Exploring Windows’ Administrative Tools: Part 2

Exploring Windows' Administrative Tools: Part 2

Windows’ Performance Monitor is the key to understanding the details of your PC’s operation.

This tool (built into XP, Vista, and Win7) lets you see, in real time and in collected data logs, how your PC reacts as different programs run — or fail to run!

In Part 1 of “Exploring Windows’ Administrative Tools” (May 10 Top Story), you saw how a few easy tweaks can give you two-click access to hundreds of Windows’ most powerful diagnostic, tuning, and administrative features. In this installment, we’ll explore one of the most powerful of these tools — Performance Monitor.

Here’s how to access the version built into your copy of Windows:

In an admin-level account, click Start, type perfmon in the Start Menu’s search box, and press Enter. Figure 1 shows Performance Monitor’s initial dialog box in Windows 7.

Figure 1. Like the proverbial iceberg's tip, Performance Monitor's initial dialog only hints at what lies beneath.

Because most Windows Secrets readers are now using Windows 7, I’ll focus on its Performance Monitor. But Vista’s version is nearly identical and XP’s is similar, though simpler. I’ll also include abundant links for additional general and version-specific information at the end of this article.

Literally thousands of monitoring options

Although it has a single name, Performance Monitor actually aggregates a cornucopia of separate subtools and monitoring functions. Windows refers to these monitoring functions as counters because each one counts or aggregates various performance metrics.

There are hundreds of counters included with Performance Monitor, and many of those counters can be used more than once the same monitoring session — for example, monitoring the CPUs in a multicore system, the hard drives in a multidrive setup, network traffic on PCs with more than one connection, and more. In total, Performance Monitor is capable of tracking thousands of counters!

Performance Monitor (PerfMon for short) can display the vast amount of data it generates in real-time moving charts and graphs or store that information in log files for later analysis.

The logged data is useful for serious technical troubleshooting. You can set up PerfMon to track the counters of interest and then run your PC as you normally would — perhaps to recreate a task known to cause trouble. Checking the logs afterward can reveal exactly what went wrong and when.

There’s just one catch: selecting the right counters and setting up the data logs can be quite complicated.

PerfMon’s real-time displays are easier to use. They let you see what’s going on with your system as it happens. As such, the real-time displays are a great way to learn how your system works and how it responds to varying conditions. The downside is that you have to keep your eyes on the running counters to catch trouble as it happens — and that’s not always possible.

Still, given the enormous complexity of PerfMon, exploring the real-time displays is perhaps the best way to learn about the tool.

Win7’s simpler, preconfigured monitoring tool

PerfMon, in all Windows versions, is extravagantly configurable. If you take the time to learn it in detail and set up the counters you want to monitor, PerfMon can track and graph just about any metric you care to name. But it’s so complex that it’s difficult to get your mind around at first. (At least, it was for me.)

Fortunately, Windows 7 also offers Resource Monitor (ResMon for short), a selected, preconfigured subset of some of PerfMon’s most important counters. A subtool within PerfMon, ResMon displays its counters in a slick, standalone graphical interface that makes it easy to see at a glance what’s happening with a Win7 system’s CPU, disk, network, and memory.

Even though ResMon presents only a small subset of PerfMon’s counters, its clarity and relative simplicity make it a great starting place for understanding what Windows’ performance monitoring is all about. ResMon is found only in Win7, but its underlying concepts pertain to all versions of Windows.

Let’s take a closer look at what ResMon can do.

If you’re running Win7, open PerfMon as described earlier and, at the bottom of the pane labeled Overview of Performance Monitor (as shown above in Figure 1), click the blue link: Open Resource Monitor.

(As you’d expect with Windows, there also are several shortcut or back-door ways to access ResMon. For example, you can type resmon in the Start Menu’s text-entry box; or open Task Manager, click its Performance tab, and then click the Resource Monitor button. These kinds of alternate access methods are good to know, but they obscure ResMon’s true place as a subset of the main Performance Monitor tool. That’s why I’m suggesting the long-form, “front door” approach for now.)

