Symantec uninstaller may not finish the job

Symantec uninstaller may not finish the job

By Scott Dunn Like most Windows software, Norton security products, published by the Symantec Corp., come with an uninstall option to remove the software from your computer. Unfortunately, neither Symantec’s bundled uninstaller — nor a little-known, special utility from the company — removes every single thing.

Incomplete removal poses a risk to users

My Jan. 24 round-up on reviews of security suites reported that Symantec’s Norton Internet Security 2008 had garnered Editors’ Choice awards from PC Magazine and PC World — more top prizes than any competing suite. Soon after my article appeared, dozens of readers wrote in to complain about their experiences with Symantec software. Among other problems, they cited the difficulties they’ve had uninstalling Norton security products.

In addition, a number of sources confirm that security software in general, and the Norton product line in particular, do a poor job of removing their products.

Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer’s machine, such Registry entries may in some cases cause conflicts for other software.

For example, self-described industry guru Dave Taylor warns that “the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes.”

Mark Hasting, creator of a site known as PC Hell, reports hearing from many users who want to remove Norton products. “I’ve even received mail from computer users trying to install an antivirus product,” he explains, “and they are told to uninstall Norton before they can proceed, even though it appears Symantec products are not running on the system.”

Hasting, it should be noted, makes an identical claim about McAfee’s antivirus and security products.

To examine the problem for myself, I used a test computer to analyze the uninstall process of the full version of Norton Internet Security 2008. I also tested a trial version of that product and Norton 360, a related, all-in-one security package.

In every case, I found that one .dll file (symlcrst.dll) and a few other other files and folders were not removed by Symantec’s uninstall routine. Also, the Windows Registry still showed numerous references to the removed products.

That a wide range of Symantec products are difficult to completely uninstall is suggested by the Symantec support site itself. The site offers a free Norton Removal Tool. Although the Symantec Knowledge Base claims the tool is only for failed installations or damaged products, the company continues to update the utility to remove a host of its products. This include Norton 360, Norton Ghost, Norton Save & Restore, pcAnywhere, WinFax, and any Norton Internet Security product dated 2003 through 2008.

To test the effectiveness of this utility, I ran the Norton Removal Tool after doing a normal uninstall of Norton Internet Security 2008. I then restarted the computer. Although the tool did remove some Registry entries and delete some stray folders on the hard disk, it still didn’t do a thorough job. For example, key Registry entries, such as

HKEY_LOCAL_MACHINESOFTWARESymantec

remained, as well as a .dll in the Program FilesCommon Files folder.

Symantec products aren’t the only security software that present uninstall challenges. The tips-and-hints site PC Hell provides instructions for removing well-known products from McAfee, Avast, AVG, and AntiVir. It also includes links to special uninstall utilities provided by McAfee and Avast, in addition to a Registry cleaner from AntiVir.

I installed and uninstalled the latest trial version of McAfee SecurityCenter on a test machine running Windows XP Pro. The results, while not perfect, seemed less troublesome than the Norton examples. McAfee SecurityCenter’s uninstaller left behind three small data files (with .txt, .bak, and .dat extensions). It also left a handful of Registry entries, but these appear to be harmless artifacts of the product.

Symantec clarifies its uninstall approach

Symantec spokespeople defend the behavior of its install and uninstall routines. According to Jody Gibney, senior product manager for the Norton Internet Security product line, the install and uninstall process has undergone a major overhaul since the 2006 versions. “Between Norton Internet Security 2006 and Norton Internet Security 2008, we’ve managed to reduce the number of Registry entries left behind,” she said in a telephone interview.

Gibney acknowledges that one DLL is intentionally left behind. This is a DRM (digital rights management) component intended to protect the company against a person installing a trial version multiple times to avoid paying for the product. Symantec does not remove any Registry entries related to this component.

If a user has installed multiple Norton products, all of which use the Norton LiveUpdate utility to install patches and virus definitions, Gibney points out that the uninstaller for one product will not remove that component — even if that product was the first to install the files. Naturally, if someone forgets or doesn’t know that they other Norton products are still installed, the presence of LiveUpdate may appear to indicate an incomplete uninstall.

