A dozen tools for removing almost any malware

A dozen tools for removing almost any malware

Need to get a system clean of malware and/or verify that it’s completely malware-free?

Use one or more of these free tools to clean up even the worst malware infections — and keep PCs clean.

Here’s a typical scenario for a veteran computer user. Having established best-security practices on your PC, you’ve been free of malware infections for a long time. But every so often, a friend or family member says those dreaded words: “I think I might have a problem with my PC.” Typically, by then the infection — a bogus antivirus popup, for example — is well established.

If it’s been a while since you had to clean someone’s machine, it can be difficult to remember the best techniques and apps for restoring a system to good health. We suggest you keep this story handy for future reference — bookmark it or print it out. It should provide all the information needed to remove even the most tenacious malware infestation.

“Hi! I think I have a virus. Can you help?

A Windows infection shows up in many ways: strange system behavior such as excessive, unexplained activity; odd warning; or that aggressive popup you can’t remove. Sometimes the infection is more subtle: It feels like Windows or installed apps just aren’t working as they should. Or maybe the system seems to be working fine, but you’d still like to verify that malware hasn’t taken hold and is working silently in the background.

Whatever the signs, experienced Windows users typically resort to one or more anti-malware scanners/cleaners. Unfortunately, it can be far easier to detect malware than to remove it. Thoroughly cleaning a system might require the use of multiple AV products, multiple scan/clean cycles, and even Linux-based tools running outside Windows.

Best AV practices also include proactive planning — preparing for infections, rather than scrambling for the right malware cleaner after the fact. With just a little work — literally a few minutes — you can equip yourself with the tools needed to rid a PC of most malware or verify that a system isn’t actually infected.

Last week, I covered AV tools from Microsoft in the Top Story, “Microsoft’s six free desktop security tools.” This article adds a selection of third-party tools, a dozen of the best-regarded and most popular anti-malware cleanup tools currently available. All these tools find and eliminate common worms, viruses, and Trojans. Some also target hard-to-find and hard-to-remove rootkits and bootkits — malware that hides deep in the system, in some cases launching even before the OS and full-time anti-malware tools boot.

I’ve run all these tools on my XP, Vista, Windows 7, and Windows 8 PCs — and I use many of them regularly. But this is far from a definitive list; there are hundreds of other anti-malware applications available. That’s good, because no single AV app works on all Windows systems all the time. Feel free to explore other options via your favorite search engine and download sites.

It’s not the lack of AV tools that results in malware infections; it’s the lack of application by users!

AV apps for routine cleanup and verification

Most Windows users know they should run some sort of full-time anti-malware software. Malware authors are clever programmers and depend on staying one step ahead of AV developers. On-demand scanners are a second line of defense. Use them if your full-time scanner fails or when you wish to verify that a PC is malware-free. (It’s like getting a second medical opinion.)

On-demand scanners are typically quick to download and easy to run. Usually self-contained (i.e., operating independently of your full-time AV tool), they might detect and remove malware your regular scanner missed. On-demand scanners are active only when specifically launched, so they rarely conflict with full-time scanners. In other words, you don’t need to disable your full-time scanner to run an on-demand scanner/cleaner. If you strongly suspect an infection and one on-demand tool doesn’t work, run others from different AV companies.

Here are my recommendations for free on-demand AV tools:

• Trend Micro’s HouseCall (site) has been around for years and has earned an excellent reputation. It’s available in a 32-bit version for XP and in both 32-bit and 64-bit versions for Vista, Win7, and Win8.

  HouseCall, shown in Figure 1, is known for its speed, making it an excellent choice for routine use. I use HouseCall often on my PCs for quickly verifying that a system is malware-free. Its Settings link offers three levels of scans: Quick, Full, or Custom.

  

  Figure 1. HouseCall is exceptionally simple and quick — ideal for routine malware-checking and cleanups.

• ESET’s Online Scanner (site) is another tool with a long pedigree and a well-deserved reputation for excellence. It’s not particularly fast, but it is nicely configurable. For example, the scanner’s Advanced settings let you select which drives to scan — even remote networked drives. It will also scan inside archives (e.g., .zip files), which not all scanners can do. You can select the depth of the scan, such as looking for potentially unwanted and/or unsafe applications.

  ESET’s scanner (Figure 2) runs on all current versions of Windows (XP through Win 8) and comes in both 32- and 64-bit flavors. Unlike its competitors, it’s also available in two versions based on your choice of browser. If you download Online Scanner via Internet Explorer, you’ll get an in-browser, ActiveX version. Downloading the scanner with another browser (e.g., Chrome or Firefox) installs a non-ActiveX version that runs outside the browser. Both versions work identically.