In any case, when Resource Monitor opens, it will look something like what’s shown in Figure 2.

Figure 2. Win7's Resource Monitor gives a polished, real-time, graphical view of key system stats.

Select the Overview tab and then put the ResMon window off to one side of your screen. Use your PC in typical ways — search your disk for a file, go online, open a large application, etc. — and watch what happens in the ResMon display.

Now poke around the tabs.

• CPU shows aggregate (CPU — Total) usage plus stats and graphs for each of the processors (or cores) in your PC.
• Memory shows how much system RAM is in use and how it’s divvied up.
• Disk shows overall throughput and the responsiveness of each hard drive in the system.
• Network shows the type and number of connections in use and the throughputs of each active connection.

Note that most of the labels and other display elements in ResMon offer explanatory tips or balloon help when you hover your cursor over them. You’ll also find detailed assistance and explanations via the Help menu at the top of the ResMon window.

Using ResMon to cure hangs and delays

Now that you’re generally familiar with what’s in ResMon and how it works, here’s a real-life, practical use you can try the next time your system hangs or suffers a slowdown.

Programs often depend on separate, semi-independent software tasks, processes, or threads to occur in a specific order. Think of the process as a chain of dependencies where process A has to complete before process B can continue, process C has to wait for B to finish, and so on. Because each process has to wait for the previous one(s) to complete, the list of dependent elements is called a wait chain.

When a program hangs, it’s often because of a failure in the wait chain: some task or thread or process is stuck and is holding up all the program elements waiting behind it.

ResMon can let you analyze the wait chain of a hung program to see what’s causing the blockage and to terminate the stalled element. In many cases, your hung program might then recover and operate normally. Yes, ResMon can sometimes cure software hangs with just a few clicks!

Here’s how:

• Step 1. With ResMon open and running, click the CPU tab and find the troublesome application in the Processes section’s Image column. (An “image” in this case is simply the name of a program or process.)
• Step 2. Right-click the app or process and select Analyze Wait Chain. For example, see Figure 3, in which I pretended that Word was hung. (It wasn’t actually hung, but I selected it anyway to illustrate how the Analyze Wait Chain function works.)
  

  Figure 3. ResMon's Analyze Wait Chain function shows (and lets you control) other processes and programs that the selected software depends on.

• Step 3. When the Analyze Wait Chain dialog opens, you’ll see all the processes on which the selected program depends. If there are many such dependencies, PerfMon will organize them in a hierarchical tree. Programs or processes that are causing a blockage will be shown in red.

  As Figure 4 shows, my copy of Word was running fine. The Analyze Wait Chain dialog shows only Word’s normal dependency on the Windows I/O system, and nothing was shown in red.

  

  Figure 4. In this example, the Analyze Wait Chain dialog shows nothing amiss with my copy of Word. A problem dependency would have been shown in red.

  Some Analyze Wait Chain dialog boxes come up empty, meaning that the software you right-clicked is more or less standalone — it’s not currently dependent on any other process or program to complete its task.

• Step 4. If you find a red-flagged dependency in the Analyze Wait Chain dialog, select the checkbox next to the wayward process’s name and then click the End process button at the bottom of the dialog box. You also can select multiple processes and kill them, all at once, if you need to.

With luck, the offending process(es) will then restart and your software will recover from its hang!

(And if not, at least you’ll know exactly what software component broke — a priceless bit of information when you’re tracking down a hard-to-diagnose hang.)

Digging deeper, version by version

PerfMon’s hundreds of counters in thousands of permutations would take an entire book to cover in detail — way beyond the scope of this article. But now that you have an idea of what PerfMon (and ResMon) can do, let me point you to the very best, free, official documentation I could find, so you can delve as deeply as you need or want to.

