Re-examining Dropbox and its alternatives

Re-examining Dropbox and its alternatives

By Woody Leonhard

Recent revelations about privacy concerns with Dropbox have led many people — including me — to think about changing my practices regarding online file-storage and -synchronization providers.

If you use Dropbox or some other cloud storage and sync program, let me explain what you do — and don’t — need to be concerned about. And what you can do to sleep better at night.

Michael Lasky wrote about Dropbox in his October 28, 2010, Top Story, Dropbox: File synching and sharing made easy. Dropbox lets you drag and drop files into a special folder on your Windows desktop. The dropped files then magically appear on all other PCs, laptops, phones, and iPads that use the Dropbox service and are set up to share the folder you have. It has good password-based security and fine file-sharing options.

We here at Windows Secrets use Dropbox all the time, both as individuals and as a group. As Michael said, “Every once in a while some product — or service in this case — comes along that we soon find we can’t live without. Dropbox, an online file-backup, -sharing, and -synchronization service, fits that category.”

I personally like Dropbox so much I recommended it in my January 27 Top Story, Seven simple steps for setting up Windows 7.

That’s why I was very concerned when reports started surfacing a few weeks ago about possible privacy problems with Dropbox.

Setting up Dropbox from a privacy point of view

To understand the problems that have caused all the concern, you need to understand how Dropbox works.

When you sign up for Dropbox, you supply a user name and password and then install the application. As long as you’re connected to the Internet, the files you drag into the local Dropbox folder magically appear on all PCs, laptops, phones, and iPads that also have Dropbox installed and are attached to the same Dropbox account. The files also appear online when you sign into the Dropbox site and specify the same user name and password.

The first time you set up Dropbox on a new machine (PC, Mac, phone, tablet), you have to specify the user name and password for your account. (Currently, you can have multiple Dropbox accounts, but you can use only one at a time — you have to sign out of one account before signing into another.) After that, Dropbox remembers the sign-in details, and it’s click-and-drag easy for you to store files in the cloud. Dropbox automatically synchronizes the contents of the Dropbox folder on all of the machines using the same account.

Dropbox has a lot of smarts. For example, it won’t store the same file twice. If you drop a picture of your summer vacation into your Dropbox folder and your brother drops the same picture into his Dropbox folder, Dropbox recognizes the duplication — it uploads and stores the file only once. Even if you and your brother have completely different user names and passwords and work with completely different folders, Dropbox is smart enough to refrain from storing the same file twice.

Moreover, if you make a small change to a big file and then drag the updated file into your Dropbox folder, Dropbox is smart enough to just synchronize the deltas — it identifies the parts of the file that have changed and uploads only those changed parts. That can save you a lot of time and bother with sluggish upload speeds. It also saves bandwidth and storage on the Dropbox servers. Slick.

Other people can’t get into your Dropbox unless you give them your account’s user name and password. (You can set up Public folders with Dropbox, which — as the name implies — are accessible to anyone with the right URL. But you have to specifically designate a folder as Public.)

When you move from one device (computer, phone, tablet, etc.) to another, or you have more than one Dropbox folder set up on your computer, you have to supply the correct user name and password on each device to get at the data. (Or you can sign in to the Dropbox website with the correct user name and password.)

So only people with the user name and password can see the data, right? Well, no — and that’s the source of the privacy problem.

Dropbox privacy called into question

Until a month ago, the Dropbox FAQ said, “All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.”

But as he reported in his April 12 blog, security researcher Christopher Soghoian put two and two together and came to a rather disconcerting conclusion: the only way Dropbox could deduplicate files or store the deltas is if the Dropbox system can get at the contents of your files. At least on the surface, that contradicts the assurance that your files “are inaccessible without your account password.”

The Dropbox help site also stated a month ago, “Dropbox employees aren’t able to access user files, and when troubleshooting an account, they only have access to file metadata (file names, file sizes, etc. — not the file contents).” As it turns out, that isn’t exactly true, according to Soghoian’s blog.

I don’t want to leave you with the impression that Dropbox was trying to hide the fact that it could (and can) look at the contents of your files (for example, in response to a legal warrant). A Dropbox representative, Drew H., stated publicly in a three-year-old Dropbox forum post that company employees were authorized to look at stored content such as file names — but not file contents. Dropbox encrypts the data before it’s stored, but the encryption is done with Dropbox’s own keys, and those keys are maintained by Dropbox. When required, people at Dropbox can get at the keys and decrypt your data; but that process is tightly controlled, as described in the “Compliance with laws and law enforcement requests; protection of Dropbox’s rights” section on the company’s Privacy Policy page.

