Carry an entire operating system in your pocket

We've made our secrets easier to find

By Brian Livingston The Windows Secrets Newsletter and the online periodical it merged with in 2006, the LangaList, have published thousands of tips over the years. Now we’ve made it more convenient for you to browse through our brainstorms and find exactly the article that you’ve been needing.

Surf our articles just the way you like

Some people like to use a site’s search box to find the info they seek. Others prefer to cruise navigational links until they run into just the right page.

As for me, I find myself thinking, “I saw that in Windows Secrets about four weeks ago — how do I get back to that article, now that I really need it?”

I’m pleased to announce that we’ve made it easier for you to find all the dirt we’ve ever published on Microsoft Windows. Just visit our new Windows Secrets Library, where quick summaries of every article are available at the click of a mouse.

As shown in Figure 1, our library page starts out by displaying a compact listing of every top story for an entire year. An icon to the left of each story — and to the left of the “Summaries” heading — allows you to expand one date or all dates in a 12-month period.

Figure 1. Our library initially appears in a collapsed view showing the titles of all the top stories we published in a particular year. (Click the image to visit the page.)

One click on the “Summaries” plus sign and a short summary of every column we posted that year will expand before your eyes, as shown in Figure 2. It’s a fast way to skim the page and jog your memory about the tip you’re trying to dig up.

Figure 2. Click the plus sign to the left of the word “Summaries” to get the expanded view: a capsule description of every article we published on each date.

File-management dialog boxes in Windows have used plus-and-minus signs this way for years. I’m glad we’ve been able to convert our content to use this kind of intuitive interface.

A lot of credit for the library should go to Brent Scheffler (left), the program director of WindowsSecrets.com. Months ago, he was able to parse out all of the articles from each of the e-mail newsletters we’ve published over the years, posting each article on a separate page.

These days, every paragraph by one of millions of bloggers gets its own page immediately. But dissecting the long e-mails that we’ve used for years to transmit the Windows Secrets Newsletter to you was a daunting task. The result has made it easier for you to search our library of material and hone in on the individual article you want.

The actual code base of our expand-and-collapse interface was developed by Vickie Stevens (left), our research director. It’s not as easy as it looks to perfect a system that instantly displays just the right set of articles when you click a link. Vickie has succeeded in making most of our content easily findable, year by year, in our new library.

That goes for our LangaList content, too. We’ve partially finished breaking down the many years of newsletters that were written by our editor-at-large, Fred Langa, into bite-size pages. We also plan to add a new interface to the newsletter that Woody Leonhard published as Woody’s Windows Watch before it merged with Windows Secrets in 2004.

Our library page will probably be a bit slow when 275,000 of you start clicking the links at the same time on Mar. 20. If so, I apologize in advance. Try out the library now, and then visit it again next week after the wave has receded.

To access our library, enter WindowsSecrets.com/library into your browser, or simply use the following link to be transported there:

Surf the Windows Secrets Library

We hope you like the way we’ve laid out as much content as we can. Next month, we’ll announce an improved search engine so you can query every article from Windows Secrets, the LangaList, Woody’s Windows Watch, and even my old Brian’s Buzz on Windows newsletters from 2003!

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Carry an entire operating system in your pocket

By Scott Dunn Running applications from a USB flash drive on a public computer is convenient but exposes you to malware and other limitations of the host PC. By installing a Windows-like version of Linux on a flash drive, you can take a complete operating system wherever you go and work in a safe, secure environment, even in an Internet café.

Assessing your portable alternatives

Several months ago, in the Oct. 18, 2007, issue, I explained how to run free, portable applications from a USB flash drive (also known as a thumb drive, pen drive, memory stick) to simulate having a computer you can carry in your pocket.

Although keeping your favorite free applications and documents on a flash drive is handy, any use of a public computer (such as those found in a hotel business center or Internet café) exposes you and your data to risks from malware, which can threaten your security and privacy.

