Use Vista without activation for 120 days

Use Vista without activation for 120 days

By Brian Livingston It’s widely assumed that a newly installed copy of Windows Vista must be "activated" before 30 days are up. But Microsoft has built into Vista a simple, one-line command that anyone can use to extend the activation deadline of the product to a total of 120 days — almost four full months!

How to extend the Vista activation deadline

The concept of "activation" has become familiar to computer users ever since Microsoft introduced it into the licensing for Windows XP.

After installing Windows, you have a 30-day "trial period" to either activate the product or let it lose some functionality. You can activate XP or Vista by allowing the software to contact Microsoft’s servers via your Internet connection. Or, if you’re paranoid about an automated session of this kind, you can call a phone number in various countries to receive a code to enter on your keyboard.

An activated copy of Windows is “locked” to the specific configuration that was present at activation time — motherboard, hard drive, and so forth. Changing several components, such as during a hardware upgrade, can cause Windows to complain, saying it requires reactivation.

Microsoft seems to be liberal about providing new activation codes to anyone who calls the telephone number and provides a plausible explanation. (My hard disk needed replacing, etc.) Don’t be afraid to try calling if a copy of Windows ever needs reactivation.

All versions of Vista allow a 30-day period without activation (except the corporate-oriented Vista Enterprise, which supports only a 3-day trial). If you know the secret, however, you can extend the activation deadline of editions such as Vista Home Premium and Vista Business up to four months past the original install date.

Microsoft provides a command-line program in Vista known as the Software Licensing Manager (SLMGR) or slmgr.vbs.This is a Visual Basic script that resides in c:windowssystem32. You can read the contents of this script file with any text editor or a professional development environment.

Among other things, slmgr.vbs has a function that pushes Vista’s activation deadline out to 30 days from the date the command is run. From the Vista desktop, take the following steps on a machine on which Vista hasn’t yet been activated:

Step 1. Open a command window with admin privileges. Click Vista’s start button and type cmd into the Search box. Rather than pressing Enter, instead press Ctrl+Shift+Enter to open the command window with elevated privileges. If you’re asked for a username and password, provide the ones that log you into your domain. On a single-user copy of Vista, a login shouldn’t be necessary. (My thanks to Serdar Yegulalp for the elevation trick.).

Step 2. Switch to the command-line shell handler. Running script commands in a window will result in irritating pop-up messages unless you change to the character-mode version of Windows Script Host. To do this, enter the following command at the prompt:

cscript /h:cscript

Step 3. Familiarize yourself with SLMGR. Executed with no parameters, slmgr displays a screen of help text. With the parameters -dli (display license information) or -xpr (expiration), the program displays the activation deadline, either in minutes remaining or as a date and time, respectively.

To see the effect of these commands, enter the following in the command window, one at a time:

slmgr
slmgr -dli
slmgr -xpr

If you’ve just installed Vista, the activation deadline will be 43,200 minutes in the future, which translates to 30 days. If Vista was installed some time ago, the remaining time shown will be less.

In my testing, each command required quite a long time to provide a response — as much as one minute. Be patient and wait for the results from each command before trying the next. If you didn’t elevate your command window to have admin privileges in Step 1, you’ll see only error messages.

Step 4. Extend Vista’s activation deadline. The parameter -rearm changes the activation deadline to 30 days from today. SLMGR allows this extension to take place only three times. If you extend the deadline the day after you install Vista, you’ll get an extension of only one day, not an additional 30 days.

The following command changes the activation deadline to 30 days after the command is invoked:

slmgr -rearm

If the operation worked, you should see the message, “Command completed successfully. Please restart the system for the changes to take effect.”

It’s not clear where SLMGR stores the number of times that it’s been used to push the activation deadline back. If this number is stored in the Registry or in a system file, it’s likely that hackers will quickly find a way to eliminate even the three-extension limit.

Step 5. Reboot and test. A reboot is required to make the extension take effect. After the Vista desktop loads, you should repeat steps 1 and 3 to check on your new activation deadline.

The 120-day extension trick shouldn’t be confused with the Vista clean-install trick that I described in my Feb. 1 article. That procedure, which Microsoft also hard-coded into Vista, enables anyone to install the “upgrade” version of Vista over any running copy of Windows, even a just-clean-installed copy of Vista itself.

Microsoft’s developers reportedly programmed the Vista upgrade process to test that it’s running on any version of the OS — not just Windows XP, 2000, and other qualifying products — to make the coding process simpler.

Why does Microsoft allow 120-day extensions?

After my Vista clean-install article was published, a few readers asked whether I shouldn’t keep quiet about procedures like these. After all, as I myself stated in my article, installing the upgrade version of Vista on a clean hard drive might violate Microsoft’s EULA (End-User License Agreement).

First, and most importantly, I’m a journalist. If something is true about Windows, and it’s important for Windows users to know, I’m going to describe it for you as accurately as I can. Many sites on the Web are currently giving out half-baked explanations of Vista’s clean-install feature. I want you to at least have the right info. I’d never publish a technique for a zero-day virus attack. But describing a known feature of Windows that Microsoft built into the product isn’t comparable in any way to releasing viruses.

Second, the fact is that Microsoft itself is writing these features into Vista. If the Redmond company doesn’t want people to clean-install Vista or extend Vista’s activation deadline, a couple of lines of code would quickly eliminate these features.