Soghoian posted his analysis on April 12; shortly after, several Dropbox website statements on privacy and security changed. On April 21, the folks at Dropbox posted a clarification of their terms of service. “We felt our old TOS language was too broad and gave Dropbox rights that we didn’t even want. We wish we had explained this when we made the change, but unfortunately we didn’t and we’re sorry if these changes have raised concerns about our commitment to keeping your stuff private.” Again, it’s important to note that Dropbox has always clearly stated that it maintains keys for unlocking all of the data: that’s in the company blog and has been for years.

The blog goes on to describe situations in which Dropbox will divulge your data, under the new Terms of Service: “We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good-faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) protect Dropbox’s property rights.” You can see the full statement on Dropbox’s Privacy Policy page.

You may find those terms chilling, but Dropbox does make a compelling argument in its favor by comparing its Privacy Policy with those of Apple, Google, Skype, and Twitter. Apple and Google store data online and have similarly broad-reaching policies. Skype and Twitter aren’t quite so broad, fitting the nature of their service.

Soghoian has since filed a 16-page complaint with the U.S. Federal Trade Commission, alleging deceptive trade practices and unfair competition. He argues with some authority that Dropbox has an unfair advantage over competing cloud file-sharing services by maintaining its own keys (which allows its programs and employees access to your data). He further argues that Dropbox is misrepresenting the strength of its security and that its inferior security practices allow it to operate at a lower cost than its competitors.

What should — or can — you do about it?

I don’t have any secrets worth sweating about, and I bet you don’t either. But it’s disconcerting nonetheless to know that specific Dropbox employees, no doubt following strict company guidelines, can see all of the data in my Dropbox folders. I’m also more than a little concerned about recent massive data breaches, where data and keys on other sites — such as Epsilon, Sony, Honda, Netflix, DSLReports, SecurID, Gawker, WordPress, iTunes, and many more — have fallen into bad-guy hands. Dropbox may follow the best security practices in the world, but that still doesn’t make the company or its employees impervious to the rewards of data harvesting. And who’s to say the keys can’t be swiped as well?

Depending on your level of security comfort (or paranoia), you have four possible choices if you want to synchronize data in the cloud:

You can use Dropbox, realizing that the staff of Dropbox has the capability to read your data and send it to duly constituted authorities in some jurisdiction or another. If you understand the situation and it doesn’t bother you, more power to ya!

You can encrypt your data before Dropbox gets it. The people at Dropbox recommend TrueCrypt, which runs on Windows, Mac OS X, and Linux. In general, all you have to do is put a TrueCrypt-encrypted file inside your Dropbox folder and change one setting on the TrueCrypt file. Dropbox has a forum thread that describes the approach and some of its problems. Suffice it to say that most people find it works easily. The major downside? It doesn’t work on mobile devices, and file uploads and downloads might take longer.

You can use one of the integrated Dropbox third-party routines that perform encryption and decryption. At this moment, SecretSync and BoxCryptor are the best-known representatives of the genre. Both work with the Dropbox API and allow you to encrypt and decrypt the data with your own keys. Dropbox still encrypts the files (a second time), but should the occasion ever arise where Dropbox or some nefarious person uses the Dropbox key, the resulting file will still be scrambled — and you’re the only one with the key. Users report varying degrees of success with BoxCryptor on Mac OS X and Linux. SecretSync support for Mac and Linux is “coming soon.” There’s no mobile support for this technology, either.

Or, you can drop Dropbox altogether. SpiderOak offers similar services, free, without the centrally maintained encryption keys: you encrypt the data with your key — and only you have the key. Bad guys can steal everything in SpiderOak, and they still can’t crack your files. With SpiderOak, you create your password on your own computer — not through a Web form received by SpiderOak servers. According to a SpiderOak FAQ, “When you create a SpiderOak account, the setup process happens on your computer (after you download the application), and there your password is used in combination with a strong key derivation function to create your outer layer encryption keys. Your password is never stored as part of the data sent to SpiderOak servers.” In fact, SpiderOak’s support staff has no ability to reset your password — you are completely responsible for its safekeeping. SpiderOak works on Windows, Mac OS X, and Linux but not on mobile devices.

SpiderOak even offers an open license, which allows your company or organization to set up its own SpiderOak operation. The administrator can see each account’s name and contact information as well as the amount of data stored — and that’s it. There are no keys floating around and no way for admins to look at the data. SpiderOak calls it “zero-knowledge privacy.”

