User Account Control offers improved security

User Account Control offers improved security

By Mark Joseph Edwards Vista’s User Account Control (UAC) helps defend your system against all sorts of malware. This week, I discuss whether or not it’s a good idea to disable UAC and explain how to disable it, if you want to. (Note: Fred Langa is taking the week off and will return in the next newsletter.)

Is disabling Vista’s User Account Control wise?

If you use Vista, then you’re probably aware that it has a new security feature called User Account Control (UAC). This feature enables you log in as a regular user without administrator privileges (which is a more secure way of using your computer), but quickly elevate your privileges when a program needs greater access to your computer than is allowed for a regular user account.

Overall, UAC is a good feature. But some people find it to be bothersome, due to the prompts that appear, asking if you want to elevate a program’s privileges. So, the question arises whether or not to disable UAC. If you do disable it, and then log in with an account that has administrator privileges, you need to be aware that your system is less protected than it would be if you had left UAC enabled.

The reason this is true is because many forms of malware typically try to create or modify Registry keys and Windows system files. They might also try to write files to areas of the system where a regular user account would not normally write files. With UAC enabled, actions that require administrator-level access are prohibited unless you specifically allow them by approving a UAC prompt.

Keep in mind that while UAC does help prevent many forms of malware from infecting your system, malware can still find its way in to your system even with UAC enabled. UAC simply protects the system from actions that would normally require administrator-level access. So, it’s a good idea to leave it enabled.

On the other hand, if you consider yourself to be somewhat of an expert at protecting your computer, then disabling UAC and running as admin may be something you’d be comfortable with. After all, if you’ve used Windows for years and have yet to experience a serious infiltration of your system by some type of malware, then it’s possible that you can continue in that way without UAC.

Keep in mind that if you share your computer with other people who have their own user accounts, you can disable UAC but it might break usability for other user accounts. Woody Leonard pointed out to me that when UAC is disabled via the Control Panel for one user account, other regular user accounts are no longer able to elevate their privileges. A regular user account can’t even change Vista’s system time, unless UAC is available so the user can authorize the change. Disabling UAC isn’t good if you have other regular user accounts for people who share your computer.

Instead of disabling UAC using the Control Panel, a better approach might be to use an account with administrator-level access as your usual user login account, and then disable UAC only for accounts that have administrator-level access. That way, your user account won’t be subject to UAC prompts, but other user accounts will be.

On any version of Vista, except Home Basic and Home Premium, you can disable UAC for administrator accounts by following these steps:

Step 1. Click the Start button and launch the Local Security Policy editor by entering secpol.msc in the Search box.

Step 2. Select the Local Policies item in the left panel to expand the tree, then expand Security Options under Local Policies.

Step 3. Scroll down the list in the right panel to locate User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode. Right-click that item and choose Properties.

Step 4. Select Elevate without prompting and close the dialog.

If you use Vista Home Basic or Home Premium, the Local Security Policy editor, unfortunately, isn’t included. To disable UAC for administrator accounts, you’ll need to edit the Registry. Follow these steps to do that — and be extremely careful, since mistakes could render your system unusable!

Step 1. Click Start and enter regedit in the Search box to launch the Registry Editor.

Step 2. Navigate to the following key:

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies System

Step 3. Double-click the ConsentPromptBehaviorAdmin item.

Step 4. Change the value to 00000000.

Step 5. Close the dialog and exit the Registry Editor.

That’s all there is to it!

How to make Windows boot faster

The more programs that launch at boot time, the longer it takes for Windows to boot up. Sometimes you might want Windows to boot as fast as possible, and there’s a way to make that happen. Donald Parkyn wrote to ask about a quirk he noticed when booting XP:

• “I notice that Windows XP Pro seems to boot and run better if I hold the Shift key down during bootup. What is this all about?”

Good observation, Donald. Microsoft built that feature in to Windows to help people not only get their systems up and running faster when necessary, but to also help people bypass many of the programs that would normally start when booting up.

If you hold down the Shift key during the entire bootup process, Windows won’t launch at startup any programs located in the following places:

%systemdrive%Documents and SettingsUsernameStart MenuProgramsStartup
%systemdrive%Documents and SettingsAll UsersStart MenuProgramsStartup
%windir%ProfilesUsernameStart MenuProgramsStartup
%windir%ProfilesAll UsersStart MenuProgramsStartup

In the above locations, %systemdrive% refers to the drive where Windows is installed &#8212 typically the C: drive. %Windir% refers to the Windows installation directory, whatever it may have been named when Windows was first installed.

Find your true Internet connection speed

When you use a dial-up modem connection, you can be reasonably sure what speed you’re getting when you connect, since your modem tells you what speed it connects at. But that’s not always the case with DSL, cable, and wireless connections. So how do you find out what your real throughput rates are?

There are a number of sites on the Internet that can help you test your network connection to determine what your upload and download speeds are. It’s important to use the tests once in a while to make sure you’re getting what you pay for.

As an example, my Internet provider recently said it was upgrading all its connections to allow more bandwidth for both upload and download speeds. I wondered if the company had made the changes in my particular area yet. When a serviceman was at my house, I asked him, and he said he believed that they had made the changes. We then tried a speed-testing site to measur the throughput. As it turns out, the company had not made the speed increases in my area yet, so I was still running at the lower network speeds.

The test I used is offered by Speakeasy. It works in a browser, uses Flash, and lets me select the destination to test from a list of eight possible choices in the United States.

