More tricks to evade keyloggers on public PCs

More tricks to evade keyloggers on public PCs

By Scott Dunn Dozens of readers responded to my Sept. 10 Top Story, many of them proposing alternative ways to evade keyloggers other than the “revised Vesik method” I described. No method can make you completely safe when using a public computer, so you must balance convenience with the level of risk that’s acceptable to you.

The Clipboard’s no safer than the keyboard

The revised Vesik method involves typing nonsense characters into a password input box when using a public PC and then rearranging some of the letters to form your actual password with the mouse. If the PC contains a hardware keylogger or is infected with a software keylogger, rearranging a password in this way will usually suffice to obscure your credentials. Most hackers will concentrate on the 99% of users who type in their passwords at Internet cafés in the usual way.

One proposal sent in by many, many, many readers was a variation on a single theme. Namely, keep your sign-in information on a USB flash drive or memory stick, then copy and paste the info into the appropriate fields when you’re required to use a public PC or other unsecured computer.

Unfortunately, many keyloggers capture any information you place into the Windows Clipboard. I tested the copy-and-paste technique using the All In One Keylogger from RelyTec. (For more info, see the vendor’s site.) The program easily captured the sign-in IDs and passwords entered, whether I used the standard menu options (Edit, Copy and Edit, Paste) or the keyboard shortcuts Ctrl+C and Ctrl+V.

In my tests, the All In One Keylogger wasn’t able to capture the information when I performed a copy-paste operation using a context (right-click) menu. But that’s not much to rest one’s hopes on. Other keyloggers do succeed at capturing data copied via context-menu options.

Note that many password-manager products require you to copy and paste your passwords from their database to an input box. (See my Sept. 18, 2008, review of password managers.) Any product using the Clipboard in this manner is vulnerable to a keylogger that captures data from the Clipboard.

Other strategies for blocking keyloggers

Readers suggested various ways of carrying one’s passwords on a flash drive. Jeff H. asked, for example:

• “What about surfing from suspect PCs using only Firefox Portable running off a USB drive, with all your passwords stored in the browser?”

If you store passwords in a portable version of Firefox, make sure you set a “master password” first. This encrypts your passwords so they’re not readable on the USB device for any malware to scan.

To establish a master password in Firefox, pull down the Tools menu, click Options, select the Security tab, and turn on Use a master password. After doing this, you must enter your master password once per browser session.

Another reader, Val Ingraham, proposed signing in using a tool such as the portable version of Siber Systems’ free RoboForm password manager, available on the company’s download page.

Both of these approaches were able to evade the keylogger I tested them with and would likely confound other keyloggers as well.

However, any method that permits automatic sign-in from a flash drive poses a risk of physical security. A flash drive is easy to lose. When you misplace one, you could be handing over your passwords to whoever finds the device — if you don’t enable a master password.

Can freeware provide the privacy you need?

Several readers like products that are specifically designed to defeat keyloggers. Simon Bleasdale recommends Neo’s SafeKeys 2008, available for free on the Alpin Software site. The program promises the same functionality as the Windows On-Screen Keyboard (OSK) utility described in the original tip — but without OSK’s security risks.

(OSK sends keystrokes in a way that keyloggers can see and record. To use OSK if you need it for entering something other than a password, open the software by clicking Start, All Programs, Accessories, Accessibility, On-Screen Keyboard.)

Neo’s SafeKeys 2008 displays a small window with a simulated keyboard on which you can type your sign-in, password, and other information — just as with OSK. But unlike the Microsoft utility, Neo’s SafeKeys 2008 doesn’t transmit information in a way that can be picked up by keyloggers. Nor does the program use the Clipboard. Instead, you type your info in the SafeKeys 2008 window and then drag the data to the appropriate text box in your browser.

Neo’s SafeKeys 2008 successfully evaded the All In One Keylogger product in my tests. Other options help you foil keyloggers that regularly take screen captures to record your PC activities. According to the Alpin Software site, however, the utility’s drag-and-drop methods don’t work with all products — including the Opera browser.

No product will ever be able to guarantee your safety from snoops when you use a public computer. Fortunately, the techniques and products described here and in the previous article can reduce your risk substantially.

You’re the only person, however, who can decide what constitutes an acceptable risk level for your data. That may mean never signing in to Web sites using PCs at Internet cafés — or wherever you’re not sure adequate security precautions have been taken.