The basics:

• Performance monitoring getting-started guide (TechNet article)
• Overview of Windows Performance Monitor (TechNet article)
• Windows Performance Monitor (TechNet article)
• How to: Use PerfMon in Windows 7 (MSDN blog)

Beyond the basics:

• Using Performance Monitor (TechNet article)
• Performance Monitor counters (TechNet article)
• Working with performance logs (TechNet article)
• Creating data collector sets (TechNet article)
• Scheduling and managing data in Windows Performance Monitor (TechNet article)
• Wait Chain Traversal (MSDN technical topic)
• Bugslayer: Wait Chain Traversal (MSDN Magazine article)

Vista-specific information:

Most of the information above also applies to Vista, but there are some differences nicely detailed in the TechNet article, “Windows Vista performance and reliability monitoring step-by-step guide.”

XP-specific information:

• Understanding Performance (MS online XP documentation)
• XP’s Performance Monitor (MS online documentation)
• XP’s System Monitor (MS online documentation)
• How to create a log using System Monitor in Windows XP (MS support article 248345)
• How to manage System Monitor counters in Windows XP (MS support article 305610)

Is Windows' pagefile a security risk?

Lots of scraps of data get stored in the pagefile, so does it make sense to wipe the file at shutdown?

It can take a long time to wipe a large pagefile, delaying shutdown by full minutes in some cases.

The pros and cons of regularly wiping pagefiles

Reader Sue M. is weighing the tradeoffs between high security and ease of use.

• “I can find tons of information about how to clear the pagefile in Windows but very little about why.

  “How important is it to clear the pagefile? All other things being equal, it seems a good idea, but all other things aren’t equal. It slows shutdown speed by a factor of 10 or so. What do you think, Fred?”

The short answer? I don’t think wiping the pagefile is worth the time or trouble.

The pagefile (aka swapfile or virtual memory) is a large, temporary scratchpad area that Windows uses to hold live code and data that won’t fit into RAM.

As you run programs and load data, Windows calculates which code and data are likely to be needed in the immediate future. That’s the stuff it keeps in RAM — a PC’s fastest memory system.

The lower-priority (but still live) code and data are swapped out to a system-managed file on the (relatively slow, compared to RAM) hard drive. The code and data are moved in discrete, 4,096-byte chunks called pages. This swapping of memory pages is why the collection of data is called a pagefile or swapfile. (For more info on this topic, see MS Support article 2160852.)

When your PC shuts down, the pagefile is normally left intact. As a result, the inert pagefile of a shut-down Windows PC contains scraps of whatever code and data your PC was working on while it was active. This digital detritus remains there until overwritten by future pagefile activity.

So that’s the security risk. If someone has physical access to your system and can copy or otherwise access the pagefile, he could — in theory — dig out some meaningful information, including snippets of things you typed, files you accessed, programs you ran, and so on. It’s possible that applications could leave plain-text passwords in the pagefile.

Does this constitute a major security hole? For most of us, the answer is no. For one thing, a pagefile is not a neatly organized repository, so it should not be of much use or interest to a casual snoop. And a determined data thief is more likely to walk off with the entire machine or the hard drive, which could potentially give him access to everything that isn’t encrypted.

But for the would-be snoop, dissecting a pagefile is a high-effort/low-return task that’s worth the hassle only if simpler, more direct avenues of data mining fail.

To my mind, wiping (overwriting) the pagefile at shutdown is useful only in situations where extreme security is called for and only when this method is used in conjunction with robust physical security, whole-disk encryption, ultra-secure passwording, biometric access scanning, and so on.

For us more-or-less average users, wiping the pagefile adds almost nothing in terms of meaningful extra security. And, as you say, Sue, wiping the pagefile takes time and really slows the shutdown process.

I don’t wipe the pagefile when I shut down. But if you want to, it’s simple enough to do. MS Support article 314834 even offers a one-click Fix it button to do the work for you.

Removing Windows XP from a dual-boot setup

John Luffrum is finally ready to ditch XP.

• “Hi, Fred! In your [May 23] Windows Secrets column, you posted advice for removing Vista from a dual-boot setup with Win7. I have a similar setup, only with Win XP instead of Vista.

  “I followed your instructions successfully up to the point where you say, ‘Delete the Vista partition, and you’re done.’ But my partition manager won’t let me delete, reformat, or do anything else to my D: partition (or my C: partition, for that matter). It says that both are ‘system or boot partitions.’ Any advice would be gratefully received.”