In my tests, the Add or Remove Programs control panel displayed separate uninstall options for Norton Internet Security 2008 and LiveUpdate. Uninstalling the Norton product also removed the LiveUpdate component, apparently because no other Norton products still remained on my test machine.

Gibney advises against using the Norton Removal Tool as an uninstall method. Instead, she recommends using the product’s Uninstall command (found within Windows’ Start menu) or the Add or Remove Programs control panel. “Only use the Norton Removal Tool if you have a problem,” she says. Otherwise, you may cause problems for Norton Ghost or other Norton products you may have installed.

“We’ve put a ton of effort into Norton Internet Security 2008 and will do the same for Norton Internet Security 2009,” says Gibney. “People who have a valid subscription are entitled to a 2008 update,” she adds, indicating that this will eliminate most uninstall problems.

How to remove Norton products from your system

Fortunately, if you need to remove a Norton security product from your system, a number of Web resources exist to help you do so. The correct approach varies, depending on whether you’re removing only one of several Symantec products or all of them:

Removing only one Symantec product when more than one is installed

Open the Control Panel and use the Add or Remove Programs applet (in Windows XP) or the Programs and Features applet (in Vista) to see the number of Symantec programs that may be installed. If several are present, and you wish to uninstall only one, run that program’s uninstall function to remove it.

Removing all Symantec products, however many are installed

Whether you have only one Symantec product or several installed, if you’re removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.

After you’ve uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions at the Symantec support site. This involves running the Norton Removal Tool for your particular product.

As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program FilesCommon Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don’t use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or “most recently used” list).

For the most thorough removal, the Dave Taylor support site provides detailed instructions for removing Symantec files and Registry entries from an XP system. Users of Vista shouldn’t have much difficulty translating the same steps for that operating system.

Software publishers expect users to agree to and obey restrictive license agreements. In return, customers have every right to expect developers to create products that leave a system completely free of that software when uninstalled.

Makers of security software, in particular, have a responsibility to make sure that removal of a product doesn’t compromise security further by making it difficult for other security products to be installed.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

Positive reviews for Norton raise readers' ire

By Scott Dunn

I wrote on Jan. 24 that Norton Internet Security 2008, a Symantec product, now has the greatest number of Editors’ Choice awards of any security suite, and therefore has replaced the ZoneAlarm suite in the WSN Security Baseline.

This story touched a nerve for a significant number of readers, who have had bad experiences with Symantec and its products in the past.

Some readers revolt against Symantec products

After the story was published, many readers wrote in to voice their criticism of Symantec software. Many, who say they’re disappointed with Symantec’s customer service and technical support, asked that we consider these factors in making our choices.

Unfortunately, Windows Secrets does not have its own test lab to scrutinize antivirus and firewall solutions, and we also don’t have the resources to conduct surveys on customer support. Instead, we analyze the test results of respected labs and let you know which products have received top ratings from the greatest number of reviewers. We publish the WSN Security Baseline as a way for individual and small-business PC users to see at a glance the minimum they need to protect their systems from hackers.

Whatever problems Symantec software has had in the past, the situation is that two major publishers, PC Magazine and PC World, have given their top awards to the latest version of Norton Internet Security. No competing product currently holds more than one Editors’ Choice award from major test labs. We felt it was important to pass that information on to you.

Having said that, one of our best sources of information is your e-mail messages, which form the basis of this week’s top story on problems with Symantec uninstaller programs. I promise to continue to investigate stories that you propose in the tips you send in.

Many feel suites don’t provide best protection

Several other readers questioned the value of recommending suites in the Security Baseline. IT manager Rob Devereux put it this way:

• “I think one of the conclusions that most IT professionals are coming to now is that you will never have best of breed in a security suite, and your findings seem to bear this out with Symantec failing in some surveys, and ZoneAlarm in others, in areas where they have weak products.

  “By their very nature, these suites are often the result of one manufacturer who does one job well buying another smaller company or companies to do another security job or jobs and then getting their developers to write the rest and bolt the applications together. For example, Norton started out doing hardware and software diagnostics, went into antivirus, and then bought companies to add in spyware and other functionality.

