help with specific features, there is a support forum available in four languages and a Wiki homepage that has a ton of information.

Where to start your own blog

Blogging is a super-hot trend that’s getting hotter every day. I regularly receive questions from people interested in starting a blog, and I’m amazed that so many people who have been using computers and the Internet for years — quite adeptly — have no idea how to get started.

A blog is basically a Web site that uses some sort of pre-designed interface that lets you quickly and easily enter new content without any need to learn HTML programming or Web-site design. The content you enter is typically either text or links to files, such as a podcast.

There are two basic ways to start your own blog: Install blogging software into your own Web hosting system, or sign up for a free blog at one of the many sites that offer free blog hosting. The latter choice is the easiest route for those who are new to blogging and for those who aren’t comfortable installing Web-based applications.

Over the years, I’ve used a number of different free blog-hosting services. The ones I found most useful are WordPress.com, Blogsome, LiveJournal, and Blogger.

WordPress.com and Blogsome.com are based on the hugely popular and highly functional WordPress software, which is freely available to those who want to install it on their own Web sites. LiveJournal formerly used its own custom blog software, but when it joined with MoveableType, the two companies began merging technologies. Blogger is owned by Google, and it uses its own custom blogging software too.

Each of the above blog hosting sites lets you pick a ready-made layout for your blog. They also let you customize the layout and content to some extent.

Before making your final choice, consider signing up for a blog at each of the sites to test-drive their interfaces. Be sure to review their features as well as their add-on and customization offerings to see which one best suits your needs.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and writes the weekly Security Update e-mail newsletter. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

Missing Microsoft patches, part II

By Chris Mosby After an uneventful patch release earlier this month, we are now faced with a few important issues. The patches themselves are not too serious, but, of course, there are some attacks that Microsoft didn’t get around to patching.

Flaw in Internet Connection Sharing causes DoS

There’s a vulnerability in the NAT (Network Address Translation) Helper Components (ipnathlp.dll) in Windows Internet Connection Sharing (ICS). The flaw can be exploited by a hacker by sending a DNS (Domain Name System) query to a machine that hosts ICS for a shared network. This can cause the Helper components to crash, resulting in a Denial of Service (DoS) of ICS on the shared network.

For this exploit to work, the hacker has to send the infected DNS query from a client machine on the same shared network as the computer that’s hosting ICS. This flaw has been confirmed in a fully patched Windows XP SP2 system, and exploit code is already available on the Web. It’s been reported that other systems may also be affected, but this hasn’t been confirmed.

What to do: ICS has never been the best way to share an Internet connection between computers. A hardware solution, like the hardware firewall suggested in Brian’s Security Baseline, is a far better option.

More information: CVE-2006-5614, Secunia, ISS, SecurityFocus, OSVDB, FrSIRT, SecurityTracker, eEye

Windows Workstation service vulnerable to DoS

There’s a weakness in the Windows Workstation service, which can be exploited by hackers to cause the service to crash. It can also cause a system to be unresponsive by consuming large amounts of memory. This is done by sending specific data to the NetBIOS service, which then triggers a memory allocation error in svchost.exe.

This flaw has been confirmed on fully patched Windows XP SP2 and Windows 2000 SP4 systems. Other systems may be vulnerable, too, but I haven’t seen any definite reports yet.

What to do: This is another example in which Brian’s Security Baseline is a good reference. Using a good hardware firewall should automatically block the traffic that would be needed by this exploit.

More information: CVE-2006-6723, FrSIRT, Secunia, SecurityTracker

IE memory corruption weakness can crash browser

Internet Explorer 6.X has a memory corruption weakness that can allow a hacker to cause a DoS against the browser by making it crash. This can be done due to a flaw in the way that IE handles reloading XML files in IFrames. Memory can be corrupted in IE by loading hacked XML files with nested tags. The execution of infected code files by this flaw hasn’t been discovered on the Web yet, but it could be possible.

This weakness has been confirmed on a fully patched version of Windows XP SP2 and Windows 2000 SP4 with IE 6.X installed. Other systems may be also be affected by this flaw, but none have been discovered so far.

What to do: The best thing to do is to start off by following Brian’s advice in the Oct. 26 issue about IE 7.  IE 7 is more secure than IE 6. If you are stuck with using IE, I’d install the latest version. Otherwise, use Firefox.

More Information: CVE-2007-0099, SecurityFocus, Secunia, Full Disclosure, SANS Internet Storm Center

The Over the Horizon column informs you about threats for which no patch has yet been released by a vendor. Chris Mosby recently received an MVP (Most Valuable Professional) award from Microsoft for his knowledge of Systems Management Server. He runs the SMS Admin Store and is a contributor to Configuring Symantec Antivirus Corporate Edition.

Patch is released to fix .ani patch

By Susan Bradley The second of two Patch Tuesdays this month brought us more fixes that must be taken seriously. Though some of us are still playing catch-up from the Pre-Patch Tuesday that occurred on Apr. 3, it’s now time to fix important issues with Windows Vista, Realtek, and others.

MS07-017 (925902)
.Ani bug patch needs a patch

As you may recall, Microsoft released a special security update on Apr. 3 to fix an issue that affects every version of Windows, including Vista. This update was a patch for an Animated Cursor File (.ani) vulnerability and other graphics processing flaws. The patch, unfortunately, prevented Realtek’s HD Audio Control Panel from running after the update was installed.