In normal, multipartition (but nondual-boot) setups, one partition is designated as the boot (or system or active) partition. This software designation is how the PC’s hardware knows where to look for the operating system’s startup files.

Typically, in dual- or multiboot systems, two or more partitions contain operating system boot files. To let you choose which OS to launch, special boot-manager software interrupts the normal startup process. You simply pick an OS from the boot manager’s list; it then hands off the rest of startup to the appropriate partition and gets out of the way.

John, it sounds like whatever boot manager you’re using is doing something weird. I suggest you make complete backups of both systems and uninstall the boot manager. Next, using the tools and instructions I’ll describe in a moment, set your Win7 partition as active (or boot or system — there are various terms for this). Then make sure the old XP partition is no longer flagged as active (or boot or system). With no boot manager interfering and with just one partition set as active, you should be OK.

Win7 has built-in boot tools that usually can handle this, but I think NeoSmart’s EasyBCD (site) is easier to use, so I recommend you try that first. The tool has free and paid versions. The relevant how-to is on this NeoSmart page.

Also, the Multibooters site covers XP (and Vista) multibooting in some depth on its excellent “Guide to the multiboot process” page.

If you want to try the Win7 tools, which are good — just not as easy to use as the Neosmart tool — the TechNet article, “Overview of disk management,” shows you how to access and use Win7’s built-in Disk Management console. MS Support article 927392 discusses Bootrec.exe, a diagnostic and repair tool that lets you fix problems with the boot process. It even allows you to rebuild the boot records and related files from scratch on an otherwise unbootable system.

In short order, with either EasyBCD or the Win7 tools, you’ll have your system XP-free and booting properly from just Win7.

Outlook 2010’s ‘recent places/items’ missing

Paul Roth misses a feature from earlier Outlook versions.

• “One thing I have been bothered with since upgrading to Outlook 2010 is trying to attach and send a file I just edited. There used to be an icon on the left side of the Attach window that said ‘Recent Items,’ and I could just click and add the file.

  “For the past 18 months, I have had to continue to search through the system to find the folder containing the just-edited file I want to attach. I would appreciate help finding the 2010 version of getting these files! Thank you.”

You’re right: Outlook’s built-in Recent Items feature was removed in Outlook 2010. But it was deleted for a good reason: that function is now built into Windows 7’s jump lists and operates system-wide — not just in Outlook.

Win7’s jump lists are described moderately well in an MS Help & How-to page.

For specific information on using jump lists in Outlook, see these articles:

• TechNet discussion, “Outlook 2010 Recent Items in jump lists”
• MSOutlook.info’s article, “Jump lists and Outlook templates”
• OutlookForums.com’s discussion, “Unable to search for recent items in Outlook”

Seeking tools to help reload Windows

Craig Snively is looking for a way to cut down on the manual drudgery of reinstalling Windows.

• “I have to reload Windows on my computer because of severe software bloat, with the consequential slowdowns and other annoyances. Is there any software that will scan my computer for the installed applications and then create a restore script that I can put on a thumb drive or onto another HD? Then, after installing my Windows and getting it up to date with all the software updates from MS, could I use that script to install the applications from my old installation? (Of course, I’d select each one individually so I don’t just go back to my same old problems.)

  “Do you know of anything like this?”

I know of no end-user tool of that sort. But this procedure might accomplish what you want:

• Step 1: Make a complete backup of your system and then do an extensive, no-holds-barred housecleaning: uninstall any/all programs you don’t need or use, move old files to off-system archival storage (e.g., on CDs or DVDs), and so on. Some of this cleanup is necessarily a manual process with human decision-making. But much of the basic cleanup can be automated. See, for example, the Nov. 10, 2011, Top Story, “Putting Registry-/system-cleanup apps to the test.”
• Step 2: When your system is as clean as you can get it, follow the steps in the July 14, 2011, Top Story, “Win7’s no-reformat, nondestructive reinstall.” (Note: Vista and XP are also covered in that article.) This will refresh your operating-system files without having to wipe everything out and start over.
• Step 3: After your OS is set up exactly the way you want, follow the steps in the May 12, 2011, Top Story, “Build a complete Windows 7 safety net.” (You don’t say which Windows version you’re using, so I’ll assume Win7. But the principles discussed in that article can also be applied to other versions.) Among other results, that article will help you create a system image of your refreshed setup.

