Is your free AV tool a ‘resource pig?’

Is your free AV tool a 'resource pig?'

By Fred Langa

A reader’s complaint about Microsoft Security Essentials (MSE) spurred head-to-head comparison tests of AV-software resource usage.

I put six popular, free antivirus tools through their paces and measured their impact on startup and shutdown times, disk space, and RAM use.

Normally, reader letters appear in the LangaList Plus section of this newsletter. But sometimes, one comes along that warrants treatment in greater detail.

One such letter is this one, from subscriber Bill Garfield:

• “Occasionally you either recommend or suggest Microsoft Security Essentials as a viable free alternative to commercial anti-malware programs without mentioning the also-free competing products such as AVG and Avast, to name just two.

  “MSE is an enormous resource pig, adding a full 30 seconds or more to boot times. Many Windows users look to Windows Secrets for tips and tricks to improve performance. Based on my experience, MSE does more to hobble overall system performance on supported platforms than to improve it.

  “Please stop recommending MSE, or at least include an advisory disclaimer cautioning users that loading MSE has been reported to cause performance to suffer.”

As the Windows Secrets author who has recommended MSE more than any other contributor, I was alarmed by Bill’s letter. I decided to run a series of head-to-head tests, comparing MSE’s resource usage to other popular, free antivirus tools.

I did not test these tools’ ability to detect malware. With the possible exception of ClamWin — which is quite new and still evolving — most third-party tests rank all these tools as acceptable and some of them as excellent. (Valid malware detection-and-removal testing can be done only in specialized labs, and their published results are difficult to compare.)

Because MSE is completely free, I chose to compare it against programs that also are truly free — no strings (such as free trials of commercial programs) attached.

I chose software that, like MSE, is specifically designed for malware protection — I didn’t include integrated, do-it-all security suites.

To make the selections, I used popularity ratings from several sources, such as the download stats and user ratings from CNET, MajorGeeks, and other sites. (The rankings and numbers in the list below were current at the time of writing.) I also gave extra weight to products frequently mentioned by readers and other authors in the Windows Secrets newsletter as well as tools that looked especially promising (as you’ll soon see).

I settled on these six antivirus tools:

• Microsoft Security Essentials (site): Because I’ve recommended Microsoft’s consumer anti-malware application in previous stories, I’ve made it the baseline for these tests.
• Avast Free Antivirus (site): Avast claims its package is the “world’s most popular antivirus.” CNET also ranks it #1 on its download list.
• Avira Free Antivirus (site): It ranked #2 among CNET users, and it scored an impressive 4.7 out of 5 rating on MajorGeeks.
• AVG Technologies’ AVG Anti-Virus Free (site): The publisher of this app says it’s used by “over 100 million people.” CNET ranks it at #6 in popularity.
• Comodo Antivirus (site): Comodo gets very high users rating on both MajorGeeks and CNET.
• ClamWin Free Antivirus (site): Not as well known as the other AV packages, ClamWin is unique; it’s a free, open-source software project released under the Free Software Foundation’s GNU General Public License.

I know there are many other products out there, but I couldn’t test them all. I believe the preceding list is a good sampling.

Designing resource usage tests for AV products

Setup: To produce this comparison, I used Oracle’s VirtualBox (site) to set up a fresh, clean, fully up-to-date Windows 7 SP1 installation in a virtual PC (VPC).

Next, for reasons I’ll explain in a moment, I added two pieces of software: Piriform’s CCleaner (site) and a custom batch file that invoked the advanced mode of Windows’ built-in disk-cleanup tool, cleanmgr.exe. (The advanced mode is more thorough than the standard cleanup. You can read about the batch-file method of using cleanmgr in the Nov. 10, 2011, Top Story, “Putting Registry-/system-cleanup apps to the test.”)

I then cloned (copied) that initial, virtual-PC setup five times, ending up with six identical virtual PCs.

On each virtual PC, I installed one of the six AV tools, accepting whatever default settings the apps set at installation. When prompted, I allowed the software to update itself and run an initial, post-installation scan.

Next, I rebooted each VPC to make sure the setup was 100 percent complete and running normally.

