If your software garbles this newsletter, read this issue at WindowsSecrets.com.
| || |
Windows Secrets Newsletter • Issue 174 • 2008-11-06 • Circulation: over 400,000
Table of contents
INTRODUCTION: Free "job insecurity" download still available
TOP STORY: These speedup utilities aren't worth your money
KNOWN ISSUES: Sync your Outlook and mobile-phone contacts
WACKY WEB WEEK: Nothing's lost in this 80s-video translation!
LANGALIST PLUS: XP's "other" Explorer can be a real CPU hog
BEST SOFTWARE: Windows' Registry explained in plain English
WOODY'S WINDOWS: Like Flash, Silverlight poses a privacy risk
KNOWN ISSUES 2: Some sites break without Flash cookies enabled
Free 'job insecurity' download still available
By Brian Livingston
This month's free bonus remains ready for you to download, which is a good thing in case you couldn't get to it last week.
For a few hours prior to 10 a.m. Pacific Time on Oct. 30, our subscribers who tried to download the file received the previous month's file instead, due to a single erroneous character that I mistyped in a line of code — mea culpa!
Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
These speedup utilities aren't worth your money
Dozens of Windows utilities promise to optimize your system's memory, improve your Internet connection speed, and rev up disk-access times to provide an overall performance boost. Some of these benefits can be demonstrated. For example, in a Sept. 11, 2008, Best Software column (paid content), Windows Secrets contributing editor Scott Spanbauer found three Windows cleanup utilities worth recommending: Business Logic's WinCleaner OneClick Professional Clean, Piriform's CCleaner, and PC Pitstop's PC Optimize.
Other programs promise fantastical performance. The makers of System Speedup Wizard and PC Speeduper, two nearly identical programs I tested, claim to include "new 2007 hard-disk optimization technology that allows your computer to read data up to 300% faster from your hard drive."
The Web pages for these products go on to say that each one "optimizes your RAM and configures other settings to speed up your Internet connection and overall computer performance."
To put these and similar claims to the test, I timed how long it took an XP system to perform the following everyday computing tasks:
As shown in Table 1, the tests reveal a few minor speedups, but nothing that the average person is likely to notice. In most cases, the differences were under one second.
Table 1. These utilities provided little or no speed up, and sometimes slowed things down. (Time in seconds, smaller numbers are better.)
Given the small and irregular improvements, it's just as likely that some of the variations were due to random Windows behavior as to any optimizing the products themselves did.
Of course, it's possible that speedup utilities might have a greater effect on older, badly maintained systems than they had on my one-year-old test system. And to be fair, not every program I tested claims to improve the specific tasks I tested for. Rather, these operations were chosen as ones most likely to make a Windows user wait.
Moreover, most of the products I reviewed provide only a general overview of what they do. None of them offers a help file, user manual, or other documentation describing the nitty-gritty of how these programs operate.
SpeedUpMyPC 2009 and Windows Performance are a little better in this regard, providing short descriptions of each setting. However, you have to know where to click. The information isn't available in a searchable Help file. Clicking the Help icon in Windows Performance takes you to a Web page that is more marketing than documentation.
In addition, the programs' customization settings are minimal. You can't tweak the optimization routines in the slightest, although SpeedUpMyPC and Windows Performance let you choose whether to run individual types of scans and cleanings. It's like having a car that lets you turn some of your dashboard accessories on or off but prevents you from adjusting the temperature or the station on the radio. And just forget about peeking under the hood.
At least SpeedUpMyPC lets you uncheck boxes for individual temp files before the program deletes them. However, you can't change the folders and files it considers "junk."
Given these results, I can't recommend any of these programs and, unlike other reviews I've published, I'm not assigning numerical scores.
Two names, two prices, but the same product
Two of the products I tested appear to be entirely identical except for their names. Even their separate Web sites are exactly alike except for the product name and illustration.
The only apparent difference is that System Speedup Wizard requires installation, while PC Speeduper merely requires that you unzip the download files and launch the executable. System Speedup Wizard, at a price of U.S. $20, is also more than twice the cost of PC Speeduper ($9).
Neither program requires much participation on your part. By default, the Enable Speedup box is checked and Speedup Settings are set to High. The only other option is Realtime, but I couldn't find any explanation of the difference between these settings.