Instead of leaving them out, Microsoft has deliberately programmed into Vista several back-door features that journalists are certain to find and publicize. These aren’t hacks that require brain surgery on Windows. They’re capabilities that have been specifically added into the operating system in ways that are easy for any Windows buyer to use.

There are only three explanations I can think of for Microsoft to include these kinds of back doors in Vista:

• The Windows development process is out of control and individual programmers are inserting any procedures they like that will make Vista a little more convenient for them;

• Microsoft executives believe that allowing clean installs of Vista and 120-day activation extensions will reduce the cost of providing technical support — more than these back doors will reduce the company’s revenue; or

• MS executives realize that the list prices of the “full” versions of Vista are absurdly high, and that building in back doors that will be widely publicized makes the price of the upgrade versions of Vista seem more reasonable by comparison.

One Microsoft executive, Eric Ligman, publicly criticized in a discussion forum my article on Vista’s clean-install method. I contacted him and asked why Vista’s upgrade routine will happily accept a clean-install version of itself, rather than making a simple test for a qualifying version of Windows. Is this an error on the part of the development team, or was it a Microsoft policy decision to quietly allow this kind of upgrade?

“I don’t believe it’s a bug in the system,” says Ligman, who is senior manager of Microsoft’s U.S. Small Business Community Engagement program. “But it’s not intended as a way to install an upgrade version of Vista without having a license for a previous version to do so.”

Ligman added, “I’m not the right person to comment on the thinking of the development team.” That’s certainly true, so I hope to reach someone within the ranks soon to clarify why a trivial version check wasn’t included in Vista’s upgrade routine.

In the meantime, Ligman points out that companies using Microsoft’s Volume Licensing program are entitled to the cheaper "upgrade" price for Vista even if the firms’ existing desktops are running very old operating systems, such as Windows 98, NT Workstation 4.0, or IBM OS/2. For details, see page 82 of a Microsoft Word document entitled Product List (February 2007).

Legitimate uses of the Software License Manager

Whatever the reasons for the until-now-secret features of Vista, the impact on Microsoft’s revenue stream if people began using these features en masse could be enormous. Consider the following scenario:

1. A college buys a single, retail copy of Vista;

2. Using the clean-install trick, an admin installs the single DVD onto an unlimited number of PCs, such as in classrooms throughout the school;

3. Using the 120-day extension trick, the admin makes it unnecessary to activate the copies until the end of the academic quarter; and

4. At the end of the quarter, the hard drives are wiped clean and the same DVD is used to clean-install Vista on an unlimited number of PCs for the new quarter that’s beginning.

This kind of mass duplication, of course, would clearly violate the Microsoft EULA. A school or company that installed this many copies of Vista from a single DVD would be wide open to an inspection by the Business Software Alliance, which obtains search warrants to conduct audits of machines companywide.

Despite the risks, however, many people around the world can and will use the built-in features of Vista to install as many copies of the operating system as they like.

Either Microsoft’s Vista developers are totally incompetent, which I don’t believe, or Microsoft officials at a high level are encouraging the introduction of these features, judging that the benefits outweigh the risks.

In any case, the Software Licensing Manager has several legitimate uses. Many of these are documented when you run slmgr at a prompt without parameters. I’ll just touch on a few here:

• You can install a new product key by entering slmgr -ipk productkey;

• You can display the installation ID by entering slmgr -dti so you can activate Vista offline (without an Internet connection); and

• You can clear your product key from the Vista Registry by entering slmgr -cpky.

This last command is potentially an important security feature. There’s no need for your product key to reside in the Registry once Vista activation is complete. It might be best to remove it, so it cannot be copied and sent to a hacker by a Trojan horse that might one day sneak onto your PC. I hope to print more detailed information about this in a future newsletter.

In addition to the above scenarios, there are many valid reasons for a Windows admin to extend the Vista activation date past its original 30-day limit. Companies that routinely build test PCs to try out various configurations, for instance, shouldn’t have to buy a new copy of Vista every time a machine is wiped clean and rebuilt. A particular testing process might last more than 30 days, requiring an activation extension.

Using the 120-day extension in various scenarios

My testing shows that slmgr -rearm will extend Vista’s activation deadline in all of the following situations:

1. A standard upgrade. If you installed Vista’s upgrade version while running Windows XP or another qualifying product, this is the ordinary case. The extension works with no problems.

2. A clean-install of Vista. If you use my Feb. 1 clean-install trick to install Vista on a clean hard drive, the command also works with no problems. There’s no need to first install the “upgrade” version of Vista on top of the clean-install of Vista before slmgr -rearm will extend the activation deadline.

3. An upgraded clean-install of Vista. If you’ve clean-installed Vista, and then upgraded Vista on top of itself, the slmgr -rearm command also works flawlessly to extend the deadline.

When the Vista activation deadline passes

Microsoft has baked the activation process into every version of Vista, and I believe that we’ll all be living with this mechanism for years to come. Unlike Windows XP, Vista has tougher rollback conditions when its activation deadline passes and activation hasn’t occurred.

An article (paid reg required) in Windows IT Pro Magazine’s December 2006 issue by Paul Thurrott, my co-author of Windows Vista Secrets, explains some of the behaviors you can expect after the deadline:

• “On a genuine, activated copy of Vista, users will have access to certain features, such as the Windows Aero user experience (which enables glass-like translucency effects and other visual niceties), Windows ReadyBoost (a performance-enhancement feature for systems with a USB-based flash memory device), some Windows Defender antispyware functionality, and optional downloadable updates from Windows Update. However, [if a system has passed the activation deadline] the user will lose access to those features and will receive persistent WGA [Windows Genuine Advantage] advertisements.”