But there are other tests you can try, too. Bandwidth Place offers a test you can use up to three times a month for free. Their test doesn’t let you choose the end point, though.

Ookla offers a really slick, Flash-based speed test that lets you choose a destination from numerous places all over the world. This is probably the most useful test available, if you’re curious about your connection speed, because of its location specificity.

Windows User Group Network (WUGNET) has a good test, too. It uses Java and displays the results in a clear graph for easy comparisons to various types of connections (modem, DSL, cable, satellite, T1, T2, etc.). It doesn’t, however, let you select a destination endpoint. Regardless, I found both WUGNET’s and Speakeasy’s tests to be the most useful and the most accurate.

Your results may vary, so try a variety of tests. Use a search engine to search for “speed test” or “speedtest” and you’ll find lots of others.

How to tweak TCP/IP settings for faster throughput

Transmission Control Protocol/Internet Protocol (TCP/IP) is the communication language used on the Internet. Various parameters control how TCP/IP operates, and understanding what those settings mean and what they do can be very confusing. A.B. Calvin wrote to ask about TCP/IP settings:

• “Although most computers have internal modems, there is no help on them since they are made/supplied by other vendors to the OEM. The communications settings are not set for optimum results. Depending on the type of connection &#8212 dial-up, broadband, etc. &#8212 some parameters have to be set for best results.

  "Are these to be done at the modem level or the network level? How do we read the present settings, find the best values for the specific mode, and correct them?

  "For example, I have a computer with Windows XP and an internal 56k modem with a dial-up connection. A program I used indicated that the following changes were required:

  Max transmission unit.. 576 instead of 0
  TCP receiving… 65392 instead of 0
  Default TTL….. 64 instead of 0
  Auto MTU detection.. 1 instead of 0
  Max Dup Acks.. 2 instead of 0
  Fast retransmission & recovery value.. 1 instead of 0
  selective acks.. 1 instead of 0
  max connection.. 10 instead of 0
  max 1.0 connection.. 20 instead of 0

  "What do these mean? Is there any info/FAQ/tutorial available on the Web? The Knowledge Base at Microsoft is of no help. I don’t know the keywords to do a search on Google. Is there any freeware program that can check the connection and set the parameters correctly with a ‘restore back’ option?”

Actually, there is an FAQ that can help explain what those settings mean and what they do. Head over to DSL Reports and read the DRTCP section in the Tweaking FAQ. DSL Reports offers a tool called Dr. TCP that can help you tweak the various settings.

An even better tool is SpeedGuide’s SG TCP Optimizer. It lets you select the bandwidth that you use (56K, 256K, 1MB, etc.) and makes suggestions about how to adjust the settings. It also lets you save your current settings before making any changes. You canthen revert to those saved settings if, for some reason, your new settings don’t work correctly.

Be careful when adjusting your TCP/IP settings, and make certain that you save your current settings. Sometimes changes can render your connection entirely useless. In that case, you’ll definitely be glad that you saved your previous settings. Be sure to read Speedguide’s TCP Optimizer Help section, where you’ll also find a link to the related TCP Optimizer FAQ.

Before you change your TCP/IP settings, use one of the speed-test sites that’s described in the section above to test your connection speed. Then test the speed again after you’ve made changes to see if there are any significant improvements.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and writes the weekly email newsletter Security UPDATE. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

The ethics of installing Windows Vista

By Brian Livingston I reported on Feb. 1 that the upgrade version of Windows Vista accepts itself as a product it can upgrade over, and on Feb. 15 that Vista has a built-in command that allows you to extend its activation deadline from 30 days to 120 days. Those articles were very popular with readers — the Feb. 1 story garnered a reader rating of 4.49 out of 5, the highest score of any article the newsletter has ever published — but that doesn’t mean that these reports aren’t controversial.

Support for revealing the secrets of Vista

Most of my readers thought it was highly interesting that Vista doesn’t perform even the simplest test for a qualifying operating system before the upgrade version will install. Any running Windows OS, from NT 4.0 to Vista itself, will do. Vista’s complete lack of any version-testing code makes it possible to clean-install the upgrade version of the new OS to a blank hard drive — a capability that Microsoft claimed it had deliberately eliminated from the product.

Reader Bill Tomlinson supplies some thoughts that are typical of readers who feel Vista’s little-known clean-install features can be useful:

• “Just a few thoughts regarding the Vista ‘workaround.’

  “First, thank you very much for this article. After all, it will (eventually) save me a few bucks out of my pocket.

  “Second, we all should give a round of applause to Microsoft for this coup. They’ll be laughing the whole way to the bank. What a way to generate press on this, and what a way to get everyone to buy an ‘upgrade’ at only $250.00 [for Vista Ultimate]. Microsoft will only ‘lose $100.00 or so’ on the deal, right? …

  “Third, I don’t agree with the ‘upgrade’ price in the first place. Especially since I can get an OS practically for free (Linux). In today’s world, there really is no reason why I can’t learn Linux, because it only means that I have to put in the same effort that I had to when I was learning Windows in the first place.”

Someone in the Vista development team — perhaps a lot of people in the team — also thinks that consumers shouldn’t have to pay more than the "upgrade" price for Vista. My Feb. 8 article quoted e-mail traffic indicating that the developers knew that Vista wouldn’t check for qualifying products, and that it was their deliberate decision to code Vista this way.

The only question is how high up the approval for this decision went. Did Microsoft executives intend to promote the “upgrade” price as a bargain over the “full” price, and one that almost anyone could use? I’ll delve further into this question after the following reader’s comment.