  

  Figure 2. ESET's Online Scanner is exceptionally configurable and comes in both a browser-based and a standalone version (shown).

  When something’s gone wrong with a system and it needs a deep scan to determine whether it’s infected, I run Online Scanner overnight with all options enabled.

• I covered the Microsoft Safety Scanner in last week’s Top Story. But it’s worth mentioning again because it’s fast, free, and easy to use. Safety Scanner (Figure 3) finds and removes both malicious software and potentially unwanted software. It’s compatible with XP, Vista, Win7, and Win8. You’ll find both 32- and 64-bit versions on its info/download page.

  

  Figure 3. Microsoft's extremely simple-to-use Safety Scanner checks for a variety of viruses and other malware.

• McAfee’s Stinger (site) scans for about 5,000 common types of malware — and for those often difficult-to-remove rootkits. It offers Quick (see Figure 4), Full, and Custom scans, and McAfee updates the tool several times a week so the download is always reasonably current. (Many on-demand scanners must go through an update cycle immediately after installing or launching the app.)

  

  Figure 4. The easy-to-use McAfee Stinger targets rootkits, along with many other types of malware.

If these relatively simple, on-demand scanners/cleaners don’t work, or if an infection has crippled Windows, it’s time to roll out the big guns.

Heavy-duty, self-booting, malware-cleaning tools

Some malware — rootkits, for example — is especially adept at playing hide-and-seek with AV apps, making them especially difficult to detect and remove. Infections have been known to actually disable full-time AV scanners — and even Windows Update.

The solution is a self-contained, self-booting system scanner that operates entirely outside Windows.

These tools are typically offered as downloadable .iso files used to create bootable CD, DVD, or flash drives — commonly called rescue discs — that contain both an operating system and a malware scanner.

When you start and run a PC from a rescue disc, everything on your system’s hard drive(s) — Windows, applications, your data files — remains inactive, unused, and for the most part unlocked to the disc-based scanner. That makes it considerably harder for malware to hide itself and considerably easier for an AV scanner to look for suspect code. There’s also no chance that the rescue-disk scanner will conflict with any other installed anti-malware software.

The drawback with rescue discs is their setup. Unlike the download-and-run simplicity of the on-demand scanners mentioned above, you have to build a rescue disc before you can use it. That typically means downloading the .iso file and burning it to media. Assuming you have an optical drive, Windows 7 and 8 can create bootable CDs and DVDs natively (more MS info); Vista and XP need a little help from a third-party CD/DVD burning app such as Free ISO Burner (site).

Next, your system must be configured to boot from the rescue disc. You might have to press a specific key during power-up or change BIOS settings. The PC’s owner manual or the vendor’s website should have the information you need.

Here are three free, self-booting rescue discs to consider:

• The Kaspersky Rescue Disk (info/download) is my favorite standalone, self-booting cleaning tool. Although it’s Linux-based, you don’t have to know anything about Linux — everything is preconfigured as a complete, ready-to-run, point-and-click, Windows-like environment, as shown in Figure 5. It’s about as easy as can be.

  

  Figure 5. Linux-based, the Kaspersky Rescue Disk is a polished disk-scanning and recovery tool with a familiar graphical interface.

  Removing some malware requires a more specialized tool. Kaspersky’s Utilities page has downloadable malware-removal tools for specific viruses.

• F-Secure’s Rescue CD (site) is at the other end of the usability spectrum. It’s a Linux-based tool with a minimalistic, DOS-style text interface (see Figure 6). It’s not point-and-click; you navigate with arrow-key and keystroke entries.

  

  Figure 6. F-Secure's Rescue CD has a simple, text-based interface.

  The lack of a graphical interface might be jarring for some Windows users, but Rescue CD’s extremely simple, compatible, and robust. With minimal graphics support and no mouse support, Rescue CD should operate on just about any hardware, including very old or otherwise hardware-constrained PCs.

• I covered Windows Defender Offline (WDO) in last week’s Top Story, so I’ll be brief here. WDO falls in between the Kaspersky and F-Secure tools: It’s more polished than F-Secure’s Rescue CD but doesn’t offer a complete GUI operating environment like Kaspersky’s Rescue Disk.

  In operation, WDO is a near-clone of Microsoft Security Essentials or the Win8 version of Windows Defender (see Figure 7) — and it targets a similar range of malicious and potentially unwanted software.

  

  Figure 7. Windows Defender Offline is effectively a bootable, standalone version of Microsoft Security Essentials and Win8's Windows Defender.

  You’ll find free 32- and 64-bit versions of WDO for all current Windows versions (XP through Win 8) on its info/download page.