So whether the Dropbox privacy news elicits a yawn or seems dire (or at least sobering), you now know its limitations and you have alternatives.

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His books on Windows and Office include the award-winning Windows 7 All-In-One For Dummies. His many writings cast a critical eye on the latest industry shenanigans.

Young hacker thwarts Parental Controls — how?

By Kathleen Atkins

The careful parent needs to be tech-savvy.

Lounge member John S0603 is the wary parent of a clever child, who can get around Windows XP Parental Controls, change file and folder ownership, and delete or disable Norton Internet Security. He wants to know how she did it so that he can block future hacking adventures on the family machine.

Other Lounge members describe possible ways and means, offering a range of Admin/Parental remedies that you can see here. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

Guest lizard doesn't lounge on show

By Revia Romberg W.C. Fields said you should never work with animals and small children. This is advice that anyone who works in front of a camera should keep in mind. And that’s especially true for TV journalists, given the range of their possible interview subjects on any given news day. The reporter in this video learned that lesson the hard way — and would have undoubtedly preferred a less up-close-and-personal engagement with his guest. Play the video

Holy …! My Win7 backup folders are empty!

By Fred Langa It’s alarming: the folder that you thought held all your backups shows a size of zero bytes! But it’s also normal; your Windows backups are there — just hidden. Here’s how to see them.

Revealing files Win7 hides by default

Reader Jean-Pierre was understandably concerned:

• “Hi Fred, I have done a complete image backup as you explained [in the May 12 Top Story, ‘Build a complete Windows 7 safety net’]. However, when I went to where the image was saved and clicked Properties, it showed the size was 0 bytes. Is it right? Or did I do something wrong?”

Although it can be startling, Windows 7’s backup tool hides its backup sets from casual view (and casual access) via a special permission privacy attribute. This attribute keeps standard file-management tools — such as Windows Explorer — from easily seeing or altering what’s inside the backups.

Here’s an example. Figure 1 shows the Properties box for a Win7 backup folder on a test PC named “NV4K.” As you can see, Windows Explorer can’t see inside the backup folder and reports it as zero length, zero files, zero folders.

Figure 1. Don’t be alarmed when standard file browsing makes it seem that your backups are missing; Win7 hides them for safety.

You can choose several ways to reveal the backup’s contents, but by far the easiest is to simply double-click the seemingly empty backup folder. Assuming you’re in an admin account (or otherwise have permission to access the backups), a Windows Backup dialog box similar to the one shown in Figure 2 should open.

Figure 2. A normal Windows Backup dialog box should open when you double-click on the empty backup folder.

From here, you have two ways to explore your backups. For a high-level overview, click Manage space used by this backup to open the backup-disk–space-management window. In Figure 3, you can see that the formerly empty test-machine backup folder actually contains 12GB of data-file backups and nearly 307GB of system images. (Naturally, these numbers will be different for your system.)

Figure 3. The dialog box for backup disk–space management reveals the size of your hidden backups.

That dialog box’s How do my backup settings affect my disk space? link is worth following; it provides a good summary of how Windows backup uses disk space.

Normally, you’d use the dialog box shown in Figure 3 when you want to free up space by deleting older, noncurrent backups. But for now, just seeing the backup space allocations should reassure you that your backup data is there.

That’s the overview. If you wish to see exactly what’s inside the backups, file by file, here’s how:

Close the space-management box and double-click again on the backup folder’s icon to reopen the initial Windows Backup window. But this time, click Restore my files from this backup, as shown in Figure 4.

Figure 4. To view what’s actually inside the backups, choose the Restore my files option. Don’t worry; no files will be changed when you click.

When the Restore Files dialog box opens (Figure 5), choose either Browse for folders or Browse for files. For this example, I choose Browse for files.

Figure 5. Clicking Browse for files lets you explore what’s inside a backup.

A new backup-browsing dialog box opens (Figure 6), displaying a folder tree of the files in the selected backup. You can browse and navigate the backup folder’s contents in the normal way, drilling down (e.g., into the Documents folder) as deeply as you wish, to view exactly what’s there.

Figure 6. The Browse the backup for files window displays a standard file tree.

If all has gone well — and it probably has — all your files will be there, intact and ready for restoration should you ever need them.

Where did this Outside In app come from?

Reader Jim Sokolowski encountered an unknown app loading at startup.

