ISSUE 17.17.0 • 2020-05-04

Help: customersupport@askwoody.com

In this issue

SAFETY: Simple ways to receive severe-weather alerts

BEST OF THE LOUNGE: Device Manager’s endless search for new hardware

LANGALIST: 750MB of undeletable log files!

PATCH WATCH: Is it safe yet?

WINDOWS 10: Controlling Windows update downloads

SAFETY

By Nathan Parker

Over this recent Easter weekend, major storms and tornadoes raged across the United States.

The southern regions were hit especially hard, incurring massive damage and more than 30 deaths. It was tragic — but not at all rare, and not completely unexpected. Early severe-weather warnings might not reduce the destruction but can reduce fatalities.

Most of you in the AskWoody community know me as the Apple-platform guy. But my true vocation is the weather business. Following the recent storms, I felt the AskWoody community should be informed about some tools for receiving life-saving weather alerts. Many of these services are free or low-cost; others are geared more toward organizations. But all can let you receive critical weather information before it’s too late.

Destructive storms — wind, rain, lightning, tornadoes, and so forth — can hit anywhere and at unexpected times. I recommend taking a bit of time now to be prepared with emergency supplies and plans. It’s also important to have multiple ways to receive weather alerts, which is the focus of this article.

Disclaimer: I’m an IT consultant for Earth Networks, a weather collection, analysis, and reporting organization. Some of the weather-related data and apps I’ll discuss below come from the company. But I’d make the same recommendations even if I worked elsewhere. This article is a personal contribution to AskWoody; it’s not in any way sponsored, endorsed, nor affiliated with Earth Networks.

A department of the U.S. National Oceanic and Atmospheric Administration (NOAA), the National Weather Service (NWS) operates a nation-wide NOAA Weather Radio (NWR) service. During severe-weather seasons, an inexpensive NWR-capable radio is a front-line tool for receiving critical alerts.

You can pick up a simple, battery-powered NWR receiver for under USD $30. They’ll work even if AC power and the Internet go out — as they often do in big storms. (Always keep a pack of fresh batteries nearby.) If you’re not familiar with how these radios work, I’ve posted a video on how to program them. I live in Arkansas, a state that is quite familiar with severe weather. Here, even local TV stations occasionally travel the region, selling and programming weather radios.

The best NOAA Weather Radio devices include S.A.M.E. technology, which allows users to set alerts for specific counties. So if you hear an alert, you’ll know it’s relatively local. One example of a good NWR radio is the Midland WR120B, available on Amazon for about $40. Along with the S.A.M.E. feature, the radio’s user can choose to receive specific alerts (such as Tornado Warnings and Severe Thunderstorm Warnings).

The drawback with NOAA Weather Radio broadcasts is their county-wide basis. They have not caught up with the National Weather Service’s polygon alert structure that more narrowly defines the location of a severe weather event. Nonetheless, the weather radio’s simplicity makes it an important safety tool.

Because most of us have our phones with us at all times, mobile weather apps are another valuable source for weather alerts. On cellular 4G networks, you can often receive warnings, even with an Internet outage. The apps can also use a smartphone’s GPS location services to receive “local” alerts when you’re traveling. (These apps typically use the “polygon” alert system.)

I’ve tested a variety of mobile weather-alert apps over the years. For consumers, I recommend the free Baron Critical Weather app for Android and iOS. Its alerts typically go out quickly; in addition to the NWS alerts, the app includes exclusive information such as proximity warnings for lightning, snow, hail, and damaging winds. It also includes a set of excellent weather-map layers for tracking severe weather. You’ll have access to some of the same weather technologies used by TV stations and public-safety professionals. For Alabama residents, Baron offers a variant called Alabama SAF-T-Net. Search online for apps and broadcasts for your local area.

Another mobile weather app I use regularly is WeatherBug for Android and iOS. As with Baron, WeatherBug sends out NWS and proprietary alerts. You also get data from thousands of commercial-level weather stations and cameras. The apps also offer live lightning tracking that can report lightning totals, both cloud-to-ground and in-cloud.

Many newer smartphones also support Wireless Emergency Alerts (WEA) broadcast by the NWS. These include warnings for tornadoes, flash floods, missing persons (AMBER), and other events — such as those much-discussed “Presidential Alerts.” But the aforementioned applications are a better bet because they offer better information and customizations.

Alerts sent out on landlines are a bit old-school but still important — especially if you keep your smartphone set to “Do Not Disturb” at night. Voice-call warnings are generally offered by local governments and sometimes by local TV stations as a service to their viewers. For example, my town of Hot Springs, Arkansas, offers CodeRED voice-based severe-weather alerts free to residents. (The service also sends out major announcements from city government officials as well.) And a local TV station offers its low-cost WeatherCall.