Windows Secrets contributing editor Scott Dunn has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

Oh, the sweet, sweet power of temptation

By Stephanie Small Remember when you were a kid and were told to wait before you could eat dessert? That excruciating delay caused fits of fidgeting as you fed the dog your dinner in hopes of hastening the glorious sweet treat at the end of the meal. Waiting takes on a whole new meaning when researchers give children one marshmallow and two choices: eat one marshmallow now, or hold off till the researcher brings you another one — doubling your pleasure. Watch as kids’ hilarious expressions of exasperation give way to bright, broad smiles when they finally receive what they’ve been waiting for! Play the video

Get Gizmo's updated e-book of the 9 best apps

Back by popular demand, this month’s paid bonus is an updated 2nd edition of Nine Free Programs Every PC Should Have by WS senior editor Ian “Gizmo” Richards. This printable, 38-page PDF brings together in one place Gizmo’s top recommendations on the most essential utilities of all time. You can read the e-book and immediately download any or all of the programs it reviews.

All paid subscribers can receive our exclusive download now for a limited time. Free subscribers who upgrade to paid will see a link to the e-book download thereafter. Paid subscribers can simply visit their preferences page and save any changes to see the download link. Thanks for your support! —Brian Livingston, editorial director

Paid subscribers: Set your preferences and download your bonus
Free subscribers: Upgrade to paid and download your bonus

Driver update triggers Vista reactivation

By Fred Langa Out of the blue, your operating system pops up a reactivation warning. Windows Product Activation (WPA) isn’t the Big Brother app some people claim it is, but the warnings sure can be annoying — especially when a system you’ve already activated demands reactivation.

Microsoft anti-piracy tool returns for encore

Bo Nikander wonders why simple updates can trigger a nag to reactivate Windows:

• “Should you warn readers about not updating every driver in Windows — or at least those in Vista? Some driver updates require reactivation of Vista. I don’t know specifically which drivers trigger reactivation (I updated several at once), but maybe Fred could shed some light on the subject.”

Product activation first appeared in XP and has been tweaked several times since then. WPA is nominally an anti-piracy tool that’s supposed to detect whether a copy of Windows is being installed illegally on multiple systems.

In essence, Windows makes a system inventory when it’s first installed and then checks to see whether the OS is being placed on the same core hardware each time its installation routine wakes up. If Windows thinks it’s being installed on a different system, it asks to be reactivated.

WPA accommodates normal hardware upgrades from time to time so that you can add more RAM and can implement other system enhancements without requiring reactivation. However, a major hardware change (such as installing a new motherboard) or even many small hardware changes can trigger the reactivation flag.

Some routine operations can also prompt a reactivation. For example, a system’s WPA records are stored on the hard drive, so reformatting the drive or otherwise losing or corrupting the activation records will generate a request for reactivation.

As for drivers: Windows “talks” to hardware through software drivers so, as Bo suggests, upgrading many drivers within a short time can make Windows think that it’s seeing lots of new physical hardware. Bingo! You get the reactivation nag dialogs.

While it’s always a good idea to get your driver updates directly from the hardware maker rather than through the general services of Windows Update, note that WPA doesn’t care where the drivers come from; Several new drivers at once, from any source, may trigger a reactivation nag.

And the above applies only to third-party drivers. Windows contains many internal drivers of its own that are part of the core Windows installation. Some Windows updates and service packs contain new copies of these necessary internal drivers, so these may also trigger a demand for reactivation.

Microsoft has never fully published the internal details of WPA, so there’s no way to know precisely what will and won’t trigger reactivation. It’s just an annoyance that those of us with legit copies of Windows have to live with, even if we’ve done absolutely nothing wrong.

For additional general info, see Microsoft’s Help and How-to article, “Activating Windows: frequently asked questions,” and also another article on the same site titled “Troubleshoot activation problems.” The articles focus on Vista, but the same information applies to XP and Windows 7.

Technically-inclined readers may wish to explore the WPA resources at Licenturion, which explain some of the inner workings of WPA and can show you the WPA information stored on XP systems. Microsoft’s general apologia for WPA appears in the company’s piracy broadside.

XP’s volume controls reset themselves

The volume settings on Jim McIntosh’s PC won’t stay put:

• “The volume control on my XP desktop always has the control labeled Wave set to about two-thirds. I need to adjust this value manually every time I boot my system. This is very annoying. I’ve tried to reason with the system, to no avail. Is there something I’ve missed that will allow me to set the value to what I want once and for all?”