I then deleted the installation file(s) and cleaned the system of any other temporary files created during download and installation, using the cleanmgr batch file and CCleaner. This step made sure nothing left over from the setup would affect the tests.

Testing the AV tools: To compare any effects on system startup and shutdown time, I powered off and powered on each VPC three times, using a stopwatch to track how long each start and stop took. The times given below are the averages of the three runs.

To measure the amount of disk space each of these apps occupies, I used Windows Explorer to view the properties of the C: drive on each virtual PC. I noted the amount of disk space available before and after installing each anti-malware app.

For RAM use, I started Task Manager in each system, waited five minutes for the system to fully settle down, and then noted how much RAM was in use before and after the apps were installed.

The results of these tests appear in the following tables.

Measuring the change in startup times

Windows’ startup happens in two parts: the initial system bootup before the sign-in prompt, then the time Windows takes to load user settings (from sign-in to the full appearance of the desktop).

I started timing when I launched the VPC, then paused the stopwatch when the Windows logon prompt appeared. After entering my user name, I simultaneously hit Enter and restarted the stopwatch. I kept the stopwatch running until the notification area was fully populated, all subsystem icons (sound, networking, and so on) were up and active, and all desktop icons appeared. Table 1 shows the results.

Table 1. In this and the following tables, the category’s best
result is highlighted in green and the worst in red.

As you can see, the open-source ClamWin offered the fastest average startup time (about the same as starting up the PC without AV software), closely followed by MSE. Avira had a significant impact on startup — more than double the fastest three products.

In this test setup, MSE doesn’t have any real impact on startup time. In a real-life situation, very few PC users will notice the one-second difference between ClamWin’s 35-second boot and MSE’s 36-second boot.

On the other hand, Avira’s 83-second average boot is quite noticeable. In fact, Avira’s boot was so slow, I thought something was wrong with the setup and so did it over from scratch. But the results were consistent — consistently awful.

Measuring the effects on shutdown times

Shutdown timing was simple: I simultaneously clicked Shutdown and started the stopwatch. I then stopped the clock when the VPC session shut down. Table 2 shows these results.

Table 2. ClamWin has the fastest shutdown time.

Although there were differences in shutdown times, they were much smaller than with the startup times — too small to worry about. ClamWin again was the fastest; its eight-second time stood out among the six apps. At 14 seconds, Comodo was the slowest — but it was only three seconds slower than MSE and Avast, the two second-place finishers.

Avira records a sizable RAM footprint

To make the RAM-utilization numbers easy to digest, I used MSE’s results as the baseline. Table 3 shows how much RAM — more or less — each of the other five tools used, in megabytes.

Table 3. RAM use varied significantly.

Avast consumed the least amount of RAM — 13MB less than MSE. AVG and ClamWin were on par with MSE, but Avira used a whopping 139MB more.

Disk-space footprint (disk space used)

As with RAM use, I set MSE’s disk footprint as the baseline. Table 4 shows the other programs’ disk use in gigabytes relative to the MSE baseline.

Table 4. Disk-space use varied only negligibly.

Unless your hard drive is near capacity (in which case you have more pressing problems than the AV software footprint), there are really no significant differences among the six products. Comodo used just 0.6GB less disk space than MSE, and AVG took up only 0.2GB more. In today’s era of 500GB and larger drives, disk space use should not be a factor in picking one of these AV products over another.

Summing up antivirus-software resource use

The immediate conclusion — at least in these controlled-environment tests — is that MSE is not the “resource pig” some PC users think it is. In fact, it offers respectable, near-best numbers in every category. Whatever was going on with Bill’s system is not likely to be intrinsic to MSE.

Table 5. Here are all the results, for easy side-by-side comparison. The best results are shown in green, the worst in red.

If there’s one app that consumes more PC resources than its competitors, it’s Avira — with the heaviest RAM use and significantly slower startup time.

ClamWin is a pleasant surprise; it performed well in every category and earned two “best of breeds.” However, I’m reluctant to recommend it because it’s a relatively new product, is used by a relatively small number of people, and is still in Version 0.9x release as of this writing.

