Thursday, November 13, 2008

How to maintain XP after Microsoft ends support [Newsletter Paid Version]

If your software garbles this newsletter, read this issue at WindowsSecrets.com.

    Windows Secrets logo

 
YOUR NEWSLETTER PREFERENCES Change
Delivery address: cgpedley@gmail.com
Alternate address: cpedley@pppoe.ca
Locale: Canada L3B 5N5
Reader number: 32451-65148
Paid sub expires: 2009-11-08


   
       
   
Windows Secrets Newsletter • Issue 175 • 2008-11-13 • Circulation: over 400,000

The Pleasure Instinct

All readers get a free excerpt of 'Pleasure'
The reasons behind the things we like are explained in The Pleasure Instinct: Why We Crave Adventure, Chocolate, Pheromones, and Music. From the smell of cocoa to the scent of a lover, there's much to learn about our gut reactions. This new book won't be available in stores until mid-December, but you can get an exclusive PDF e-book excerpt from Windows Secrets now through Dec. 3, 2008. Simply visit your preferences page, update your entries, press the Save button, and a download link will appear. Thanks! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

   
       
   
ADS

Don't let a cyber-attack bite you   Don't let a cyber-attack bite you
Stay safe by installing VIPRE Antivirus + Antispyware on your computer. The program's Active Protection provides real-time security against worms, viruses, malware, Trojans, spyware, rootkits, and more at blazing-fast speed. Try a free 15-day trial!
VIPRE Antivirus + Antispyware

Breathe new life into your PC   Breathe new life into your PC
The more you use your computer, the slower it gets. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now, and in just minutes receive a free custom report showing you how to keep your PC running at peak performance.
PC Pitstop

See your ad here

   
   
TOP STORY

How to maintain XP after Microsoft ends support

Stuart Johnston By Stuart J. Johnston

Microsoft CEO Steve Ballmer said recently that it's OK with him if you want to stick with Windows XP until Windows 7 is available late next year.

XP lovers may still be able to buy a new PC with that operating system installed for another year or so, but unfortunately, Microsoft plans to end most free support for the OS within months.

On that date — Apr. 14, 2009 — millions of PC users, some of whom bought their systems less than a year earlier, will be left in the lurch. These users will have to pay Microsoft for Windows XP support, although downloading critical security patches is expected to remain free of charge.

The end of support is planned despite the fact that consumers can still buy a new PC that runs XP rather than Vista, which was released nearly two years ago. It's ironic that no less a personage than Microsoft chief Ballmer tells users that staying with XP until Windows 7 ships late next year is a viable option.

What's a poor Windows XP user to do?

Third-party vendors pledge XP compatibility

Ballmer has said repeatedly over the past 10 to 15 years that the stiffest competition a new version of Windows confronts in the marketplace is the previous version of Windows. If the previous version is "good enough," then a lot of people won't buy the upgrade. XP just may prove Ballmer right.

According to a study by Gartner, there will be more than 1 billion computers in use worldwide by the end of 2008. The vast majority of them run Windows XP.

In fact, according to an analysis by Web analytics firm Net Applications, some 68 percent of the client computers in use around the world use XP. The OS's closest challenger — Vista — represents just over 19 percent of the worldwide PC market. If these stats are accurate, there are nearly 700 million copies of XP on the planet.

While Vista has been picking up steam in recent months, it has a long way to go to catch up with its older, more mature sibling. Even if Microsoft redoubles its efforts to market Vista, it's unlikely the newer version could pass XP in installed numbers by late 2009, which is when Microsoft officials hint that Windows 7 will be available.

Anyone who uses XP — whether on a new machine or an early-2000s model — has to wonder whether new hardware and software will continue to support the old OS.

The answer is a qualified "yes."

XP's huge installed base helps to ensure that hardware and software companies are continuing to support their existing XP users while also making sure their new products will work with the OS. Every one of several third-party hardware and software firms I checked with claims its new products will be compatible with both Vista and XP.