Microsoft’s Knowledge Base article 305904 describes a problem that’s very similar to yours — though not exactly the same. The glitch can affect any of these three common types of built-in, on-the-motherboard sound hardware:

• Intel 82801AA
• Via AC97
• AC97 for Intel 82801AA

I suspect the solution to your problem is to get new drivers from your PC’s manufacturer. In fact, whenever hardware starts to get flaky, it’s almost always a good idea to click over to the vendor’s site and grab the latest drivers.

It’s a simple expedient that often pays off in a big way!

Why don’t virus scanners dump temp files first?

A reader calling himself “TheZjooj” wonders why antivirus tools can’t also do some file cleanup:

• “I’m wondering why antivirus vendors don’t clean out the temporary Internet files and temp files before doing a scan. I’ve watched scans take many hours, and in most instances the scan is winding through the temporary Internet files and temp files for a majority of that time.…

  “I don’t mind grabbing another tool and quickly cleaning that stuff out, but it sure would be nice to have that option as a ‘one-stop-shopping’ kinda thing.”

If you have so many temp files that they take hours to scan, you’d probably do well to reduce the size of the temp-file area. In IE, click Tools, Internet Options. In the “Browsing history” section under the General tab, click Settings and see how much space is allocated to Temporary Internet Files.

If you have a fast Internet connection — anything above dial-up speeds — you probably don’t need more than 10MB or 20MB of temp-file space, despite what Microsoft recommends. If you use a dial-up link, 50MB is about the right size for your temp files. In my experience, anything more than those amounts just bogs things down with no discernible performance upside.

Normally, files get placed in a temp-file location because there’s a reasonable chance they’ll be needed again. Having on hand a temporary copy of an often-used file saves time and makes your browser seem faster.

Installation software sometimes uses the temp-file areas, especially with programs that require a reboot after installation because the files in the temp area may be needed to finish the install after the reboot. Prematurely flushing the temp-file area can torpedo the installation. This is one of the ways that overaggressive file cleaning can lead to trouble.

Temp files are supposed to be either deleted by the process that created them or left to “age out”: When a temp-file area reaches a certain size, Windows starts deleting the oldest files to make room for new ones. Temp files don’t really become junk files until they linger past their “age-out” date, for whatever reason.

Beyond the age of temp files, there’s no good way for third-party software to know whether a given file in the temp area might still be useful. This is one of the reasons why temp-file folders tend to expand over time: most software treats temp files with caution, so nothing that still has value gets deleted.

Having antivirus tools automatically clean out temp-file areas would risk creating problems where none existed previously. Plus, adding extra functions to an antivirus app — functions that have nothing to do with malware protection per se — starts down the path to bloatware and gigantic do-it-all software suites, which rarely do all jobs equally well. Let’s not go there!

I recommend that you reduce the size of your temp-file area and use both a top-notch AV tool — several of which are recommended by WS contributing editor Rob Vamosi in the Security Baseline — and a separate top-notch clean-up tool, such as one of those reviewed by contributing editor Scott Spanbauer in his Sept. 11, 2008, Best Software column. With a right-sized temp-file area, the problem of overlong scans simply goes away.

Also, good standalone AV and clean-up tools can usually be automated, so you can set the clean-up tool to run at a certain time and have the AV tool do its scans later. This gives you the best of both kinds of tools without the compromises and bloat of do-it-all software suites.

Can I eliminate the Recycle Bin in Windows?

Bruce Kennedy wants to get rid of the Recycle Bin:

• “I see that there’s a wastebasket identified with each drive, but I’m only using the wastebasket on the C: drive. There are occasions when my wastebasket is quite full, and that makes my C: drive quite full until I empty the wastebasket.

  “I’m using XP SP3. Is there a way I can move my wastebasket to one of my other drives, such as the terabyte drive with lots of free space available?”

Out of the box, Windows reserves a huge amount of disk space for the Recycle Bins. For example, on a 1TB external drive I recently installed, Windows set up an insanely huge 50GB Recycle Bin! Fifty gigs! No one on Earth needs a Recycle Bin that large.

Fortunately, it’s easy to reduce the size of your Recycle Bins. Right-click the Recycle Bin icon on the desktop and select Properties. In Vista, enter your preferred amount in the “Custom size” setting. (See Figure 1.) In XP, use the slider control to set the percentage of each drive or partition that will be reserved for the Recycle Bin.