The "Run [product name] at Windows Startup" setting is not on by default, but the products need to be running to affect your system. After all, the vendor sites claim the technology "works in the background to optimize applications constantly." Unfortunately, the products themselves don't tell you that.
Not surprisingly, the two programs turned in nearly identical results on my tests, with less than a one-second difference on the boot test and less than a half-second or no difference on the others.
Both programs offer a 14-day trial period, though I don't think either is particularly worth trying.
System optimizer has ease of use but little else
SpeedUpMyPC 2009 — like the other programs covered here — presents a tabbed window to organize its features into Overview, System Scan, Cleanup, Optimization, and Settings. The two main actions you can take in most tabs are scan and optimize. The Cleanup and Optimization tabs have further subdivisions and even sub-subdivisions. This makes the interface cleaner and more accessible, but it also makes it more difficult to find certain features.
Although I could find no Help file per se, some of the program's tabs (such as the Windows subsection of the Optimization tab) provide capsule descriptions of settings after you check the Show tweak descriptions box.
These so-called tweaks are primarily changes to Registry settings. I didn't examine them in detail, but at least one ("Disable paging executive") has been debunked as not very useful by the site XP Myths (scroll to the middle of the long page to find the pertinent information).
The Optimization tab also includes features that are parallel to and, for all practical purposes, duplicate features found elsewhere in Windows — such as CPU Monitor and CPU Booster (see Windows' Task Manager) or Uninstall Manager (see Add or Remove Programs in Windows' Control Panel).
For example, to get the equivalent of the CPU Booster — which lets you change the priority the processor gives to an application — right-click the taskbar, choose Task Manager, click the Processes tab, right-click the desired executable, and choose an option from the Set Priority submenu.
The Startup Manager feature is not found in Windows, but you can get the same features in Mike Lin's free Startup Control Panel utility rather than pay $30 for this tool.
If you want a program that requires only one or two clicks to apply a variety of popular speedup tweaks, SpeedUpMyPC may be worth your money. But if you're on a budget, you'll save some green by sticking to the advice you find in Windows Secrets.
Multifunction speed tweaker offers few answers
Windows Performance claims to optimize, repair, and clean your system. The program's five main divisions are Windows Registry, CPU/Memory/HDD, Network/Internet, Configuration/Appearance, and Startup. Within each of these are checkboxes denoting tasks that streamline your system.
Unfortunately, the array of options doesn't clearly explain what's going on. You can get information on individual settings under the Details column, but the descriptions never amount to more than a few sentences and often assume expertise users may not have.
Also, the upper-right corner lets you turn "Protection" on or off but doesn't tell you what that means. The page listing the product's features suggests this is designed to "eliminate dangerous spyware, block hidden malware from altering your system settings, and repair security vulnerabilities." Gee — all that, and no settings or information on how this works.
For all I know, Windows Performance may do some really valuable things for your PC. But — as with the other products I tested — the program has little impact on daily PC tasks.
Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine.
Sync your Outlook and mobile-phone contacts
For better or worse, Windows dominates desktop computing. Even though the Windows community is currently split between XP and Vista, there's enough commonality between the versions — some would argue too much commonality, others not enough — that we can make general statements that apply to both.
Not so with our mobile phones.
There's no dominant platform for mobile devices. BlackBerrys, Windows Mobile phones, and iPhones all have healthy market shares. That's good for consumers, but it makes it a bit difficult to describe what works on all those devices.
Fortunately, synching your Windows contact list with a BlackBerry or Windows Mobile is a snap. Simply use the software that ships with the respective devices, such as BlackBerry Desktop and ActiveSync (for XP) or Windows Mobile Device Center (for Vista).
A post on the BlackBerry Insight Forums describes the contact-synching process for Research In Motion's phones. Also, troubleshooting tips for BlackBerry sync problems and help with ActiveSync glitches are available at the BlackBerry site, while tips for the Windows Mobile Device Center are posted at Microsoft.com.
Former Windows Secrets program director Brent Scheffler writes about a technique he used to sync Outlook 2007 contacts with his new T-Mobile G1 phone, which might help users of other devices, too:
If you run Windows on a Mac, you need to patch
In last week's Top Story, Susan Bradley answered a reader's question about whether someone running Microsoft applications on a Macintosh would be affected by the out-of-cycle patch Microsoft released the previous week. Susan answered that this wasn't necessary.