For now, anyway, losing the support of third-party vendors is far from the biggest threat facing anyone who sticks with XP. The bigger problem is Microsoft's impending free-support cutoff date for the OS.

XP's support has been extended once before

Microsoft's policy is to support each version of its operating system for 10 years. For the first five years, users get "mainstream" support, which combines free help and fee-based services. This is in addition to the standard patches and hotfixes that Microsoft periodically releases.

The second five-year period constitutes "extended" support. During this time, users must pay for support, aside from critical patches that continue to be offered by the company for free.

XP will reach the end of mainstream support on Apr. 14, 2009, despite the fact that Service Pack 3 for XP was released just last spring. (XP first shipped in late 2001, so the end of its mainstream support is coming more than two years later than is typical — a testament to XP's popularity.)

After April 2009, XP moves into the extended-support period, which is expected to last through Apr. 8, 2014.

Under extended support, if you encounter problems installing a security patch or other critical fix, tech support will help you free of charge. Any other help from Microsoft tech support, however, will be on a pay-per-incident basis. Microsoft currently charges $59 per incident for help with operating-system problems.

If you bought a new PC with XP preinstalled, it's important to note that you must contact your PC maker for all support. Microsoft has assembled a list of phone numbers and support sites for major PC vendors.

Even though Microsoft has cut off retail sales of XP, the company will continue to allow PC vendors to sell XP Professional on new systems at least through the end of January 2009.

Today, that's usually done by opting for the vendor's "downgrade" license, which lets the buyer choose between Vista and XP Pro.

For example, Dell Computer says it will sell systems with XP as a downgrade option through 2009 and possibly longer.

There are plenty of XP resources out there

Of course, you aren't stuck with Microsoft when it comes to your XP support options. If you're looking for an XP device driver, and you're not having much luck with the vendors' sites, try browsing through the posts at various PC community forums.

Forums are great places to post questions and (hopefully) receive answers from other users who have experienced the same problems and found solutions. Microsoft's XP newsgroups are a good place to start.

Other useful XP support sites include the TechArena community, BoardReader, and AllExperts.

You'll find all types of XP support from the members of PC user groups, many of which offer live, in-person meetings where participants exchange tips and solutions. Listings for Microsoft user groups are available at the Microsoft Mindshare site.

These are by no means all the support options available to XP users, but they provide a starting point to help you keep XP alive and well until something better comes along — whether another flavor of Windows or something completely different.

Please tell us how useful this article was to you:

1: Poor
Poor
2: Fair
Fair
3: Good
Good
4: Great
Great
5: Superb
Superb
 
Stuart Johnston is associate editor of WindowsSecrets.com. He has written about technology for InfoWorld, Computerworld, InformationWeek, and InternetNews.com.

Table of contents

   
   
ADS

Put your folders in lockdown   Put your folders in lockdown
Do you have important personal data stored on your computer? Do you share a computer and need to keep some files private? You need Folder Armor! It easily encrypts any folder, making your data secure even if someone boots your PC from a CD.
Folder Armor

Get a faster, more-effective disk defrag   Get a faster, more-effective disk defrag
Defrag your PC for better performance! Eliminate disk-write bottlenecks. Avoid system failure. Optimize your PC for peak performance using Proactive Defragmentation. Save 25% with coupon code WINDOWSSECRETS. Get 14 days of free defrag with DiskMagik.
DiskMagik

See your ad here

   
   
WACKY WEB WEEK

Keanu has encountered an error and must restart

Kung fu fight! By Katy Abby

Science fiction has long been popular with computer geeks: sci-fi films such as Blade Runner and The Matrix glorify the techie life. Supercomputer fantasies are all well and good, but come on! How do the movie folks get that big iron to run so darned smoothly?