Figure 1. Change the size of the Recycle Bin in Vista by entering the size you want in the “Custom size” setting. In XP, use the slider control.

I generally allot 500MB to the Recycle Bin on larger drives and make it 200MB or less on smaller drives. If you’re like me and you rarely need to dig things out of your Recycle Bin, those sizes may work fine for you, too.

On the other hand, if you’re often rummaging through the Recycle Bin to recover some file you deleted last week, you may need a larger bin. Pick a size and try it; you can always adjust the size up or down later, as your experience dictates.

Odds are, you can resolve your Recycle Bin issues simply by ratcheting back the size of the bins on your drives to something more reasonable than the defaults. I bet you’ll gain back a lot of useful disk space in the process!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Can Windows Mobile catch iPhone and BlackBerry?

By Michael Lasky Windows Mobile version 7 is scheduled to ship in 2010, and the buzz about the major new version is overshadowing Microsoft’s less-notable 6.5 upgrade, which arrives on Oct. 6. Despite some nice interface changes and new applications, Windows Mobile 6.5 will continue to trail the smart-phone competition, although some IT types will like the close ties Redmond’s smart-phone OS has to Exchange Server.

Microsoft tries to get on par with other phones

In a few days, Microsoft will release its latest entry in the smart-phone arena: Windows Mobile 6.5. The question is: Will anybody notice? Not only does the new version face an uphill battle regaining the ground lost to Apple’s iPhone and other sexy smart phones that debuted more recently, Windows Mobile is also competing with the really dramatic changes expected from the 2010 arrival of Windows Mobile 7.

To be fair, Windows Mobile 6.5’s new interface is indeed finger-friendly, copying the look and feel of Microsoft’s Zune media player and iPod wannabe. That in itself is a radical transformation from the strictly-business Windows Mobile 6.1. Alas, the interface changes merely cover up what is still essentially a buffed-up version of the existing Windows Mobile OS. (See Figures 1 and 2.)

Figure 1. The main Windows Mobile 6.1 screen is straight out of the 20th century.

Figure 2. The updated look of version 6.5 is a decided improvement, but it’s not likely to make people drop their iPhones.

Multitasking, touch-screen features limited

The learning curve to master the new Windows Mobile 6.5 interface will probably be similar to the confusion Windows XP users endured when upgrading to Vista. Here are some of the OS’s new features — and what Microsoft isn’t telling you about them.

Startup ‘Today’ screen: Instead of the text-centric desktop of previous versions, the new Today screen offers appealing, easy-to-read fonts for the shortcuts that open voice mail, e-mail, tasks, and other common operations. The controls are placed against a pleasant wallpaper background. For each task, the number of unviewed items in each category is indicated. Finger-tap on the task, and the associated application for it launches.

What Microsoft doesn’t tell you: Until the recent arrival of the Palm Pre, Windows Mobile phones were the only ones that could multitask. The problem with multitasking on a Windows phone is that unless you dig deep into the layered menus — and know exactly which menu to choose — clicking X in a window’s upper-right corner doesn’t close an app but merely shunts it into resident memory. Eventually, apps accumulate in memory, bringing the phone to a near-halt.

The correct way to make running programs stop when you exit them is to choose Start, Settings, and select the System tab. Then choose Task Manager, click the Button tab, and check the box next to Enable the “X” button to end running programs.

Finger navigation: Finger-friendly screen controls are a great improvement, but they’re limited to clicking and scrolling. The fingertip controls also lack the finesse of the iPhone’s ability to stretch images and drag and drop icons. Windows Mobile doesn’t support the iPhone’s gyroscope shift from portrait to landscape mode, severely limiting Web navigation and page viewing on Windows Mobile.

Want the new browser? You must buy a new handset

Pocket Internet Explorer: Long overdue, the upgraded mobile version of Internet Explorer is based on the desktop version of Internet Explorer 6. The good news is that the new browser displays pages more accurately, and finger taps on links will open the new page. Large, icon-style navigation buttons at the bottom of the browser screen take you where you need to go and then disappear when you zoom in, helping you actually read what’s on the screen.

What Microsoft doesn’t tell you: Zooming in and out of the browser window is controlled via a zooming sidebar, not with the phone’s finger-friendly multitouch. More important, existing Windows Mobile 6.1 users won’t be able to install the upgraded browser. It’s available only if you buy an entirely new phone.