But what if your “pocket PC” included not just applications and data but an entire operating system, too? It would be even more like having a genuine computer in your pocket.

After my Oct. 18 article on flash-drive computing, some readers suggested using MojoPac as a way of carrying around Windows XP on a USB device. Unfortunately, MojoPac does not really give you an entire operating system.

Although MojoPac lets you take your own custom XP desktop with you — and helps keep your data and applications separate from the host PC — it’s not a full installation of XP. MojoPac only works on a computer that’s running Windows XP and then only if you have administrator access to that PC.

Some tools, such as BartPE (Bart’s Preinstalled Environment) let you create a stripped-down version of XP that boots from either a CD or a USB device. However, these tools are usually designed to give you a way of booting a particular computer to troubleshoot it. They typically don’t create a full version of XP that will run all your favorite applications on any PC.

A much simpler and more powerful solution is to install one of the many versions of Linux that are specifically designed to run from a bootable flash drive or CD.

Consider the advantages of carrying a portable Linux system in your pocket:

• Reduced risk from infected host systems. Booting a computer from a flash drive means you have no interaction whatsoever with the host computer’s operating system. For that reason, your removable media is far less likely to be infected by any virus or other malware that may be running on an Internet café’s. (This is true even if the host computer itself is running Linux.) Naturally, you can still inadvertently download malware via an e-mail attachment or a browser exploit, but you face that risk any time.

• Greater security. In part because there are fewer people trying to writing malware for it, Linux is considered a more secure operating system than Windows. Consequently, your removable drive is unlikely to face the same kinds of threats that you face when using a public machine running Windows.

• Document privacy. Running a system off your own flash drive usually means you don’t need to write to or read from the host system’s hard drives. You won’t have to extract encrypted files onto the system’s desktop or shred them afterwards.

• Computing your way. By running your own customized copy of an operating system, you don’t have to put up with a different system configuration every time you use a different computer. All your customizations and settings go with you wherever you go.

Naturally, if you’re traveling, you won’t always be able to find a computer that can boot from a USB drive. If you find that you like running Linux on the road, it’s easy to find versions of the OS that boot and run from a CD. However, reading programs and data from a CD is slower than it is from a flash drive.

Finally, if you’re concerned about a flash drive catching a virus, install a free antivirus program that runs under Linux, such as Avast Linux Home Edition or AVG Anti-Virus. For further protection, you should consider buying a flash drive that has a read-only switch.

This is not your father’s Linux

If the word Linux makes you cringe in fear at trying something new, relax. Despite its geeky reputation, today’s versions of Linux sport a graphical user interface that’s just as intuitive as the Windows you’re used to. (See Figure 1.) In many cases, Linux can be customized to look even more like Windows.

Figure 1. The look and feel of Linux distributions such as Knoppix (shown here at reduced size) will seem familar to every Windows users.
__________

In most Linux builds, you’ll find the equivalent of a Start menu, Task Bar, Control Panel, desktop icons, and more. You’ll still have long filenames and move your files from folder to folder. You’ll still be able to work with all the same spreadsheet, document, and graphics files as you do on your Windows machine.

If you already have a USB drive that you can spare, it won’t cost you anything to try out this technique.

Here’s what you need to get started:

1. A 1GB or larger USB flash drive. If you’re going to be buying a new one, check out my advice in the Oct. 11, 2007, newsletter.

2. A computer capable of booting from a USB device or CD. Most computers built in recent years have this capability. If you find an Internet café PC that won’t boot from external media, you can often press a key combination when the PC is booting that allows you to change the machine’s BIOS options. A list of the key combinations used by more than 20 different manufacturers, and a short tutorial on changing the boot sequence, is provided at Andy Walker at his Cyberwalker site.

Next, you need to download and install a version of Linux suited for flash-drive computing. I installed and ran the latest builds of Knoppix, Slax, Puppy Linux, Pendrivelinux 2008, MCNLive Toronto, and gOS. Most of these distributions of the portable OS are available from the Pendrivelinux site.