What if characters Neo and Morpheus had to deal with the same technological frustrations that plague the rest of us? Take a look at a hilarious spoof exploring this very possibility. It's all the fun of The Matrix minus Keanu Reeves! What could be better? Play the video

Help people find this article on the Web (explain):

Digg
Digg
Delicious
Delicious
Reddit
Reddit
StumbleUpon
StumbleUpon
Other
Other
Permalink
Permalink

Table of contents

   
   
ADS

Recover passwords and data from any PC   Recover passwords and data from any PC
Recover administrator passwords. Find the BIOS/CMOS password for any PC. Expose e-mail, browser, and IM passwords with ease. Boot any PC, even if the hard disk is damaged. Clone entire Windows installs. Get the ultimate data-recovery utility now!
Spotmau PowerSuite Professional

Are your computer's drivers up-to-date?   Are your computer's drivers up-to-date?
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

Get your message seen by 400,000 readers   Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here

   
   
PLEASE ENJOY YOUR PAID NEWSLETTER

You're reading our paid version

The following sections provide you with content that doesn't appear in the free version of this newsletter. Please don't forward your paid version to others. (Forwarding the e-mail newsletter to people who didn't request it subjects us to spam complaints.) Instead, we'd love you to share the free version of this content by suggesting that people visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/081113

   
   
LANGALIST PLUS

Can keyloggers go undetected by security apps?

Fred Langa By Fred Langa

Keyloggers quietly keep a record of every keystroke you make on your PC — usually without being spotted by your security software.

While there are some aboveboard and totally legitimate reasons to use keyloggers, there's also a world full of illicit and unethical reasons for doing so.

Hardware keyloggers may be sniff-proof

U.S. courts have pretty consistently ruled that employers have a right to monitor everything that's done on their business PCs. By the same token, parents probably have a similar legal right to oversee their minor children's activities.

That leads to a question by Alexandre Marson, who wants to deploy keyloggers but is having a problem preventing his antivirus software from repeatedly displaying warning messages:
  • "Straight to the point now: Is there a way to hide keyloggers from antivirus and security tools such as Avast and company? I've tried including the .exe in the whitelist for Avast, but it still detected the keylogger as an infection."
Some keylogging software claims to be detection-proof, Alexandre, but this is like the old "Spy vs. Spy" comics: once a programmer finds a way to run his or her software below the radar of current security tools, a security-software programmer will find a way to sniff out the new threat, on and on.

Software running on a system can always be detected by one means or another. Even if a particular piece of software currently evades detection, odds are it will be discovered soon enough.

Hardware's a different matter. There are keylogger dongles that cannot be detected by any normal security program because the dongles exist separately and independently from the PC's other hardware and software.

A keylogging dongle sits in-line between the keyboard and the system you want to monitor: you plug the keyboard into the dongle and the dongle into the PC.

Like a tiny vampire, the dongle powers itself by using a minuscule bit of electricity passing through the keyboard cable. The device records all the keystrokes as they occur and stores the information in its internal flash memory.

Because the dongle is self-contained and doesn't interact with the PC or its operating system, the device simply cannot be detected by standard security software.

A typical, cheap (U.S. $50-$100) keylogging dongle comes with up to 2MB of memory, which is room enough to store 2 million keystrokes. (By some estimates, that's about a year's worth of "average" typing.)

With the most covert type of keylogging dongle, whoever's doing the snooping has to remove the dongle periodically, dump its contents to another PC, clear the dongle's memory, and then put it back to capture the next batch of keystrokes.

The only sure way to discover a typical keylogging dongle is to look for it with your own eyes: if there's a short length of extra hardware inserted between the normal keyboard plug and the PC, it just might be a dongle. (I'm wondering how many Windows Secrets readers are on their hands and knees right now, looking for dongles sticking out the backs of their PCs.)

Keylogging hardware can also be built into the plug on the end of a keyboard cable or placed inside the keyboard itself. Or you can install custom keylogging hardware inside the PC's case. Hidden hardware keyloggers such as these are invisible to all but the most thorough and skillful inspections.

How you feel about keyloggers may depend on whether you picture yourself as the snooper or the snoopee. Either way, if someone really wants to snoop without being detected, the only real limits are the snooper's budget and risk tolerance.