A few other free, self-booting cleaning tools worth noting:

• AVG Rescue CD (site) is a general-purpose, Linux-based, rescue/scan/repair CD with a solid reputation.
• Bitdefender Rescue CD (site) offers excellent instructions and additional free tools to assist in creating a bootable CD/DVD or flash drive.
• Avira AntiVir Rescue CD (site) is available either as a standard .iso file or as an .exe version that can automatically create a burnable CD or DVD for you.

All cleaned? How to keep your PC that way!

If an AV scan finds malware on your system, it’s an indication that your current full-time, anti-malware defenses might not be up to the job. (However, as already noted, no AV product will catch all malware for all time.) You can switch to another full-time scanner/cleaner: the Feb. 16, 2012, Top Story, “Is your free AV tool a ‘resource pig?’,” mentions several, or you can do a search online. What’s more, you can add a second full-time scanner that will be compatible with the AV product you’re currently using.

Two examples:

• Malwarebytes’ Anti-Malware (free; site) is an excellent anti-malware utility that scans your system on demand — or on whatever schedule you choose. A hybrid tool, Malwarebytes installs like a standard Windows application and is specifically designed to coexist with other anti-malware tools. A Pro version (U.S. $25) offers additional real-time protection not available in the free version. I use the Pro version along with Microsoft Security Essentials on my own primary PC.
• Safer Networking’s Spybot Search & Destroy (basic version is free for home use; advanced and commercial versions available; site) is another hybrid tool that you can leave running for ongoing, secondary protection.

Your choice: 16 known-good options. There are hundreds of anti-malware tools available — both paid and free. The products in this story, along with the Microsoft tools discussed in last week’s Top Story, should give you all the information you need to keep or remove malware from your system(s) — or from PCs you (sometimes reluctantly) support!

Assessing Win8 File History — and its weaknesses

Windows 8’s backup mechanism is unlike any included with previous Windows versions — and that can lead to some initial confusion.

Plus: Breaking out of a webpage redirect loop, avoiding a Hotmail phishing scam, and recovering a scrambled BitLocker drive.

‘Restore previous versions’ gone from Win8

Reader Pierre Decrocq was alarmed to discover that an extremely useful file/folder backup tool, included in Vista and Win7, was removed from Windows 8.

• “Fred, ‘Restore previous versions’ is not available in Windows 8! Please look at this MSDN page, ‘Previous versions UI removed for local volumes.’

  “This important information might require updating some previous LangaList articles on RPV!”

You’re right, Pierre, the Previous versions tool (more info) included with Vista and Windows 7 was replaced in Windows 8 with File History, which accomplishes the same ends as Previous versions, but by different means.

Using File History is a story in itself (and will be in a future Windows Secrets issue), but you can start with an MS Support article that gives a short tutorial.

A quick refresher: Previous versions makes local backups — shadow copies — of every data file and folder that changes on your system. The backups are created automatically and are instantly accessible. You simply right-click any folder and select Restore previous versions. (For complete information on RPV, see the June 16, 2011, Top Story, “RPV: Win7’s least-known data-protection system.”)

As I said above, File History can produce similar results. Assuming you’ve set up and enabled File History (MS Support article), here’s how to use it to recover previous versions of files in your user account:

• Opening File History: Click Win8’s Search/Settings and type restore. Then click the Restore your files with File History command in the center column (Figure 1).
  
  

  Figure 1. Win8's Restore your files with File History replaces the Restore previous versions command in Win 7 and Vista.

• Using the File History applet: By default, File History displays the most recent backup available (see Figure 2). Note the arrows on the bottom of the applet window. Clicking the round green button will restore any file or folder you’ve selected. The blue arrows let you scroll through backup sets by date and time — older backups to the left, newer ones to the right.
  
  

  Figure 2. The File History applet lets you scroll to older or newer backup sets.

• Locating a backup: Find the file(s) or folder(s) you want to restore by navigating within the backup sets as you would using File Explorer. Simply click on libraries and folders to see whatever’s inside. For example, in Figure 3, I’ve opened a folder of all documents modified — and subsequently backed up — on March 29.
  
  

  Figure 3. File History shows all my recently modified documents prior to 12:23 p.m., March 29.

  The File History applet will even let you preview the contents of any document. Just click a document and it will open — right within the File History applet.

• Restoring a previous file: Once you’ve found and selected the file or folder you wish to restore, click the round green button at the bottom of the File History applet window. File History will then guide you through the process of restoring the selected item.

Again, you’ll find more details on File History in the MS Support support article, “How to use File History.”

As you can see, digging files out of File History isn’t as convenient as the simple right-click of Restore previous versions — especially if you need to go way back in time. But the end result is the same: once set up, File History automatically backs up your modified documents and folders.