When does use of a product become stealing?

Some other readers questioned the ethics of clean-installing Windows Vista to a new hard drive, when Microsoft’s End User License Agreement (EULA) doesn’t allow this. Reader Gary Castro has a bone to pick with my Feb. 1 article:

• “I’m a little disturbed by Brian’s article on the ‘Vista Upgrade secret.’ He’s not doing a very obvious job of condemning software piracy or misuse; I get the feeling he is actually condoning it (as made apparent by the ‘never pay full price’ Feb. 1 headline).

  Just because someone is able to install a software program doesn’t make it legal to use — one has to also agree to the terms of the EULA, as written by the software provider. I’m no lawyer, but it seems to me it would be both illegal AND immoral for someone to buy and install an upgrade version of Vista if they somehow had a machine that was not upgrade-eligible (built their own machine, maybe?). That would be the same as buying the Student/Teacher version of Office 2003 (or 2007) without having the proper student or teacher in the household (or whatever restrictions the EULA mentions). The educational requirement is not restricted by hardware or software in any way; you just agree during the install process that you abide by the restrictions in the EULA. Would you feel comfortable recommending that everybody buy the Student/Teacher edition instead of an upgrade or full edition, even if they did not qualify for it (‘never pay full price’)? I hope not, and I don’t see how the Vista situation is any different.

  “The last paragraph in the Feb. 8 newsletter is just wrong and very disturbing — ‘Vista’s behavior of installing its upgrade version over any install of Vista looks more and more like a deliberate decision on Microsoft’s part to make the install easy and less expensive than the full version of its software. The full version increasingly resembles the “golden casket” that undertakers routinely show to bereaved family members. No one expects the family to actually buy the gold-plated model, but it makes the other models seem less overpriced.’ MS made this clean-install easy for the other very good and welcome reasons mentioned in the newsletter, not because there is never a reason to buy the full version. Personal integrity should count for something, especially among industry experts such as Brian.

  “The article would have been much less disturbing if MS was lauded for making the clean-install easy to do, and there was no indication that you felt nobody should buy the full version.

  “This situation seems to be another example of many people’s odd belief that just because they bought software (or a music CD), they can do anything they want with it without regard to intellectual property rights asserted by the seller at or prior to the time of purchase or installation. If you don’t agree to their terms, don’t buy the product.”

The odd thing is that people who buy a music CD do in fact have legal rights to do almost whatever they want with it, short of mass distribution and street-corner sales. The same is true of people who buy copyrighted software programs.

Understanding these principles is important. There’s huge confusion in the press these days about consumers’ rights to use products they’ve paid for.

The difference between piracy and fair use

Some readers wrote that, since I reported on how Vista allows itself to be clean-installed, I might as well encourage people to run red lights and rob the homes of people who leave their doors unlocked. That’s far from what I condone, so let’s clear a few things up.

• I definitely warned readers that a clean-install of Vista, or using the upgrade version of Vista to upgrade itself, could violate the Microsoft EULA. I never encouraged people to exploit these tricks for gain or do anything dishonest.

• “Software piracy” is the mass distribution and sale of unauthorized copies of programs. I loathe software pirates and think they should face jail time. (In some countries, however, there are no laws against software piracy.)

• “Fair use” is the catch-all term for the rights that a buyer of a copyrighted work has to make copies for his or her own personal use. For example, it’s well established under the U.S. Copyright Act (and the laws of several other countries) that someone who buys a music recording has a right to make a copy to play in his car or elsewhere. Copying and "time-shifting" TV programs is another well-established example of fair use that is perfectly legal.

Microsoft’s “product activation” schemes, whether for Windows XP or Vista, have never been aimed at stopping mass software piracy. I reported in InfoWorld Magazine on Oct. 10, 2001, that Microsoft had built into XP a small text file, Wpa.dbl, that allowed pirates to build and sell thousands of working PCs with XP fully activated. (Vista has a different feature with a similar effect, as I’ll disclose in a future newsletter.)

Instead, product activation has always been designed to make fair use difficult for average PC owners. For example, a traveling salesman might wish to install Windows on a PC in his home office and install another copy on a laptop to use in his car. This is exactly the same as buying a music CD and then making a copy to play on the road. Under the fair-use provisions of copyright law, this is perfectly legal. Product activation is primarly intended to prevent this kind of personal copying, not mass piracy.

Since making a copy for personal use isn’t prohibited by copyright law — in fact, in several countries it’s specifically permitted — Microsoft and other software companies have promoted the idea that fair use is illegal because it violates the End User License Agreement. Microsoft and other big players spend enormous sums to build up case law that EULAs, which are never signed by consumers, have the same force as law.

I hate to burst the bubble of some of my friends in the software industry, but it’s quite unsettled whether consumers clicking “OK” to verbiage in a scrolling window has the same enforceability as a written signature on a contract. Under Windows XP’s activation scheme, a consumer can install XP on a different machine, and activate each copy, approximately every six months. (I most recently wrote about this fact on June 29, 2006.) I’ve never heard of a single case in which a court of law found an individual "guilty" of this kind of double use. I don’t believe a court ever will.

When I rent a power tool, or I pay for dinner with a credit card, I’m required to put my signature on a piece of paper. The tool shop won’t let me take the gizmo, and the restaurant won’t let me walk out the door, without me physically signing a rental contract or an agreement to observe my card’s payment policies.