My pick: Pendrivelinux 2008. From a user perspective, Pendrivelinux 2008 and MCNLive Toronto are nearly identical in look and feel. Both are very easy to install and, like many Linux variants, come with a considerable amount of software built in. Both include the KOffice suite of applications.

One difference in these two builds is that MCNLive includes the Opera browser, whereas Pendrivelinux includes Firefox and Thunderbird. The bundling of Firefox makes Pendrivelinux 2008 my Linux variant of choice (for now).

The best option for OpenOffice aficionados. If you’re already using OpenOffice and want to stick with it, the Knoppix flavor of Linux includes that suite.

A word for Mac lovers. If you happen to be a Mac enthusiast, gOS provides an elegant imitation of the OS X interface.

The best way to set up your flash-drive OS

The Pendrivelinux Web site provides download and installation instructions for Knoppix, Pendrivelinux 2008, MCNLive Toronto, and gOS. Warning: Be sure to follow the steps carefully, as executing one of the batch files in the wrong way could damage your ability to boot from your PC’s hard disk.

Once you have your flash drive set to boot up Linux, turn off your PC, insert the flash drive, and turn the power back on.

Many computers will display a boot menu when you press a function key such as F8, F9, or F12. To figure out which key triggers this menu on your PC, you may need to watch the startup screen carefully for information. On some systems, you may have to press Tab to clear your system’s splash screen and get a list of keys for startup options.

The first time you boot from your flash drive, there may be some additional steps to take, as explained in the OS’s installation instructions. These steps will ensure that your session settings are saved. You’ll probably want to give the system a test run and verify that your configuration works before you take your drive traveling with you.

With all the software that comes with these installations, chances are you won’t need to install any additional Linux applications at this point. This is especially true if you’re accustomed to using online applications, such as Google Docs or Zoho.

One downside to using Linux on a remote computer is that you may have to boot from your flash drive on your main computer when you get home to transfer files. That’s because Windows can’t see the folders on your Linux desktop or its file structure.

Linux, on the other hand, will have no problem mounting your computer’s hard drives. This enables you to copy files from your flash drive to a hard disk. Naturally, this quirk is not a problem if you’re storing your documents online.

Although running a flash version of Linux is a safer, more secure way to do portable computing, you still need to exercise caution. Hardware keyloggers and network sniffers can capture passwords and other sensitive information you type using a public computer, regardless of your chosen operating system.

In addition, the small size of flash drives makes them easy to lose. Consequently, it’s common sense to make a backup copy of your flash drive on a regular basis.

If you’ve been spending your computing life in the Windows world up until now, versions of Linux that run on removable media offer a great chance to explore some new possibilities. You may be surprised how convenient and simple it can be.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

You have another few months to acquire XP

By Scott Dunn

In the Mar. 6 issue, I explained how to find a Windows XP system before retail and OEM sales of XP get yanked from the shelves on June 30 of this year.

But system builders who cater to small businesses can still get XP until January 2009, which gives users who want to avoid Vista one more way to get their mitts on a Windows XP system.

System builders can license XP ’til Jan. 2009

Alec Demoise, of Computer Guy LLC, a small-business IT consultancy, comments:

• “Your story about the XP sales deadline does not consider that ‘white box’ sellers, such as my company, can sell until January 2009. I verified with my supplier (Nor-Tech) that we will be selling new computers with all versions of Windows XP until that date.”

Good point, Alec. Users who buy systems from sellers who qualify as Microsoft “system builders” — and users who themselves fit the definition of system builders — will be able to purchase OEM versions of Windows XP all through 2008. I last wrote about who qualifies as a system builder in a June 7, 2007 column, which links to additional articles.

A Feb. 6, 2008, Computerworld Australia article quotes a Microsoft spokesperson as saying: “OEMs will continue to sell XP through June 30, 2008, and system builders will be able to sell XP through January 2009 as they cater to the small-business markets. In emerging markets where XP Starter Edition is sold, it will still be available through June 30, 2010.”