However, the reader's question referred to Microsoft Office and other applications from the company, not Windows. Several readers pointed out that Macs running Windows need the patch as well. The story should have stated that Macs running Microsoft programs other than Windows needn't apply the out-of-cycle patch.
WACKY WEB WEEK
Nothing's lost in this 80s-video translation!
PLEASE ENJOY YOUR PAID NEWSLETTER
You're reading our paid version
The following sections provide you with content that doesn't appear in the free version of this newsletter. Please don't forward your paid version to others. (Forwarding the e-mail newsletter to people who didn't request it subjects us to spam complaints.) Instead, we'd love you to share the free version of this content by suggesting that people visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.
The address of this issue is http://WindowsSecrets.com/comp/081106
XP's 'other' Explorer can be a real CPU hog
Explorer executable file drives an XP user nuts
Don Clucas sounded pretty desperate when he wrote:
That plan was partially realized but then derailed by the antitrust actions that prevented Microsoft from encroaching further onto other Web browsers' turf. So, we now have two separate Explorers on our systems: "Internet Explorer" (iexplore.exe), the well-known Web browser that gets all the attention, and the less-well-known "Windows Explorer" (explorer.exe).
Even though you may be less familiar with the name "Windows Explorer," you use the program all the time. Explorer.exe is the component of Windows that provides the desktop, file browser, taskbar, and most of the windows through which we interact with our PCs.
In normal operation, this Explorer starts with Windows and is also one of the very last programs to shut down. From a user's point of view, in many ways explorer.exe is Windows. While the program is reasonably sturdy and fairly well protected from crashes, no software is immune to problems.
Microsoft shored up some of Windows Explorer's remaining soft spots — including the specific problem that you describe, Don — about a year ago in a hotfix that has since been incorporated into Service Pack 3. Knowledge Base article 317751, titled "Explorer.exe Process Uses Many CPU Cycles When Windows Is Idle," describes the problem and the fix.
So the first suggestion is to get your system current via Windows Update, including XP SP3. If you can't or won't use SP3, at least download the hotfix, which is available separately via the link above. Odds are, that patch will solve your Explorer problem.
If the glitch persists after you download and install the hotfix, check to see that you are actually running the file you think you are: there are Trojan versions of explorer.exe floating around that infect your system while masquerading as the real thing.
The correct location for explorer.exe is the main C:\Windows folder. The file's exact size depends on the patches and language packs you've installed, but on all my XP SP3 systems, explorer.exe is 1,010KB (0.98MB) and has a file-creation date of "4/13/2008."
Search your hard drive for any instances of explorer.exe and see where they turn up. To ensure that your search includes system folders and hidden files, click Start, Search. Scroll to More advanced options and check the boxes to Search system folders, Search hidden files and folders, and Search subfolders.
(Don's question refers to XP, but you can check Vista similarly: click Search, and in the Advanced Search area, select Include non-indexed, hidden, and system files.)
If you find an instance of explorer.exe that resides outside the C:\Windows folder, or if the one in that folder is significantly larger than 1MB, your system may be infected with a Trojan.
In that case, scan your PC using antivirus and antispyware tools other than the ones you currently have installed on the machine. (If you have a bogus explorer.exe file on your system, your current tools failed to detect the malware.)
Explorer.exe is so fundamental to Windows' operation that if my system had a compromised version of the file, I'd reinstall Windows, just to make sure the Trojan was well and truly gone.
Recovery Console won't load at startup
Like many careful Windows users, Michael (no last name given) wanted to set up XP's Recovery Console to make it easier to bounce back after encountering a major problem. Unfortunately, he ran into trouble:
If you like "black box" solutions to system troubles, giving GoBack total control is a very good thing. If you prefer to have more say over what happens when things go wrong on your PC, GoBack's approach is actually an impediment.
You have to decide for yourself whether it's worth keeping GoBack installed. I don't use GoBack or similar recovery programs on my systems because I prefer to use Windows' Recovery Console and other tools that let me see exactly what's going on and decide how I want to proceed at each step. The choice is up to you.