Of course, there are huge ethical issues with all this. In some legitimate (i.e., forensic) instances, covert keylogging may be necessary, but circumstances such as these are rare. To me, capturing an unsuspecting person's keyboard activity is a very hostile act; at the very least, it's a breach of trust and privacy. And in some cases, logging keystrokes may even be a crime.

Playing with keyloggers is playing with fire. Be careful.

The first backup's always the hardest

Bill Hoffman is setting out to make his first backup:
  • "Fred mentioned that one should back up the OS before installing a major update like SP3. I haven't yet installed XP SP3 and would like to follow his advice. But I need instructions on just what to do and what should be copied to DVD."
If you're not currently using any backup software, I suggest you try Windows' built-in backup tools first. (After all, you've already paid for them.) Windows' backup feature is basic but gets the job done. The utility also gives you a point of comparison if you decide to try third-party backup tools later on.

To learn about the version of backup in your copy of Windows, click Start, Help and Support. Type the word backup into the search box at the top of the window and press Enter. The Help system will deliver comprehensive information on using the specific version of backup available to you.

Ideally, your first backup should include every file stored in the partition where Windows resides. If that's too much data for your backup medium to handle, make copies of your own files and programs, concentrating on those that you couldn't easily recover, reinstall, or recreate from other sources.

After using Windows' backup tool for a while, you may find that the program is not suited to your backup needs or preferences. You can then try any of the myriad third-party backup tools out there. Ian "Gizmo" Richards offers a complete look at your backup options — including free and low-cost backup software and services — in his Sept. 18 column.

Almost any backup is better than no backup, so the exact way you back up your files is less important than simply doing it. Find a backup tool you're comfortable with, and then use it!

Some PCs have Explorers out the wazoo

P.J. Roberts had some questions after reading about problems with XP's "other" Explorer, explorer.exe, in my Nov. 6 column:
  • "When I read Fred Langa's article on explorer.exe, I decided to check my system. I found explorer.exe files in these places and with these sizes and dates:

    Table 1. A typical PC may have several instances of the explorer.exe file.

    File location
    File size
    File date
    C:\Windows
    1010KB
    4-13-08
    C:\Windows\$NtServicePackUninstall$
    1009KB
    6-13-07
    C:\Windows\$NtUninstallB938828$
    1008KB
    8-04-04
    C:\Windows\PreFetch
    68KB
    11-6-08
    C:\Windows\ServicePackFiles\i386
    1010KB
    4-13-08
    C:\Windows\$hf_mig$\K8938828\SP2QFE
    1009KB
    6-13-07

    "Do I have infected versions?"
As I stated in the original article, bogus (Trojan) "explorers" usually reside outside the C:\Windows folders. Your explorer.exe files are all located inside these folders.

The first file you list is the same explorer.exe version that I'm running: a 1010KB file with a date of "4-13-08." The files in the folders whose names begin with C:Windows\$NT are versions of the file that were installed by various Windows updates and service packs.

By the way, although most systems use C:\Windows as the home folder for Windows system files, some PCs that were upgraded from an older version of Windows use C:\WINNT instead. I haven't seen a WINNT installation in years, but they're out there. (Thanks to reader Michael Jennings for pointing this out.)

The explorer.exe file in the PreFetch folder isn't really the file itself but rather a pointer to the file so Windows can locate and load explorer.exe before it's even asked for (it's "prefetched"). And the folder with "mig" as part of the name is from a past software migration (or major update).

In short, you're OK, P.J.

Incomplete install leaves ghost in the machine

When a software setup failed for Philip Lidden, he was left with a half-finished installation that was neither alive nor dead. And it just wouldn't go away:
  • "Whenever I open a Windows application, a Windows Installer window briefly appears. I have posted in various MS forums, but no one has a definitive answer. Help, please!"
The free Windows Installer CleanUp Utility might be just what you need, Philip. It's a tool Microsoft developed specifically for instances when a failed setup leaves you with software that's stuck in limbo: not installed enough for the uninstall routine to be able to remove it, but installed too far to be able to start over with a new install.