Note that File History has some other limitations not found in RPV. For example, File History targets only user files — it doesn’t protect applications or system files. (Win 8 requires that you use other mechanisms for those file types.) RPV, on the other hand, is part of a unified system that can back up everything on your PC.

There’s more, too, but that will have to wait for another article. For now, you can find an explanation of why Microsoft gave up on its classic Windows backup tools — plus details on using File History and its limitations — in a Windows Engineering Team’s “Building Windows 8” blog.

“Redirect loop” blocks webpage access

Jeff Weed’s browser displays a confounding error message when he tries to access his webmail.

• “For the past month, I’ve frequently received an error message — ‘This webpage has a redirect loop’ — when I attempt to sign in to Hotmail.

  “I am using Google Chrome and Win7 on a Dell PC. I’ve scanned for malware with MSE and used CCleaner, but to no effect. The error is random; sometimes I get it on the first attempt, and other times I don’t get it at all.

  “Any idea what might be going on?”

It’s mostly a Chrome thing, Jeff. I’ve run across this problem far more frequently on Chrome than on any other browser. Fortunately, it’s usually easy to fix.

First, try accessing the troublesome site while in Incognito mode (Google info), which disables all browser extensions. If you can get in, you’ll have proved that a browser extension is causing the problem. Go back to regular browser mode and try disabling your extensions, one by one, until you find the culprit. (The Chrome help page, “Manage your extensions,” can show you how.) Once you’ve identified the offending extension, simply uninstall it.

If disabling the extensions doesn’t help, the redirect loop is probably a cookie problem. In fact, Chrome’s standard dialog box for a redirect loop error states: “Clearing your cookies for this site or allowing third-party cookies may fix the problem.”

So next, try clearing out either all the cookies or at least the cookies for the site you’re having trouble with. Google’s Chrome support pages can help there, too. See the “How to clear cache and cookies” page and the “Manage your cookies and site data” page.

One of the fixes — disabling extensions or removing cookies — should do it!

‘Your Hotmail account is being closed. …’

Steven Dennis received an odd email:

• “I received what might be a trick/phishing email. I’ve quoted it verbatim:

  RESET ALERT CONFIRMATION!!??

  Hotmail Subscriber, We are hereby suspending your account; Due to the anonymous registration of our account which is causing congestion to our service, We discovered series of illegal attempts on your Account from a bad Location and your account will shut down as it has been flagged as a spam account. You are to fill the form below by clicking on the reply button on your page, Filling the Correct Information Carefully.

  * User name : ………………
  * Password : ………………
  * Date of Birth: ………………
  * Country Or Territory: ………………

  If you do not respond to this message with in 48hrs you will lose your account permanently. Thank you for your usual co-operation we apologize for the inconvenience.”

It’s obviously a scam, Steven. As Microsoft states on this official Hotmail Help & How-to page:

“Never reply to email asking for your Hotmail password. We will never ask for your password in email, so never reply to email asking for any personal information (even if they claim to be from Hotmail or Microsoft).”

Plus, the note is strewn with vocabulary, grammar, and punctuation errors. It reads like something written by a nonnative English speaker trying hard to sound authoritative. Microsoft’s prose isn’t perfect, but it’s always far better than what you received.

Delete the message. It’s garbage!

Recovering a scrambled BitLocker drive

BitLocker is Microsoft’s whole-disk encryption tool found in the Ultimate and Enterprise editions of Vista and Win 7 and in the Pro and Enterprise editions of Win 8 (TechNet BitLocker info).

BitLocker has several fundamental limitations, some of them discussed in the Sept. 13, 2012, Top Story, “Rethinking the process of hard-drive sanitizing.”

Sometimes, things can go really wrong with BitLocker; the drive ends up encrypted and badly corrupted. When that happens, Windows can’t access the BitLocker drive — even with the correct password.

R. Neil Capper wrote to share information about a tool that can help.

• “I remember that [Windows Secrets contributors] suggest not using BitLocker for encrypting folders. But if you do use it, errors sometimes occur and it might be difficult to recover from possible corruption. The Windows Club article, ‘Recover files & data from inaccessible BitLocker encrypted drive,’ might be of interest to some of your readers.”

Thanks, Neil. That article discusses the BitLocker Repair Tool (repair-bde.exe), which is included in Windows editions that support BitLocker. It’s typically found in the /windows/system32 folder.

The tool is described in detail in the TechNet article, “Scenario 16: Using the BitLocker Repair Tool to recover a drive.”

It says in part:

• “This tool can be used to access encrypted data on a severely damaged hard disk, if the drive was encrypted by using BitLocker Drive Encryption. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data, as long as a valid recovery password or recovery key is used to decrypt the data. The repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. If a drive has been physically damaged, it may not be recoverable.”