Keep in mind that you can get the Setup Cannot Load the Keyboard Layout File Kbdus.dll error message even when you're not running GoBack. There are two other common problem areas: one is when all drive letters (A: to Z:) have been assigned to hard-drive partitions, and the other involves problems with access rights.
You'll find the solution to the drive-letter problem covered in KB 239722 and the access rights problem described in KB 246187.
Firewall 'Allow/Deny?' prompt causes confusion
Reader Charles Lam supports a number of other PC users, so their problems become his:
One simple, free solution is to use Windows' built-in firewall, which asks no questions in routine operation. The Windows Firewall is nothing fancy, but it works and provides basic insulation from many of the most common online attacks and intrusions.
(Note that the Windows Firewall monitors inbound traffic but doesn't alert you to data being sent from your PC out. To watch for unauthorized attempts to transmit information from your system, you need a bi-directional firewall such as ZoneAlarm or Comodo.)
Your systems are behind routers that somewhat disguise their network locations via network address translation (NAT). If your PCs also have good antivirus and anti-spyware protection, the four-layer defense of the NAT router, Windows Firewall, and antivirus and antispyware tools make the machines reasonably secure for routine use.
If you want to use a firewall other than the one built into Windows, I'd suggest you have your IT hired guns install the firewall program of your choice and then configure each PC to allow all its primary apps to access the Internet without any prompting from the firewall.
That way, the IT person can correctly answer most of the allow/deny access requests. By telling the firewall to remember those initial answers, users won't see those access requests again later.
Another option is to provide some additional basic education for the users. Tell them that if they see an access request from the firewall when they first run a program that they know is okay, it's probably safe to grant access. However, if they get an unexpected access request — such as one that pops up when they didn't just launch a program — then it's safer to deny access and ask for help from a more knowledgeable user.
By the way, I'm assuming your question involved general-use and basic office PCs. To meet federal HIPAA standards, systems storing patient healthcare records may need a higher level of protection — as well as a higher level of user training for safe operation. Fortunately, providing an acceptable level of basic security for general-use PCs is much simpler.
Change your default program for viewing images
Bill Ellis' system has started using the wrong viewer to display GIF files:
Once you know where the file is located, setting GIFs to open with Windows Picture and Fax Viewer is basically the same as setting any other file association.
An easy way to change the program associated with a specific type of file in XP is to open Windows Explorer and select Tools, Folder Options, File Types. Scroll to .gif in the Registered file types box, and in the Details for GIF extension area, click Change. A new Open With dialog will appear.
Windows Picture and Fax Viewer may already be listed as an Open With option. If it is, select it and check the box for Always use the selected program to open this kind of file. Click OK and you're golden.
If Windows Picture and Fax Viewer isn't listed as an Open With option, click Browse to bring up a more detailed Open With dialog. In the Files of type list at the bottom of this dialog, select All Files.
Navigate to the C:\Windows\System32 folder, select shimgvw.dll, and click Open. You'll now go back to the previous dialog. Check the Always use the selected program box, click OK, and you're done.
While Vista lacks the Windows Picture and Fax Viewer applet, you can still change your default image viewers via Default Programs in the Control Panel. To open Default Programs, press the Windows key, type default programs, and press Enter. Click Associate a file type or protocol with a specific program, scroll to and select .gif, and click the Change program button.
Make your selection from the list that appears, or click Browse and then navigate to and select the executable file for the program you'd like to use to open GIFs. Don't forget to check Always use the selected program to open this kind of file at the bottom of the Open With dialog.
And remember, this same process can be used to change any file associations or Open With dialogs that aren't working the way you want.
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.
Windows' Registry explained in plain English
So, just what is the Registry, anyway?
The easiest way to envision the Registry is to see it as a centralized database containing details about your PC's hardware, software, and users. In reality, the Registry is somewhat more than this, but if you think of it this way, you're on the right track.
The Registry is needed because hardware, software, and user setups vary. PCs can differ in the number and size of hard drives, the amount of memory, the software installed, and hundreds of other ways.
To run efficiently, Windows and other programs need to know the particular setup of the computer they're running on. This information can be found in the Registry, which serves as the centralized repository of information about your PC and is accessible to all the software running on the machine.