• “Hello. A while ago, a little window started popping up when I started my PC. It says Outside In, and it says it’s from Oracle.

  “I have no idea what this is. At first, I thought spyware, but none of my scans sees any problem. It must be part of some program on my PC, but Googling for Outside In doesn’t show any software I recognize.

  “I get concerned when I see something that I’ve never seen before. I’m running Win7. Can you help?”

Outside In is document-management middleware (Webopedia definition) from Oracle. End users like you and me most often encounter it as part of desktop scanner software, such as NewSoft’s PageManager or the OEM software bundled with some scanner and printer hardware.

If the dialog box bothers you and if you don’t need special document-management tools, you should be able to uninstall the document-management software via Control Panel. You still should be able to scan and print normally, but you’ll use Windows standard tools to manage your scans and other document files.

Browser error spoils Google searches

John H. titled his e-mail “Google and Microsoft,” and he sounded quite unhappy:

• “I wanted to vent regarding Google’s search and its poor handling of links to Microsoft.

  “Type in this at Google: Upgrade cost of windows 2003 to 2008

  “Notice that several Microsoft links come up. Notice that when you click on them they never load. I’m using IE 8. Go to Bing, and they work. This seems to be true for all MS links in Google including the Microsoft forums. It’s very frustrating!

  “I thought maybe you guys could blog about it.”

Don’t shoot the messenger, John, but I think the problem’s on your end, probably because of a browser add-on.

I tried your exact search on the day your e-mail arrived — and once again, just now. Google’s Microsoft links work perfectly in IE 8 and in the current versions of IE 9, Chrome, and Firefox.

I suggest you try resetting your browser to its default condition. Microsoft Support article 923737, “How to reset Internet Explorer settings,” even offers a one-click automatic repair in addition to how-to instructions.

Note: All major browsers can be similarly reset to their defaults — a useful tool when browsers act strangely. Check your browser’s help system for information.

Found: 6GB of unwanted Windows log files

David found a surprising amount of wasted space on his hard drive.

• “I recently used the tool Folder Size (portable version), recently recommended in Windows Secrets [May 19 Best Software story, ‘Four free hard-drive maintenance tools’] to locate quite a number of folders and files I didn’t need to keep.

  “One of the folders I found with this tool contained Windows log files — 6GB of them.

  “I could see some of these files were as recent as today; others dated back to when this old computer was new. I opened a recent one and found a lot of gibberish, along with some clear text that duplicated the content of a recent error message (‘Your fingerprint application has stopped working,’ etc.). So I deleted it, along with all the other log files older than today.

  “The computer still works just fine, and I now have 6GB of hard-drive space I didn’t have before.

  “So what are all these log files, anyway? Is there any reason to keep them on my system? Did I do something horribly wrong by deleting them, and now my system is just waiting to crash?”

Log files are usually plain-text records of software actions — changes made, files added or deleted, settings altered, and so on.

Log files can occasionally be useful in specialized troubleshooting, but most older Windows system log files are just digital dust bunnies. Deleting old log files should have no effect on your system.

In fact, most of the commonly recommended cleanup tools — CCleaner (site) and others — can automatically delete unneeded log files. Or you can delete older logs manually, as you did.

Note that most of the software that creates log files also gives you the ability to limit how much space the log uses — or indeed, whether a log is kept at all. It’s better not to let log files accumulate to giant proportions in the first place.

Not bad at all, David: 6GB free, for a of couple minutes’ work!

Fred Langa is a senior editor of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

WP7: Are flash and function too much to ask for?

By Katherine Murray Does your age influence your savvy assessments of technical gear more than you’d like to think? Katherine Murray and her son Chris compare their experiences in a two-part review of Windows Phone 7.

Here’s Katherine’s first-hand account of her decision to try a Windows Phone 7. Next week, Chris Murray gives his perspective on using the same phone.

I’m geeky and not really old, right?

I don’t like to admit this, but maybe I’m just too old for a Windows Phone 7. I’ve been writing about technology for 25 years, and I love being in the flow of things as changes in both hardware and software make it possible for us to choose where, how, and when we want to connect — online or otherwise. But with age and experience comes pragmatism, perhaps; toys must also be functional tools.

When I was writing my last round of Office 2010 books for Microsoft Press, I decided I needed a Windows Phone 7 so that I could use the latest Windows Mobile OS to write about the mobile capabilities of Office 2010 and Office 365. My first look at my new HTC HD7 wowed me: the colors, how vibrant! The touch, so responsive! I was smitten. I happily took my new phone home to customize it and show it off to friends and family.