The bottom line: My conclusions — and yours

For me — for now — nothing in these numbers would alter my recommendation — and personal use — of Microsoft Security Essentials. It’s free, it’s in widespread use, and it has proven itself in the real world. And on most systems, it has little effect on system resources.

That said, no software is ideally suited for every configuration. If one anti-malware tool doesn’t work well on your specific setup, then it makes perfect sense to try some other AV app. You have lots of options.

I hope the performance numbers I’ve reported may help steer you to the tool that offers what you seek — faster boot and shutdown, lower RAM use, and smaller footprint.

Readers talk back to Windows Secrets

As noted in this week’s Introduction, Windows Secrets is launching a Letters column — reader e-mails that we think are especially interesting. Leading off this new column is a critical view of Microsoft’s Office Ribbon interface, discussed in a Woody Leonhard article.

Taking Microsoft to task for the Ribbon

Re: Woody Leonhard’s Feb. 9 Top Story, “How to change Microsoft’s %$#@! Ribbon”

► The Ribbon is inefficient, and it’s designed for rank beginners or children. It takes up too much space, it’s visually hard to navigate (requiring scanning of the full width of the screen to find anything). It’s inconsistent internally and depends on remembering masses of icons — often with only slight differences (the text is too hard to read). The Ribbon does not allow easy keyboard use for those of us who have work to do, and ultimately it’s easily outgrown by anyone.

Why can’t the option of simple menus always be provided? Because that would be an admission of defeat [by Microsoft]. We can kill Clippy (and did, rapidly). By all means cater to the less able, but all I would ask is that, please, do the rest of us a favor! [The Ribbon] is not a step in the right direction except as training wheels — discarded with pleasure at the first opportunity.     —Brian W. Darvell

► Woody mentions UBit Software’s free-for-personal-use menu software. I have a totally free-for-everyone classic Ribbon for Word and Excel on my site, Navigator Utilities.     —Mark Robinson

Getting to basics and pleasing a reader

Re: Lincoln Spector’s Feb. 9 Best Software, “Getting to basics: straight and simple text” (paid content)

► I just want you to know that I had let my WS subscription lapse, but I resubscribed so that I could read the full text of Lincoln Spector’s “Getting to basics: straight and simple text.” Thanks!     —Jonathon English

The right size for a Windows partition

Re: Lincoln Spector’s Jan. 26 story, “Hard-drive partitioning gives better protection” (paid content)

► First off, let me say that this is a great article! It’s just the kind of info I look for.

My only beef is with one sentence, concerning how small you can make the C: partition. I think 82MB is off by a few orders of magnitude. The problem is that just the Windows directory of a normal XP install (with all the updates) sucks up over 4GB. So maybe that figure should be 8.2GB for Windows XP?

Now, for my Windows 7 (x64), it’s quite a bit more. My winsxs is only 7.1GB, and the whole directory is almost 19GB. Let’s also not forget to save room for pagefile.sys and hiberfil.sys. On my system, they constitute over 7GB.

With just these things in mind, I think I’d want my minimum C: partition to be about 40GB to cover any additions.     — Robert Strand

E-mail power user makes a Win8 mail-client wish

By Kathleen Atkins

Many people organize their work and lives in e-mail folders. Lounge member kelliann1’s system is particularly robust.

She wants to see an Outlook Express/Windows Mail client in Windows 8. So she asks other Loungers in the Non-Outlook E-mail forum whether they’ve heard any pleasing rumors about a Windows 8 mail client.

Not surprisingly, her fellow Loungers have strong ideas about Microsoft e-mail programs, including speculations on a Win 8 mail client. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board.

Champis: The world's smallest shepherd

By Tracey Capen As any student of animal behavior can tell you, size does not necessarily mean superiority. Ever watched a small, determined bird harry a much bigger hawk? That lesson amply applies in this video of a sheep-herding bunny. It also proves that sheep are about the dumbest hoofed animals on the planet and rabbits are smarter than you think. We’re not sure, however, what the border collie thinks of this — or whether he’s worried about losing his livelihood. Play the video

'Blue Screen of Death' over and over again

By Fred Langa BSOD crashes are the very worst kind, stopping you in your tracks and forcing immediate reboots. But sometimes, the associated error message might hint at the cause, letting you dig out a solution.