Last year, I encountered a domestic equivalent of the Registry when I rented an apartment at a ski resort. The apartment's modern kitchen contained all the usual things you expect to find there: an oven, a refrigerator, pots and pans, cutlery, etc.
But kitchens are like PCs: while superficially alike, they're all different. The cutlery may be kept in diverse locations, the number and type of saucepans varies, the oven works differently, and much more.
Thoughtfully, the owners of this ski apartment had provided me with a complete list of everything in the kitchen, along with a diagram showing the items' physical location. They also provided instructions on how to use each appliance, right down to noting that the oven read 40 degrees too hot.
This "Kitchen Registry" made life much easier for me, because the document contained all I wanted to know about the kitchen in a single location. In the same way, the Registry makes life easier for Windows and other programs that run on your PC by keeping all the information about the system in a single centralized location.
Registry files are not to be trifled with
The Windows Registry is comprised of files just like all the other files on your hard drive. More accurately, the Registry is a set of six files that in most versions of Windows are located here:
Additionally, two files for each user on the system are located in their respective user profiles.
Registry files can become corrupted, just like any other Windows files. A corrupted Registry could make your PC unusable, so Windows automatically backs up all the files in the Registry. When you create a system restore point, additional backups are made.
Most users will never need to deal with these files directly. Indeed, fiddling with Registry files could create serious problems on your computer or even render it unusable.
Registry updates happen all the time
The Registry on your PC was created when Windows was installed. However, that initial copy of the Registry is constantly being updated.
For example, when you install new software, the installation program may create hundreds or even thousands of new Registry entries containing such information as the installation directory, license numbers, and program defaults.
Similarly, the Registry is updated every time you change a setting in Windows' Control Panel.
In fact, the Registry is being updated even if you aren't installing programs or changing settings. That's because Windows and your other running programs are constantly accessing and updating the Registry as part of their normal processes.
The number of times the Registry is accessed is stunningly large. I just ran a test on the laptop I'm using to write this article, and there were over 100,000 Registry accesses in 60 seconds!
Figure 1. Process Monitor tracks your Registry activity.
I found this out using Microsoft's free RegMon utility, which lists all Registry accesses and updates as they occur. RegMon has been replaced by Sysinternals' free Process Monitor, which is similar to RegMon in that you run the program directly from the procmon.exe file without installation. Do try Process Monitor; you will be quite shocked to discover just how active the Windows Registry is on your PC.
Hacking the Registry requires care and caution
For safety reasons, users cannot edit the Registry through the normal Windows graphical interface. Instead, you must use Windows' special Registry Editor (or Regedit) from a command window. This restricts Registry editing to experienced users — which is a good thing, as an incorrectly edited Registry may render a PC unusable.
The main reason users want to edit the Registry is to make changes to the settings on their PC that they can't make through Windows' Control Panel or the options available in their application programs.
For example, one common tweak disables CD auto-run in Windows XP. Another prevents the Desktop Cleanup Wizard from nagging you to remove unused icons.
There are dozens of sites listing hundreds of these Registry hacks and tweaks. Reputable examples include Kelly's Korner and the Elder Geek.
Though many of these tweaks are useful, I must say I'm uncomfortable with the idea of inexperienced users editing the Registry by hand. The potential gain is too small compared to the possibility of a total disaster, such as an unbootable PC.
It's not the tweaks that are the problem; those listed at the sites above are generally very sound. Rather, it's that Registry editing is by its very nature a tricky business — far too tricky for most inexperienced users. So I'm deliberately not going to tell you how to do it. Instead, I'm going to recommend some safer methods.
Scripts keep your Registry tweaks safe
But that's not a problem. There are two ways to get the benefit of Registry tweaks without engaging in risky manual editing of the Registry.
The first is to use a Registry script file to make the changes. These plain text files use the .reg extension and instruct Regedit to make specific changes to the Registry.
Using a script file to tweak the Registry is very simple. Download the tweak as a .reg file, and then double-click the file. Windows will ask whether you really want to make the changes to the Registry. If you answer "yes," the changes are made immediately and without any further intervention from you. There is no need to go anywhere near the Windows Registry Editor.
Sometimes, your security software will issue a warning when installing a .reg file. That's because such files are sometimes used by malware. However, if you have downloaded the .reg file from a reputable source — such as the two listed above — then you can safely ignore any warnings from your security programs.