But the honeymoon didn’t last long — soon, my pretty new phone started locking up. The image on the touchscreen seemed to be telling me to plug the phone into my PC for updates. OK, I did that. Then the Zune software kicked in, and after several moments of what looked like an update in progress, I got an error message that the update was not possible at that time. The only thing to do was to remove the battery and restart the phone.

This process was marginally annoying when it happened only once every few days. But after a few weeks of use, the phone was locking up daily — even though I synched it regularly and updated the software whenever changes were available. Eventually, the phone would lock up several times a day — usually when I had an incoming call.

When your phone no longer works as a phone, it’s time to take some serious action. I could have spent a few evenings scouring the discussion forums, looking for clues about how to fix the problem. I might have gone back to T-Mobile to tell them my phone was a lemon. But in this instance, I was feeling and behaving more like a technology consumer than a technology enthusiast — I just wanted my phone to work. So I gave up on my Windows Phone 7, deciding it was all flash and no function. I gave it to my tech-enthusiast son and went back to an older, key-based Windows phone that was less beautiful but more reliable.

The Windows Phone 7 honeymoon-wreckers

My frustrations with my Windows Phone 7 went beyond the lockups. In all, it came down to four important issues:

• Lockups. A few technical glitches and interruptions may be par for the course on any phone, but when your hardware and software are in conflict multiple times a day — or at critical points in its use — it’s tempting to run your dysfunctional phone over with your car.
• Managing contacts. It’s apparently a point of pride for the Windows Phone 7 team that the phone collects, by default, all your contacts and pulls everybody together in one long — potentially excessively long — list. With some management, maybe this wouldn’t be such a headache, but who has the time? I just want my contacts to be clean, easy to access, and low-maintenance; I don’t want to do lots of sorting and combining and categorizing. The default should be clean and simple so that we don’t have to think about it unless we really want to.
• Synching and updates. WP7 uses Zune software to sync files between the phone and the PC. This seemed clunky and inefficient to me — it takes too long, sometimes throws errors, and puts files in places I can’t easily find. Windows Mobile Phone Center seems much cleaner to me.
• Portrait-to-landscape inconsistencies. One of the features I got a kick out of initially was the ability to rotate the phone and work with it in landscape mode (this being my first adventure into the world of touch-screen phones). This was great for browsing the Web, reading documents, and texting. But my Windows Phone 7 cooperated with the shift only sporadically — when I turned the phone horizontally, sometimes landscape mode would kick in and sometimes not. On one occasion, after turning the phone a number of times and not getting the result I wanted, I very nearly tossed it into the nearby bushes.

Different users, different levels of tolerance

Which brings us to a most unexpected aspect of my whole Windows Phone 7 adventure: having reached the outer limits of my patience, I handed my phone over to my 23-year-old son, Chris — a phone aficionado, long-time Android user, and sometime hacker. Given my experience, I didn’t expect his delight with the so-called gift to last long. I thought that, like me, he’d soon be disillusioned with this toy.

But to my complete surprise, he loves it! (And for him, confoundingly, the phone has locked up only twice, both in places where he got a very low signal.)

How could our experiences be so different? I asked him to share his experience with the WP7 as well. His review will follow in next week’s Windows Secrets.

Meanwhile, at the recent Microsoft TechEd event, the company announced Mango, the new OS for the Windows Phone, which Microsoft promises will offer multitasking, a better browser, and a new and dynamic search experience. The company is offering 500 new features for the phone — which will be great if the phone doesn’t lock up whenever you try to use one of them.

Maybe my experiences with Windows Phone 7 are part of the natural growing pains of a young technology in a relatively mature market. Or perhaps at 50, I am less willing to be flexible and want more reliable function from a phone because I rely on it so heavily. Or maybe the Windows Phone 7 likes Gen Xers better than Baby Boomers. In any event, all past experience aside, I want to like the Windows Phone 7. When Mango arrives, I’ll probably be the first one looking over Chris’s shoulder to see how it actually works.

Katherine Murray is the author of Microsoft Office 2010 Plain & Simple (Microsoft Press, 2010), Microsoft Word 2010 Plain & Simple (Microsoft Press, 2010), and Microsoft Word 2010 Inside Out (Microsoft Press, 2010). She is the co-author (with Woody Leonhard) of Green Home Computing for Dummies (Wiley, 2009).