Note that the repair-bde.exe tool is not a way to decrypt a BitLocker drive. The tool’s sole purpose is to repair logical damage to a BitLocker drive so it can be accessed again. Once it’s accessible, you still need a password to decrypt it.

I’m still not a fan of BitLocker, but I’m glad to know that repair-bde.exe exists. Among serious computer users, few things are worse than losing access to a drive full of data!

How to network various Windows versions

Lounge member TerobitTony wants all his PCs to share all their files. But it’s a trick to get one Windows 8, two Windows 7, and two Windows XP machines to all recognize one another.

So he asked Lounge members to advise him. Check out what they told him in the Networking forum.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Dual-boot PC and legal MS Office install
Word Processing	Margins and printable-area problem
Spreadsheets	SUMPRODUCT problem
Databases	Help with formula
Presentation Apps	Updating multiple Excel links in PowerPoint
Visual Basic for Apps	Word 2007 throwing errors on pasting Word.Chart
Microsoft Outlook	Getting Outlook to work with Samsung Galaxy
Non-Outlook E-mail	Want to complain to Google about new Gmail
Other MS Apps	What has MS done to Live Calendar and why?
Windows
General Windows	Right-click crashes Windows Explorer
Windows 8	Problem with email and Win8
Windows 7	USB devices in VMware player
	How to get Microsoft Money back
	How to boot from flash drive on HP ProBook
Windows Vista	Windows Mail problems: Address book (Contacts)
Windows XP	Backing up the entire XP Pro system state
Internet/Connectivity
Internet Explorer	“Only secure content” error in IE 9
Third-Party Browsers	How to remove unwanted search engine
Networking	Home-network problem: Error code 0x80070035
Social Media	Preventing Google from tracking my searches
Other Technologies
Non-Microsoft OSes	Former WinXP, now Ubuntu 12.04 user: How to handle tar.gz file?
Security & Scams	Windows Defender Offline not working
Maintenance	True Image stopped backing up
Hardware	Mobile device to help phone find Wi-Fi?
Graphics/Multimedia	Instant Video PCI: What to use for editing?
Other Applications	Google Earth displays as wireframe, not with contours or water

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

Setting up a Win7/Win8 dual-boot system

There are two techniques for running Windows 7 and Windows 8 on the same system: dual-boot and virtual machine.

We reviewed virtual machines in a previous article; here’s how to set up a dual-boot machine.

Virtual machines have some key limitations

In the April 4 Best Practices, “Two ways to put Windows 7 and 8 on the same PC,” I discussed dual-boot systems versus virtual machines (VMs) for running two or more operating systems in one box. I also reviewed the pros and cons of two popular VM applications: VMware Player (info) and Oracle’s VirtualBox (site).

Setting up a VM is far easier than creating a dual-boot configuration. But as I pointed out in the previous story, there are good reasons to go with the dual-boot option — OS compatibility, for example. Virtual machines tell you little about how an OS will behave in your real computer. File sharing between the real and virtual environments can also be challenging.

If setting up a dual-boot environment fits your computing needs better, the following steps will walk you through the process.

(Please excuse the image quality of one of the following figures. Although I used screen-capture software where possible, in some instances I had to literally photograph the screen.)

Step 1: Back up and resize your C: partition

We’ll start with the assumptions that your PC currently runs Windows 7 and that you have Windows, your applications, and your data files on one big C: partition. If that’s not the case — if, for instance, you’re using Vista or keep separate Windows and data partitions — the following instructions should still work in a general way, with some relatively minor changes to fit your specific configuration.

This process isn’t without its dangers. As a precaution, create an image backup of your hard drive on an external drive. Windows 7 comes with an image-backup tool, but I prefer a third-party program, Macrium Reflect Free (info). Of course, if you already have a recent image backup, you can skip this step.

For more on image backups, see the May 12, 2011, Top Story, “Build a complete Windows 7 safety net,” or my PCWorld article, “Backing up your entire drive: Cloning vs. imaging.”

All backed up? Good! Let’s move on.

Before you can install Windows 8, you’ll need to make room for it on your hard drive. Each OS needs its own partition.

Here are the steps for shrinking a partition with Windows 7’s own tool:

• Click Start, right-click Computer, and select Manage.
• Click Disk Management in the left pane. Right-click your C: partition and select Shrink Volume (Figure 1).
  

  Figure 1. To make room for Win8, use Win7's Disk Management tool to shrink the C: partition.

You’ll find more info on using Disk Management in an MS TechNet article.

How much space do you need for the new partition? Keep in mind that it needs to hold not only Windows 8 but also whatever applications you might install on it, plus space for temporary files. I suggest a minimum of 40GB; double that if you want to install a lot of programs. The new partition will be labeled Unallocated (Figure 2).