  “The result, all too often (and Norton is a good example), is a product that has one exceptional component (often the thing that the company did well at first), two mediocre ones, and another one or two awful ones that don’t work well (for instance, the Parental Advisor in the Norton security suite). I have certainly seen a downgrading in the usefulness and reliability of Norton Anti-Virus since they made it part of a suite.

  “The point I am trying to make is that picking and choosing to get the best-of-breed antivirus, the best-of-breed [anti]spyware, the best-of-breed firewall, and so on, can be a far more beneficial and secure way to work than buying a security suite that forces you to have bad products along with good.”

Windows Secrets merged the categories of software firewall, antivirus, and antispyware in the Security Baseline back in 2006, when test labs found that security suites could adequately deliver all three functions. A unified suite can offer simplicity to individual PC users and harried small-business techs. Almost any suite that’s available today provides better protection than an having no security software installed — or having malware signatures that are out-of-date — if multiple products, which can conflict, prove to be too complex for end users to juggle.

IT professionals should, by all means, read the full test results that the Security Baseline links to, and determine for themselves whether a combination of products from different vendors would better serve their company’s needs. In most cases, the same labs that test suites also publish results for each vendor’s separate firewall, antivirus, and antispyware products. We consider the Security Baseline to be only a starting point for those who want to do their own research.

Reader Devereux will receive a gift certificate for a book, CD, or DVD of his choice for sending comments we printed. Send us your tips via the Windows Secrets contact page.

Nuts — a little dab'll do ya

Maybe there’s something in the air. Maybe it’s just the raw, animal attraction that comes with a unibrow. Whatever it is, the star of this 30-second Planters Peanuts commercial has it and is turning heads. For those of you who watched the Super Bowl for the football and left during the commercials, here’s the best of what you missed. Play the video

Don't let social-networking viruses bite you

By Brian Livingston The foolish people who develop Web sites that only work in Internet Explorer, and users who still run IE instead of safer browsers, such as Firefox, repeatedly expose themselves to one hacker attack after another. The latest example is an exploit that afflicts the social-networking sites MySpace and Facebook, in addition to the Yahoo Music Jukebox — but there’s an easy way to protect yourself.

ActiveX bugs expose users to silent infection

The SANS Internet Storm Center (ISC) published a report on Feb. 4 that six ActiveX controls used by several sites can be manipulated by hackers to silently infect PCs. These controls, including the Aurigma ImageUploader, are used by IE to upload photos to social-networking sites and perform other tasks. But the flawed controls can be turned against you if you happen to visit one of several hacked sites that are already taking advantage of the weakness, according to a Symantec alert.

US-CERT, an arm of the Dept. of Homeland Security, recommends that users of IE set the security level of that browser’s Internet zone to “high” to disable all ActiveX capabilities. Well-known Web sites that require ActiveX controls, such as Microsoft’s Windows Update site, can then be added one by one to the browser’s Trusted Sites zone, which permits ActiveX.

Most IE users, however, won’t be able to tolerate such a severe security setting. With IE’s Internet zone set to a “high” security level, the browser pops up an irritating series of dialog boxes — sometimes several per Web page — when visiting many sites that are harmless.

Antivirus vendors are already taking steps to block the new-found ActiveX attacks. But it’s safer for you to disable the affected controls entirely until patched versions are released.

The ISC article specified six hex codes (class IDs or CLSIDs) that can be edited manually in the Windows Registry to disable the flawed programs. This kind of editing is perilous, however. Instead, I strongly recommend that individual PC users download and run a free program that makes the changes safely.

Tiny, user-friendly program eliminates the risk

The ISC’s Tom Liston has developed a small, 4KB utility that locates the affected Registry entries and allows you to quickly disable the vulnerable controls. (See Figure 1.)

Figure 1. The ISC KillBit program allows you to turn on check boxes for each vulnerable ActiveX control, and then click Set to disable the flawed software.

The program writes into the Registry a “killbit” for each ActiveX control. A killbit is not a binary bit, but a long, 128-bit hex code that disables a specific control.