Mystery software causes ‘Blue Screen of Death’

Reader Jill Mitchell’s PC keeps crashing, and she doesn’t recognize the software at fault.

• “I use Windows 7. Increasingly, it’s crashing with the Blue Screen of Death — I mean every day and sometimes even more often.

  “When I reboot, I get the error message ‘asuswsservice has stopped working’ at startup. What should I do?”

Asuswsservice is supposed to be the ASUS WebStorage software. It can be installed under its own name or as part of a rebranded third-party Web- or Cloud-storage solution. The program and its related files are normally located in a subfolder of C:Program Files. Usually the software can be uninstalled via Control Panel/Programs/Uninstall a program.

Unfortunately, some malware is known to disguise itself as asuswsservice.exe. These malware versions are usually found in C:Windows (or a subfolder there) instead of in the normal C:Program Files folder.

Your first order of business is to check Control Panel’s uninstall applet and see whether ASUS WebStorage (or some other kind of Web- or Cloud-storage software) is listed. If so, I suggest you uninstall that software, reboot, and see whether the problem goes away. If it does, you’ve found the trouble and you’re done — as simple as that! You can then look for a better-behaved Web-storage solution.

If you can’t find a likely Web-associated app in Windows’ Uninstall or change a program list, then the asuswsservice.exe file might have been left on your system after some software was uninstalled.

Search all the drives on your system for any file named asuswsservice. If you find it in a subfolder of C:Program Files, the subfolder’s name may provide a clue as to what software is (or was) using that executable.

For example, if you find asuswsservice in C:Program Files{software name} …, you can go back to Uninstall a program and remove {software name}. If that doesn’t work, you’ll have to manually delete the file.

If asuswsservice is in a system folder such as C:Windows or C:WindowsSystem32, then it might well be malware and will, again, require manual deletion.

In both cases, to manually delete the file, check that you’re running an admin-level account, navigate to wherever asuswsservice is located, right-click it, and select Delete. If the file is locked or otherwise won’t delete, see the Dec. 4, 2008, article, “Give the boot to files that refuse to delete.”

With the file gone, immediately reboot the PC. Then, as soon as it’s back up and running, run several on-demand malware scanners, one after another. Some good, free ones are available on these websites: Microsoft’s Safety Scanner, Malwarebyte’s Anti-Malware, Trend Micro’s HouseCall, and ESET’s Online Scanner.

If you need or want additional malware-removal tools and techniques, see the June 16, 2011, item, “Remove a recurring malware infection.”

As a last step, run any reputable Registry cleaner (see my Nov. 10, 2011, Top Story for more info) to correct any leftover software links that might still point to the now-deleted file.

With the asuswsservice file either uninstalled or deleted, your system pronounced malware-free by multiple on-demand tools, and your Registry cleaned of obsolete software references, your BSODs should be a thing of the past!

Screen ‘focus’ won’t stay on active window

Al Lowe’s PC is acting as if it were possessed.

• “I got a new PC in October. Shortly thereafter, it developed an annoying trait. It arbitrarily moves the focus away from the window in which I’m typing. It’s done this twice since I started typing this e-mail!

  “I do run a lot of add-ons and have tried disabling them one at a time. I’ve checked for viruses, but found nothing. I’ve looked through networking and memory and processor usage — nothing. None of the fixes I’ve tried has stopped this behavior. (It’s done it twice more just typing to here!)

  “Help!”

That sure sounds like a software problem, Al. But it sounds like you’ve gone as far down that path as possible. It’s time to look at the hardware.

This will sound odd, but try a different typing table or tray. Excessive vibration can cause your mouse to jiggle ever so slightly, which can sometimes lead to weird on-screen effects. (I speak from experience. As one who learned to type on manual typewriters, I tend to pound a keyboard and need a very solid support to prevent unwanted motion.)

No mouse? Touchpads can also cause trouble. On some laptop designs, I find my thumbs sometimes accidentally graze the touchpad surface as I type, leading to unexpected (and annoying!) cursor movement. You might watch for this effect, if yours is a touchpad setup.

