If your software garbles this newsletter, read this issue at WindowsSecrets.com.
| || |
YOUR NEWSLETTER PREFERENCES Change
Delivery address: email@example.com
Alternate address: firstname.lastname@example.org
Locale: Canada L3B 5N5
Reader number: 35034-18272
Windows Secrets Newsletter • Issue 179 • 2008-12-18 • Circulation: over 400,000
Table of contents
INTRODUCTION: Did you miss the best stories of 2008?
TOP STORY: Access more memory, even on a 32-bit system
PATCH WATCH: Microsoft's out-of-cycle patch plugs hole in IE
KNOWN ISSUES: More on troubleshooting Windows network glitches
WACKY WEB WEEK: Even Santa can go a little holiday crazy
LANGALIST PLUS: Slipstreaming simplifies Windows reinstalls
BEST SOFTWARE: Keep your Net activities away from prying eyes
PERIMETER SCAN: Free software-update service spots risky apps
| You're receiving only our free content. Use the following link to upgrade and get our paid content immediately: |
Did you miss the best stories of 2008?
By Brian Livingston
I'm proud of all the writers for Windows Secrets, but I'm especially proud when subscribers give our writers top ratings for articles they've written.
I'd like to say that all of our articles are above average, but the truth is that some stories really stand out with especially high ratings from our readers.
At the end of the major articles in our e-mail newsletter, we include polling buttons so our subscribers can vote on a scale of 1 to 5 to tell us how useful they found each article. Believe me, our writers pay close attention to this brutal but important feedback. (Note: the polling buttons don't appear in the Web version of our articles.)
The three highest-rated articles of 2008 are:
The 10 highest-rated Windows Secrets stories of 2008:
All good things come to an end as Fred reboots• = paid content
Flash cookies are putting your privacy at risk •
Microsoft posts emergency defense for new attack
Install Vista's fonts on XP — legally •
More need-to-know about network monitoring •
More and better uses for Process Explorer •
Hackers broke into my site — yours might be next •
Flash ads bearing malware plague popular sites
Use a sandbox to improve your PC security •
Keep XP fresh until Windows 7 arrives
Six of the 10 articles appeared in our paid content rather than our free sections. If you're a free subscriber, there's no fixed fee to get access to our premium content. Any financial contribution — whatever it's worth to you — qualifies you to receive a full 12 months of our paid version and access to all past paid content. How to get the paid content
To see other highly rated articles we've published in this and previous years, visit our polls page.
Send your friends a holiday gift of secrets
I announced in a special news update on Dec. 17 that I'd temporarily lost my mind and was letting subscribers give their friends a full three months of the paid version of Windows Secrets, absolutely free.
If you missed that e-mail, you can still take advantage of this opportunity. Our holiday giveaway works this way:
This freebie is a one-time thing in response to today's global economic slowdown and may never be repeated. Please alert your friends to take advantage of it today.
No newsletters Dec. 25 or Jan. 1; see you Jan. 8
Our next regularly scheduled newsletter will be published on Jan. 8, 2009. We skip publication during the last two weeks of December, so there won't be any new content on Dec. 25 or Jan. 1. If something important occurs, we'll send you a short news update despite our year-end break.
Please have a happy and safe holiday season!
Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
Access more memory, even on a 32-bit system
As described in an entry on the Microsoft Developer Network, all non-server 32-bit versions of Windows XP and Vista impose a memory limit of 4GB. Your system may allow you to install more than this amount of RAM, but with few exceptions, the extra memory won't do Windows or your applications any good.
Moreover, even if you have 4GB of memory installed in your PC, you may not be able to use it all. For example, if your video card comes with 1MB of memory and you have 4GB of RAM, your system actually has 5GB of memory physically installed. But Windows will use only 4GB of that total, regardless.
It gets worse: according to a comment posted to the MSDN article, Windows itself is getting only 3GB because the video card gets 1GB. This happens because the memory aperture — a portion of system memory — is used to work with the video system.
Ways to break through Windows' RAM ceiling
Fortunately, there are techniques you can use to get around Windows' system-memory limitations. One method is to use Physical Address Extension (PAE), a feature of x86 processors that lets 32-bit operating systems overcome the 4GB memory limit.
Another MSDN article explains that 32-bit Windows operating systems support PAE. Even though XP and Vista still cling to the 4GB limit with PAE enabled, the feature may help you get back some of your unused RAM.
In one or two rare cases, a developer may take advantage of PAE technology to get around the usual Windows limits. For example, reader Alan Gorski reports that when he increased a computer to 8GB, the program AutoCAD was able to open large drawing files without generating the "out of memory" errors he previously had seen. As Gorski notes, "AutoCAD has long used special memory management techniques since the DOS days to maximize use of available RAM."