These transactions involve far smaller dollar amounts than buying, say, Vista Home Premium for 100 bucks. Several software companies that sell high-value products do require signed agreements. But Microsoft long ago decided not to require a signed form when consumers purchase Windows, say, in a retail store. Knowing that copyright law specifically permits some copying for personal use, the Redmond company decided it would make more money by skipping a signed contract and tolerating some double usage.

Corporations that sign a Volume Licensing Agreement with Microsoft are in a completely different situation. They get discount pricing and are duty-bound to obey any restrictions they agreed to in writing.

Click-wrap “agreements,” by contrast, are another matter. Courts have ruled again and again, in other contexts, that objectionable provisions of take-it-or-leave-it contracts are simply unenforceable. All we can say for sure is that some clauses in a EULA may be enforceable and others may not be.

As I’ve stated above, I’ve never encouraged anyone to exploit weaknesses in Windows for piracy or to cheat a software publisher out of its due. All of the copies of Windows in my office are duly paid for.

As an ethical journalist, however, it’s my responsibility to report to you when Windows acts in ways that are sharply different from how its publisher says it will act. I’ll never post a method to release a zero-day virus or any other harmful exploit. But when Windows has a function that’s clearly been programmed in by its in-house developers specifically to be used by consumers, I’ve going to find it and tell you about it.

It’s not me who’s violating Microsoft’s EULA. Microsoft’s in-house Vista development team made deliberate decisions to violate the company’s EULA. Here are some examples:

• Upgrade vs. full edition. Microsoft states that the upgrade version of Vista will only install over a qualifying, previous version of Windows. But the Vista development team deliberately omitted any test in Vista’s setup.exe program to look for qualifying products. The decision of the team, as documented in e-mails that I quoted from in my Feb. 8 story, was to ignore the requirements of the EULA.

• Clean-install vs. upgrade only. Microsoft states that the upgrade version of Vista will only install over a running copy of Windows. But the Vista development team decided that Vista should be able to install to an empty hard drive, once again ignoring the EULA.

• 30-day deadline vs. 120 days. Microsoft states that a retail copy of Vista must be activated by contacting Redmond’s servers within 30 days of installation. But the Vista development team inserted a command-line program, as I described in my Feb. 15 story, that any novice can use to extend the deadline to 120 days, in violation of the EULA.

The Vista development team isn’t stupid. I believe that these features were built into Vista only after the developers got them approved by higher executives. The rationale would be that Microsoft would sell more copies of Vista if the software allowed more flexibility than the EULA supposedly permitted. I’ve asked Microsoft officials for an explanation, but I haven’t received one yet.

To be sure, Microsoft can easily disprove my theory. The software maker can simply indicate which of its developers were dismissed for inserting these functions into Vista without authorization. I haven’t heard of anyone being terminated, so I believe my argument is a strong one.

Is clean-installing Vista a fully supported and permitted use of the product for individuals who first bought XP and then bought Vista? Or is it like a widely tolerated misdemeanor, such as crossing the street when the Don’t Walk sign is blinking? Or is it more like a serious felony, such as monopoly restraint of trade?

I believe this is a healthy debate for us to have. I honor those who have differing opinions and who’ve shared them with me.

I can promise you this: you’ll have even more to talk about when I reveal in the coming weeks some additional features that I’ve found in Windows Vista! Thanks for your support.

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

A fine rant about technology for idiots

In the world of technological advances, there’s a fine line between convenience and utter ridiculousness. What is supposed to make our lives easier, more streamlined, often leaves us in a place infinitely more frustrating than where we began. (Remember the good old days of typewriters and rotary phones?) Thus, we can all identify with Charlie Brooker’s article, "My new mobile is lumbered with a bewildering array of unnecessary features aimed at idiots," which appeared in the Mar. 5 edition of the U.K.-based newspaper, the Guardian. Brookner’s gut-splitting rant targets not only his cell phone, overloaded with useless technology that rarely works, and its maker, but also the crazy marketing schemes dreamed up by slap-happy, slobbering werewolves (read: mobile service providers &#8212 here Orange, a British conglomerate). Read on for more laughs.

Making legacy applications work with Vista

By Mark Joseph Edwards Having Vista is surely a thrill for many of you, but you may find that the thrill is gone when your applications don’t work correctly. Mixing the new with the old isn’t always easy. This week I’ll explain how to make your legacy application’s help files work with Vista.

Getting Vista to open legacy help files

Switching to Vista isn’t a simple task, particularly since it won’t support legacy 32-bit help files. Jerry Koske found this to be a troubling experience:

• “The most frustrating aspect of Windows Vista for me is the lack of support for legacy help files (.hlp). I have installed several programs that run fine under Vista, except that the help files will not run. When you attempt to run them, you get an arrogant message that Vista no longer supports the old format help files. When you go to Microsoft help, you get an even more arrogant message that the Microsoft File no longer meets Microsoft’s standards and is not supported. The message says that a file will be available for download, but it isn’t yet. It seems that someone at MS feels so strongly about killing the old .hlp format that they don’t care how many Vista users they frustrate.

  "I have tried to fix this problem by copying the winhelp32.exe file from Windows XP to Vista and associating .hlp files to this file. The problem is that Microsoft has a winhelp32.exe file that sends you to the arrogant message. This file is so locked down that it can’t be renamed or deleted or unassociated from the .hlp extension. I even renamed the old XP winhelp32.exe file to winhelp-XP.exe and associated .hlp files. I can now open up .hlp files on their own and read them, but if I go to help within a program, I still get the arrogant message.”