The CleanUp Utility was originally designed for use with botched Microsoft Office installations, but it's actually more generic than Microsoft lets on. In fact, it can sometimes correct installation problems with non-Office software, as long as the half-there program's original setup ran from a Windows Installer package.

You can identify these packages because they usually have an .msi file extension. ("Msi" stands for "Microsoft Installer.") Full details and a download link for the Windows Installer CleanUp Utility can be found in Knowledge Base article 290301. With luck, you'll have that bad install killed off in a matter of minutes!

Reader Michael Jennings will receive a gift certificate for a book, CD, or DVD of his choice for sending a tip we printed. Send us your tips via the Windows Secrets contact page.

Please tell us how useful this article was to you:

1: Poor
Poor
2: Fair
Fair
3: Good
Good
4: Great
Great
5: Superb
Superb
 
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Table of contents

   
   
PC TUNE-UP

Wireless networks at risk from WPA breach

Mark Edwards By Mark Joseph Edwards

If you use the first version of the Wireless Protected Access (WPA) standard to protect your Wi-Fi network, your security may be imperiled.

Any Wi-Fi router that doesn't support the more robust AES-CCMP or WPA2 standards needs to be replaced.

Researchers break old Wi-Fi encryption protocol

Your wireless network may be overdue for a security upgrade. Wi-Fi access points secured with the old WPA standard are now easy pickings for network snoops, according to researchers who've found a way to overcome WPA's encryption protocol.

This isn't the first time the security of wireless networks has come into question. When it was discovered several years ago that cracking Wi-Fi's original Wireless Equivalent Protection (WEP) security standard was incredibly easy, vendors quickly released products that supported the stronger WPA protocol.

WPA supports both TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard, Counter Mode/CBC MAC Protocol). TKIP is essentially a modified rendition of WEP, but AES offers much stronger protection than either WEP or TKIP.

German researchers Martin Beck and Erik Tews recently found a way to crack TKIP under certain conditions. Their methodology involves what is called a chopchop attack, which attempts to decrypt packets byte by byte.

The technique "chops" a byte off the packet, manipulates the packet in some way, and then sends the packet back to the wireless access point. If the access point broadcasts the packet, the decryption was successful.

As it turns out, TKIP is vulnerable to this attack, which is how new cracking tools such as aircrack-ng break encryption.

Chopchop attacks operate much like the programs that were used to crack WEP security, although they require some extra work. TKIP differs from WEP in that TKIP performs integrity checks via Message Integrity Code (MIC). To crack TKIP, the MIC must also be decoded.

Once the chopchop method breaks the MIC, the cracking tool needs to figure out what IP address is encoded in the packet. This must be done slowly — once every 60 seconds — to avoid causing the access point to reissue new keys. Using this technique, a typical WPA network can be breached in fewer than 20 minutes, and some can be cracked in only 12 minutes.

If your network uses WPA with TKIP, your access point is not secure. If your wireless router can't be upgraded to WPA2, either switch your current WPA configuration to AES-CCMP (if possible) or buy an access point that supports the tougher WPA2 encryption standard.

A third option, somewhat less secure than the previous two, is to adjust the TKIP settings in your WPA router. Since chopchop attacks attempt to decrypt live packets, it stands to reason that changing your encryption keys more frequently will decrease the chance of having your encryption cracked.

Reduce your TKIP key refresh rate to a smaller time interval. That way, the keys change faster than an attacker can guess them. According to Beck and Tews, you should set your TKIP key refresh to no more than 120 seconds.

If you're interested in the nitty-gritty details, download a copy of the researchers' whitepaper (in PDF format).

Thousands of DNS servers are still vulnerable

Back in July, an alert circulating the Internet addressed serious problems with DNS server software that could allow bad guys to poison the servers' cache. In such cases, phishing, malware propagation, data interception, and other attacks become possible. The problem relates to poor source-port randomization, which could allow an attacker to inject data into the server.

By now, all DNS servers should be patched. Unfortunately, this doesn't seem to be the case. According to a recent survey conducted by the Measurement Factory on behalf of Infoblox, 10% of DNS servers are still vulnerable to attack.