Disabling a control, of course, means that you won’t be able to use that specific function of an ActiveX-reliant Web site, such as automatically uploading photos. In my opinion, that’s a small price to pay to know that you can’t be silently infected via the gaping security holes in these controls.

You may eventually install a patched version of these specific controls when an updated version is released. If so, and the update uses the same CLSID, you can run the ISC’s KillBit program again, this time unchecking the appropriate check box and clicking Set to re-enable the control.

The utility will work only for individual PC users who have administrator privileges. If not, the applet will fail to write to the Registry. Also, if you ever re-enable a control, the utility can delete a compatibility entry in the Registry that the control may need, according to Jesper Johansson, a programmer whose recommendations for IT admins I describe below.

Despite these concerns, I believe it’s best for individual PC users to protect themselves against the ActiveX threats by using the utility. The chance that the applet might not succeed in re-enabling a specific ActiveX control in the future is far outweighed by the risk of allowing these controls to run.

Liston’s KillBit program comes in a GUI (graphical user interface) version or a CLI (command-line interface) version, both of which you can download from the ISC’s Handler’s Diary.

Admins should let Group Policy do the work

For administrators of large numbers of PCs, downloading and running a utility is not the most efficient way to protect your systems. Admins should push the Registry changes out across a network using Microsoft’s Group Policy.

Jesper Johansson, who has been recognized by Microsoft as an MVP in Windows security, has posted specific instructions for doing this in a Feb. 6 blog post. His technique can be employed by knowledgable admins to set the killbit on the risky ActiveX controls using a GPO (Group Policy Object). You can download a .zip file from the blog post and make minor edits to the script so it operates on your specific domain.

For detailed information on killbits and how they work, see Microsoft’s FAQ on the subject. This TechNet FAQ points out that IE and MS Office respect killbit settings, but some programs — notably .hta or “HTML applications” — ignore them.

This means that setting a killbit cannot provide absolute, 100% protection. You’re much better off simply using Firefox and avoiding sites that insist on using ActiveX technology, which is dangerous and not cross-browser compatible.

I gratefully acknowledge contributing editor Susan Bradley’s help with the research for this article.

The Insider Tricks column brings you techniques to enhance your Windows system. Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

WinBubble is the best free TweakUI replacement

By Woody Leonhard With Vista now officially one year old and toddling into its Terrible Twos, I’ve given up hope waiting for Microsoft to deliver an up-to-date TweakUI for the new OS. Fortunately, six enterprising developers have rushed in where Redmond feared to tread, and I’ll tell you which is my favorite at goosing Vista in wondrous — and sometimes useful — ways.

Lack of new TweakUI spawns six Vista twiddlers

Microsoft’s old TweakUI, long a mainstay of advanced Windows users, covered a lot of ground. It helped you change settings buried deep inside the Windows Registry without getting your fingers dirty.

Although the ‘Softies have released a version of TweakUI for every flavor of Windows from Win95 up to and including XP, it looks like Vista customers will need to fend for themselves. (You can still get TweakUI for XP from Microsoft’s PowerToys page.)

Many of you have written in with your nominations for your favorite Vista tweaking utility. In recent weeks, I’ve worked with several utilities that slice and dice Vista, with decidedly mixed results.

• TweakVI from Totalidea Software may be the most popular Vista tweaker. It combines both interface tweaks and performance boosts in a single, easy-to-use package. From what I’ve seen, though, the free TweakVI Basic Edition doesn’t tweak as much as my favorite tweaker, and the two paid versions ($34.99 and $49.99 per year) cost more than I’m willing to spend.

• Vista Smoker Pro (shareware, 7-day/50-use trial: $39.95) aims for performance-improving tweaks. You may have better luck than I did, but I couldn’t feel much of a performance boost after running the utility.

• Fresh UI from FreshDevices works on Vista, XP, and earlier versions of Windows. It’s absolutely free, and moderately useful. The multi-step download process — which requires you to provide a valid e-mail address — put me off, but I haven’t been spammed by the company. Yet.