As with Vista’s clean-install behavior, I don’t recommend that businesses try to save money by skirting Microsoft’s licensing scheme. You should use these tricks only for legitimate purposes — such as when you do, in fact, have a paid-for license for the qualifying software.

I wasn’t the first to discover the 120-day extension technique. As far as I can tell, an early description came from Jeff Atwood of the Coding Horror blog. I merely tested the procedure under various scenarios and found it to be reliable. I’d also like to thank reader Ernie Kitt for his research help with this topic.

I welcome your tips on the use of the techniques I describe above. Please send your tips, on this or any other subject, using the Windows Secrets contact page. Reader Kitt will receive a gift certificate for a book, CD, or DVD of his choice for sending me research that I used.

Brian Livingston is editorial director of the Windows Secrets Newsletter and the co-author of Windows Vista Secrets and 10 other books.

New hardware doesn't have to cause problems

By Fred Langa Usually a major hardware change causes endless software hassles. It doesn’t have to be this way. If your current PC doesn’t have "PCI Express" technology, your next one most likely will. Here’s the scoop on PCI Express and what it means for Windows users.

Using Windows with PCI Express hardware

Reader Bob Spaith encountered a problem that will become more and more common as new hardware technology moves into our Windows PCs:

• "I’m wondering what the main differences are between PCI and PCI Express. I’m using a motherboard that only has PCI slots, and I am using an Adaptec SCSI controller card that is PCI Express. I was told that Windows will work with the PCI Express card in a PCI slot (and it does), but part of the card does not have a socket to plug into, so it is not connected to anything.

  "I would like to know what is lost by using a card like this? Speed? True compatibility? I don’t really understand how the card can operate correctly when part of it is not plugged into anything."

Hmmm. Something’s not right there, Bob, so let’s take a moment to sort out some technologies with confusingly similar names.

First, for clarity: PCI and PCI Express are electrical "buses." A bus is a series of connections that your PC’s components and subsystems use to communicate with each other.

Most PCs today are built around the original PCI (Peripheral Component Interconnect) parallel architecture introduced back in the early 1990s. PCI was a replacement for the even older first-generation ISA (Industry Standard Architecture) and EISA (Extended ISA) architectures. These last two bus types have all but vanished from current PC motherboard designs.

Toward the end of the 90s, PCI technology spawned two offshoots. In 1997, Intel introduced AGP (Accelerated Graphics Port), which is a variant of PCI architecture designed specifically for higher-speed graphics cards. In 1999, a consortium of hardware vendors launched PCI-X. This is not PCI Express, but rather "PCI eXtended," which is another variant on classic PCI’s parallel-connection technology designed to increase throughput speed.

A 32-bit PCI-X card can fit into a standard 32-bit PCI slot without problems (although it may have extra connectors "hanging over" the edge of the slot). The PCI-X card will run just fine in a PCI socket, albeit at the slower speed of standard PCI.

Although AGP is also a close variant of classic PCI technology, AGP uses a special slot or socket that won’t accept standard PCI cards. Most PCs sold today have several standard PCI and one AGP slot. In fact, the PCI/AGP combination is all but ubiquitous. PCI-X is still around, but much less common.

PCI Express is an entirely different animal. Originally called "Third Generation I/O" (3GIO) and introduced in 2002, PCI Express is a high-speed serial bus that can run at up to 10 GHz, as opposed to the approximate 1 GHz practical limit for conventional PCI’s parallel architecture.

PCI Express cards usually have special slots or sockets. Normally, you can’t plug a PCI Express card into any standard PCI slot — even if it fits, PCI and PCI Express use fundamentally different architectures (parallel versus serial), and so they’re unlikely to work unless the card has some ability to switch types, which depends on what kind of socket it’s plugged into.

This brings us back to Bob’s example. Adaptec sells both PCI-X and PCI Express cards. I could find no mention in the Adaptec sales literature about their PCI Express cards being interchangeable between bus types. So, my guess is that Bob actually has a PCI-X card, rather than a PCI Express. (The similarity in the names is, indeed, confusing.) His PCI-X card is working, and all he’s losing is the extra speed afforded by the PCI-X technology. His card is operating as if it were a standard PCI card.

You’ll be glad to note that Windows is happy to work with any or all of these technologies. It may be no surprise that Windows works with PCI, AGP and PCI-X because they’ve been around for quite a while. But Windows also works just fine with PCI Express. This is because the consortium that designed PCI Express decided that it would still use the classic PCI driver model on the software side. (In fact, Microsoft was part of that PCI Express consortium.) So, no new classes of drivers or other software would be needed, and any operating system that works with ordinary PCI should also be able to work with PCI Express.

PCI, AGP, and PCI-X are aging but viable technologies that are currently in use. They’re well-proven, thoroughly known, and mostly bulletproof. But PCI Express is the likely successor to them all, because it offers better performance and a more open-ended future. As PCI Express becomes more common, it’s good to know that you won’t have to worry about changing or reconfiguring your copy of Windows to take advantage of the new hardware. Windows already knows how to use it!