The need for Windows 7 Service Pack 1

By Susan Bradley I’m revisiting my advice and guidance on Windows 7 SP1, because many Windows Secrets readers had questions. And we’ll revisit issues with that Patch Watch problem child, .NET 4.

976932
When is Windows 7 Service Pack 1 mandatory?

In the last Patch Watch, I gave the thumbs-up to Windows 7 Service Pack 1. Unfortunately, that doesn’t mean some user won’t encounter installation issues. Despite its problems, I’m sticking to my recommendation to install SP1; I believe the process won’t get any better, and sooner or later we’ll need this service pack on our systems. Sometime in the next year or two, Microsoft will probably make SP1 mandatory for you to receive needed security updates.

► What to do: Although Microsoft recommends that single-PC users go to Windows Update for SP1, I still recommend that you manually download and install it. Manual downloads have given me the best updating results. You’ll find KB 976932 on the Win7 SP1 download page.

Note! Before you install SP1, back up your system and review The Windows Servicing Guy’s blog, “General guidance before installing Service Pack 1 for Windows 7 and Windows 2008 R2,” for tips on what to watch for.

2541014
My rule for application-compatibility updates

Updates such as Microsoft’s Malicious Software Removal Tool or Outlook junk filters I typically install as soon as they’re offered. But I’ll often hold off installing any new Windows updates that appear on the unofficial, second Patch Tuesday (usually, the forth Tuesday of the month). These updates seem to have more problems. For example, if I see a Windows Application Compatibility Updates (WACU) offered, I’ll typically add the patch to a test system, then watch the update forums for problems discovered by others.

Sometimes these late-month patches are worth trying immediately, such as the fix in Microsoft Support article 2541014, which addresses a hybernation problem that might appear after installing Windows 7 Service Pack 1.

► What to do: If your system no longer hybernates after installing Win7 SP1, try KB 2541014. If it doesn’t work — as some have reported — you’ll need to uninstall SP1 and contact Microsoft support.

947821
Ready for a new System Update Readiness Tool?

Windows Vista and Windows 7 have a new update process called component-based servicing. Third-party programs, malware, or just installing patches can make this servicing stack have problems with future updates.

If you’ve recently had difficulties installing updates (or when attempting to add Win7 SP1), I recommend updating to the latest System Update Readiness Tool (SURT) — it should find any new problems that need to be addressed prior to deploying Windows 7 SP1.

After installing the update, click the Windows Start orb and, in the Search programs and files box, type

%SYSTEMROOT%LogsCBSCheckSUR.log

You’ll get a log file similar to the one shown in Figure 1. Review it to determine what issues the tool found.

Figure 1. A sample log file from the Microsoft System Update Readiness Tool.

A second log is accessed by entering the following:

%SYSTEMROOT%LogsCBSCheckSUR.persist.log

The System Update Readiness Tool can also be used to fix issues with .NET 4 updates, as described in an MSDN blog.

► What to do: KB 947821 provides a link to the latest SURT for your OS.

A quick repair for .NET update failures

Updating .NET is never painless, but repairing .NET 4 after a failed update installation can be relatively easy. Once you’ve repaired .NET 4, try installing the update again. The following steps usually work for me.

► What to do: Go to Control Panel/Programs and Features (Uninstall or change a program), choose .NET 4, and double-click Microsoft .NET Framework 4 Client Profile. Next, choose Repair .NET Framework 4 Client Profile to its original state, as shown in Figure 2.

Figure 2. Repairing .NET 4

It’s the end of the road for Firefox 3.5

If you’re a fan of Firefox 3.5, it’s time to update to at least Firefox 3.6 but preferably Firefox 4. As related in a MozillaWiki entry, the company wants users off Firefox 3.5 as soon as possible. The Wiki entry goes into some detail about how Mozilla plans to prod reluctant upgraders.

► What to do: Update immediately to Firefox 3.6 or Firefox 4. Firefox 3.6.18 will be released this month. More adventurous users can install a beta version of Firefox 5 from its info page. (The beta for Version 5 was announced May 20.)

Apple releases a malware detection tool update

Yes, Macs are targets of deceptive malware. On May 31, Apple released security update 2011-003, in part to protect Mac users from the fake antivirus app, MacDefender. The update is for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.

► What to do: See Apple security article HT4657 for more information on the patch, and install it if it’s offered.

Regularly updated problem-patch chart

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. On heavy patch weeks, you’ll find the table in the most recent Windows Secrets Lounge Patch Watch column post.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley has been named an MVP (Most Valuable Professional) by Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.