In a related comment, Richard Chase, technical support representative for Gadget’s Computers & Electronics, has the following suggestion:

• “You’re probably missing still the absolute biggest and best resource to getting XP systems: small businesses. Any small business out there that does custom-build systems can easily put together any computer of any specification with XP Home or Pro edition.

  “As long as the copies of XP are on the shelf, or available through OEM from suppliers, any small-business computer shop can do it. And there are a million of them out there. I don’t think you can go anywhere in any city down any block without passing at least one small computer shop.

  “I’d also note that, out of the box, custom-built computers tend to perform better than retail, since none of that bloated manufacturer software is sitting there running in the background and eating all your resources.

  “Another option is to build a computer yourself.”

Good idea! Although so-called Mom-and-Pop computer shops are a good source of custom-built systems, all such businesses are not created equal. Be sure to check a company’s reputation and product warranty when you do your shopping.

Finally, if you decide to build your own system, make sure the components you assemble (video adapters, sound cards, and so on) come with driver software that still supports Windows XP.

Readers reveal more ways to dry a soggy gizmo

My lead story on Mar. 13 offered tips for those whose electronics are exposed to water or other damage. Many, many readers voiced the following suggestion from an anonymous reader:

• “You forgot Step #0 — if it is turned on, shut it off immediately and remove the battery.“

In addition to this very important step, readers had several other suggestions for cleaning and drying soggy electronics:

• Steve Jacobs, a troubleshooter in the plastics industry for over 30 years, cautions against getting any alcohol or alcohol-based cleaners on any plastic components. Some plastics react with the alcohol, which can cause the plastic part to fail.

• For similar reasons, reader Gene James suggests using distilled water (such as the pure distilled water found in pharmacies) as a cleaner. Distilled water, he notes, lacks the traces of salt found in tap water, which aid the conduction of electricity.

• Readers such as Tim Valley propose warming an oven to its lowest setting, turning it off, placing the parts inside, and closing the door. The parts may need to be removed periodically to reheat the oven. Tim advises drying the gizmo for a minimum of six to eight hours; some suggest even more time.

• Todd Thomas recommends canned air as a means of quickly removing moisture from a unit. Blowing with your mouth is not a good idea, as your breath contains moisture.

• Johnny Rivera (among others) prescribes putting the moist device parts into a sealed bag with uncooked rice to draw out the moisture. As an added help, some readers advocate placing the bag of rice in a sunny spot for extra warmth.

• Finally, Bill Fry mentions sealing items in a plastic bag with a desiccant pack. He also refers us to an article by self-described tech pundit Any Ihnatko, who tested many of these techniques and others.

Readers Demoise, Chase, Jacobs, James, Valley, Thomas, Rivera, and Fry will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

Would you like mental floss with that?

It’s Thursday. You’ve made it through the week so far without spilling coffee on yourself, calling a co-worker by the wrong name, or sending a scorching e-mail to the whole office by mistake. You’re on top of your mental game. But it’s Thursday and you’re human. You’re getting tired. It’s almost Friday and your co-worker’s name is really hard to pronounce. Luckily, a one-minute British video for road-safety awareness provides a little mental sharpening that can help get you across the finish line. Can you follow the bouncing ball? Play the video

Install Vista's fonts on XP — legally

By Woody Leonhard Microsoft introduced a slew of new fonts with Windows Vista and uses one of them, Calibri, as the default font throughout much of Office 2007. So, if someone sends you a document, and it doesn’t look quite right in XP, you probably need one or more Vista fonts — and I’ll show you a perfectly legal way to get them absolutely free.

Why Vista’s new fonts are really worth getting

We can argue all night about the good, the bad, and the ugly of Windows Vista. But few people fault Vista’s new ClearType fonts. They clearly (ahem) outperform Windows’ old workhorse fonts that we’ve all come to know and revile: Arial and Times New Roman.