When you’re done, you’ll have a lean, clean, refreshed, up-to-date, and fully backed-up system. If or when data bloat or other trouble strikes in the future, you can easily roll back your system — and all its installed software — to this clean condition.

Good luck, Craig!

Extreme choreography for the birds

By Kathleen Atkins The sight of male birds strutting in their gaudy mating-season plumage makes even Saturday Night Fever look rather dull. It might just inspire you to find music to suit the mood, as this videographer was. The birds don’t require a dance floor or a club music sound track, of course, but if you have any trouble remembering what it’s like to feel ardent, you could do a lot worse than going out for a night of dancing and emulating these birds — if you can! Play the video

Alternative music sites for eclectic tastes

Getting tired of iTunes, Amazon, and Pandora? The Internet swings with great music of every type and style on alternative sites.

To give you a taste of what’s available, here are three sites that take very different approaches to online music streaming and downloading. All their music is free or reasonably priced — and unshackled from digital-rights management.

Music for your tastes, budget, and player

Need some new music in your life? Perhaps your collection of Grateful Dead concert tapes has finally worn out. Or you’ve grown tired of studio recordings altogether and you’re looking for the spontaneity of live concerts. Perhaps you want to throw yourself into the works of Shostakovich — or Al Jolson.

These sites cater to just such desires — plus they all match a few conditions I consider necessary to make them recommendable:

• They can stream music to Windows, Android, and iOS — so you can listen on a PC or a mobile device.
• After music is downloaded, one option is unprotected, play-on-anything .mp3 files with a reasonably high bitrate.
• Prices are reasonable — if there’s any cost at all.
• They’re not well known. (You don’t need me to tell you about Pandora or Amazon’s .mp3 store.)

The old, the odd — and the Grateful Dead

The Internet Archive site is heaven for music that you’re never going to find on the latest pop chart or Top 10 list. It is, for example, a Deadhead’s digital nirvana: free access to thousands of Dead concerts, all of them streamable and most of them downloadable. But you’ll also find live recordings from lesser-known groups, music from nearly 600 virtual netlabels (music labels found only on the Net), and even 78rpm and cylinder recordings from the early 20th century. (There are four pages of recordings by Al Jolson.)

The site for Archive, a nonprofit organization, devotes itself to making the world’s culture available for free in digital form. Here, you’ll find not only music, but videos, books, and even old versions of websites (want to see what Windows Secrets looked like in 2004?).

But let’s get back to the Grateful Dead. Early on, the Dead made a unique and daring business decision: they allowed — even encouraged — the audience to record their concerts. Their enlightened approach to music also let fans share concert tapes, provided that no one sold recordings for a profit. (The general rule was that you traded a blank cassette tape for a full one.)

With the surviving band members’ permission, the Internet Archive took the Dead’s generous policy into the Internet age, making over 8,000 concerts available. (See Figure 1.) All are streamable, and a little over half are downloadable as well.

Figure 1. Internet Archive's Grateful Dead page, just a small part of the archived info you'll find on the site.

What’s the catch? The Dead doesn’t allow downloads of professional, off-the-soundboard recordings. (They might want to release these concerts commercially one day.) However, the band has made those high-quality recordings available to the Archive for streaming, giving better audio than the download versions.

If no such professional recording exists, you can download a digitized audience recording. Most of the downloadable tracks are in low-quality 64kbps and in the far-superior VBR (variable bitrate) .mp3s. Many can also be downloaded as lossless FLAC files.

The Archive streams music (Dead or otherwise) in the highly generic M3U format. You can play tracks off the website or download a tiny .m3u playlist file and then stream them through Windows Media Player. Streaming tracks via the website works just fine on an Android or iOS device, although the site’s design is anything but mobile-friendly.