Figure 2. The new partition is initially listed as Unallocated space.

If Windows 7’s partition manager refuses to shrink the partition — or shrink it enough — use a better tool, such as the EaseUS Partition Master Home Edition (free for home use; site).

Step 2: Add Windows 8 without losing Windows 7

You’ll need a copy of Windows 8, of course. More specifically, you’ll need a unique product key and the Win8 installation files on bootable media — either a DVD or flash drive. (You can buy a retail Win8 upgrade package and get both the DVD and the product key.)

If you buy Win 8 from the Microsoft Store (page), you’ll have the product key and a downloaded installation file — which you then use to create bootable media.

For that step, run the downloaded program — Windows8-Setup.exe — in Windows 7. When prompted, enter your product key. You’ll then have to wait for a long download, then wait some more for the installation program to complete “Checking the download” — then wait again as it’s “Getting files ready.”

When the installation process finally gets to the Install Windows 8 screen, select Install by creating media (Figure 3) and click Next. You’ll be presented with options for preparing a USB flash drive or creating an ISO file, from which you can burn a DVD. Take your pick.

Figure 3. For a dual-boot system, you want to install Win8 from bootable media.

If you choose the ISO option (Figure 4), double-click the new file created by the Win8 installation program. It will walk you through burning the disc.

Figure 4. Choosing the media used to install Win8

When your media is ready, use it to boot your PC. An installation wizard will pop up; as you move through it, make the following choices:

• When you’re asked, “Which type of installation do you want?,” select Custom.
• When asked, “Where do you want to install Windows?,” select Unallocated space (Figure 5).
  

  Figure 5. Install Win8 in the partition labeled Unallocated space.

There are more options, but they’re yours to make.

When the Win8 installation is done and your PC reboots, you should see a full-screen menu (Figure 6) with options to boot either Windows 7 or Windows 8. Unless you change the default, that’s what you’ll get every time you reboot.

Figure 6. During system power-on, a screen lets you pick the OS you'd like to use.

Step 3: Tell Windows 8 where to find your data

You now have a dual-boot PC with two complete and functional operating systems installed. You can now run one OS or the other — but not both simultaneously (as you could if you’d set up Win8 in a VM).

The two operating systems can’t share the same copy of your applications (you’ll have to install the duplicates on the Win8 system — which could require a separate license), but they can share one copy of your data files: documents, photos, music, and so on. That’ll save drive space and save you from the headaches of keeping duplicate files in sync.

When running Win8, you still have access to the Windows 7 partition, although it’s probably no longer listed as the C: drive. You now need to have Windows 8 look for and save your data to its current location. Here’s how:

• Launch Win8’s File Explorer. You can do this from the Start screen by typing “file” and clicking File Explorer in the Apps window. Or select it from the Win8 Desktop by clicking the folder icon on the taskbar.

• By default, File Explorer opens to Libraries — exactly where you want to be.

  Right-click Documents and select Properties. In the dialog box that opens, click the Add button (Figure 7), then select your Documents folder on the Win7 partition. Note: Before you get there, you’ll probably get a dialog box stating You don’t currently have permission to access this folder. Click Continue and you’ll get that access — permanently. (You probably won’t see this dialog box again.) Click Include folder.



Figure 7. Set the default location for your documents by first clicking the Add button.

• Back in the Properties dialog box, select the newly added folder and click the Set save location button (Figure 8).


Figure 8. Next, click the Set save location button.

• Next, in the Library locations box, select the My Documents option on C: (this will be the Windows 8 partition; it will probably be the folder at the top of the Library locations list). Click Remove (Figure 9).

  

  Figure 9. Remove the local C: library.

  Click Add, again. This time, select the Windows 7 partition’s UsersPublicPublic Documents folder. Once you’re back in the Properties dialog box, select the newly added folder and click Set public save location. Then select the Public Properties folder on C: and click Remove again.

• By this point, there should be two folders listed, both on your Windows 7 partition (probably D:). Click OK or Apply. From now on, Windows 8 will look for documents — and save new ones — on your Windows 7 partition.
• Repeat the process for Pictures, Music, and Videos.

From here on out, each time you boot, you can choose between Windows 7 and Windows 8, secure in the knowledge that your data files will remain in the same place.

Riding on the ridge of the world in Nepal

You won’t get a mountain biker’s workout watching this video. But you might get a high as well as a hankering to travel, looking at the country the biker rides through. For further stimulation, check out the website of the respected tour company that produced this video. Play the video

It's the final (support) countdown for Windows XP

Windows XP was released in August 2001. Over a decade later, it’s still going strong on millions of PCs.

But as they say, all good things must come to an end; we’re in the final year of official Microsoft support for the OS.