Windows Vista brings six brand-new fonts to our screens and printers. Included are three sans-serif fonts (Calibri, Candara, and Corbel), a pair of serif fonts (Cambria and Constantia), and one monospaced font (Consolas).

Designed from the ground up to improve on-screen legibility, all six TrueType fonts render well on any printer and scale well to any size:

• everything from small legal disclaimers to SCREAMING HEADLINES

These fonts are so good that the Ascender Font Store currently sells all six (plus a dingbat font called Cariadings) in a five-user pack for $299. For you typography lovers out there, each font’s merits are described in effusive prose by the Poynter Institute’s design editor Anne Van Wegener.

The new fonts are the default in Office 2007

The folks at Microsoft like the new typefaces so much that Office 2007 uses these fonts widely. For example, unless you change things, new Word 2007 documents and new Excel 2007 spreadsheets are formatted in 11 pt. Calibri, PowerPoint 2007 presentations start out with 44 pt. Calibri as headings, etc.

These documents look good as long as you always work in Office 2007, whether you’re running it on Vista or XP. But viewing or printing such documents in Office 2003, XP, or older versions can cause an extreme loss of, uh, face.

Here’s why you may suffer from font weirdness

Let’s say you create a PowerPoint presentation using Office 2007. PowerPoint dutifully and automatically adjusts the text on every slide to use the Calibri font. Slick.

When you save that presentation — even if you’re careful to save it in PowerPoint 97–2003 format — the Calibri font is still specified inside the presentation.

That’s not a problem as long as you open the presentation on a computer that has the Calibri font. If you run the presentation, however, on any machine without Calibri installed, you quickly discover that the text doesn’t wrap correctly. I speak from bitter personal experience.

The culprit? A missing font.

When you run the slideshow, PowerPoint calls for Calibri, but Windows can’t supply the font. That means Windows substitutes some other font (typically Arial), which isn’t at all the same. Lines don’t word-wrap correctly, and they sometimes become unreadable. Some slides may get automatically reformatted with disastrous results. A meticulously crafted, gorgeous presentation can turn into a childish pastiche.

One of these two packs is my favorite solution

Several possible solutions present themselves. No doubt you could figure out a method or two for, uh, borrowing those six new fonts from a friend’s Vista machine and installing them on your Windows XP machine. Although it seems unlikely that Microsoft’s legal team would feel litigious about your fontifical pilfering, there’s a far better — and easier — way to get the fonts installed under XP.

The first legal solution, which went live on the Microsoft site as recently as Mar. 6, is Redmond’s new PowerPoint 2007 Viewer. Install the viewer and the new fonts come along for the ride.

It’s a good way to grab the fonts, because the Viewer behaves itself. If you put the viewer on a computer that already has PowerPoint installed, for example, the installer is smart enough to leave your filename associations intact. This means that double-clicking on a .ppt file continues to open the file in your full-fledged version of PowerPoint.

Installing the PowerPoint 2007 Viewer is a simple way to gain the Vista fonts. Owning the full version of PowerPoint is not required. You can get the viewer (a 25.8MB download) free from the Microsoft Download Center.

But I think there’s an even better way.

The free Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats gives older versions of Office (2000, XP, and 2003) the ability to open, edit, and save files in the newer Office 2007 formats. For example, Word 2007 now defaults to saving documents in .docx format, Excel 2007 in .xlsx format, PowerPoint 2007 in .pptx, and so on.

Whether or not you care about Office, however, you can install the Compatibility Pack to get the Vista fonts — even if you don’t have a copy of Office present at all! Any user of Windows 2000 (SP4), Windows XP (SP1 or later), or Windows 2003 can install the pack.

The Compatibility Pack includes all six of Microsoft’s new ClearType fonts. Installing the pack is a totally free and completely legal way to get just the fonts. Best of all, the fonts remain on your machine for use by any application, even if you uninstall the pack. (This is true if you uninstall the PowerPoint 2007 Viewer, too.)