Not all Registry tweak sites offer their tweaks in the form of .reg scripts, but Kelly's Korner does. These scripts offer a simple and effective way to get the benefits of Registry editing without the risk. However, stay away from .reg files offered by unknown sites. They may be fine, but there's no way of knowing what you're getting.
Freeware alternatives to the Registry Editor
There's another way to tweak your Registry that's safer than Regedit or scripts. For Windows XP, Microsoft offers a free (though unsupported) program called TweakUI as part of its free collection of PowerToys utilities.
TweakUI gives you access to many Registry settings through a simple graphical interface. The program doesn't allow you to make all the changes you can via the scripts at Registry tweak sites, but it handles many of the most useful tweaks.
Given its ease of use and high level of safety, TweakUI is an attractive option for inexperienced users. Unfortunately, it's available only for Windows XP. Vista users can check out the freeware program WinBubble, which provides functionality similar to that of TweakUI.
TweakUI and WinBubble allow you to realize most of the gains of Registry tweaking without facing the risks involved in manual Registry editing. However, even with these low-risk products, it's a good idea to back up your Registry by creating a system restore point before you do any tweaking, just in case something goes wrong.
Ian "Gizmo" Richards is senior editor of the Windows Secrets Newsletter. He was formerly editor of the Support Alert Newsletter, which merged with Windows Secrets in July 2008. Gizmo alternates the Best Software column each week with contributing editor Scott Spanbauer.
Like Flash, Silverlight poses a privacy risk
What Flash and Silverlight have in common
As I explained in my Oct. 23 column, Adobe's Flash Player maintains its own version of cookies — text files stored on your computer that can be set and read by an individual Web site. Flash's Local Shared Objects (LSOs) look like cookies and act more or less like rogue cookies.
By default, LSOs can store up to 100KB of data. Regular cookies are limited to 4KB. Your browser can't touch LSOs, even when you clear or restrict your cookies, because LSOs operate completely independently. Adobe offers an online program that gives you some access to the LSOs, but the tool is clunky, archaic, and — until I wrote about it last week — virtually unknown.
Microsoft's new Silverlight platform takes on Flash in many ways. Silverlight's Isolated Storage feature walks like a duck and quacks like a ... er, bears more than a passing resemblance to Flash's LSOs.
Using Isolated Storage, a Web site can store up to 100KB of text on your computer (more, if you give permission). The text is maintained completely independently of your browser. As with LSOs, your browser can't touch Independent Storage, even when you clear or restrict your cookies. Microsoft offers an obscure program that gives you some access to Isolated Storage, but the utility offers you few options.
Is there an echo in here?
While Flash has been around forever, Silverlight has just entered prime time. Version 2 shipped last month. (Let's not talk about version 1, okay?)
Microsoft clearly intends for Silverlight to compete for the hearts and minds of Flash developers, ultimately using superior technology to take over Web programming as we know it. Microsoft did the same thing when it ousted Adobe from its dominance in page description languages, supplanting Adobe's PDF with its own XML Paper Specification (XPS).
Yes, my tongue's still in my cheek.
The privacy peril of third-party cookies
Few people have problems with the simple first-party cookies that sites leave on your PC to help identify you and customize content when you return. The difficulties arise with third-party cookies, which are set by programs that "hitch a ride" in advertisements on the sites you view every day. Third-party cookies don't do anything to help you. They exist only to enrich advertisers.
As I explained in my last column, Flash developers can use LSOs to create and manipulate third-party cookies. By default, Flash accepts all third-party LSOs. You have to use Adobe's Flash Player Settings Manager site to turn off third-party cookies — er, LSOs.
As far as I can tell — and there doesn't seem to be a lot of discussion on the topic — Silverlight also allows third-party cookies. More accurately, a Web page can contain two or more Silverlight programs, each of which has its own Isolated Storage.
Using old-fashioned third-party cookie techniques, an advertising company could easily perform the DoubleClick shtick and track your surfing.
Unlike Flash, Silverlight has absolutely no controls that you can set to block third-party cookies — um, Isolated Storage. I guess Microsoft just hasn't gotten around to it. While Flash sits on more than 97% of the world's computers, Silverlight is on only a tiny handful of PCs. (Yes, I know that Microsoft claims millions of downloads a day.)