Microsoft did not include a working winhlp32.exe in Vista, but instead included a “stub program.” This is triggered when you try to view a legacy .hlp file. The stub program tells you that you can’t use the same help files that are supplied for programs that work under previous versions of Windows. The reason is that the previous help system is notoriously bug ridden and easy to exploit.

Jerry, based on what you’ve told me, I’m pretty certain you can work around this problem. First, be sure to copy winhlp32.exe from XP into a place other than the Windows installation directory tree. Next, open Windows Explorer, find a legacy help file, right-click on that file, and choose Open With. Then, navigate to the XP winhlp32.exe that you copied and select that program. That should cause your older help files to be opened with the older winhlp32.exe application.

I’ve read that Microsoft will make a winhlp32.exe program available for Vista eventually, but so far I haven’t been able to find a copy at the company’s download center. I guess we’ll have to wait for that a bit longer. In the meantime, try the workaround I suggested.

How to enable the Classic Menu in IE 7

In the Feb. 22 edition of this newsletter, I wrote about enabling the Classic Menu in Internet Explorer 7.0. This week C.N. Le wrote to ask for more clarity:

• “Unfortunately, my version of IE7 doesn’t seem to have the Classic Menu option when I right-click on the toolbar — the only menu items that show up are Menu Bar, Links, Status Bar, then Lock the Toolbars, Use Large Icons, and Customize Command Bar. Is this option available only on some versions of IE7 and not others?”

Microsoft published a Web page back in June 2006 that includes some screenshots of the popup menu in question. The page clearly shows the option to select Classic Menu, which worked in the beta release versions.

When I wrote the original article, I didn’t remember that I hadn’t loaded the final release version yet. It appears that Microsoft moved the option to select Classic Menu to the Tools menu. Try selecting the Tools menu, then Toolbars, and you should see the option to select the Classic Menu. You can also try pressing the Alt key, which also makes the Classic Menu appear.

A Vista Start Menu search alternative for XP

In the Mar. 1 edition, I wrote about Vista’s Search menu feature, which of course isn’t available on XP systems. Charles Little wrote to share his tip about a decent alternative that does work on XP systems:

• “One of the things I was looking forward to in Vista was the idea that I could search my Start menu rather than having to dig through it to click on an icon. In general, I rearrange my start menu to make it use the fewest clicks possible to get to an item (Tidy Start Menu and True Launch Bar are good for this).

  "But a way to do this using the keyboard would be heaven. Well, I found a perfect utility called Find and Run Robot at the Donation Coder website. Click on the Pause/Break button (who uses that button, anyway?) and a dialog appears. Start typing and it starts looking for your shortcut. You can also associate aliases and do a regular search from the same dialog!”

Thanks for the tip, Charles!

How to uninstall Windows Desktop Search

The Windows Desktop Search tool is helpful when you need to find files on your system. But what if you’re searching for a way to uninstall the tool itself? David Tinney wrote to ask about this:

• “I tried to uninstall Windows Desktop Search via Add/Remove Programs, then rebooted. It’s still there. How can I remove it?”

David, I’ve come across this before and it seems as though many people have the same problem. One cause might be due to the installation of updates to the search tool after you initially installed it. In some cases, the subsequent updates create a situation in which the tool cannot be uninstalled without also uninstalling the previous versions.

For more information on this condition and how to solve it, head over to Microsoft’s Desktop Search forum to read the lengthy uninstall instructions. Be sure to also read this thread that reveals how you might have to uninstall at least one other update to finally get the tool completely removed. In other words, be sure to uninstall all updates mentioned in both message threads.

Protect your system from unwanted scripts

In the Mar. 1 edition of this newsletter, I shared a tip regarding a safer way to handle .reg files. Gerald Prosser writes to share his own tip on how he handles these potentially dangerous files:

• “I would recommend a free tool that prevents .reg (among other files) from running without your permission — great for those individuals with lesser knowledge. The tool I use is Script Sentry. This tool has saved me at least once. My son several years back received an e-mail, double-clicked on the file, and Script Sentry launched and prevented some type of unknown .reg file from merging. It was only the one event, but considering that it was a 160KB file, it saved me potential downtime.

  "One of the great things about this tool is that it is not running in the background. Just as you could double-click on, say, a Microsoft Word document and have Word launch and open the file — no resource is used until needed. This is the same with Script Sentry. Double-click on a .reg file and Script Sentry launches and provides you with options (view, edit, merge, delete, etc.). The tool can also be customized by checking and unchecking specific suffixes.”

Thanks for the tip, Gerald!

Secure your wireless network from intrusion

Wireless networking is useful, especially if you have laptops or simply want to get rid of network wiring. But it’s not exactly safe unless you make it safe. Gary Spike writes to ask about his recent change to wireless:

• “I just went wireless at home on three desktop computers. I need software to keep me safe from prying eyes. I use XP SP2, have Norton Firewall, and also looked at the Microsoft Firewall. I have a Linksys 2.4GHz wireless router. What kind of software can you recommend?”

Gary, you didn’t mention what version of Norton you’re using. If you’re using Norton Internet Security or possibly Norton SystemWorks, then these include antispyware and antivirus software. Be sure to keep them enabled and up to date. With that done, you should be in pretty good shape in terms of system defense.

Since you use a wireless router, be sure to configure the router so that only your computers can connect to it. The best way to do that would be to make it require WPA or WPA2 encryption, assuming that your wireless network cards support one of those technologies. I bet they do. If you don’t secure your wireless router, anyone in the vicinity could connect to it. This means that they are then connected to your private network and might be able to gain access to your computers and private information.