Voice-calling services generally issue alerts based on the “polygon” model, but some older services still broadcast county-wide (similar to a NOAA Weather Radio). So check with the service before signing up. I also recommend ensuring that the house phone (or voice-over-IP system) has some sort of backup battery for power outages.

With landlines going the way of the dodo, cellphone users who have “Do Not Disturb” set can still get voice alerts. They just need to enter the calling-service number into the phone so that alert calls override DND.

Businesses and organizations that wish to distribute weather alerts to in-the-field staff should look at Weather Message. It offers a server/client package that distributes alerts quickly and relatively inexpensively — one server and up to 50 connections is just $67. The system uses NOAA Weather Wire Service, one of the fastest ways to receive severe-weather alerts over the Internet.

Two of the most popular Windows applications for serious weather trackers and would-be storm chasers come from GRLevelX. The primary difference between the two apps is the type of information they display.

GRLevel3 ($80) is a viewer for NOAA NEXRAD Level III (more info) weather Doppler radar data. Simply put, it shows a variety of weather activities on a flat map — as you’ve undoubtedly seen if you watch the nightly weather report on TV news broadcasts.

GR2Analyst ($250) is a viewer for NEXRAD Level II Doppler radar streams. It has some fancy features such as the ability to view storm cells in 3-D (similar to the 3-D storm tracks seen on local TV stations or on The Weather Channel).

Typically, NEXRAD Level II information is updated faster and at higher resolutions than is Level III. But Level II offers some additional information such as rain totals. The serious weather enthusiasts will probably want to own both GRLevel3 and GR2Analyst. But if you’re new to weather tracking, start with GRLevel3 to become familiar with how NEXRAD Doppler radar viewers work.

AllisonHouse is heavily used by storm chasers and the weather community. Its basic Storm Chaser package runs about $15 per month and includes access to fast, reliable radar feeds for both NEXRAD Level II and Level III data. AllisonHouse also offers a free severe-weather-warning server that I’ve found to be nearly as fast as the NOAA Weather Wire Service. (AllisonHouse pipes all their NWS data through NOAAPORT.)

Unfortunately, there’s not a Mac equivalent to Weather Message, GRLevel3, or GR2Analyst. However, the popular RadarScope ($30) is available on various platforms including Android, iOS (iPhone, iPad, Apple Watch, and Apple TV), Mac, and Windows. The app adds integration with AllisonHouse (radar feeds, warnings, lightning data, and a handful of additional map layers), so subscribers to that service can go cross-platform. I’ve used RadarScope for years. As with GRLevel3 and GR2Analyst, you can click or tap on a severe weather alert polygon to see its full text.

HAM radio operators, public safety professionals, and members of the media can also register for access to NOAA’s NWSChat. This instant-messaging service offers a way to communicate with the National Weather Service, and it generally displays severe weather alerts shortly before they are sent over the alerting channels. Some storm reports also appear in NWSChat. (I’m working on completing my HAM radio operator–license exam so I can use NWSChat during major weather events.)

In those areas that have tornado sirens, why not simply listen for those attention-grabbing signals? The short answer is that relying on just that one source for severe-weather alerts (or any one source) is potentially dangerous.

Tornado sirens are generally geared for outdoor use; you can’t always hear them indoors. Moreover, sirens are often based on older, outdated technologies, so their usefulness can be hit-and-miss. Some community sirens sound across an entire county; others have upgraded to the more-accurate “polygon” technology — and added voice alerts as well.

Also, tornado sirens have traditionally had just the single function. Some still do, while others have been upgraded to alert communities of other types of severe-weather events such as flash flooding and civil-emergency messages.

So sirens are still an important tool to help protect communities from a variety of weather phenomena. But they should not be relied upon as the only warning system.

I hope you find this review of weather tools interesting and useful. There’s a general impression that storms are only getting more severe and damaging. Take time to plan and prepare!

Nathan Parker has been using Apple devices since 2006, when he purchased a PowerBook G4 running Mac OS X Tiger. He has worked in various IT consulting roles and is currently an IT Consultant for Earth Networks (formerly WeatherBug). In addition to his contributions on AskWoody, Nathan also blogs weather updates at WeatherTogether. And he’s working on his PhD.

Best of the Lounge

Have you ever booted your PC and noticed a notification that the machine was “installing new hardware?” But there wasn’t any new hardware to install.