Wolfgang’s Vault: An inexhaustible collection

Going from the Grateful Dead to rock impresario Bill Graham feels like a very small hop. But though the producer and the band were part of the same scene, Graham and his organization produced concerts by just about every major performer in popular music. And an astonishing number of those concerts stream freely from Wolfgang’s Vault (site). (If you’re wondering about the site’s name, Graham was born Wolfgang Grajonca.)

As nearly as I can tell, the Vault (shown in Figure 2) has concerts from over 400 artists, including 28 by The Black Crowes; 14 by The Who; six by the Police; 10 by Peter, Paul, and Mary; and, yes, 155 from The Grateful Dead (a fraction of what the Internet Archive offers).

Figure 2. Wolfgang's Vault is devoted to music and music videos.

Wolfgang’s Vault’s streaming format isn’t as generic as the Internet Archive’s. When you start a concert, a small browser window pops up to control playback. To stream to an Android or iOS device, you must download and install free apps. I found the Android app less than stellar on my Droid X phone. It’s a rare treat when streaming goes smoothly from one track to another. The iOS app, on the other hand, plays nicely on my iPad 2.

In addition to the individual concerts, the Vault also offers playlists — often timed to match artists’ birthdays or as memorials for recently deceased performers. You can also create your own playlists and bookmark your favorite concerts in the Cloud.

You can’t, however, do anything on Wolfgang’s Vault without an account. Free accounts allow 10 hours a week of streaming at an acceptable — but far from ideal — 96kbps bit rate. U.S. Just U.S. $48 a year gets you unlimited streaming at a much better 192kbps. You also get a $50 credit for purchases.

What can you purchase? Concerts, of course — although not nearly enough of them for my taste. Short concerts generally cost $5, long ones about $10. If you’re not satisfied with 256kpbs .mp3s, you can pay more for lossless FLACs. The Vault also sells merchandise targeted at collectors — such as posters, clothing, photos, and vintage tickets.

It costs nothing to watch concert videos at Wolfgang’s Vault. The site offers a large and growing collection, mostly of individual songs.

eClassical: For ‘longhair’ music

Bill Graham wasn’t the first Wolfgang to make a mark on music history. If you more naturally associate that name with a certain Mozart, you’ll probably want to check out eClassical’s site. You’ll find an astonishing collection of classical recordings from a huge selection of labels.

The site is weak on star performers. Isaac Stern turns up on only three albums and Itzhak Perlman on none. But you’ll still find plenty of excellent performances and recordings.

Figure 3. As its name suggests, eClassical is the Internet's archive for classical (often called longhair) music.

eClassical doesn’t offer streaming — in fact, nothing is free. But the prices are reasonable, and there are some real bargains. Pricing is also based on an unusual per-second rate, which makes the price tags look a bit weird. For instance, an album of C.P.E. Bach Solo Keyboard Music (site), running 78 minutes and 32 seconds, costs $11.78. But individual tracks from that recording range from $1.19 to 42 cents.

You pay the same price for either 320kbps .mp3s (which most people find indistinguishable from uncompressed audio) or lossless FLACs (which are literally indistinguishable from uncompressed audio).

Even more impressive for the hardcore audiophile, much of their music is now available in 24-bit FLACs, which should create vastly superior sound. (CDs, .mp3s, and standard FLACs are 16-bit, which can record and reproduce about different 64,000 sounds. But 24-bit, used in movie digital soundtracks, brings that number to over 16 million. Normally, eClassical charges more for 24-bit audio, but as I write this, much of it is on sale at the 16-bit price.

Before you gleefully buy those 24-bit FLACs, be warned: you might not have anything handy that can play them. See eClassical’s “About audio formats FLAC and MP3” page for details.

Whether you prefer to listen to Beethoven or merely roll over him, you can find some amazing musical choices in the Internet. Tell Tchaikovsky the news.

In case you'd rather be lucky than good

Lounge member jbacinti was perplexed by a friend’s trouble with a local network.