Keep your firewall up to date

In the Jan. 11 edition of this newsletter, we shared a reader’s tip in which Comodo Firewall was recommended. Some of you had trouble with it and wanted to uninstall it. We subsequently published more tips to accomplish that in the Feb. 22 edition.

This week, Ray K. Andrews writes to tell us that he’s having success with Comodo:

• “I removed ZoneAlarm after using it for years, as it became trouble-prone. Per your recommendation, I installed Comodo Firewall, and I am currently very pleased with its operation! So, thank you for the tip!”

Ray, here’s another tip: Keep your firewall up to date because it, too, can have security vulnerabilities. Last week, I read about a bug in Comodo that could allow access to protected Registry keys used by the firewall. That information was given to the Comodo developers on Feb. 15, and the information was then released publicly on Mar. 1. At the time of this writing — as best I can determine — Comodo hasn’t taken action to correct that problem, although I’m fairly certain that the company will. So keep an eye out for updates to the Comodo firewall.

Don’t get fooled by ‘free services’

There’re a lot of allegedly free software and services available today. While some are genuinely free, more often that not the idea of offering something for free is to eventually get money in return. To put that another way, free features are offered in good faith so that you might pay for more features later, which is basic marketing.

But what if you wind up being billed for something that you didn’t want? Nkem Aigbogun wrote to ask about a specific instance of this happening:

• “My minor daughter opened what was supposed to be a free account with BearShare. After canceling their services in November 2006, or thereabout, they have been charging my account $7.97 a month. What can I do?”

Nkem, according to BearShare’s FAQ item #1, the service is free, unless someone subscribes to premium content. The first step would be to investigate exactly how one “subscribes” to premium content. Somewhere along the line, BearShare got your credit card number, so you need to find out how that happened.

Apparently, someone gave it to them, so the question is whether whoever gave it to them had the right to do that. Have a talk with your daughter, and do your best to cancel the service with BearShare. If you submit a form, or send the request in an e-mail, be sure to save copies of the communication, and specifically ask them to acknowledge receipt of your request for cancellation. If necessary, contact the bank that issued your credit card to ask them to help stop the charges from reoccurring.

If, for some reason, BearShare won’t stop the charges within a reasonable time frame, then also consider finding out (possibly with the help of your bank) who their merchant account provider is and contact that provider to file a complaint. The last thing a company wants is a black mark with their merchant account provider, because too many black marks can lead to cancellation of service, which means that the company won’t be able to take payments via credit cards!

I had a similar problem recently, with the slight difference that I actually did sign up for the services. I then cancelled the services and discovered that, even though the company acknowledged my cancellation request, it did not stop billing me. So I contacted the service company’s merchant account provider directly, claimed fraud, and provided them with copies of my communication with the service company. The merchant provider then quickly credited me back the unauthorized charges and worked to ensure that no other charges would occur. The same route might work for you, if you find it necessary to take that step.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and writes the weekly email newsletter Security UPDATE. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

Vista Timesaver #5 — give Vista the axe?

By Woody Leonhard High-profile Vista defections and avoidance maneuvers in the past few weeks beg a key question: Is the best way to save time with Vista to avoid it completely? Some big names who are dissing Vista make many people wonder if they should do the same.

Vista losing more and more supporters

It’s getting harder and harder to find Vista patriots. The "Vista right or wrong" crowd seems to have faded into the woodwork. Two big-name defectors in the past few weeks have a lot of people wondering what Redmond hath wrought.

First, Computerworld editor Scot Finnie declared that he was dumping Windows on his main machine and moving over to Mac OS X. Scot’s a seasoned, knowledgeable Windows veteran — he’s been writing about Windows for more than a decade. I got to know and respect Scot when he wrote a thick Windows book for a series I edited years ago. Scot’s always been open to new options, and he’s dabbled with Linux and the Mac over the years. I think it’s fair to say that he has more varied operating-system savvy (at least from a user’s point of view) than anybody else I know. After a three-month trial using OS X to get his everyday work done, Scot says he won’t go back to Windows.

Scot published a well-reasoned article for ComputerWorld entitled “The Trouble with Vista.” While I disagree with some of his observations (and his second example is factually incorrect, based on Brian Livingston’s recent Vista activation delay discoveries published in the Feb. 15 issue of the Windows Secrets Newsletter), Scot’s bottom line speaks volumes: "When all is said and done, it’s not that I don’t like Vista. It’s that I’ve lost faith in Microsoft to deal in an evenhanded way with end users and corporate buyers of its software."

Scot’s dalliance in Steve Jobs’ Garden of Eden didn’t take me by surprise. But Chris Pirillo’s YouTube video announcement that he was "upgrading" from Vista Ultimate back to Windows XP knocked me for a loop. Yes, you read that right. Chris believes that tossing out the new Vista and going back to the old XP constitutes an upgrade. If you look at his video, it’s hard to dispute his conclusion.

You may know Chris better in his Lockergnome guise, as one of the pillars of the online community. Chris isn’t an operating system guru like Scot. Chris more closely resembles an average, everyday über-geek genius with a pile of work to tackle, and little sympathy for things that get in the way.

Watch the video to see why he’s ticked off at Vista drivers that don’t work and aging software that doesn’t live harmoniously in the Vista world. "Vista doesn’t work the way that I would want it to work. I can’t live in Vista if the software that I use in my life for productivity does not work," he says.