• The free Vispa concentrates more on security and privacy, with a handful of performance tweaks thrown in for good measure. It hasn’t been updated recently, but it covers a lot of bases in the security and privacy realm. I like Vispa because it doesn’t require any installation — it just runs as a stand-alone program.

• I found Stardock’s Tweakvista (free trial: $19.95) to be very powerful — and very confusing. It gives you access to many settings that can cause problems (e.g., shutting off Windows services), but doesn’t provide a lot of warning about when you might be shooting yourself in the foot. Still, if you’re a confident and experienced Vista Geek, it’s worth a look.

• My favorite Vista tweaker is a very unassuming, free little program from Lawrence Albert called WinBubble. While I have trouble understanding some of Lawrence’s descriptions, his general approach to keeping things light and simple works wonders.

Why WinBubble hit the sweet spot in my tests

Like Vispa, WinBubble doesn’t require any installation regimen at all. Just unzip the downloaded file and stick it into a convenient folder. The program runs clean, without putting any hooks into Vista.

WinBubble helps you hack the Registry to change your PC manufacturer’s info; change the Windows Experience Index (heh heh heh); change the name of the registered owner; put the Windows build number on the desktop; and the like. Easy.

It also adds a few very useful entries to your right-click context menus: Open with Notepad (which I use all the time); Take Ownership of a folder (to overcome that infuriating “Access denied” message); and Move To and Copy To.

Note that Move To and Copy To on the context menu can have some unintended consequences, as described by original TweakUI programmer Raymond Chen in his Old New Thing blog. He points out that Copy To, for example, sometimes appears on a context menu when the command shouldn’t, such as when you double-click an attachment in Outlook.

There are other settings that disable writes to USB drives, bypass User Account Control, turn the Aero UI “glass” effects on and off, show drive letters on Windows Explorer listings, change system icons, modify the shortcut arrow, and on and on.

Where the heck did the name ‘Bubble’ come from?

If you step through Lawrence’s illustrated introduction, called “Unlocking WinBubble,” in Part 4 you stumble across a fun and original tweak: WinBubble can change the hidden settings for the Vista screen savers named Ribbon, Mystify, and Bubbles. It’s true that you can dive into the Registry and manually twiddle some bits to alter these settings. But WinBubble makes it very easy and safe.

This utility is not exactly earth-shattering, but it sure beats the daylights out of editing the Registry by hand. And the results will perk up your day. Guaranteed.

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

Make use of advanced Process Monitor features

By Ryan Russell I continue today the coverage of Process Monitor (PM) that I started in my Jan. 17, 2008, column. Last time, I just introduced the basics. This time, I cover more advanced uses and a “case study.”

Watch out, Process Monitor can crash Win 2000

Reader Richard Bellin brought a rather alarming problem with PM to my attention. The utility can potentially crash Windows 2000, instantly and thoroughly. This was news to me, as I’ve used the program on Win2K at least a couple of times. But even though I haven’t seen this behavior myself, he indicated that there’s a Sysinternals forum thread where several users have reported the same problem. So I believe it exists.

What isn’t completely clear is under what circumstances you might experience the problem, because not all users do. Furthermore, some users who have experienced the problem have been able to get it to stop by (1) disabling their antivirus software while using PM or (2) going back to PM version 1.0. Even if you take these steps, Windows 2000 users should exercise caution with this tool. Thanks to Richard for the warning.

If I had to guess, I’d say the problem is a conflict with some combinations of kernel drivers or other things that poke around in the kernel. Remember Microsoft indicating that it will lock some software out of the kernel in newer version of Windows? One presumes that this kind of problem with PM is one of the reasons why.

At the time of this writing, the problem has been under discussion for several weeks, and is still isn’t out of the research phase for a possible fix.

How to monitor a busy Windows process

Launching PM, I tend to let it log Windows activity for a period of time. I then glance through the events the utility has picked up.

My two biggest hits, in terms of the number of lines logged, are steam.exe and one of my svchost.exe processes.

I already know what the Steam process is: it’s a special network application that Valve Software uses for distributing and maintaining games. Anyone who’s played any of the popular Half-Life games is likely to be familiar with it.