Plus member GLingner ran across this on his Win7 Ultimate system. Making matters more puzzling, this was no one-and-done event; Device Manager was spawning dozens of new “Base System Device” entries. Disabling some of the entries only temporarily stanched the flood of new device entries — it wasn’t a permanent solution.

Fortunately, GLingner‘s shout-out to AskWoody members quickly provided the answer — reinstalling the Intel Chipset Software.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

LANGALIST

By Fred Langa

Sometimes, Windows can’t or won’t delete old and/or no-longer-relevant log files.

Worse, these files can be locked or still marked as “in use,” preventing you from manually deleting them.

But you can use Safe Mode to rid your PC of hard-to-scrub log files — and reclaim potentially large swaths of disk space.

Here’s how — along with a quick refresher on launching Safe Mode in Win8/10.

After reading “Unrelenting flood of EVTX files chokes 1TB drive” (AskWoody Plus Newsletter 2020-04-27), subscriber Eric Belmont got an unhappy surprise when he checked his PC’s log-file areas.

Under normal circumstances, Windows should overwrite or otherwise periodically delete old log files. But as we all know, stuff happens in Windows; it’s justly infamous for its (ahem) non-rigorous trash-collection practices.

Fortunately, there’s always a way to manually delete unneeded logs.

First, follow the steps outlined in the previously cited “Unrelenting flood of EVTX files …” article to make sure no ongoing PC trouble is adding to your unwanted log files.

When that task is done, you can begin the process of cleaning out leftover, orphaned, or no-longer-relevant logs.

Often, the best place to start is with Safe Mode, which boots a PC using only the most minimal and critical components needed to run Windows. All nonessential apps and drivers are left inert. This simplified environment helps with many forms of troubleshooting, but in the case of log-file deletion, Safe Mode ensures that there’ll be only a small level of system-logging activity — and that any logs associated with the rest of your PC’s apps and drivers will be dormant.

As a reminder, Win10’s Safe Mode is part of its Startup Settings, and it takes just a few clicks to get there. Make a just-in-case backup (always a good idea before any system changes) and then dig in as follows:

Windows will restart yet again, but this time to a distinctive Safe Mode desktop. Its black background and the small “Safe Mode” labels in all four corners ensure you’ll never confuse it with the regular desktop. (See Figure 4.)

Figure 4. Safe Mode‘s stark and minimalist look

Most utilities will run in Safe Mode. You should be able to use any normal tool or method (i.e., File Explorer or any of the classic file-deletion tools/techniques referenced below) to navigate to and delete old, inert files from the C:/Windows/System32/Winevt/Logs/ folder — or anywhere else on your PC.

And that’s usually the end of the log file–deletion story. If the PC is working properly and the old logs are gone, what more is there?

Well … there’s this: Windows can be told to deliberately retain (“archive”) old logs up to a user-defined size limit. If this setting is mistriggered by the user, or by software, or by error or accident, Windows will dutifully collect log files until the set space fills up — or until the cows come home. This obviously isn’t a common scenario, but it’s something to remember if nothing else seems to stanch a flood of new log files — or when Windows won’t release old log files for deletion.

Log-file retention can be managed through the Group Policy editor (gpedit.msc) in Win10 Pro and Enterprise. (Win10 Home doesn’t have the editor.) If you think a bad archive-retention setting is at work on your PC, see the references below for more information. But again, this is not a common issue.

Bottom line: Once your PC is healthy and the space-wasting old logs have been removed, your PC’s event-logging system should revert to its normal, unobtrusive, small-footprint self!

More Safe Mode info:

More log file–deletion info:

Classic tools and techniques for deleting recalcitrant files:

More on Group Policies and Event Logging:

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.

PATCH WATCH

By Susan Bradley

Every month, Windows users have to ask the same question: “Is it safe to patch yet?”

As is all too common, the issues and concerns I had at the beginning of this month are not the ones I have a few weeks later. Case in point: I thought for sure we’d have more screams of frustration when the recent Office updates started blocking Web information requested by Visual Basic apps.

But no: I’m mostly tracking possible issues with the Windows 10 1909 update. It’s sort of similar to how we’re feeling these days about staying in or going out; I don’t think you’ll see any issues, but I also can’t guarantee you won’t. It’s confusing, I know.

So what have I seen? As Woody pointed out, it’s been a wacky month for patching (along with everything else). But I will disagree with the esteemed patchagenarian: we did not have an out-of-band Office Click-to-Run patch on April 23. An updated Microsoft MSRC page indicates that the issue wasn’t a zero-day vulnerability at all — that threat was patched back in March. So if you have either the March or April Office Click-to-Run update, you already have the fix.