Online resources to find Windows tips

With the plethora of tip sites on the Web, which ones are really worth your time? Reader Warren Taylor has one suggestion, and I have several others:

• "While surfing around the Web looking for XP hints, I came across the Optimize Guides Web site that has a wealth of information. The lead-in on the homepage reads: "Optimize Guides are free, easy to read, comprehensive guides for the Windows 2000, XP, and Vista operating systems. Whether you want to improve performance, improve security, or simply diagnose a problem, you will find solutions here."

Thanks, Warren. There does, indeed, seem to be a fair amount of information there, although some of the pages are really just descriptive links to other sites.

You might also want to note the free Windows Secrets WinFind search service that lets you search not only the back issues of this newsletter, but also 14 other sources for expert advice on Windows. Very handy!

Figure 1. The free WinFind service lets you search 15 trusted sites that provide reliable Windows tips.

Other sites I personally find helpful include Doug Knox’s Windows Tweaks and Tips and Paul Thurrott’s SuperSite for Windows. You may recognize Paul Thurrott as Brian Livingston’s co-author of the best-selling Windows Vista Secrets book. Online sources are great, but sometimes the depth, permanence and portability of a book are extremely valuable as well!

Is the ‘1024-cylinder boundary’ real?

Reader Charlie Rose couldn’t defrag his C: partition in Windows due to too little space. When he tried to enlarge the partition, his software told him the newly enlarged partition would be unbootable. What are his options?

• "I’m running XP Pro SP2. My C: partition has only 9% free space. All my defragmenters require 15% free space. I told PartitionMagic 8.0 to increase the partition size, but it told me that that ‘would cross the 1024-cylinder boundary and not be bootable.’ "

This isn’t a problem with Windows or with your partitioning software. Rather, the legendary "1024-cylinder boundary" is actually a hardware limitation that existed in early PCs; the BIOS simply wasn’t designed to handle large drives. (The "1024-cylinder boundary" represents a drive or partition of about eight GB — unimaginably large in the early days of computing, but quite small today.)

To my knowledge, no PC sold since about the year 2000 has had this 1024-cylinder boundary limitation. Many of the major-brand PCs overcame this constraint years earlier. Some partitioning tools, however, still retain the warning about the 1024-cylinder boundary, just in case.

If your PC is less than about seven years old, odds are you’re fine. You can ignore the warning and make the partition whatever size you wish. Of course, it’s always wise to make a backup first before performing any work on live partitions.

If your PC is an old one, or if you’re still not sure about it, go to the manufacturer’s Web site and follow the instructions there for downloading and installing the latest BIOS update. It’s usually just a small software tool that reprograms the BIOS with new instructions. No hardware changes are needed.

In the unlikely event that none of the above works for you, you probably can buy a modern replacement BIOS. The better BIOS replacement sites can tell you if they have a BIOS for your model PC, and can offer how-to instructions. Some representative vendors include eSupport’s BIOS Upgrades, BIOSman, and BadFlash. A new BIOS isn’t expensive, usually costing in the vicinity of $30 or so.

But again, if your PC is of any reasonably recent vintage, the "1024-cylinder boundary" warning you got is probably just a false alarm.

Is the antimalware tool PrevX1 worthwhile?

While trying to track down a "questionable program" he found on his PC, reader Ronald L. Berman ran across an unfamiliar antimalware tool:

• "Recently, while searching for an answer regarding questionable programs listed in the Programs Control section of my Norton Internet Security package, I came across PrevX1 antimalware software. I have downloaded it, although usually I don’t download software into my computer without a good deal of reading about it first. I would like to read a report about what Windows Secrets thinks about this program, including recommendations, pro and con."

First, you might want to check the lead item in the Jan. 18 issue, which said (among other things): "When you use antimalware tools, take the threat counts reported by such tools with a grain of salt: Things are rarely as dire as these tools can make it seem!"

You see, some anti-malware tools find "threats" that aren’t really all that threatening as a way to prove to you that you need that tool. There’s not enough detail in your note to know if that’s the case with PrevX1, but it’s a possibility.

PrevX1’s main distinction seems to be that it’s primarily heuristic, which means that it can "learn" to detect new malware by observing its behavior, even if a particular strain of malware is new to PrevX1.

But PrevX1 isn’t purely heuristic; it also relies on a central, online database of known malware "signatures" or software descriptions. This two-part approach isn’t unique. For example, many antivirus tools combine an element of heuristic technology with a central database of virus signatures. It’s the latter that are downloaded when your antivirus tool updates itself.

PrevX1 doesn’t do that kind of updating, however. When it runs, it uses its heuristics plus the malware signatures stored in the online central database. But it apparently does not retain a full copy of the signatures for use when your PC is offline. This is one of the reasons that most formal reviews give PrevX1 a mixed scorecard.

For example, PC Magazine’s review of PrevX1 said, "Requires active Internet connection for full protection. Doesn’t remove malware traces such as Registry keys and non-active files. Occasionally blocks valid programs." And PC World said, "Slow scanning time; not a complete Internet security solution."

So, PrevX1 seems to work, but not well enough to make me want to change the tools I’m currently using.

On the other hand, if PrevX1 works for you, and is useful in solving a particular problem you’re having, then by all means go for it. It’s a perfectly legitimate tool.

By the way, you can always see the current recommended "best of breed" security tools on the free Windows Secrets Security Baseline page.