Not everyone knows that steam.exe communicates on the network and checks its files on your disk almost constantly. It doesn’t need to be running all the time, just when you want to play or update your Steam games. So I shut it down for the moment. If you have Steam, you probably want it running most of the time so it can do its work in the background. But you may not while you’re trying to monitor your other system activity.

Shutting down the Steam process leaves me with svchost.exe process 1016 as the only notably chatty process, for the moment. This process seems to be looking at all of my hardware device information in the Registry, over and over.

As I discussed in a previous column, svchost.exe processes each represent one or more services, which your computer usually has running all the time. If you followed my Dec. 6, 2007, and Jan. 3, 2008, columns on Process Explorer, a related utility, you know that PE can tell you which services a particular process represents. Using PE, I’m able to see that the services running on my PC are the Event Log and Plug and Play.

Aha! The Plug and Play service makes perfect sense for this kind of activity. It must be checking to see if any hardware has been added or removed. After all, that’s its job.

It makes me happy when a process seems to be accessing the right set of resources for its task, but I get suspicious when it isn’t. Plug and Play seems to be doing the right thing here. But my diagnosis is only a strong suspicion at this point, and probably should be tested.

The only problem is that neither of these services can be disabled. They’re part of the set of services that you can’t stop. If they crash for some reason, Windows will reboot itself. So, for the time being, I have to be satisfied that I’m guessing correctly about these processes and not try to terminate them.

In PM, I right-click Exclude and select PID to get the process out of my list. Excluding it by name or image path won’t help here, because there are lots of svchost.exe processes.

Process Monitor looks scary, but it’s not

I’ll give you one more column after this one on more things you can do with PM. After all, I said that it was a good way to monitor a program from startup to shutdown, and I haven’t shown you that yet. But I also promised in a previous column that I’d talk about some things that look alarming but are perfectly innocent.

For example, while watching Registry activity go by, you’ll periodically see BUFFER OVERFLOW in the Result column. If you’ve paid attention to security issues in the last 10 years, this is a very scary phrase.

Yes, it still means that a buffer wasn’t big enough, but not in the sense of a security exploit. PM is actually working to prevent the bad kind of buffer overflow.

Say you’re writing a Windows program that needs to access the Registry. At times, you call a function that’s supposed to get something from the Registry for you. You hand the function a buffer (a chunk of memory) to put that info into.

What if what you asked for isn’t going to fit? The only really correct answer is for Windows to tell your program that the object isn’t going to fit. You must create a bigger buffer and try again. In fact, when Windows tells your program that the object won’t fit, the operating system also indicates what size buffer it would have taken.

As a result, it’s become common practice for programmers to ask for something from the Registry using a zero-length buffer, find out how much the object really needs, allocate that much memory, and try again. This means that you’ll see buffer overflows all over the place when you’re using PM to monitor events. If you look carefully, these overflows are usually followed immediately by asking for the same thing, and they succeed the second time around.

What about all those times in the Operation column where PM says CreateFile? Is it creating files left and right, and maybe overwriting something important? You’ll see programs attempting to use CreateFile on system DLLs, the c: root directory, and just about any other file or directory you can think of.

The problem is really just an ambiguous name. The technical documentation is in an MSDN article. Basically, despite its name, CreateFile is most often used to open an existing file.

Most programming languages and operating systems have a concept called a “handle.” This is just a short way to refer to some system resource, often a file. A program calls CreateFile and gets a handle back (it’s basically a number, behind the scenes). The developer can use that handle when asking to read or write a file.

When CreateFile is called, the developer specifies what kinds of things can be done to the file. This includes reading, writing, deleting, and of course actually creating a file anew if it didn’t already exist.

PM shows you in the Detail column what was requested, so you can see what access was sought. Further events on that file will tell you what the program actually did to the file.

I’ll wrap up this discussion on the tricks of using PM in my next column on Feb. 21. Reader Bellin will receive a gift certificate for a book, CD, or DVD for sending a comment that I printed. Send your tips via the Windows Secrets contact page.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.