That said, it does seem odd to me that Microsoft was ready to push out a new Click-to-Run release on April 21 — only to realize two days later that it had already patched the vulnerability. We live in strange times.

As reported in an AskWoody post, I’m still tracking (and have opened up two cases with Microsoft) a connection problem. There’s no specific pattern to the failure — aside from using the MS v4 printer-driver model (more info) and network sharing.

Solving the problem comes down to either uninstalling April’s cumulative update for Win10 1903/1909, KB 4549951, (which I don’t recommend) or switching to a generic and universal printer driver. In one case, a patcher reinstalled KB 4549951, and the failure did not show up again — which makes me think that there could be a race condition occurring (more info), whereby the patch isn’t fully installing correctly. If you’re impacted, try the old trick of uninstalling and reinstalling the update.

It’s the lesson we all should have learned from the pandemic. In the case of computing, it means always having a recent system backup. I believe an external hard drive is a better bet than a flash drive for storing backup files. I’ve never been confident that a PC will play well with a flash drive when updating. For example, my 32GB Acer Spin will not accept a feature-release update without an external, USB hard drive attached.

Next, make sure you have a bootable flash drive loaded with a current Win10 ISO … just in case. Always retain current installation files for key applications stored offline, and keep their product keys and user sign-ins in digital and analog forms (i.e., it’s okay to have hard copies of your credentials).

Consider purchasing a spare solid-state drive (SSD) to have on hand at all times — especially these days, when it might be more difficult to purchase spare parts. Note that mechanical hard drives will usually give some indication that they’re about to fail, such as error messages and/or unusual sounds. But an SSD can just spontaneously die — and usually at an exceptionally bad moment.

Whether it’s general computing or updating, assume the worst — and be pleasantly surprised when things go as they should. Always have another computer, tablet, or phone around so you can Google up solutions to vexing problems.

Patching aside, this is a time to be especially careful about Web activities. Bad guys are pivoting to COVID-19-themed scams and phishing. Turn up your paranoia level a notch or two.

If your job entails protecting networks, keep in mind that attackers are targeting Remote Desktop Protocol, using harvested passwords and brute-force tactics to get a toe into systems. They then attempt to release ransomware onto the network, as noted in a Microsoft blog post.

The Office VB conundrum: I’ve not had any problem with Visual Basic–blocking after installing April’s Office updates. But if you have — i.e., you run into the “Compile error: Can’t find project or library” error message — here’s a reminder for changing the Group Policy setting to prevent intranet blocking:

1) Open the Local Group Policy Editor and click through User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings

2) Open Allow VBA to load typelib references by path from untrusted intranet locations and click the Enabled radio button. Do not enable Internet VBA object libraries; they are potentially vulnerable and dangerous.

Windows 7 threat radar: A reminder that April’s updates plug the Adobe font vulnerability that appeared in March. The flaw is already being used in active attacks.

Once again, if you’re not an 0patch or MS Extended Security Updates (ESU) subscriber, I suggest reading Microsoft’s related security advisory. You’ll probably want to add this workaround. (Note that we got this slightly wrong in the previous emailed Patch Watch.)

Current Windows 7 vulnerabilities: If you want the most recent list of possible exploits against this OS, see the previous Patch Watch column (2020-04-20).

Windows 7 updating reminder: If you are receiving ESU patches, you must have March’s KB 4550735 installed before you can add the regular April updates (ESU subscriptions are still available via Amy’s Harbor Computer Services sign-up form.)

What to do: The issues with April’s updates have been extremely scattered and random. I’ve not run across any of them on my systems. Businesses and experienced consumers should install this month’s batch of fixes — while being prepared to roll back if you run into trouble. (See our online Master Patch List for update summaries for the past few months. The Excel and PDF files also include my rules for updating.)

Finally, be sure to skip the “preview” updates that were released after Patch Tuesday. They were released on April 21.

Servicing-stack updates

Cumulative updates

Again, be sure you have installed KB 4550735 (MS Update Catalog download) before attempting to add new security fixes. If you do not have March’s servicing-stack update, you won’t see April’s updates. Don’t forget: To prepare your system for May’s patches, be sure to install April servicing-stack update KB 4550738 — it should show up after installing the April Win7 updates.

April’s Office security updates fix a bunch of vulnerabilities — and then there’s that potential VBA side effect. Install, but verify.

Office 2016

Office 2013 SP1

Office 2010 SP2

The following Office non-security enhancements and fixes can also be installed at this time.