Fred Langa is editor of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

Vista voice-recognition software is laughable

A video of a Windows Vista speech-recognition demo that went awry was devoured by critics of the new operating system when it was posted on the Web late last year. Footage shows the program badly garbling the demonstrator’s commands. ("I think it’s picking up a little bit of echo here," was recognized as, "Set so double the killer.") The large audience attending the Redmond campus demo found it hilarious, but it was rather embarassing for the company. Now a new video has emerged that’s even funnier. Watch the video

Tips for erasing and recovering data

Sometimes you want to permanently erase data from your systems, and other times you want to recover data. This week, I bring you more information about what does and doesn’t work when erasing data from your systems. I’ll also discuss your options when your hard drive fails and you need to recover data.

Erase your disk before selling your computer

In the Feb. 1 edition of this newsletter, I wrote about how to erase data to make it unrecoverable. Ian Riddle writes to ask for more information on his specific situation:

• "My wife just got a new laptop. Her old one is quite serviceable, running XP, wireless, etc., so she wants to sell it. I would like to clean the hard drive before it goes, but I want to leave the base XP system installed.

  "What steps can I take after erasing all the nonsystem data files to clean up any personal data as much as possible before it goes to a new home?"

Ian, the absolute best approach would be to erase the entire hard drive and then do a clean install of XP before you sell the computer. If you don’t do that, then you run the risk of leaving personal information somewhere on the system, whether it be in files or in the Windows Registry.

To erase your disk and do a clean install, tell the Windows XP installation routine to format your hard disk before installing the operating system. Then when the installation is complete, install a disk eraser program and run it to ensure that all sectors on the disk are reasonably well-erased.

Scandisk doesn’t clear material from sectors

Scandisk is a Microsoft utility that shipped with versions of Windows prior to Windows XP. Scandisk is used to check the integrity of disks to ensure their format remains in proper working order. Samuel Campbell wonders if it clears data from unused sectors:

• "I’ve been running Scandisk with the option ‘scan for bad sectors.’ I have no idea if this helps to keep the empty area of the hard disk clear of any leftover data. Sure, one pass with Scan Disk won’t help much, but over the course of several months, depending on how the scanning works, might it not work well?"

Samuel, Scandisk doesn’t remove data from unused sectors. It looks at the format of sectors to determine if they’re damaged. If they are, then it tries to read as much data as possible from those damaged sectors, moves the data to undamaged sectors, and writes zeros into the usable area of those bad sectors. So, unless your disk has bad sectors, Scandisk won’t erase any sector. If your goal is to ensure that deleted data cannot be recovered, then you must use a disk-erasing tool.

Copying files might not delete unwanted data

In another response to my article in the Feb. 1 issue on erasing unwanted data, Chuck Muhleman writes to tell us about his friend’s suggestion for erasing data:

• "My best friend suggests deleting the data on a partition via the usual method of deleting folders and files, then filling the partition with music files, then deleting the music files."

Chuck, your friend’s suggestion might work to some extent, but only if you completely fill the partition with data. The reason is that you have no control over where the operating system will write its data, so you run the risk of not overwriting some disk sectors.

Another issue to keep in mind is that it takes quite a while to copy a lot of data, so you’re better off spending that same time running a genuine disk-erasing tool — especially since they do work and they can be obtained without cost.

Online data-recovery services to the rescue

If you don’t have a backup of your data and your drive crashes, then you’ll find yourself in a difficult situation. Data-recovery services are costly. Douglas Thompson has this problem:

• "To be as brief as possible, I had a hard drive problem, the drive had family photos, tax files, etc. I sent it off to Seagate Recovery Services and was told it would be $2,150. I am poor, struggling, and can’t afford that (now I know why they don’t quote prices on data-recovery Web sites).

  "Did I just read about a service that can recover your hard drive remotely and only charges for time spent connected to their server? I searched archives and reread Windows Secrets newsletters but can’t seem to find it. Did I dream it when I was so distraught over the cost?"

Douglas, one online data recovery service that I know about is ADR Data Recovery. They can sometimes help people recover data remotely, which means you don’t have to send them your hard drive.

In order to take advantage of remote recovery from any vendor, you must at least be able to install another drive as your primary boot drive, install the failed drive as a secondary slave, and the operating system must be able to assign the secondary drive a drive letter.

With that done, you then download a tool from the recovery service and run that tool from your primary drive. The tool will perform an intial assessment to determine which, if any, files are recoverable. In the case of ADR Data Recovery, they charge $750 for that initial assessment, and the price goes up from there, depending on a variety of factors. According to ADR Data Recovery, their total price could range from $2,800 to $6,800. They only quote an actual price after the initial assessment is performed.

If your computer BIOS won’t recognize your hard disk, then there are serious problems with the drive. In this case, remote recovery is out of the question. You’ll need to send it in for possible repair, and there is no guarantee that you’ll be able to recover any data.

When drives fail to the point that the BIOS or operating system cannot recognize them, it could be because of faulty logic circuit boards, faulty or crashed drive heads, or damaged disk platters. In those cases, repair shops will have to locate exact, matching components to use as replacements for any failed components in your drive before they can even attempt data recovery.

If your drive is old, or rare, they might not even be able to find matching components. I know of instances in which this has happened, and the drive owners couldn’t recover their data.