Microsoft’s end-user license agreement provides quite minor and straightforward restrictions on using the new fonts:

• You may use the fonts that accompany this software only to display and print content from a device running a Microsoft Windows operating system. Additionally, you may only
  
  • embed fonts in content as permitted by the embedding restrictions in the fonts; and
  
  • when printing content, temporarily download them to a printer or other output device.
  
  You may not copy, install or use the fonts on other devices.

Notice that there’s absolutely no requirement that you buy Office, own Office, swear fealty to Office, or even contemplate someday clicking on an Office icon. As long as you’re using the fonts on a copy of Windows (not Mac or Linux), Microsoft shouldn’t have any legal objection whatsoever.

Installing the pack to get the Vista fonts

To install the Office Compatibility Pack, go to the Microsoft download page and click the button labeled Download. The file, which was released in a revised version on Mar. 6, is a 27.5MB download. There’s no Windows Genuine Advantage barrier, and no confirmation is required that you have any version of Office installed.

Double-click on the downloaded file, which is called FileFormatConverters.exe. The install takes a minute or two.

When the installer finishes, you can verify immediately that the Calibri, Cambria, Candara, Consolas, Constantia, and Corbel fonts are available in every Windows application. Simply pull down the Format menu and select Fonts in any application that supports fonts.

If you just want the new typefaces, and you don’t really want to keep the converters installed, you can easily open the Control Panel and use Add or Remove Programs to uninstall them immediately. But there’s no downside to having either add-in installed. I recommend that users of older Office apps get the add-ins just for that inevitable day when someone sends you a new-fangled file.

And, yes, the fonts are yours to keep.

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

More need-to-know about network monitoring

By Ryan Russell Completing my recent series on monitoring file-system and Registry activity, I’d like to add what you need to know about packet capturing. To monitor a program’s activity for troubleshooting purposes, you really need to record its file, Registry, and network activity — and today, I’ll help you understand my favorite packet-capture tool.

How to capture packets with the big fish

I most recently described two other utilities: Process Explorer on Jan. 3 and Process Monitor on Mar. 6. I continue my tool series this week with Wireshark, a packet-capturing tool.

If you’d like to follow along, please download the latest version of the program from the Wireshark Web site. There’s a prominent “Get Wireshark Now” button that offers you the latest Windows version. There are versions for most other major operating systems, too.

People commonly call tools like Wireshark “sniffers.” This generic term, however, shouldn’t be confused with Sniffer, a trademark for a commercial application that performs similar functions.

To open Winshark, download and run the latest Windows installer. The defaults shown in the install routine should all be fine. When prompted, install Winpcap but not the NPF service that comes with it.

At this point, launch the tool. Winshark doesn’t start capturing packets immediately. Once it starts running, you must first enter some information before the app starts capturing.

In Wireshark, pull down the Capture menu and select Options. This brings up a dialog box in which you need to set some crucial options before packet capture begins.

First, choose the interface you want to use. The drop-down box next to the Interface field displays the network interfaces detected by Winpcap. You’ll usually want to select either Ethernet or wireless. Uncheck both Capture packets in promiscuous mode and Automatic scrolling in live capture. Click Start, and you’re done.

The settings I’ve given you — in particular, using nonpromiscuous mode — should result in Wireshark monitoring only your own network traffic. This helps you avoid violating many companies’ network policies. However, before capturing packets on a corporate network, you should first obtain approval. If in doubt whether you’re crossing some organizational line, limit your initial experiments to your own home network.

Revealing the details of HTTP traffic

Now that you have Wireshark capturing packets, open a browser and visit your favorite Web page. After the page has loaded, switch back to Wireshark and select Capture, Stop.

You should see a three-pane display, the top pane of which consists of a list of colored rows you can scroll through. Each of these rows represents one network packet.

Compared to Process Explorer and Process Monitor, Wireshark is challenging to describe. You need to know a bit about how networks work to make sense of a lot of Wireshark’s functions. I’ll direct you to some of the easier-to-understand features, so you can explore more on your own if interested.