After collecting instructions from a guru in the Networking forum, jbacinti was surprised by an apparently spontaneous cure of his friend’s network difficulties. He thinks he’s lucky, and so does his mentor. But it doesn’t hurt to investigate causes, says the advisor. More.

The following links are this week’s most interesting Lounge threads, including several new questions that you may be able to provide responses to:

Office Applications
General Productivity	Recorded audio tinny and hollow — like from a barrel
Word Processing	Word 2003 forms check boxes
Spreadsheets	Highlighting one word in cell
Databases	Populate combo box based on previous combo box selection
Presentation Apps	Why is it possible to delete page number on slides?
Visual Basic for Apps	How to access XML info with VBA?
Microsoft Outlook	Outlook 2007 Web toolbar suddenly not working
Non-Outlook E-mail	Bounced e-mails: Why?
Windows
Windows 8	Installing Windows 8
General Windows	Windows update nightmare scenario
Windows 7	Library confusion
	regsvr32.exe errors
	Unwanted Update notifications
Windows Vista	Vista System Restore doesn’t work
Windows XP	ntoshkrnl.exe corrupt
Windows Servers	Windows Server 2008 domain setup/config help
Internet/Connectivity
Internet Explorer	Sharing IE Favorites
Third-Party Browsers	Two problems with FF13
Application Servers	Exchange on SBS 2008; Mailbox Properties dialog blank
Networking	Confused about network configuration
Social Media	Apple iTunes security vulnerability
Software Development
Windows Programming	Help gamers with possibly simple C++ problem?
Web Design & Development	Clearing the cache
Other Technologies
Non-Microsoft OSes	iPhone slowing down: Top tip
Security & Backups	Fake Facebook account cancellation request
Hardware	Best mouse surface
Graphics/Multimedia	Program for burning video and photos?
Other Applications	Winamp and album art

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

Patch Tuesday features all the usual suspects

The scramble is on again to patch Microsoft’s Remote Desktop Protocol; there are no known attacks via RDP yet, but they’re expected soon.

Other Microsoft products fixed this week are the usual players: Internet Explorer, .NET, and the Windows kernel.

MS12-036 (2685939)

Critical flaw in Remote Desktop Protocol

If that headline sounds a bit familiar, it’s because it wasn’t so long ago we were offered patches in MS12-20 for another critical RDP vulnerability. As before, this new flaw leaves users vulnerable if their RDP process is listening on a network-connection port.

KB 2685939 fixes a critical remote code–execution vulnerability in all versions of Windows Server and desktop Windows from Win7 SP1 onward. It’s described as a denial-of-service issue and rated only moderate for earlier versions of Windows.

Interestingly, if you’re using Remote Desktop on an iPad to connect back to your desktop, you’re vulnerable. An attacker can gain complete control of your system by sending specially crafted packets to an open RDP port.

Windows 7 users will see two RDP patches this week. As discussed in the next item, KB 2667402 will show up again. It doesn’t matter which of the two patches you install first.

What to do: Install KB 2685939 (MS12-036) as soon as possible.

MS12-020 (2667402)

It’s déj&#224 vu all over again for RDP

As noted above, PC users running Windows 7 and Windows Server 2008 R2 will be re-offered KB 2667402 (MS12-020). When the patch was released March 13, some users reported broken Remote Desktop Protocol connections if they installed this patch and then installed Windows 7 SP1.

If you originally installed KB 2667402, you’ve been protected all along from the security flaw it addressed. Reinstalling it now will ensure you won’t have problems down the road, if you uninstall Win7 SP1.

What to do: Reinstall KB 2667402 (MS12-020) if offered.

MS12-037 (2699988)

Microsoft finally patches an IE zero-day vulnerability

At the Pwn2Own 2012 hacking contest, security research firm Vupen won $60,000 for revealing zero-day vulnerabilities in Internet Explorer and Chrome. The contest was held in early March, but Microsoft patched the vulnerability just this week.