App Marketplace: With tens of thousands of programs available in Apple’s lucrative iTunes App Store, Microsoft knew it needed its own version for Windows Mobile. The Windows Marketplace for Mobile will host a bevy of new programs that can be purchased from the phone and downloaded directly to it. The number and variety of Windows Mobile apps will depend on the developers Microsoft can coax to support the platform.

What Microsoft doesn’t tell you: Existing Windows Mobile 6.1 users will need to buy a new phone to access the Windows Marketplace for Mobile, since it will be exclusively part of the upgrade path. Most programs written for previous versions of Windows Mobile will most likely work on the new version — but keep that stylus handy, because the apps won’t be finger-friendly. Touch controls will be available only on apps written expressly for Windows Mobile 6.5. Currently, the Samsung Jack (for AT&T) will support the upgrade.

Struggling for a piece of the smart-phone pie

One of the greatest challenges for Microsoft in promoting its Windows Mobile platform is gaining the attention of consumers. A look at the company’s anemic market share in North America from Jan. 1 to Sept. 20 reveals that all the Red Bull in the world couldn’t give Windows Mobile enough of a boost to contend against its strongest competitors. (See Figure 3.)

Figure 3. Windows Mobile’s single-digit market share — labeled WinCE in the graph — is dwarfed by that of Apple’s iPhone and RIM’s BlackBerry (image courtesy of StatCounter GlobalStats).

Microsoft was an early leader in the smart-phone arena with Windows CE for PDAs and cell phones. But the company’s ability to stay on top quickly dwindled as users moved away from the unfriendly — albeit familiar — metaphor of a miniaturized Windows designed to mimic its bulky desktop counterpart.

Most of the sales Windows Mobile has generated to date are from corporate IT departments because of the seamless integration of the OS with Microsoft’s Exchange Server. This makes Windows Mobile a purchase of choice for conservative, don’t-rock-the-boat IT technocrats.

However, to capture the hearts and minds — or even the attention — of everyday cell-phone users, Microsoft realized that it must switch to a “finger-friendly” touch-screen interface and support myriad applications. These qualities have carried the iPhone and some BlackBerry models to the dominant positions they enjoy in the market today.

WS contributing editor Michael Lasky is a freelance writer based in Oakland, California who formerly wrote the Left to My Devices column for PCWorld.com.

Important security patches available for Firefox

By Susan Bradley Mozilla has ended support for version 2 of the Firefox browser, so if you haven’t upgraded already, it’s time to get version 3.5.3 (or 3.0.14, if the 3.5 release isn’t compatible with your system). Now that browsers are the principal entry point for malware, ensuring that you have the latest release is more important than ever.

Apply these Firefox updates as soon as possible

If you’re one of the many people using the Firefox browser, make sure you’re running either version 3.0.14 or, better still, version 3.5.3, which offers enhanced video playback. The many security fixes in Firefox 3.5.3 are documented in Mozilla’s release notes.

For anyone who’s still running Firefox 2, you’re overdue for a browser upgrade, because that version is no longer supported by Mozilla.

To determine your version of Firefox, click Help, About Firefox. If you need to update the browser, click Help, Check for Updates. If an update is available, click Update Firefox. (See Figure 1.)

Figure 1. Open Firefox’s Software Update dialog box and click the link that lets you download the latest version of the browser.

Also updated recently is the popular NoScript script-blocking add-on for Firefox. Version 1.9.8.86 of this donationware fixes an incompatibility with Kongregate, among other patches. The improvements are described in the update’s release notes, and a download link is also available on that page.

Application updates are more vital than ever

A recent Internet Storm Center security report from the SANS Institute raises an alarm about insufficient updating. While most PC users these days are diligent about patching Microsoft applications, they’re not so good at patching third-party programs, including Apple’s QuickTime media player, Sun’s Java, and Adobe’s Flash Player.

Secunia’s Personal Software Inspector (PSI) and other tools are designed to identify out-of-date applications. PSI is free for home use and available on the Secunia site.

Unfortunately, many Windows Secrets readers report that they’re getting inconsistent results when they use PSI. Whenever I encounter difficulties like this, I uninstall and then reinstall the program. After I reboot the machine, the detection problems are usually fixed. You can also compare PSI’s scan results with those of Secunia’s Online Software Inspector (OSI) service.

Vendors provide large organizations with tools that scan and patch applications, but it concerns me that consumers have to fend for themselves. Some people claim Microsoft should open its updating service to support third-party products. I’m not sure that’s the right thing to do, but I do know something has to give.