If you visit a Web page while Wireshark is capturing packets, the resulting HTTP traffic will appear somewhere in the top pane. One of Wireshark’s most useful features is the intelligent way it decodes and displays this traffic in the Info column.

If you scroll through the top pane, you will likely see several GET commands. These commands are all artifacts of the Web page you pulled down.

Click one of the GET commands. Notice that the middle pane now has a Hypertext Transfer Protocol line with a plus (+) button to the left of it. If you click this button, it expands to show you the HTTP details. The bottom pane also highlights at least a portion of the raw packet as a hex dump. You’re looking at a transaction called an HTTP request.

The technique of following a TCP stream

The other feature of Wireshark that I use constantly is Follow TCP Stream. In the GET example described above, you’re looking at the HTTP request — but where’s the response? To see it, right-click the same packet in the top pane, but this time select Follow TCP Stream.

What you see is a window containing the entire TCP connection as text. This window will show one or more GET requests and their respective responses.

If the traffic you captured resulted from viewing an HTML page, you’ll see largely the same information that you’d get when using the View Source menu option in your browser. One big difference here is that you can see the raw headers, including cookies.

Close the TCP Stream window. You may notice that the top pane is now missing most of the packets. That’s because Wireshark automatically defined a filter to match the TCP stream you were looking at.

Above the top pane is a Filter field, which now contains an expression that matches the TCP connection you were looking at. To the right of that is a Clear button, which brings back the entire packet list.

Feedback, please, on my future columns

As I mentioned previously, packet monitoring is a complex topic. In my next few columns, I can go into a lot of detail, or I can write just one more column on packet monitoring and move on.

Based on the ratings that readers have already given to my other columns about these tools, you seem to enjoy this subject. For example, my Jan. 3 column on Process Explorer was rated 4.24 on a scale of 5.0 — one of my highest ratings ever.

I plan to write at least one more column on the topic of Wireshark. I’ll describe more advanced uses, situations that call for monitoring your network traffic, and how to filter out noise. I’d love to hear from you about the emphasis that would be the most useful. Please send me your feedback via the Windows Secrets contact page.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Ready or not, he-e-ere's Vista Service Pack 1

By Susan Bradley Right on schedule, Vista Service Pack 1 is showing up for people who use Windows Update. You’ll be prepared to install SP1 by the time you finish reading today’s special Patch Watch column, but the real question is, will your PC be ready?

936330
Vista SP1 finally hits the streets

Back in February, Microsoft product manager Mike Nash announced on the Windows Vista blog that Vista Service Pack 1 would be available via Windows Update around mid March. Sure enough, SP1 was released to Windows Update users on Mar. 18, as described by Nicholas White in a blog post. In April, SP1 will begin downloading to everyone who has Automatic Updates enabled.

The service pack takes anywhere from 20 to 40 minutes to download, depending on your connection speed and hardware performance. You may not actually see this service pack, however, when you manually run Windows Update (it’s identified as patch 936330). If not, the reason is probably that your system isn’t ready to install SP1 just yet.

As the posts mentioned above describe, many device drivers need to be updated before Service Pack 1 will install in a seamless manner. Most of these drivers are listed in Knowledge Base article 948343.

I was surprised to discover in my testing that Windows Update was not offering SP1 to one Vista workstation. It turns out that this three-month-old HP workstation had an offending Realtek audio driver. After I installed an updated audio driver, the machine was then offered Vista Service Pack 1.

As you know from reading my previous columns, I normally say “no” to installing modified device drivers using Windows Update. It’s usually much more reliable to get the latest version from the manufacturer’s site. But in this case, I said “yes” to installing the audio driver via Windows Update. Without the updated drive in place, the service pack wasn’t even appearing in Windows Update’s list, much less installing properly.

If you don’t see Vista Service Pack 1 in the list of available updates when you run Windows Update manually, and you aren’t offered any audio drivers, there may be other hardware issues.

