Newsletter Archives

• MS-DEFCON 4: Apply all outstanding patches except 951847 and 960715, and watch out for other problems

  Posted on April 5, 2009 at 06:00 CDT by woody • Comment in the Forums

  It’s time to get patched up.

  Last month’s crop of Black Tuesday patches turned out pretty good. One of them, KB 959772, is a CYA patch that lets people play music they’ve already bought from Microsoft. None of the three seems to be causing undue heartache.

  I still recommend that you HOLD OFF on these patches:

  KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in.

  KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

  KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

  I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

  I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

  That brings us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  To get patched up, click Start, All Programs. Near the top of the list you see either Windows Update or Microsoft Update. Click on that and tell Windows Update that you want to perform a “Custom” update. Be prepared to spend ten to fifteen minutes – longer, if you haven’t patched in a while. When you’re done, make sure you have Automatic Updates set to “Notify but don’t download or install” by clicking Start, Control Panel, Security Center.

  My general admonition about applying hardware driver patches still applies: Ain’t broke, don’t fix. That is, unless you have a very specific reason for installing a new driver, don’t do it.

  Windows Patches/Security .NET Framework, 936929, 950718, 951847, 958690, 959772, 960225, 960715, 967715, ActiveX, Conficker, IE8, MS-DEFCON 4, WinXP SP3

• Internet Explorer 8 final now available

  Posted on March 19, 2009 at 19:12 CDT by woody • Comment in the Forums

  I wouldn’t rush out and get it, but Microsoft has finally announced that Internet Explorer 8 is fully baked and available for your consumption. Or at least it will be available for your consumption in a few hours.

  It can be downloaded in 25 languages at http://www.microsoft.com/ie8 starting at noon EDT on March 19. Internet Explorer 8 is easier to use, faster and offers leading-edge security features in direct response to people’s increasing concerns about online safety.

  “Customers have made clear what they want in a Web browser – safety, speed and greater ease of use,” said Steve Ballmer, CEO of Microsoft.

  At this moment, the link mentioned in the Press Release is redirecting to the IE8 beta site, but Microsoft should catch up momentarily.

  Of course, if you’re concerned about safety, you won’t use ActiveX, and if you don’t want to use ActiveX, you probably shouldn’t use Internet Explorer.

  Meanwhile, Firefox 3.1 Beta 3 is up, and I hear that Google’s Chrome is in for a speed-up improvement.

  Ah, competition. It’s a wunnerful thing.

  UPDATE: IE8 is now available for download at the location cited above. Ed Bott has a tremendous, thorough report on the changes in IE 8 that’s well worth reading. And Microsoft just posted a list of major sites that don’t work well with IE8. MS recommends that you use IE8’s compatibility mode for those sites.

  Windows News ActiveX, Internet Explorer 8