Watch out for unintended Silverlight updates

Reader Ernie Kitt was surprised to find one day that Microsoft’s Silverlight media player had been updated on his Windows XP machine without his knowledge. Most worrisome to Ernie was that he had set the system to notify him of available updates but not to install them automatically.

Why did Silverlight update automatically without notifying him first? Unbeknownst to Ernie, a Silverlight setting allows the program to update itself independently of other Windows patches — and regardless of the settings you’ve chosen in Microsoft Update.

Vista’s User Account Control would keep the Silverlight updater from acting automatically if you use a Regular account. If you’re running with administrator rights on XP, however, Silverlight can update on its own. So you might find, as Ernie did, that suddenly you’ve got a new version of Silverlight.

To check your Silverlight update settings, go to Microsoft’s Silverlight page and right-click anywhere in the big Silverlight graphic that takes up most of the page. (This is below the upper section, which includes the Home and What is Silverlight? links). Click the Silverlight pop-up to open the Microsoft Silverlight Configuration dialog, as shown in Figure 2. Choose the Updates tab, review the settings, and adjust accordingly.

Figure 2. You can adjust Silverlight’s update settings via the program’s configuration dialog.

On Vista PCs, the option to update automatically is grayed out. I recommend that both XP and Vista users opt for the second choice: Check for updates, but let me choose whether to download and install them.

971029
Microsoft offers proactive Conficker protection

Microsoft made good on its promise to provide for Vista and XP the AutoPlay changes the company made months ago in Windows 7. The new AutoPlay updates, however, have been released as optional patches that were not offered to users via the Microsoft Update service.

The AutoPlay patches allow you to configure removable devices so autorun.inf instructions, which might reference malware, don’t automatically execute. To install the patches, browse to Microsoft KB article 971029 and click the installer link that’s appropriate for your version of Windows.

After the AutoPlay patch is installed, inserting a USB flash drive will no longer open a prompt to install whatever executable file is stored on the device. You’ll now have to open a folder window manually to view and open any files on the flash drive.

This change’s biggest impact is on Windows’ Wireless Connect Now feature and Copy Network Settings Wizard. These apps allow you to copy your network settings to a USB flash drive and transport your network settings to another computer. You’ll now have to manually install the executable on the flash drive.

Apple’s iPhones get an encryption update

As the designated iPhone patcher in my company, I update newer 3GS versions of the phones as well as older models. The latest 3.1 update for the iPhone ensures the devices properly respect Microsoft Exchange Server 2007’s drive-encryption settings.

As documented in the iPhone 3.1 release notes, the update enforces compatibility with these settings in Exchange Server 2007. Unfortunately, older iPhones don’t properly support device encryption. If your network administrator has enabled Exchange Server 2007’s Require encryption on the device setting, non-3GS iPhones may now fail to synchronize with the server.

However, administrators can set up a separate mobile policy on Exchange Server 2007 and ensure that Require encryption on the device is not checked. (See Figure 2.)

Figure 2. Disable Exchange Server 2007’s device-encryption option — third from the bottom in this image — to support older iPhones.

If you use an old-model iPhone that connects to your organization’s servers, check with your network administrator about this setting. If the administrator isn’t willing to make the change, don’t upgrade your iPhone to the latest version.

Be quick about this QuickTime update

I’ll bet dollars to doughnuts (or maybe apples?) that your PC has a copy of Apple’s QuickTime media player installed. Make sure you’ve upgraded to version 7.6.4, which fixes problems that can occur when you view infected movies and MPEG4 content on Web sites. The QuickTime fixes are described in Apple’s advisory.

Pay close attention when you apply the upgrade, however. When I recently updated iTunes and QuickTime on my PC, I noticed that Apple is once again prechecking the offer to install its Safari browser. I’m not a fan of prechecked software downloads, as I made clear in my Aug. 13 Top Story.

If you don’t want to install Safari, make sure you uncheck its box before proceeding with the QuickTime update.

Sun’s Java updates fix non-security bugs

For those running the SE 6 version of Java, version 16 is now available, as documented on the Sun Developer Network site. If you use the Java Development Kit 5 update 20, you might notice that update 21 has been released. The update is described on Sun’s developer site.

Both Java updates address nonsecurity bugs, so you probably won’t get prompted to update. Nor are the patches necessary for most users. The updates are intended primarily for developers who debug Java apps in Eclipse. So you can relax — for now.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.