The company scanned more than 68,000 DNS servers to check a variety of parameters and configuration types. When the smoke cleared, 75% of those servers earned a "great" rating in terms of source-port randomization. Only 0.7% had a "good" rating, and 10% (about 6,800 servers) were rated as "poor."

That's way too many vulnerable DNS servers. Regardless of what software it runs, make absolutely sure that any DNS server you use is up-to-date. This also applies to hardware platforms such as wireless routers and firewalls. If you can't get your hands on the required DNS updates, consider dumping that platform and replacing it with a product from another vendor.

To test the DNS server your workstation is currently using, use the Test My DNS button at the site of the Domain Name System Operations, Analysis, and Research Center (DNS-OARC).

Windows Secrets contributing editor Ryan Russell wrote more about this kind of test in his July 17 Perimeter Scan column.

Don't wait to update your copy of Adobe Reader

I'll wager you've got Adobe Reader installed on the system you're using right now — and on just about every other PC you use. If you haven't updated the program this week, do so right away.

Numerous vulnerabilities were reported recently, and at least two working exploits are spreading quickly around the Internet. These exploits could allow someone to install a Trojan or run other code on your computer.

The vulnerabilities affect Adobe Reader version 8.1.2 and earlier. Upgrade to either version 8.1.3 or version 9, as described on Adobe's download page.

Don't rely on your anti-malware software to protect you from this security hole. According to a report posted Nov. 7 on the Internet Storm Center, not a single antivirus product was able to detect the latest attack variant.

Program lets you whitelist apps on a network

A couple of weeks ago, I helped a company bolster its anti-malware defenses. None of the security tools that the company had in place could prevent a PC from running nonapproved applications.

As with most types of protection, the firm's defenses were all at the network border. If any malware slipped past that border, cleaning up the resulting damage could be quite expensive.

The ideal solution is to prevent all software from operating on the network unless explicitly authorized to do so. The program that fit the bill for me is Faronics Anti-Executable, which lets you create a whitelist of applications that are allowed to run. Any program that's not on the list is blocked.

With the Faronics utility in place, malware that makes it past your frontline defense has a slim chance of launching and wreaking havoc on your network.

Anti-Executable is available in a standard version (U.S. $45 per system) and an enterprise version (from $55 per system). The enterprise version adds such useful features as interoperability with Active Directory, centralized whitelist deployment, and whitelist activation scheduling.

Check out the utility's complete list of features at the Faronics site.

Please tell us how useful this article was to you:

1: Poor
Poor
2: Fair
Fair
3: Good
Good
4: Great
Great
5: Superb
Superb
 
Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He's a network engineer, freelance writer, and the author of Internet Security with Windows NT.

Table of contents

   
   
PATCH WATCH

Critical Windows hole patched after seven years

Susan Bradley By Susan Bradley

A vulnerability that allows remote-code execution via the Server Message Block protocol has long been known to affect all Windows PCs and servers.

This week, Microsoft finally found a way to fix the problem, first described in 2001.

MS08-068 (957097)
This fix has been a long time coming

Topping the list of November patches is MS08-068 (957097), which Microsoft labels "Important" but I consider critical. Even though it affects only Windows servers and networked Windows PCs, I recommend that all Windows systems apply this patch.

The issue has actually been around since 2001 and impacts all PCs with file and printer sharing enabled. As Christopher Budd explains in a Microsoft Security Response Center blog posting, the company didn't think the problem with the Server Message Block (SMB) protocol could be fixed without requiring that all network applications be rewritten.

For years, security experts have used SMB relay attacks — which attempt to execute code on the affected systems remotely — to test network defenses. While you need to be an authenticated member of a network to exploit this vulnerability, a disgruntled employee who does so could cause serious damage.

Many network-security pros were surprised that this hole was finally patched after all these years. On the Patch Management (PM) listserve, Eric Schultze of PM vendor Shavlik and network engineer Edward Ziots of the Lifespan Organization call this a critical issue that you should patch against as soon as possible.