You might also try to reduce the sensitivity of your mouse or touchpad (via Control Panel/Hardware and Sound/Devices and Printers/Mouse). See whether you can find a compromise between lessened responsiveness and greater resistance to small, unintentional movements.

If none of the above helps, look at the physical connectors — the plugs and sockets used by your peripherals. Any intermittent connection (especially in mice) can cause the effect you describe. USB sockets, in particular, take a lot of abuse and can fail in subtle and unexpected ways. Try plugging your peripherals into different sockets, reboot, and see whether the effect goes away.

If you’re using Bluetooth peripherals, make sure the batteries are fresh or fully charged and securely installed. Also check that radio interference isn’t causing the problem.

No help? Try a completely different mouse and keyboard. Keep altering the variables until you find the one that’s at the root of your trouble.

I can’t suggest more without knowing your specific setup, but the general rule is clear: if you’re sure you’ve eliminated software as the cause, it has to be hardware!

Gmail needs help to become the default mail

Wayne Tonsberg wants Gmail as his default mail client, but he can’t get it to work.

• “I was trying to answer an ad on craigslist, but clicking the ad’s link kept launching my Windows Live Mail account. I want everything done in Gmail.

  “How do I make Gmail my default mail client? “

Piece o’ cake, Wayne!

Gmail is a Web-based service that lives entirely inside your browser. You need a small (and free) bit of software running on your PC to act as an e-mail intermediary to everything outside the browser. That app is Gmail Notifier (currently in beta), and it works in two directions.

For outbound mail — such as when you click a mailto: link — Gmail Notifier intercepts the click and sends your mail command to Gmail, running inside your browser. Gmail Notifier also monitors your Gmail mailbox and lets you know when new, inbound mail has arrived — even when your browser isn’t running.

Here’s how to set up the Gmail Notifier:

• Download and install the Gmail Notifier from its Gmail site.
• Once it’s installed (accept the offered checkbox options), right-click the Notifier icon in your system tray and select Options.
• Check the box next to “Use Gmail for Internet mailto: links.”
• Click OK.

That’s all it takes!

Later, if you decide you no longer want Gmail as your default mail application, simply uncheck the box, uninstall the Notifier, and you’ll be back where you started.

Firefox won’t update fully

Jim McIntosh wants to keep his browser up to date, but something’s going wrong.

• “I got a notification that Firefox 10.0 was available, so I downloaded it. However, when I restart the browser, it goes to an additional tab that claims the version is unknown. I went to Mozilla’s website and downloaded version 10.0 again. But I still get the same message.”

Sounds like something — possibly an old .dll file or other software component — was left over from an earlier Firefox version — perhaps due to a previous failed or incomplete update. It should be easy to fix.

I suggest you use Control Panel/Programs/Uninstall a program to remove your current Firefox setup. When the uninstall is done, reboot to make sure all in-memory code is purged. When your system restarts, run a basic Registry cleanup tool such as Piriform’s CCleaner (free and paid versions; site) to finish the cleanup.

Next, download and install a fresh copy of Firefox. Note that Firefox has three channels for releasing software: Aurora (experimental, alpha software), Firefox Beta (unfinished new versions), and Firefox Release (finished, ready-to-go software).

If you’re having difficulty with Firefox, it’s obviously best to get the finished version Firefox from its download page. (The Aurora- and Beta-channel downloads are mainly for developers and experimenters.)

With a fresh start, your copy of Firefox should be up to date — and stay that way!

A slew of Valentine's Day security updates

By Susan Bradley Aside from a brief hiccup with a Silverlight patch, our February Patch Tuesday settles down with the usual suspects: Internet Explorer, DLL preloading, and .NET. If you failed to buy your loved one a present on Valentine’s Day, perhaps you can convince them that updating Windows took priority. Okay — even I, a confirmed geek, know that won’t fly.

MS12-010 (2647516)
Browser patching is this week’s priority

If your Valentine’s Day was devoted to chocolate and roses, it’s now time to focus on updates to your browsers, starting with Internet Explorer. The patch described in Microsoft Security Bulletin MS12-010 fixes four privately reported vulnerabilities tied to maliciously coded webpages.