Affecting all supported versions of IE, including Windows 8 Consumer Preview’s IE 10, this update also patches 12 other security issues with Internet Explorer. The patch is rated critical for all current desktop versions of Windows.

What to do: I recommend installing KB 2699988 (MS12-037) — and most IE updates — even if IE isn’t your default browser. Components such as Windows Update rely on IE.

MS12-038 (2706726)

Yet another fix for .NET Framework

Another Patch Tuesday, another .NET update to deal with. MS12-038 includes a critical patch for browsers that handle XAML Browser Applications (Wikipedia info). Internet Explorer and, possibly, Firefox users are potentially vulnerable, but not Chrome users.

Depending on the version of .NET and your operating system, you could see KB 2686827, KB 2686828, KB 2686830, KB2686831, and/or KB2686833.

What to do: As I’m sure you know, I typically don’t recommend installing .NET updates until we see whether they adversely affect the computing community. So hold back on installing the patches in MS12-038 until at least the end of the month.

MS12-025 (2671605)

A .NET-update update that’s ready to apply

This past April, we delayed installing the critical patch in MS12-025 because it caused printing errors with certain applications. In particular, TurboTax users were hit just as they were rushing to file their U.S. tax returns.

To fix this problem, Microsoft rereleased MS12-025 this Patch Tuesday. If you’ve already installed the update, you’ll need to do it again to ensure you don’t have printing issues in the future. It affects all versions of .NET on all supported operating systems.

What to do: Reinstall the appropriate patch in MS12-025 or accept it when it’s offered.

MS12-041 (2709162), MS12-042 (2707511, 2709715)

Six new vulnerabilities in the Windows kernel

MS12-041 fixes five recently reported flaws in the kernel, and MS12-042 patches one more. Kernel updates are always important, but in these cases, an attacker must have direct access to a system. The update applies to all current versions of Windows. Windows XP users will see KB 2707511; everyone else will get KB 2709715.

What to do: Install both KB 2709162 (MS12-041) and either KB 2707511 or KB 2709715 (MS12-042 ) without delay.

2677070

MS adds automatic certificate revoking

On Vista, Windows 7, Windows Server 2008, and Server R2 systems, new security certificates are applied automatically. But to revoke untrustworthy security certificates, Microsoft must issue a patch. We went through this recently, with faulty Windows and Microsoft Update certificates. KB 2677070 streamlines that process: after applying the patch, certificates will be revoked automatically.

What to do: Install KB 2677070 as soon as possible.

2709630, 2699779

Two relatively obscure patches to put on hold

Under very specific circumstances detailed in MS Support article 2709630, Windows 7 users might experience a noticeable delay when signing in to an Active Directory domain. This happens only when your network reconnects during the sign-in process.

KB 2699779 fixes a problem with msiexe.exe crashing when you try to install Office 15 (the next version of Office, still in development) on Windows 7 and Windows Server 2008 R2 systems. [Editor’s note: As we prepared this issue for publishing, the online page for this update went down.]

What to do: If you don’t connect to a domain (typically, to access a business network) or if you’re running Windows 7 Home versions that can’t join a domain, skip KB 2709630. If you are joined to a domain (such as a Small Business Server network), wait until the end of the month to add this update. Take a pass on KB 2699779 as well, unless you run into trouble testing Office 15.

2719615

An emerging exploit in MSXML Core Services

According to MS Security Advisory 2719615, Microsoft has received reports of attacks on PCs using a new vulnerability in MSXML Core Services (used to build XML-based applications). The flaw can give hackers access to PCs when Internet Explorer users click on maliciously coded websites, online ads, e-mail messages, etc. The advisory states that Microsoft is investigating the vulnerability and developing a patch. In the meantime, it has posted a fixit.

The threat affects all versions of Windows and Office 2003 and 2007. I’ve not experienced any problems with this fixit — but if you do, it’s easily disabled.

What to do: Because MSXML is included in all versions of Windows from XP SP3 on, I recommend you apply the fixit — or use another browser until Microsoft releases a formal patch.

Regularly updated problem-patch chart

This table provides the status of problem patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.