Don’t place too much trust in repair shops

Any of us might find ourselves in the position of having to get our computer repaired. When that happens, we typically have two options: send it to a repair shop, or have a technician come to you. The latter is safer for a lot of reasons, but what if you must opt for the former? Blair Hamren writes to tell us about a nightmare situation that his co-workers encountered:

• "One of my co-workers took his laptop into a shop for a screen repair. It’s quite old, but he still used it quite a bit. "He mainly used it when he was away from home for dial-up Internet access. He did some online banking on it but never stored any user IDs or passwords on it. He didn’t even store his dial-up user ID or password. He tells me the only password he stored on it was for his email.

  "What do you think his exposure is on it? People have been telling him that cookies will contain all his info, but I said it would not. Any other tips on how to deal with a situation like this (or how to prepare for a similar situation)?"

It’s hard to imagine that a repair shop would be so careless with people’s computers, but obviously it does happen.

Since your friend used online banking, there’s a chance that there could be Web pages cached on the system. Typically a Web browser won’t cache pages that were loaded over an SSL link (using https). So as long as your friend was using a modern browser and connected to the bank using SSL, then there probably isn’t any banking data on the system, other than URLs stored in the browser history.

And, since he did store his e-mail password on the computer, that password should be changed immediately. Otherwise, whoever has the computer could access his e-mail account.

As for cookies, they could contain private information. For example, if he logged into any password-protected Web sites, then there might a cookie on the system that would let him go back to that site without logging in again. Or, there might be cookie data that stores the user name but not the password.

In any case, it’s extremely unlikely that there is such a cookie for bank sites. Banks typically require a person to log in after each visit, and they don’t usually store sensitive information on the system. Your co-worker could call the bank to ask about their Web-based banking to determine what, if any, private information might have been stored on his system.

How to disable the DropMyRights tool

DropMyRights is a nifty little application developed by Michael Howard, who works in Microsoft’s security engineering group. The tool lets you run applications with lower privileges to help prevent malware from taking negative actions on your computer. But, sometimes you might find that the lowered privileges lead to overly restrictive behavior. Vic writes to share his problem with this tool:

• "About a year-and-a-half ago, you wrote an article about a small, downloadable program called DropMyRights, which removes the administrative rights from Internet Explorer in order to prevent online contamination from some Web sites. I installed this program and found that on some legitimate sites it prevents the user from using features on the Web page. A message is displayed saying that the process in question cannot be completed unless the user has administrative privileges.

  "Can this program be uninstalled? There is no listing for it in Add/Remove Programs in the Control Panel. Is it possible to turn the program off and on?"

The way DropMyRights works is to launch applications for you so that it can control each application’s security privileges. It typically accomplishes that task by modifying shortcuts that are used to launch the application. So, for example, with Internet Explorer, a modified shortcut’s target location looks like this (assuming that you installed DropMyRights into the c:my-tools directory):

c:my-toolsdropmyrights.exe "c:program filesinternet exploreriexplore.exe"

So, to disable DropMyRights with Internet Explorer, modify your shortcut to remove the C:my-toolsdropmyrights.exe prefix. To do that, right-click on Shortcut, select Properties, and edit the Target location. Keep in mind that you might need to modify any shortcuts on your Start menu as well as those on your desktop.

iTunes will run on all Vista installations, eventually

If you’re among the millions who have an Apple iPod, then you might wonder how well the associated Apple iTunes software will work with Microsoft’s new Vista operating system. Ron writes to ask about his concern:

• "I’ve heard that Apple is warning PC users that iPod software may not work on Vista. Is this a new marketing ploy from Apple?"

No, Ron, it’s not a marketing ploy. According to Apple, iTunes 7.0.2 might work on some installations of Vista, but not all. The reason is that there are some compatibility issues, and Apple is working to address those problems. The company intends to release a new version of iTunes soon that will work with all versions of Vista. For more information about this situation, head over to Apple’s site and read the iTunes and Windows Vista article.

Change the default view for folder shortcuts

You probably know that you can drag any folder from Windows Explorer to your desktop for easy access. But what if you want to customize that folder shortcut so that it opens in a particular view? Rich Wilson writes to ask about his particular needs:

• "If I put a shortcut to a folder on my desktop and then click it, I get an explorer view that does not have the ‘folders’ view for the left pane set. Is there any way to make the shortcut invoke explorer with the ‘folders’ button enabled, or to make this the default? I’m running XP, by the way."

Rich, you can customize the view by using the options available in Windows Explorer. Assuming you already have a shortcut on your desktop, right-click the icon and choose Properties. Then modify the target location like this:

%SystemRoot%explorer.exe /e,c:this-folder

The /e option tells Windows Explorer to open using its default view, which is the view that has the folders on the right and the folder content on the left. When you open the shortcut, you’ll see that the folder you specify (c:this-folder, in the example above) is selected.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and and writes the weekly e-mail newsletter Security Update. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

More denial-of-service flaws emerge

A slew of denial-of-service flaws seem to be cropping up lately, or maybe it’s just that I’ve been finding a lot of them. I’ll start off this week’s column by talking about a flaw that affects multiple Web browsers, including both Firefox and Internet Explorer.

Many browsers are vulnerable to ‘marquee tags’

Several browsers can be crashed by hackers, forcing your PC to consume a large amount of CPU resources. This vulnerability is due to the way in which certain browsers handle nested marquee tags. A hacker could exploit this flaw by tricking a user into loading a Web page that’s designed this way.