Impacting IE Versions 6 and up (including IE 10, included with Windows 8 in the Developer Preview beta), this is a critical update for workstation installations of Windows.

As long as you’re patching Internet Explorer, check that you have the latest version of Chrome. According to a Feb. 8 Chrome blog, the stable-release version of the browser will begin checking downloaded files to see whether they came from a known malicious site. Ensure you’re on Version 17.0.963.46 by clicking the browser’s wrench icon and then About Chrome.

Also check that Firefox is version 10.0.1, to protect yourself from a potentially exploitable issue noted in a Feb. 10 Mozilla Foundation Security Advisory. Firefox 9 and earlier versions are unaffected.

► What to do: Install KB 2647516 (MS12-010) as soon as possible, and ensure all installed browsers are current.

MS12-013 (2654428)
Patching more DLL-preloading vulnerabilities

On Aug. 23, 2010, Microsoft released security advisory KB 2269637, which described a then-new security issue called DLL-preloading. It told how a specific, vulnerable .dll file could be placed in an unexpected file location and be used to trigger an exploit.

Numerous DLL-preloading flaws have been discovered since. In this case, the attack vector is a malicious media file downloaded by victims when they are tricked into opening maliciously coded content on a website. Once the code is on users’ PCs, the attacker can access their systems.

► What to do: This patch is rated critical, so install KB 2654428 (MS12-013) soon.

MS12-016 (2668562)
Silverlight update has a brief hiccup

A Feb. 14 update to Silverlight, Microsoft’s Flash replacement, stumbled at the gate and needed a second release. As reported in a Patch Management listserver page, the original release caused 80070643 errors on some PCs. Microsoft quickly released a repaired patch.

► What to do: The error message was, in fact, an error — the patch was indeed installed. In any case, you can install KB 2668562 (MS12-016) without a problem. (Note: MS12-16, as noted in the next item, also has .NET patches. You’ll find links to the appropriate Silverlight patch below the .NET patch list.)

MS12-016 (2633880, 2633870, 2633874, 2633879), 2600217
Patching the usual .NET Framework suspects

You know my love for patching .NET Framework. This round, the updates are for .NET Versions 2 and 4 on Windows XP and Vista and for .NET 3.5.1 and 4 on Windows 7.

You can probably guess my recommendation. When .NET updates fail, you have to do a repair installation for .NET 4 or, for .NET 2 and/or 3.5, use the Aaron Stebner rip-out tool (download site) to remove and reinstall them.

Also out this week is a nonsecurity update for .NET 4. The Reliability Update 2 for Microsoft .NET Framework 4 has what Microsoft cryptically describes as “stability, reliability, and performance issues.” (The patch will be offered only on systems with .NET 4 installed.)

► What to do: You guessed it. Although they’re rated critical, put off installing the patches in MS12-016 (.NET updates) and KB 2600217.

MS12-008 (2660465)
Graphics Device Interface drivers cause risk

If the workaround for our next update sounds a bit familiar, it’s because we’ve been telling people for years not to view e-mails in the preview pane. This update recommends you read e-mail messages in plain text, should you not be able to install the update immediately. Rated critical for all current Windows systems, this one patches the Graphics Device Interface, used in the Windows kernel to view or print graphics or text.

The most common vector of attack convinces a Windows user to click on maliciously coded content on a website. Given that this isn’t hard to do these days, we expect exploit code to show up within the next 30 days.

► What to do: Install KB 2660465 (MS12-008) as soon as possible.

MS12-009 (2645640)
A 64-bit systems vulnerability with a twist

If you are running the 32-bit desktop version Windows, you can pass on this update — the only 32-bit OS affected is Windows Server 2003. On the other hand, this patch applies to all current 64-bit Windows systems — desktop and server.

The flaw is in the Ancillary Function Driver (afd.sys) file, used in networking as part of Windows TCP/IP communications protocol. Although the patch is rated important, it could be used in blended attacks to gain elevation of privileges.

► What to do: Anyone running 64-bit Windows systems or Windows Server 2003 SP2 should install KB 2645640 (MS12-009).