MS08-069 (955218)
XML patches released for Windows and Office

When does one security patch equal seven? When it's an XML patch!

XML is a building-block component used by many applications. Microsoft installs it in Windows' core as well as in Office applications. Knowledge Base article 269238 lists all the XML versions Microsoft has released and some applications that use specific XML versions.

That's why you may be offered not one, not two, but five or more patches addressing this matter. On one Windows XP machine I tested, for example, the XML patch involved five of the following six downloads:

  • KB 955069 describes the patch for XML version 3, which is most vulnerable to attack (article).
  • KB 954430 covers the patch for XML version 4 (article).
  • KB 954459 is for XML version 6 (article).
  • KB 951535 describes Office 2003's XML patch (article).
  • KB 951550 does the same for Office 2007 (article).
  • KB 951597 covers Office Server's XML patch (article).
Past XML patches have been offered to some people over and over again. If you're repeatedly presented with one of these XML patches, reinstall XML Core Services 4, (described on the Microsoft download page), and then attempt to patch the XML version again. Fellow Security MVP Steve Wechsler has a post on his blog describing instances where this patch sometimes must be uninstalled and reinstalled.

The patch for XML version 4 can be a bit troublesome for Vista and Server 2008 users, as documented in KB 954430. If you also install either the fix for Windows Server 2008 described in KB 956697 or the patch for Vista covered in KB 938371 at the same time as this XML patch, you may need to restart the system twice.

These patches were first offered to Server 2008 and Vista users months ago. If you patch regularly, you shouldn't encounter this double-reboot problem.

For more information, see MS08-069.

(957200)
PCs running 32-bit Vista do need 64-bit download

In my Oct. 30 Top Story, I recommended that you hold back on installing the patch described in KB 957200 because the article describing the patch had not yet been posted. When the article finally was available, it left me scratching my head.

The patch is intended to ensure that Customer Experience reporting works properly on 64-bit Vista. So why was I being offered the patch for my 32-bit Vista machines?

The answer lies in some shared code base between the 32-bit and 64-bit Vista platforms. I applied the application compatibility patch to my 32-bit and 64-bit PCs with no problems.

MS08-067 (958644)
Few exploits seen following out-of-cycle release

My thanks to all of you who went the extra mile in patching your systems last month. I reported in a Windows Secrets news update on Oct. 24 that a threat for which Microsoft had released an emergency patch — outside the company's usual Patch Tuesday schedule — threatened to spread quickly across the Internet.

The Microsoft Security Resource Center reports having seen only a few targeted attacks attempting to exploit the hole. More importantly, there have been no widespread worms attempting to leverage the vulnerability.

It also appears that folks had a relatively easy time installing the fix described in MS08-067 (958644). Very few issues were reported, especially considering the vast number of people who had to apply this patch.

To everyone who heeded my call to patch immediately, thank you very much.

Oops! Antivirus vendor AVG prevents booting up

On the heels of the company's earlier slip-up — which I described in the Oct. 30 Top Story — AVG's antivirus software is causing problems for Dutch, French, Italian, Portuguese, and Spanish customers by flagging a key Windows file as a virus and blocking computers from booting.

Windows Secrets contributing editor Woody Leonhard has some further details about the problem. He explains that AVG flags an essential Windows file, user32.dll, as a Trojan. If you agree to Heal or Move to Virus Vault, your computer then shows a Blue Screen of Death (BSoD). Subsequent attempts to reboot either end in BSODs or in endless rebooting cycles. But if you don't "heal" the file, your computer should be OK.

AVG posted a fix on its support site (enter 1575 in the Search in FAQ box to locate the specific download). Follow the instructions on the AVG site to get your broken PC back into working condition.

Adobe Reader and Flash are targeted for attack

In this week's PC Tune-Up column, Mark Edwards discusses recent attacks on vulnerable versions of Adobe Reader. This gives me the opportunity to remind you that it's time to make your monthly visit to the Secunia Vulnerability Scanning service. Either scan your system online or load up the service's monthly scanning tool to ensure that all your third-party applications are up-to-date.