This flaw has been confirmed in Mozilla Firefox 1.5.0.3, Microsoft Internet Explorer 6.x (on multiple versions of Windows), Flock beta 1 0.7, and all versions of Opera. Information suggests that other versions of these browsers may also be affected.

What to do: Considering how many browsers are affected by this flaw, the old advice about not visiting Web sites that you don’t trust comes to mind. But we all know that this alone won’t protect you. The best thing you can do is to make sure that you are using Brian’s Security Baseline, if you aren’t already. If you’re using Firefox, I highly recommend using the NoScript add-on. This allows you to disable scripting and selectively enable it only on Web sites that you trust.

More Information: CVE-2006-6956, CVE-2006-6955, CVE-2006-2723, SecurityFocus, ISS

Windows Mobile devices can be crashed

Trend Micro recently discovered two flaws in the Windows Mobile OS. These problems allow a hacker to run a Denial of Service (DoS) attack against mobile devices, with a little help from the user.

The first flaw involves Windows Mobile’s "Pictures and Video" application. This can cause a mobile device to hang for several minutes if it tries to load a hacked JPEG file.

The second flaw, which is in the mobile version of Internet Explorer, can cause the application to crash. It can also cause the mobile device to become unstable if an exploited file is loaded.

These flaws have been confirmed in Windows Mobile 5.0 and in Windows Mobile 2003/2003SE for PocketPCs and Smartphones. Trend Micro has made Microsoft aware of these issues, but there has been no word on a patch as of yet. There is also no word on whether the newly released Windows Mobile 6.0 is vulnerable to these flaws.

What to do: You could avoid using Windows Mobile devices all together. But that won’t help you if you just got a new Windows Mobile device with a 2-year contract, as I recently did. When I think of workarounds for these flaws, the first things that come to mind are the same practices that you should follow on your full-size Windows computers: Don’t open any e-mail attachments, pictures, Web links, etc., from untrusted sources. If you follow those rules, you should be fine.

More information: CVE-2007-0685, CVE-2007-0674 ISS, ISS-2, SecurityFocus, FrSIRT

MS warns of zero-day in Office 2000/XP

Microsoft released a bulletin on Feb. 14 warning of a hole that’s been found in Office 2000 and Office XP. The exploit is already being used in some attacks. The flaw can only affect you if you open an infected Office file.

What to do: No patch is available yet. The company says, "There is no charge for support calls that are associated with security updates. International customers can receive support from their local Microsoft subsidiaries."

More information: Read Microsoft security advisory 933052.
The Over the Horizon column informs you about threats for which no patch has yet been released by a vendor. Chris Mosby recently received an MVP (Most Valuable Professional) award from Microsoft for his knowledge of Systems Management Server. He runs the SMS Admin Store and is a contributor to Configuring Symantec Antivirus Corporate Edition.

Security and daylight patches are critical

With 12 security patches being flagged as critical, plus this week’s Daylight Saving Time fixes, your patch session this month will be extensive. Because there are so many this month, I’m putting all the similar patches together within sections below. First up are the critical Office patches.

MS07-011, MS07-012, MS07-013, MS07-014, and MS07-015
Office patches fix a few 0-day threats

The good news is that we have a few Office zero-days now patched. The bad news is that we now have five interrelated patches that need to be applied to our systems.

MS07-014 (929434) and MS07-015 (932554) are the most critical patches of the bunch. But MS07-011 (926436), MS07-012 (923436), and MS07-013 (918118) are also important because they affect the way that Office interacts with Rich Text, embedded links, and documents.

MS07-014 and MS07-015 already have exploits in the wild. This means that you should place the entire lineup of Office patches on a fast track for patching.

I’ve seen some reports of exploits flipping users’ default printers to the Microsoft XPS Document writer. Fortunately, there’s a quick fix — you can easily reset your default printer.

If you’re running Office XP, as opposed to Office 2003, your KB numbers will be different than those listed above. On my old, "crusty" test computer, I was offered the Office 2003 versions of the patches as well as the Office XP versions. Thus, I also saw 920816, 929063, and 929061, reflecting various versions of Word, Visio, and Excel. Don’t be surprised to see 20 or more patches suggested in the Microsoft Update window this month.

MS07-016 (928090)
Internet Explorer 7 gets patched

Internet Explorer 6 — and now IE7 — get their normal patch rollups in MS07-016 (928090). This patch applies to all supported versions of Windows except Vista, which is immune to the threat.

My normal caveats for rollups apply: watch for problems with your customized, third-party Web-based applications.

This is documented in Knowledge Base article 928090, which brought an interesting point to my attention. Included in this security patch are several nonsecurity updates. One in particular was released earlier as a stand-alone patch but was included in this bundle to fix the well-known speed issue with IE7’s phishing filter.

IE rollups have had nonsecurity stuff included in them previously, and it’s been obvious lately that the phishing filter needed an update.

MS07-010 (932135)
Microsoft’s security mechanisms need updating

Microsoft’s antimalware engines have serious problems that suddenly require patching. And the Trend Micro antivirus was been found to have a major security issue (as discussed in PCWorld. Put the two headaches together and this hasn’t been a good week for software that’s supposed to protect you.

If you’re running Microsoft OneCare, Antigen, Defender, or Forefront, you should have already received the updated files automatically. This includes the patch that’s discussed in this week’s MS07-010 bulletin.