This week, we’re revisiting that patch, MS07-017 (925902). If you’re not familiar with the patch and its problems, read last week’s Patch Watch article. I want to make you aware that the new Microsoft patch that was designed to fix issues with the original patch is now more easily downloadable to your systems.

As the SANS Storm Center says, this is a crucial "patch now" issue. Malware and password-stealing attacks that exploit this flaw have already been found in the wild.

Knowledge Base article 935448 is now available and the fix can be downloaded using all the typical update mechanisms, including Windows Update and Microsoft Update. Even if you don’t have the Realtek Audio Control Panel software installed, you should install the new patch if you see the error message mentioned in my article last week. If so, let me know what software was mentioned as causing the issue in the error message.

The error message will read as follows:

"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:WindowsSystem32Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.ext."

If you see this message, manually install hotfix 935448.

MS07-021 (930178)
Vista gets another security patch

MS07-017, released out-of-cycle on Apr. 3, was the first black eye for Microsoft’s more-secure operating system, Vista. MS07-021 (930178) is the next one. In Vista, as well as in Windows XP, 2000, and Server 2003, a flaw in the subsystem that controls the processing and launching of windows (no pun intended), doesn’t properly handle error messages and can be used in an attack.

The most common way that you could get nailed is by mere Web surfing. Regardless of Microsoft’s “safe-surfing” recommendations, if you are even a casual Web surfer, I’d recommend that this patch be installed as soon as possible. Malware attacks using this flaw have been reported since December 2006.

MS07-019 (931261)
Plug and Play patched again

Bulletin MS07-019 (931261) warns of a security issue in which you could be attacked “remotely.” But you should be aware of just how "remote" the threat is and what protection you need to have in place.

MS07-019 only affects XP machines, and the threat can only harm your system if someone attacks you from inside your own network.

In my office, this sort of attack is easily mitigated by slamming a 2×4 piece of wood, as shown in this photo, over the head of the attacker to ensure they stop doing bad things to my network.

All kidding aside, my office is protected because I use the Windows XP firewall inside the network. For those on standalone machines, following Brian’s Security Baseline is enough to prevent this attack from taking place.

MS07-020 (932168)
Windows helper could hurt your system

Once again, the annoying Microsoft helper, “Clippy,” can be an agent of attack. According to MS07-020 (932168), a Web page can easily be built to trick you into downloading an exploit mechanism involving Clippy. Therefore, the risk of malware attacks on workstations is high.

There are no known exploits in the wild at this time, but malware attacks are definitely expected in the near future.

MS07-022 (931784)
Windows Kernel gets a patch

It seems a bit silly to me to be patching this Windows flaw when we still have so many unpatched ,zero-day Microsoft Office vulnerabilities. Anyway, MS07-022 (931784) is yet another instance in which my 2×4 protection system, mentioned above, could come in handy, as only an attacker who has valid logon rights on your network can manipulate your system via this flaw.

The attack cannot be remotely executed, so it’s not a malware vector. I see no need to rush to patch your servers or workstations, but I think it’s worth mentioning. Better to be safe than sorry.

MS07-018 (925939)
Microsoft Content Management Server needs patching

MS07-018 (925939) fixes an issue in Microsoft’s Content Management Server (CMS) software, which is used by businesses to store and offer content. The entire platform, as described by Microsoft, has been replaced by Microsoft’s SharePoint Server platform. But that doesn’t mean it doesn’t suffer from the same issues that a great deal of Web-site software suffers from.

If Web sites aren’t coded properly, a cross-site scripting attack can be carried out when you surf from a trusted Web site to an infected site. Attackers can take control of your system by injecting their code into your browser.

There’s no need for anyone who isn’t running CMS to install MS07-108. But it’s extremely important for Web site operators using this platform to patch.

Workstations need browser patches before servers do

As you may know, I’m the network administrator for a U.S.-based accounting firm. This time of year — right before the Apr. 17 tax deadline and right after the Apr. 10 Patch Tuesday — I’m not looking for reasons to patch. I’m looking for reasons not to patch, because I don’t want to disrupt any systems.

Therefore, when I look at the patches listed above, I evaluate them from two viewpoints. First, I look at the risk of not patching my servers. Second, I look at the risk of not patching my workstations.

This week, given that I’m still burned out from the Daylight Saving Time patches and the problems with Windows 2003 Service Pack 2 that I wrote about last week, I’ve decided not to patch my servers. Yes, you read that correctly. I’m not patching yet, and I’ll tell you why: There’s more risk of something breaking if I patch a server that doesn’t surf Web pages than there is if I do. A machine that’s never used for Web browsing isn’t vulnerable to the malware threats listed above.

Workstations are a different issue, however. I have, in fact, installed MS07-017 just to be safe. I’ll also soon install the other patches that look like they could lead to malware attacks. But I’ll wait on patching the servers until I’ve had a good, long rest. Maybe Monday.

Additional Vista patches, some funny

Many of you who are running Vista may be in charge of WSUS (Windows Server Update Services), which is Microsoft’s patching platform for networks. You’ll be pleased to know that you’ll be getting some patches to fix an issue in which the letter T may be incorrectly capitalized in the Romanian language. KB article 930585 ensures that this problem is cleared up. Phew! What a relief!

But while that may seem like a funny patch, Vista is also receiving some additional clean-up patches this month, according to KB 894199 and 931099. One issue involves Windows Defender not sending malware samples back to SpyNet. That’s no laughing matter.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received a MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.