As a result, Silverlight is a much less inviting object of advertiser's affections than Flash, and you needn't worry much about third-party Silverlight cookies haunting your PC. Yet.
Where to find Silverlight's configuration tools
If you have Silverlight installed on your system, you can open the Silverlight Configuration tool by right-clicking any location inside a Silverlight Web site and choosing Silverlight Configuration. You'll see the window shown in Figure 1.
Figure 1. Access the Silverlight Configuration utility via any site that uses Microsoft's Flash competitor.
Sounds easy, doesn't it? There's a catch. In order to bring up the Silverlight Configuration tool, you have to find a Silverlight site, and that isn't as easy as you might think. For example, if you go to the main Silverlight page, you won't be able to bring up the Silverlight Configuration tool: Microsoft didn't use Silverlight to write the Silverlight main page. D'oh!
Instead, try a Silverlight site such as the Spatial Wiki. Right-click anywhere on a page, choose Configuration Tool, and click the Application Storage tab. You'll see a list of sites using Isolated Storage on your computer, as seen in Figure 2.
Figure 2. View a list of sites that use Silverlight's Isolated Storage via the Silverlight Configuration tool.
From the Application Storage tab, it's easy to wipe out Isolated Storage cookies for specific sites or for all sites, but you can't block third-party Isolated Storage cookies altogether. (Note: Unchecking the Enable application storage option that's shown in Figure 2 isn't a solution, because this would block even useful first-party cookies, not just third-party ones.)
Cookies share what they know about you
I find it disconcerting that Microsoft is up to version 2 of its Flash killer and still hasn't implemented any way to thwart third-party cookies.
The problem is more than skin deep: as far as I can tell, Silverlight presents a much more serious privacy challenge than the Flash Player. The way things stand now, all third-party applications on a particular Silverlight page can access each others' Isolated Storage. That's a security hole bigger than Kansas.
Wilco Bauwer describes it this way in a blog posting from last March:
Silverlight mimics Flash in many ways. (A pertinent example: Silverlight used to allow 1MB of Isolated Storage space per app, but that was reduced to 100KB in the current version, the same storage limit as Flash's LSOs.) It remains to be seen whether Silverlight can offer a more secure framework for active Web content than Flash does, starting with a better way to handle cookies.
With all the Ray Ozzie-fueled hubbub and press coverage about Azure and Microsoft's impending dominance of the cloud, it's a bit sobering to see what's really happening — right now — inside Microsoft's cutting-edge online applications.
As with so many technologies, the marketing fluff sounds good, and the million-dollar demos leave your jaw on the floor. But when you scrape down to bare metal, reality often fails to live up to the hype.
Woody Leonhard's latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won't put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.
KNOWN ISSUES 2
Some sites break without Flash cookies enabled
By Dennis O'Reilly
There was a remarkably large response to Woody Leonhard's Oct. 23 column on deactivating the Local Shared Objects (LSO) in Adobe's Flash Player.
Few people were aware of Flash's version of third-party tracking cookies, which advertisers use to keep tabs on your surfing habits and deliver ads based on your activities on previously visited sites.
Unfortunately, we also heard from readers who found that some of their favorite sites broke when they blocked the sites' access to third-party LSOs. Heaven only knows why the sites rely on third-party LSOs when regular LSOs should work fine.
For reader Stephen Addy, the Flash-cookie casualty was MTV's new music-video service:
The one-fell-swoop approach to blocking third-party cookies is to opt out of the largest Internet ad network, as described by reader Darrell G.:
Use these permalinks to share info with friends
We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)
The following link includes all articles this week: http://WindowsSecrets.com/comp/081106
Free content posted on Nov. 6, 2008:
You get all of the following in our paid content:
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.
Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).
Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.
YOUR SUBSCRIPTION PREFERENCES (change your preferences):
Delivery address: firstname.lastname@example.org
Alternate address: email@example.com
ZIP or postal code: L3B 5N5
Reader number: 32451-65148
Your paid sub expires: 2009-11-08 at 12:01 a.m. Pacific Time.
You'll receive a renewal notice approximately four weeks prior to that date.
Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.
To change your preferences: Please visit your preferences page.
HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.