There's a good chance your system is already using PAE. That's because Windows relies on the technology to support the security feature known as Data Execution Prevention (DEP). For more information about Windows and DEP, see my Top Story in the May 3, 2007, issue.
If a computer supports hardware-enforced DEP, then PAE is enabled as well. Here's how to check for it in Windows XP:
Microsoft warns in another TechNet article that some drivers will not load if PAE is enabled. After you make this change, keep an eye on your system. If you have problems with drivers or your system starts acting up, remove the /pae switch from boot.ini in XP, or enter the following command line in an administrator command prompt in Vista:
BCDEdit /set PAE ForceDisable
For more information on the switches and settings related to PAE, consult this MSDN paper, "Boot Parameters to Configure DEP and PAE."
Microsoft's out-of-cycle patch plugs hole in IE
By Susan Bradley
Please stop your holiday preparations long enough to apply this week's important security update for Internet Explorer.
While most of the sites that currently host the so-called XML exploit are located in Asia, this attack on IE is likely to spread quickly to other sites, so make sure to update your PCs with this patch before using Microsoft's browser for anything else.
Microsoft security bulletin MS08-078 (Knowledge Base article 960714) was released on Dec. 18 to correct a serious hole that affects every flavor of IE from version 5 to the beta of version 8. Install this patch immediately, if not sooner. The easiest way to install it is to click Start, Microsoft Update (or Start, Windows Update) and download the patch from there.
Unlike many other Internet Explorer patches, this one is not a cumulative update. It's only patching the issue discussed in Windows Secrets contributing editor Mark Edwards' Dec. 17 special alert.
As a Dec. 17 post on the Microsoft Security Response Center blug discusses, patches are now available for more than 300 versions of Internet Explorer in 50 different languanges. So far, although most of the Web sites that are known to be infected have been found in Asia, the Microsoft Malware Protection Center Threat Research and Response blog indicates that the exploit has been discovered at porn sites as well.
I haven't encountered any problems while testing this patch, but as with any Internet Explorer update, be prepared for conflicts with third-party firewall and security software. The vendors of those programs may need to update their applications to work with the IE patch.
Give this fix the highest priority — even if you use Firefox — because core components of Windows itself may be vulnerable to this exploit even if you're not using IE as your default browser.
Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.
More on troubleshooting Windows network glitches
Whether for work, play, or otherwise, our day-to-day lives rely more and more on our connection to the Internet. Unfortunately, as network links become more important, network failures become more difficult to diagnose.
Scott's story described a change Microsoft made to Vista's DHCP settings that caused problems with some routers, among other Windows network glitches. Several readers contacted us to share their tales of Windows-connectivity disaster. Richard Chase also reminds us of some other useful network-troubleshooting tips:
Several Windows Secrets columnists have recommended Secunia's free Online Software Inspector and downloadable Personal Software Inspector for ensuring that your applications receive all the security and other fixes they need. In fact, Ryan Russell describes the service in this week's Perimeter Scan (paid column). Also, Susan Bradley pointed to the company's software-update services in the Dec. 11 Known Issues 2 column.
However, in recent weeks we've been hearing from readers whose experience with Secunia's update service is less than perfect. Here's what Mel Slane wrote in to tell us:
In his Dec. 4 LangaList Plus column (paid content), Fred Langa fielded a question from a reader who was looking for a way to track the amount of bandwidth his network connection used to avoid extra charges from his ISP. Several readers told us about their favorite network-usage meters; one of them is Rory Gordon:
WACKY WEB WEEK
Even Santa can go a little holiday crazy
Use these permalinks to share info with friends
We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)
The following link includes all articles this week: http://WindowsSecrets.com/comp/081218
Free content posted on Dec. 18, 2008:
You get all of the following in our paid content:
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.
Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).
Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Mark Joseph Edwards, Stuart J. Johnston, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.
YOUR SUBSCRIPTION PREFERENCES (change your preferences):
Delivery address: email@example.com
Alternate address: firstname.lastname@example.org
ZIP or postal code: L3B 5N5
Reader number: 35034-18272
Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.
To change your preferences: Please visit your preferences page.
To access all past issues: Please visit our past issues page.
To upgrade your free subscription to paid: Please visit our upgrade page.
To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link.
To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours).
HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.
WE GUARANTEE YOUR PRIVACY:
1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
HOW TO UNSUBSCRIBE: To unsubscribe email@example.com from the Windows Secrets Newsletter,