Time to look for alternatives to a classic OS

Windows XP is arguably the most successful Windows of all time. But on April 8, 2014 — 12 more Patch Tuesdays from now — Microsoft will stop issuing new updates for the venerable operating system. You can, of course, continue to run XP for as long as you like and even activate new installations for some time after the end of support, but it will become less and less secure as new, unpatched vulnerabilities appear.

That might be okay if you’re using an XP system to play Solitaire. But if (like me) you rely on a traditional desktop and keyboard to get real work done, you need a secure computing platform — or one as secure as Windows gets. If you’re still doing important tasks on an XP system, now’s the time to start planning and implementing an upgrade to at least Windows 7. An MS Windows blog gives more details on XP’s final year.

The clock is ticking down on Windows 7, too. Yes, support for Win7 officially ends Jan. 14, 2020, but it’s getting harder to find the OS on new systems. For example, AT&T’s wireless site once offered a Win7-based Acer Netbook that included a wireless-service plan. But you won’t find it now. Many retail systems now ship with Windows 8 only.

If you’re not ready for Windows 8, or you need Windows 7 for critical legacy applications, I recommend paying a bit more for a business-class system — one that includes the ability to downgrade to Windows 7. Or, if keeping costs down is important, look on eBay and other auction sites for gently used laptops. (Windows geeks are notorious for buying new things and placing their old units up for sale.) Just be sure that any system you purchase has the original OEM media and/or a valid Windows key. Use the OEM discs to restore the unit back to factory condition before using it. You don’t want someone else’s data on your machine.

In a future story, I’ll discuss how to install a newer OS on that aging XP system.

What to do: Review your business-critical applications. If you have any that require Windows XP, start looking for possible alternatives such as newer software, running XP in a virtual machine, or turning the XP system into a single-task, dedicated system.

MS13-028 (2817183)

A cumulative update for Internet Explorer

Cumulative is the operative word for this update. Officially, KB 2817183 (MS13-028) patches two newly reported vulnerabilities in all supported versions of Internet Explorer (Version 6 and later). But it also fixes various related vulnerabilities and adds defense-in-depth patches. It even includes nonsecurity patches for IE 10. For example, it fixes a flaw that can cause IE 10 to crash when you’re using Outlook Web App 2013 in offline mode.

The update is critical for Internet Explorer versions 6 through 10 on all client versions of Windows, including Windows RT.

What’s not patched are several zero-day vulnerabilities demonstrated by VUPEN Security in the recent CanSecWest security contest, Pwn2Own. VUPEN researchers took over a fully patched Windows 8 machine with several exploits and later tweeted that some of the vulnerabilities were still unpatched. In fact, according to an SC Magazine report, VUPEN compromised Chrome, Firefox, and IE 10. Firefox and Chrome have already received patches for the revealed vulnerabilities; however, according to an MS SRD blog , fixes for IE will come “in a future security update.”

What to do: Browser security depends on keeping them current. Install KB 2817183 (MS13-028) as soon as possible.

MS13-029 (2828223)

Windows Remote Desktop Client hiccup

KB 2828223 (MS13-029) fixes a vulnerability that would allow an attacker to take over a system if the PC’s user visits a malicious webpage. Exploits using a flaw in Windows Remote Desktop Client could show up within the next 30 days. The patch is rated critical for systems running Remote Desktop Connection Client Versions 6.1 and 7.0 on XP, Vista, and Windows 7 systems. RDC 8.0 Client, included with Windows 8, is not affected.

If you use Remote Web Access (more info) in Windows Essentials 2012 or Small Business Server 2011, 2008, or 2003, make sure you’ve placed the server’s website URL into IE’s trusted-sites zone. Then, when KB 2828223 is installed on your workstations, the ActiveX control needed to access Remote Web Access will be automatically reapproved. If you don’t have the server’s website listed in the trusted-sites zone, you’ll be prompted for a new ActiveX control after adding this update.

What to do: Install KB 2828223 (MS13-028) as soon as possible. And ensure your Small Business Server’s website is in the trusted-sites zone.

Flash, Air, Shockwave, and ColdFusion — oh, my!

It’s a toss-up for most frequently updated product: Adobe Flash or Microsoft Internet Explorer. But this round of updates also includes several other Adobe apps. They include:

• Adobe Flash Player goes to Version 11.7.700.169, as noted in Security Bulletin APSB13-11.
• Adobe Air goes to Version 3.7.0.1530.
• Shockwave goes to Version 12.0.2.122, as noted in Security Bulletin APSB13-12.
• ColdFusion gets a hotfix, as described in Security Bulletin APSB13-10.

As always, Windows 8 and Server 2012 users should receive the latest version of Flash through Windows Update.