Using Microsoft Update, rather than Windows Update, is actually the safest way to get this service pack. If MU senses you need audio drivers, for example, it will offer them to you. On the other hand, MU may find that you need a special patch called the CheckSUR update. This fix is described in KB article 947821.

If the update server sees that you’ve had patching glitches in the past, if tries clear them up before downloading Vista SP1. By contrast, if you manually download this service pack from Microsoft’s download center, you may find that one of your drivers is subsequently not functioning properly. This can be caused when your system does not yet have all of Microsoft’s so-called preliminary patches installed. This subject is detailed in KB 948187, which explains that you may need to search for various driver updates.

Last, but not least, if you’ve installed a Windows language pack other than English (U.S.), French, German, Japanese, or Spanish (Traditional), you’ll be blocked from installing Vista SP1. Support for additional languages is expected later this year.

Vista may require a new activation after SP1

After I installed Vista SP1 on two identical HP workstations — one running Vista Business and the other Vista Ultimate — both machines required me to call Microsoft and reactivate each one. When I installed the beta version of Vista Service Pack 1 on a machine back in February, I hadn’t realized that it would require me to reactivate Vista within three days.

This time, I was watching for this reactivation issue. I opened the Control Panel and, sure enough, this computer too needed reactivation in three days. (See Figure 1.) Every time I ran an online check for activation, the server stated that the machine’s product key was in use.

Figure 1. Vista can display a warning that activation is needed after SP1 is installed.

You may have to reactivate after installing Vista Service Pack 1 if the installation updated hardware drivers in the process. This is documented in KB article 947519.

I’ve started a discussion thread on the Microsoft forums about this problem. A Microsoft moderator commented that Vista can interpret a change of drivers as a big enough hardware change to demand that the machine be activated again.

If you hit the situation that I did, you have to call in to reactivate your system. Internet activation will not work.

Calling the number isn’t a horrible process and doesn’t take that long for a single machine. But if all the machines in your company needed you to make a call, it could be maddening.

As Windows Secrets contributing editor Ryan Russell recently remarked to me: “If I use a patch management system to install SP1 on 10,000 Vista boxes, I now have to make some percentage of 10,000 phone calls?”

In my opinion, service pack installations — even one as large as Vista SP1 — should never trigger behavior like this. After you install Vista SP1, take a quick look into the Control Panel and make sure your machine is still activated.

Activation problems may also be caused by having both an OEM license and Quickbooks 2007 installed. Such a combination of factors is described in KB 931573.

How to get support for Vista Service Pack 1

Getting help with your Vista Service Pack 1 problems typically qualifies as a free support incident through Microsoft or another vendor. The hard part, however, is determining which party is the one that actually owes you some support.

With OEM machines, Microsoft does not provide support, and the OEM supplier is responsible. As a result, you can find some resources published by Microsoft on its Service Pack 1 support page, it’s likely that you’ll need to seek help from the manufacturer of your computer to get support if you run into a conflict between SP1 and some driver or another.

950340
Excel calculation-error patch needs a patch

The critical patch last week for Excel users was Microsoft security bulletin MS08-014. After this fix was released, however, researchers discovered that it caused calculation errors with externally linked data.

The issue, which is discussed in KB 950340 will probably never affect any spreadsheets for most of us average Excel users. If you are affected, however, and odd calculations start showing up in your worksheets, Microsoft released on Mar. 18 an updated version of the patch. You should see the fixed fix being offered to you via Microsoft Update now.

More security patches from good ol’ Apple

Not to be outdone by the release of Vista’s new service pack, Apple unveiled an updates of its own. These include a fix for the Safari browser and a security update for Apple’s flagship operating system, Leopard.

The Safari update is detailed on the Apple site. Both the Windows and the Apple versions of the browser are vulnerable.

Apple’s March security update fixes several issues that hacker Web sites can use to attack your PC. These patches are listed in Apple article 307562. Any user of OS X should install these updates asap.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.