Office 2016

Office 2013 and Office 2010

As we close out April and roll into summer in the north and winter in the south, take some time to reward yourself with a hobby that doesn’t require technology. One of my favorites is gardening. (For my editor, it’s probably mowing his fields with his tractor.) This year more than ever, we need to treat ourselves with relaxing activities. Be safe, be well, and be good to yourself.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

WINDOWS 10

By TB Capen

Have you had a video stream suddenly start stuttering for no obvious reason — but you suspected it might be because Windows is downloading an update on one of your PCs?

That’s relatively easy to test by simply shutting down all Windows devices. But it doesn’t automatically solve the problem: Windows update sucking up limited bandwidth.

If you have a fast cable-based Internet connection to your home or office, this problem might never show its ugly head. But if you live in a rural area as I do, your only choice for Web access might be a relatively limited DSL service. (In my case, reliable connectivity is made worse by DSL running over old copper lines out on the street.)

Here’s another example: You’ve tethered your PC to a cellphone because your broadband connection has gone down. That happened to me recently. My ISP was doing some work down the road and accidentally disconnected me — for nearly two days. In that situation, you certainly don’t want Windows downloading massive updates.

One solution for managing how updates consume broadband would be to simply set when they are actually downloaded.

If only you could … .

You can specify when Win10 is allowed to reboot after installing a patch, and you have some control over when updates are installed; but by default they’re downloaded pretty much whenever Windows likes.

One option for controlling when patches download is rather convoluted: First, set the “Metered connection” option (Settings/Network & Internet/Change connection properties); then ensure that “Download updates over metered connections” (Settings/Update & Security/Advanced options) is switched off. (Windows might still download some updates.) Finally, when you’re ready to download patches, switch “Download updates over … ” to On and then click the infamous Check for updates option.

Yikes!

Pausing updates: Newer versions of Win10 have a better option. According to a Microsoft FAQ, the “Pause updates for 7 days” feature (Pro and Enterprise editions of Win10 1809 and all editions of 1909) delays both update downloads and installs.

And that appears to be the case. As shown in Figure 1, Windows update shows Status: Pending download.

Figure 1. In this example, my system’s Windows update status reports “Pending download” for a cumulative update.

That technique is workable; with the updates paused, you can pick a convenient time to click the Download button (or Resume updates or Install now) before the seven days are up.

But it’s a manual task, and in my experience, the “Pause updates … ” option can be a bit flaky. Occasionally, downloads have suddenly resumed for no obvious reason other than opening the Windows update window.

Buried in Windows 10 under Delivery Optimization is yet another way to control Microsoft downloads for “feature” releases, monthly patches for Windows and Office, and even applications acquired through the Microsoft Store.

To find Delivery Optimization, click Settings/Update & Security. (It’s the second item in the left column; see Figure 1.)

On this feature’s main screen, you’ll see just one switch: “Allow downloads from other PCs.” That’s useful on managed networks for downloading updates to one system and then sharing those files with other PCs on the local net. (See the Microsoft Docs article “Delivery Optimization for Windows 10 updates.”) However, this option is of little use for home or small-office settings coping with limited broadband.

Below the “Allow downloads … ” switch, you’ll see the Advanced options link. Clicking it opens some far more useful settings: ones that let you limit the amount of bandwidth used for downloading and uploading updates. These options apparently appeared in Win10 1709, but you’ll find very little information on them.

The Advanced options screen notes that Windows dynamically sets how much bandwidth is used for acquiring and sending updates. But you can manually set that number by clicking checkboxes and using “percentage” sliders (see Figure 2).

Figure 2. The somewhat hidden Delivery Optimization/Advanced options let you easily throttle bandwidth used for downloading updates.

The download section is relatively intuitive, quick, and simple, but the upload portion is a bit more complicated. It assumes the PC you’re managing is forwarding updates to other systems on the local network. It lets you limit bandwidth and set a monthly data-amount cap. (Note that download/upload limits can be defined in Windows’ Group Policy; more info.)

Adjusting the download sliders can keep Windows updates from choking your Internet pipe. Simply move the slider to a low number such as 10 or 20 percent (5 percent is the minimum).

Microsoft doesn’t really explain how it measures “bandwidth,” so one has to wonder: the percent of what? Reportedly, the coming Windows 2004 will let you switch from “percent” to “megabits-per-second,” which might be a more useful metric because it’s something you can measure with tools such as Speed.net.

As every Windows user knows, the OS offers various ways to get something done — you just have to know where to find them.

TB Capen is the editor of the AskWoody Plus Newsletter.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2020 AskWoody LLC, All rights reserved.