What to do: Install these Adobe updates soon — especially Adobe Flash Player.

MS13-031 (2813170)and MS13-036 (2808735, 2823324)

Another round of fixes for the Windows kernel

It wouldn’t be a true Patch Tuesday without another Windows kernel or kernel-mode driver bug to stomp on. Like most of their kind, the three vulnerabilities described in MS13-031 and MS13-036 are relatively modest threats — they’re rated important for client systems. An attacker must be able to sign in to a system to exploit the flaws.

KB 2808735 (MS13-036) has a potentially troublesome side effect. After adding the update, you might not be able to install certain Multiple Master fonts (Wikipedia info). Unfortunately, MS13-036 does not mention exactly which fonts are impacted.

There are also reports of conflicts between KB 2823324 and Kaspersky Anti-Virus, as noted in a MoneySavingExpert.com forum.

What to do: Hold back on KB 2813170 (MS13-031) and KBs 2808735 and 2823324 (MS13-036) for now.

MS13-033 (2820917)

Client/Server Run-time bug impacts servers

KB 28209017 impacts XP, Vista, Windows Server 2003, and Windows Server 2008 systems. The patch fixes a vulnerability in the Windows Client/Server Run-time Subsystem (Wikipedia info). The vulnerability could result in denial-of-service attacks or in elevation of privileges. It can’t be used to take over a system remotely.

Windows Server 2003 is most vulnerable; an attacker could install programs or create new accounts with full user rights.

What to do: Install KB 2820917 (MS13-033) as soon as offered.

MS13-035 (2821818)

InfoPath 2010 gets two SafeHTML updates

Office users should see two updates for Microsoft InfoPath 2010 that aren’t really needed. But InfoPath shares code with other Office apps, so it’s getting a preventive patch.

The real vulnerability lies in MS Groove Server 2010 SP1, MS SharePoint Server 2010 SP1, and MS SharePoint Foundation 2010 SP1. A flaw could give an attacker elevated privileges on the servers. For these systems, the patch gets an important rating.

Following installation of the updates, Small Business Server 2011 admins will have to run the PSCONFIG command, as noted in a Windows Server Essentials and Small Business Server blog.

What to do: Install KBs 2687422 and 2760406 (MS 13-035) if offered.

MS13-034 (2781197)

Windows Defender needs some defending

The Windows 8 and Windows RT version of Windows Defender — Microsoft’s anti-malware tool — gets an update to prevent possible elevation-of-privileges attacks. The update is rated important because the attacker must be able to sign in to a system. However, with elevated privileges, the culprit could add malicious software, steal data, or create new accounts.

What to do: Windows 8 and Windows RT users should install KB 2781197 (MS13-034).

MS13-032 (2801109, 2772930)

An update for Active Directory on servers

Windows Small Business Server and Windows Server 2012 Essentials run a network system called Active Directory. It’s a way to join computers and control them from the server. KBs 2801109 and 2772930 fix a potential denial-of-service vulnerability in Active Directory.

Although the updates apply to most desktop and server versions of Windows (Windows RT is not affected), the chances are good you won’t see either update offered for workstations. Active Directory is typically not installed on desktop systems. For that reason, the patches are rated low for clients and important for servers.

What to do: I recommend that server admins test KBs 2801109 and 2772930 (MS13-032) before deploying them on their production servers — or wait for reports of any problems with the patches.

MS13-030 (2737969)

Moving to SharePoint 2013 brings unwanted bonus

If you recently upgraded from SharePoint 2010 to 2013, you also added a vulnerability that could let an attacker determine the address or location of a SharePoint list. However, the attacker would first have to pass SharePoint’s authentication requests.

More importantly, all SharePoint 2013 admins need to ensure they’ve deployed the March cumulative updates — or you’ll not get any new updates, as noted in a Premier Field Engineering blog.

What to do: As with MS13-032, admins should either test KB 2737969 or wait for more information.

Put Windows 8 and 7 updates on temporary hold

As usual, Microsoft has included numerous nonsecurity updates that I’ll discuss next Patch Watch. These include:

• KB 2799926 fixes a problem with Win7’s ability to recognize USB drives.
• KB 2800033 is an interesting patch that fixes a Windows 8/RT Windows Recovery Environment failure.
• KB 2822241 is a cumulative update for Windows 8.
• KB 2823180 is an update that repairs issues with Windows Management Framework 3.0 on servers.

What to do: These updates will be discussed in an upcoming Patch Watch.

Numerous nonsecurity updates for MS Office

A TechNet blog provides a summary of April Office update releases. The security updates are noted above. I’ll review the nonsecurity updates in the next Patch Watch, as usual.

What to do: Put nonsecurity updates on hold until all your important security fixes are installed and you know they’re working properly.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.