The issue relates to how Microsoft’s security products handle PDF files. A specially crafted one can allow bad guys to take over your system if the MS products scan it.

The good news is that these auto-updating engines normally install their patches without needing your intervention. The bad news is that this weakness also impacts Microsoft’s vaunted new operating system, Windows Vista. Defender is typically included in the OS by default, and it’ll need to be patched right out of the box.

On a recent visit to my local Best Buy, a U.S. retailer, I noticed that only one of the computers running Vista had an antispyware product other than Defender in operation. If you recently bought a brand new Vista system, get Defender updated!

MS07-009 (927779)
MDAC needs patching against ActiveX again

Of all the patches that came out this week, this is the one that’s been on my radar the longest. An unpatched flaw since October of 2006, MS07-009 now replaces MS06-014 for Windows 2000 users.

If you’re running Microsoft Data Access Components (MDAC) 2.7 or earlier, it’s recommended that you upgrade to MDAC 2.8 Service Pack 1. MDAC contains database components related to SQL Server, which may be installed even if you don’t run Microsoft’s back end product.

How can you tell which version you’re running? Use the MDAC checker from Microsoft. Or, better yet, when you get all done with Tuesday’s patches, visit the Secunia Software Inspector to check for missing updates.

You’ll probably be so numb after applying all the security, critical, and daylight-saving patches this month, it’ll be wise for you to visit the Secunia site to ensure everything on the security side got patched.

While ActiveX controls aren’t independently malicious, this one seems to be bent on getting us into trouble. This is not the first time we’ve patched this control. As in any ActiveX-based exploit, your browser is most at risk. Merely surfing to a site with malicious code could get your computer into trouble.

MS07-008 (928843)
ActiveX HTML Help needs our help

Our next ActiveX miscreant is actually part of the operating system that’s designed to help us. Until you patch against this exploit, a bad guy could help himself to your system. MS07-008 (928843) should be a high priority on your patch list. Look for this flaw to be used soon in malware attacks on systems. Hacked e-mails and Web sites are the threat vector on this one.

MS07-007 (927802) and MS07-006 (928255)
Plug-and-play and photos cause trouble

MS07-007 and MS07-006 are interesting patches, for me anyway. They point out the inherent protection that Windows XP SP2 typically gives you against security issues.

Both of these patches require an authenticated user to be on the system for the exploit to be successful. The attack cannot be executed remotely over the Internet. These two are more of an issue for workstations and shared systems called Terminal Servers.

Just delete Step-by-Step Interactive Training

Our last "official" security patch of February, MS07-005, echoes the adage, "If you don’t need it, delete it."

You may not remember the last time you ran "Step by Step Interactive Training." You may never have run it. If you see it listed in the Add/Remove Programs control panel, you should just uninstall it rather than patching it this week and having to worry about patching it again in the future.

Daylight patch stumbles on Exchange servers

If you’re in a large enterprise and have multiple Exchange servers, I’ve saved the best for last.

KB article 932599 documents an issue you may see after you install Microsoft’s Daylight Saving Time patch for Exchange, which is known as 926666.

For single, standalone Exchange servers, which are typical in Small Business Server installations, you won’t see any problems. But larger enterprises need to review that article. You may have conflicting values in some specific keys in your Exchange and Active Directory structures. Read the article for the solution, then call Microsoft for assistance.

Given that this isn’t a security patch, the normal free security phone number won’t apply. You’ll need to contact a support professional for guidance. I hear that DST issues on supported operating systems will be treated as free calls.

Hopefully, I gave you adequate warning in my Feb. 1 article about Microsoft’s daylight-saving patches. Be sure to remember that the DST patches need to installed in this order:

• Workstations. Get the new February rollup of 931836. This can go right on top of the old patch, 928388.

• Servers. Same advice as workstations: get 931836.

• Exchange servers. SP2 needs 926666, as discussed above. SP1 needs 931978 instead.

• SharePoint server. Use 924881.

• Outlook rebasing tool. Use this tool soon after you apply the workstation patches. It’s used to fix any appointments that may be using the wrong time-zone data.

• Exchange rebasing tool. If you’re an administrator, use this tool on your entire mail server.

• Patch your phones as well. From smartphones to PocketPCs — they, too, need patches. Copy the .cab files that you get from the preceding links to the devices and install them.

To help out with the confusion, I put together a quick podcast last week on the issue.

925251 and 929060
Slovenia joins the Euro zone, patches ensue

I’m sure that I’m about to insult the Windows Secrets Newsletter’s entire audience in Slovenia with my comments on this next patch. The question is: Do I really need to install "critical" patch 925251, which lets Office 2003 know that Slovenia’s official currency is now the euro?

Also, given that I haven’t yet deployed Office 2007, do I really need to install patch 929060 so PowerPoint 2007 saves files properly on a SharePoint server?

One of my office colleagues said jokingly, "Now that Vista is out, did they decide to release the patch backlog?"

Obviously, these two patches are of concern to me at some point in the future. But they’re just going to have to wait this week. I’m far more worried about the impact of the daylight-saving patch described above.

A few words of thanks to my readers

I’m grateful to all of you who wrote in about your issues patching Apple Quicktime and SVChost. Thank you for your diligence in keeping your systems secure and up-to-date.

All of you truly have gone above and beyond the call of duty this time. If there’s a Purple Heart award for patching, every one of you have earned it!

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received a MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.