Chris’s solution? Dump Vista on his main computer. Go back to Windows XP.

Even the DOT just says ‘no’

Hot on the heels of Chris’s rebuke came an InformationWeek article claiming that Daniel Mintz, the top technology guy at the U.S. Department of Transportation, has slapped "an indefinite moratorium" on DOT upgrades to Windows Vista, Office 2007, and Internet Explorer 7. Apparently a similar ban is in effect at the Federal Aviation Administration.

I can certainly understand why Daniel’s not so crazy about Office 2007: I’ve been struggling with the %$#@! ribbons for six months, and I still hate them. If it weren’t for Outlook 2007’s marginally better interface and junk-mail improvements, I’d be sorely tempted to move back to Office 2003. Or even Office 2000.

Daniel missed the boat on IE 7, though. With IE 6 springing security holes like farts in a chili-eating contest, everybody needs to install IE 7. The trick is to get everyone to install IE 7, but use Firefox. Ah, well. I digress.

No sense in waiting for Service Pack 1

Various and sundry experts continue to spout the mantra: "Wait for Windows Vista Service Pack 1." That used to be good advice. I’d offer almost every major Microsoft product since Office XP as prime evidence.

But I don’t think it makes much sense now. In my experience, Windows Vista, per se, has been mighty stable and works the way Microsoft intended.

This is not to say that Vista’s perfect. Sometimes it’s embarrassing — I talked about the search engine spewing gazillions of matches for junk mail in my Vista Timesaver #3 column, for example. Sometimes it’s a pain in the neck (don’t even get me started on User Account Control). Most of the time it takes more effort than I’m willing to give. (Like I don’t have anything better to do than add tags to all of my photos so Photo Gallery can find them?) Windows Genuine Advantage still screws up, as ZDNet’s Ed Bott describes. And the list goes on and on.

But the core part of the program, at least in my experience, works very well indeed. Consider the fact that there have only been a handful of substantive patches since Vista launched, and none of them appear to be critical security issues.

I think that’s called "damning with faint praise."

The problems with Vista won’t be solved by Service Pack 1 (which is due late this year). Rather, it appears to me that the driver and program compatibility woes will gradually shake themselves out over the next few months. Or, maybe not. Many programs, including Office 2000 and Office XP, will never run correctly on Vista, as I’ve written on my blog. Get over it. Or work around it. But don’t expect SP 1 to bail you out.

Should you make the switch to Vista?

If you’ve seen a Vista feature or two that you can’t live without, you have a reasonably modern computer with a hefty video card, and you exhibit a high tolerance for pain, then upgrading from Windows XP to Vista makes sense.

You might get burned by bad drivers and crucial but incompatible old software. So hedge your bets and keep good backups in case you need to reinstall Windows XP. (Making a full "ghost" image using Fred Langa’s favorite, BootItNG, which he described in the Feb. 22 newsletter, can save your tail.) Don’t forget to download and use Microsoft’s beta incarnation of the fabulous AlohaBob file transfer program.

Most people can safely give Vista a pass and wait until it comes preinstalled on the next computer they purchase. When that day does come, make sure you get Vista Home Premium (or Ultimate if you really want the few extra goodies). Vista Home Basic, which is missing even Microsoft’s Aero display improvements, isn’t worth the effort.

If you get a new computer with Vista preinstalled, and it won’t run your important old software, send it back! Get a refund. Moan and kvetch and swear. Then go out and buy a used, hopelessly déclassé, XP box at a firesale price. Bet it’ll work just fine for a couple of years.

Oh. A word to the wise. Don’t throw away your old XP PC just yet. Save it to use as a Windows Home Server.

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

Microsoft continues to make patching harder

By Ryan Russell This week, I’ll be telling you about patch updates from three different software vendors. While they’re all important, the ease of applying these updates varies widely. Microsoft patches, in particular, seem to be getting tougher and tougher to apply.

Watch out for Office “genuine advantage”

Even though I’m usually writing a book or two in my spare time, I have so far found no compelling reason to upgrade beyond Office 2000 for my basic Word/Excel/PowerPoint needs. I do have Outlook 2002 installed because it came with my PocketPC, though I don’t use it. And I have FrontPage 2003, because I use it to write my HTML columns. That means, technically, that I have parts of three different versions of Office installed.

As I sat down to write this column, I realized that I hadn’t checked Office Update in a while to get patches for my Office 2000 pieces. Microsoft doesn’t offer Office 2000 updates via Microsoft Update, but they are offered them separately. The company keeps dangling the carrot to upgrade to the current release of Office, but I probably won’t bite until it stops all support of Office 2000 entirely.

It appears since I last tried to update that Microsoft has implemented a new form of "Windows Genuine Advantage" called Office Genuine Advantage (OGA). After clicking a warning to install an ActiveX control, then going back to the previous page and telling it to check, having it fail, and having to start over, I was told I was not "genuine."

When I click to see why, it says I have to activate Office 2002. It says that in order to do so, I just have to run one of the apps. Fortunately, I happen to know that means Outlook for me, though I’m not sure everyone would know this. After another dozen steps, I am declared valid, and can finally get my Office 2000 updates.

So, be aware that there is now a form of Office Genuine Advantage to go along with your Windows Genuine Advantage. Can you tell I’m dying to upgrade to a newer version of Office now, so I can have that kind of fun for all the Office components? You’ll have to forgive me, I’ve have a bad validation/activation week while I was repairing my mother’s XP computer with its failing hard drive.