MS12-014 (2661637)
Obsolete, but still vulnerable, technology

As detailed in a Feb. 14 Security Research & Defense blog, the Indeo video codec was first developed back in 1992. While previous updates blocked the use of this obsolete technology by Internet Explorer or Windows Media Player, its components are still part of Windows — and vulnerable to DLL-preloading attacks.

The steps required for a successful attack using this vulnerability are deep down the rabbit hole. Nevertheless, Microsoft has taken the unusual step of installing a dummy .dll on Windows XP systems.

► What to do: Though it’s rated important, Windows XP SP3 users should install KB 2661637 (MS12-014) as soon as possible.

MS12-015 (2663510)
A newer app doesn’t always mean a safer app

Microsoft’s Visio Viewer lets PC users view drawings and diagrams created in Visio within Internet Explorer. Viewer 2010, both 32- and 64-bit versions, is vulnerable to a remote code-execution attack via a maliciously created Visio file. This update is rated important.

► What to do: Install KB 2597170 (MS12-15) as soon as possible — but also stick to the habit of not opening files from unfamiliar sources.

890830, 982726
Save most nonsecurity updates for another day

Microsoft seems to love bunching together nonsecurity updates that need a system reboot and mixing them with the Patch Tuesday security updates. I prefer to review the security updates immediately and then work out later which nonsecurity updates I really need. With that in mind, I recommend putting these patches on temporary hold.

• KB 2597091: It an update for Office 2010, but there are no details on exactly what’s fixed.
• KB 2640148: When your Windows 7 or Server 2008 R2 system is disconnected from a network and you try to expand a mapped drive by clicking it in Windows Explorer, Explorer stops responding.
• KB 2660075: If you updated your Windows calendar history by installing KB 2657025 and then set your clock to the Samoa (UTC+13:00) time zone, you can no longer change system time and date.

On the other hand, you should install the most recent Windows Malicious Software Removal Tool, KB 890830, and Outlook junk e-mail filters such as KB 982726.

► What to do: Stick to the security updates for now. I’ll revisit these nonsecurity updates in the next Patch Watch, along with the other patches in the Patch Watch chart’s “Wait” category.

Pushing out IE 8 and 9 through Windows Update

I’m getting unconfirmed reports that Internet Explorer 8 (on Windows XP) and IE 9 (on Windows 7) are showing up in Windows update as offered patches. If you specifically said “no” to this update, you shouldn’t see it again. But if you merely hid the update, chances are good you’ll see it again.

► What to do: Decline IE 8 on Windows XP systems only if you absolutely must run an earlier version to support a critical application. Better yet, ask the application’s vendor why it won’t support IE 8 before you decline it again.

MS12-011 (2663841), MS12-12 (2643719)
Server admins: hold back on these patches

These two updates are for offices running Small Business Server 2011. MS12-011 patches an elevation-of-privileges threat in the 2010 versions of SharePoint Server and SharePoint Foundation. The update is rated important, but installing it requires some extra work. After installing the patch, you must manually run the command-line psconfig tool, as noted in MS TechNet article 2663841 and explained in more detail in a Windows Small Business Server blog.

Also rated important, MS12-012 is a remote code-execution vulnerability that applies only to Windows Server 2008 and 2008 R2. Given that the flaw is within the Color Control Panel, I consider this an unlikely attack vector. (It’s related to an August 2010 vulnerability described in MS Security Advisory 2269637.)

► What to do: Hold back on rolling out the patches in MS12-011 and MS12-011.

2630434, 2630429, 2630436
Update rollups released for small servers

Update rollups typically fix multiple flaws in a product, and these rollups are no exception. For example, this update for Home Server 2011 patches 15 flaws. But read the description on Microsoft’s Help and Support site, because it also has four known issues — including one that affects Apple Lion platforms. The other rollups are for Small Business Server 2011 Essentials and Windows Storage Server 2008 R2 Essentials. Since these servers are based on the same code, the patched flaws and known issues are nearly the same for all three.

► What to do: Install KB 2630434 (Windows Home Server 2011), KB 2630429 (Windows Small Business Server 2011 Essentials), and KB 2630436 (Windows Storage Server 2008 R2 Essentials).

Regularly updated problem-patch chart

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

The Patch Watch column reveals problems with patches for Windows and major Windows applications.