After I upgraded to Adobe Flash Player 10, some sites failed to work until I downloaded and installed a second update. Flash was recently patched, according to Adobe security bulletin APSB08-20, and on several of my test systems, this update apparently fixed a problem I was having with certain sites not offering me videos.

If you use Flash Player 9.0.124, either upgrade to version 10 or to the patched version 9.0.151. In my opinion, the easiest way to patch your Flash Player is to run Secunia's vulnerability scanner and see what other apps you need to update.

Office 2007 help files get updates of their own

If you use Microsoft Office 2007, you'll notice seven patches in this month's fix-a-thon that update the help systems in various Office programs:

• Excel 2007 (described in KB 957242)
• OneNote 2007 (957245)
• Outlook 2007 (957246)
• PowerPoint 2007 (957247)
• Publisher 2007 (957249)
• Word 2007 (957252)
• Script Editor (957253)

Apparently, Office users need a lot of help. The good news is that these patches don't require a reboot, so if you decide to install them, you won't need to stop and restart your system.

E-mail bug hits Windows Mobile 6.1 phones

Every phone that runs Windows Mobile version 6 and later has a copy of the Windows Update application. However, I've yet to see a patch being offered for Windows Mobile 6 phones.

If your device runs Windows Mobile 6.1, you should be offered an update, because there's a bug that corrupts your primary e-mail settings whenever you use an alternative SMTP e-mail server. That's a bit annoying, to say the least. The Outlook Mobile Team blog has the full details on the patch.

You'll need to use Microsoft's ActiveSync to install the patch on your phone.

Please tell us how useful this article was to you:

1: Poor
Poor
2: Fair
Fair
3: Good
Good
4: Great
Great
5: Superb
Superb
 
The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.

Table of contents

   
   
PERMALINKS

Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)

The following link includes all articles this week: http://WindowsSecrets.com/comp/081113

Free content posted on Nov. 13, 2008:

 
You get all of the following in our paid content:

Sudarto in Indonesia

A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. Your contributions in November are helping us to sponsor Sudarto Sagiman, a 12-year-old boy from a village in the area of Rembay, Indonesia. Plan USA channels development aid from donors to Sudarto and his community. We also sponsor kids through Save the Children and other respected agencies. More info

   
   

Table of contents

   
   
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

YOUR SUBSCRIPTION PREFERENCES (change your preferences):

Delivery address: cgpedley@gmail.com
Alternate address: cpedley@pppoe.ca
Country: Canada
ZIP or postal code: L3B 5N5
Reader number: 32451-65148

Your paid sub expires: 2009-11-08 at 12:01 a.m. Pacific Time.
You'll receive a renewal notice approximately four weeks prior to that date.

Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.

To change your preferences: Please visit your preferences page.

To access all past paid issues: Please visit our past paid issues page.

To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link.

To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours).

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe cgpedley@gmail.com from the Windows Secrets Newsletter,
  • Use this 2-click Unsubscribe link; or
  • Send a blank e-mail to unsub@WindowsSecrets.net with leave cgpedley@gmail.com as the Subject line; or
  • Visit our Unsubscribe page.
Copyright © 2008 by WindowsSecrets.com LLC. All rights reserved.

Table of contents




   

No comments:

Post a Comment

Thanks for understanding that we need to prevent the nasties.

Terms of Use

Personal & Educational Use Only This blog consists mainly of FREE newsletters from computer web gurus that I receive. I thought you might like to see them all in one place than try to discover them on your own. A moderate amount of editing may be done to eliminate unrelated repetitious ads or unnecessary text which bloat the post. However I have given the authors full credit and will not remove their site links because you deserve to see where it comes from and they deserve to get credit for what they have written. Your use of this site is simply for educational purposes. For more computer-related help go to: CPEDLEY.COM for free software, advice and tips on low cost products which are very helpful. If you want to contact the editor, please go CPEDLEY.COM and check the Contact page for email address.