Microsoft started running OGA on Apr. 24, 2006, affecting Office users in only seven Asian and European languages, according to a press release. The problem is that Microsoft appears to have rolled it out to users of English and other languages in phases, and I can’t tell exactly when they sprung it where. I’m sure you’ll be hearing more about this.

New ‘Update 11’ for Java runtime

There’s another new Java Runtime Environment (JRE) version out, Update 11. Sun also has Java 6 out, but I’m recommending that users treat Java 5 as the current stable version, mostly because Java 6 doesn’t appear to have had any updates since its release.

I’ve had a number of readers complain in the past, when I told them to upgrade, that they were unable to reinstall Java after uninstalling. You should assume that that’s still a potential problem, and plan accordingly.

I was briefly hopeful when I saw in the release notes that there was a fix for the 1722 install error. However, the write-up says that the fix is only effective in the Vista operating system.

In fact, many of the changelist items in this version have to do with Vista. So, if you’re having trouble with Java on Vista, it looks like this is a good candidate for you.

For a change, I’m not aware of any security fixes in this version of Java. But I’m on the Java upgrade bandwagon partly because of Daylight Saving Time fixes, which affect Java, too.

If you look at the release notes, you’ll see a few updates that say tz on them. That stands for Time Zone, of course, which means that at least some minor DST-related updates are still in the latest version. Check out Sun’s JDK DST FAQ for details.

Thunderbird 1.5.0.10 is released

In her Mar. 1 Patch Watch column, contributing editor Susan Bradley advised you to update to Firefox 2.0.0.2. The corresponding Thunderbird release, version 1.5.0.10, is now out as well. The Mozilla organization identifies two security issues affecting Thunderbird, and this release fixes them.

While Firefox often gets all the attention, there’s a lot of shared code in the various Mozilla projects. You can see the changes in the Thunderbird release notes.

Fortunately, the current versions of both Firefox and Thunderbird are self-updaters, meaning that they should prompt you to upgrade within a week of the patch release. That’s great for the user with one or two machines. But it’s not always adequate if you haven’t run the application in a while, are traveling and won’t have access to a fast connection, or are responsible for an organization with hundreds or thousands of machines.

An update on the Julie Amero mess

My Feb. 22 column focused on Julie Amero, the Connecticut substitute teacher who was convicted of a felony for being present while schoolchildren saw objectionable pop-up windows. After reading about this, many of you donated money, left kind words on Julie’s blog, or expressed outrage in your own blogs or your favorite forums. For those of you who showed your support, I’m sincerely grateful.

There’s some minor good news. Julie was to have been sentenced on Mar. 2, but there has been a brief postponement, according to the Norwich Bulletin. She now has a new attorney, who is considered to be a bit of a hotshot lawyer, and sentencing has been postponed to Mar. 29.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Three short days to Daylight Saving Time

By Susan Bradley When Daylight Saving Time hits the U.S. on its new start date of Sunday, Mar. 11, you’d better be ready for any issues that may occur. Monday, Mar. 12, will either be uneventful for you or the start of a week of arriving an hour late to your appointments.

DST patching — one last look

While the folks at Microsoft Watch say in their blog that Microsoft has handled DST patching well, I’m not convinced. Today, I’m bringing you some last-minute links, tips, and tricks to help you through the possible DST issues.

• Microsoft CRM. Microsoft’s customer relationship management software finally got last Friday night the DST bundle we’ve been long waiting for. A 27-page description (yes, it’s 27 pages long) can be obtained from Microsoft’s download page.

Not just users of Microsoft’s CRM need to pay attention to the change in DST — users of any CRM software need to watch out. ACT! software, for example, needs patching as well, as described in a 17-page PDF document published by the software maker.

• Exchange 2003 and Message Tracking. On Mar. 4, I first reported that the message tracking viewing center in Exchange is off by an hour after applying an earlier Microsoft DST patch. This doesn’t appear to be an issue with e-mails that contain times, the problem seems to lie with the viewer itself. I’ll have more on this in next week’s regular Patch Watch edition.

• Real-time DST information. Microsoft support personnel are staffing online chat rooms from now until Mar. 13 to take DST questions. Answers to these chats are also posted on the Technet blog.

• Ensure you’re running the latest patches. If you haven’t already patched, ensure you’re using the latest versions of all patch tools, as the Q&A on the Technet blog recommends. You can find these patches listed at Microsoft’s DST support center.

• Exchange is the worst to patch. Consultant Dave Shackelford has blogged about his experience with Microsoft’s Exchange "rebasing tools." These appear to be the hardest of the DST updates to perform.

• Look for other DST patches. As you can see from the list above, I am focusing much of my DST concerns on Microsoft software. But you should also read up on the latest bulletins from Red Hat regarding Linux, Apple regarding Macs, and Sun on Java.

• Check your systems. To see if your computer is ready, check your machine’s DST patch level with the helpful Daylight Saving Time patch tester. This Web page, developed by Jeff Williams of the University of Minnesota, uses JavaScript to detect your patch status. If you see a green circle, you’re good, although you should still check your patch level manually, as well.

Absolutely anything you use, from your operating system to any applications that depend on time, may need patching. Even after you patch, you may still have issues.

Microsoft Knowledge Base article 932590 indicates that even applications that run on Vista, which has the DST adjustment built in, may not handle the DST change properly.

If I’m not too overwhelmed by Microsoft’s Mar. 13 security patches, I’ll report on the impact of DST and what the effects really were in my next regular edition of Patch Watch in the Mar. 15 newsletter.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received a MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.