Free software on USB enables portable computing

Get Fred Langa's wallpaper for your desktop

Our editor-at-large, Fred Langa, is back from a 5-month motorcycle tour of the U.S. and Canada. Through Oct. 24, all paid subscribers are eligible for a bonus download, Wallpaper of the Journey — 25 high-quality images by Fred that you can use as desktop wallpaper. Free subscribers can get the bonus by upgrading to the paid version. And anyone can purchase the entire set of images for U.S. $9.95. Get it today! —Brian Livingston, editorial director

• Paid readers: download the bonus
• Free readers: upgrade to get the bonus
• For everyone: purchase the download

Free software on USB enables portable computing

By Scott Dunn USB flash drives are good for more than just storing and transferring files — with the right software, your flash drive can become a tiny computer. Fortunately, you can find plenty of great software that not only runs on a USB flash drive, but is also completely free.

To maximize your flash drive, get a suite

In Part One of this article in the Oct. 11 issue, I described the fastest USB flash drives, which are necessary for portable software to run well. Once you have the USB drive you want, and you’ve installed the necessary software, you can plug the drive into any machine and have all the applications and data you need at your fingertips.

In this issue, I’ll tell you about the best free software for flash drives. I’ll also explain how to use a flash drive with relative security on any computer.

These days, portable software (sometimes called flash-drive compatible software) is available from an array of sources. In many cases, these products are assembled into suites. The major offerings are from PortableApps, winPenPack, and U3. You can also download and install individual portable applications wherever you find them.

Having tested all the major offerings, I recommend that you combine two sources to get the best free software for your flash drive:

• Use the Portable Apps suite. PortableApps has a solid collection of open-source and free software. I found its menuing system, however, to be less than the best.

• Add the winPenPack menu. Fortunately, a highly customizable program launcher from winPenPack can easily be installed along with a suite of software from Portable Apps.

PortableApps

For ease of installation, there’s nothing like downloading a whole collection of applications that are designed to run from a flash drive. The suite from PortableApps suite comes in two editions: Standard (260MB) and Lite (105MB).

The free software in the Standard edition includes portable versions of an office suite (OpenOffice), a browser (Firefox), an e-mail client (Thunderbird), a calendar and task manager (Sunbird), antivirus software (ClamWin), instant messaging (Gaim), and a game (Sudoku). The Lite version is almost the same, but replaces the many functions of OpenOffice with AbiWord, a word processor.

The suite also includes a built-in backup function and a launching menu that appears in the system tray. (On many computers, you must first start the launcher manually through Explorer after inserting your flash drive.) If you only want this menu and the backup utility, you can download just that from PortableApps as well; it consumes only 1MB when installed.

Although PortableApps has its own special format, you can add any app that’s on your flash drive to the PortableApps launch menu (regardless of format). To do so, click Options, Refresh App Icons. Unfortunately, this function adds all .exe files to the menu, whether you want them all there or not.

To download any or all of these portable software programs, visit the PortableApps site.

winPenPack

A different collection of portable applications is available from winPenPack, an Italian company. The company’s site offers plenty of free applications grouped into various suites or collections (in both English and Italian). The site features its own customizable, pop-up menu launcher, which I found superior to PortableApps’ offering. You can download the menu system by itself or as part of a software collection.

Just as PortableApps offers Standard and Lite suites, winPenPack provides a variety of software packages. The company calls these Essential, 1GB, Expert, School, and Web. The site also includes instructions for assembling your own personal set of apps. You can see a list of the applications in these suites by visiting the Doc/Help page and clicking Applications Lists. Then click the suite whose contents you want to see.

Because the product originates in Italy, you may need to apply an English language pack after installation.

A few of the winPenPack apps I tried seemed underpowered, but the sheer breadth of available product categories (Office-style applications, graphics, Internet, multimedia, security, system utilities, and more) was impressive. And I liked the ability to customize the hierarchy of menus and submenus in the program launcher, which you can use with any folder or application, not just winPenPack collections.

For information on creating your own set of portable applications, visit the personal winPenPack page. To install the launcher separately from any other software, visit the download page. Change the language widget in the upper-right corner to “English” if it’s set to “Italian.”

If you don’t find winPenPack’s launcher to your liking, another free, customizable pop-up launcher is PStart, from Pegtop software.

U3

If you have a U3 drive and are satisfied with the available U3 software, installing a U3 app is as simple as clicking the U3 icon in the system tray (the area of the taskbar near the clock) and clicking Download Programs. The list makes it easy to spot the free programs from trial or shareware versions.

Do-it-yourself

A final (and more laborious) option is to use your favorite search engine to find apps that are designed to run from flash drives. Popular sites for portable freeware include Andrew Lee’s Portable Freeware collection and the portable freeware page of the NedWolf site. SnapFiles also has listings for such products, but these are mainly small utilities rather than mainstream applications.

How to reduce the risks of flash computing

If you plan to use your flash drive with any public computer, you’re exposing yourself to a variety of risks. Using a public computer is never 100% safe and private, since a PC used by others might have keylogging software capturing your passwords and other data. However, you can take some steps to limit the dangers from viruses, keyloggers, and loss of the drive itself.

Use antimalware software. The risk of acquiring viruses, spyware, or other malware from a public computer is high, so take care to install one or more antimalware products on your flash drive. Antimalware programs are available in all of the collections discussed above. You can also find other portable antimalware products online.

In addition, once you return home, you should use any virus scanner that’s installed on your desktop machine to scan the flash drive before using any application on it.

Don’t use online banking on a public PC. If you log on to a banking application that allows money to be transferred from your account to payees, this is just what keylogging software is looking for. Either carry a laptop that you regularly scan for spyware, or find some way other than an Internet café to do your banking remotely.

Protect your privacy. Privacy on a public computer is also a concern, especially if you’re working with sensitive documents. One strategy for protecting your data is to use a portable encryption program like TrueCrypt, as discussed in the Aug. 2 and Aug. 16 newsletters.

Another option is to use an archiving program that can encrypt the compressed files it creates. For example, the program IZArc2Go fills that bill and is designed for flash drives as well.

To use the files you encrypted, you’ll have to copy them from the encrypted folder to work on them. When you’re finished with the work files, copy them back to the encrypted folder. Then destroy the work copies using a shredder utility, such as CyberShredder or Ultrashredder.

Make backups. Finally, protect yourself against accidental loss of the drive itself by making backups of its contents. If you’re making the backup to your desktop system, you can use whatever software you have on that system (including any that might be built into your version of Windows). In addition, backup utilities are found in all the portable-application collections discussed earlier.

Flash drives make it easy to take both your work and applications with you wherever you go. Although they’re not as secure as taking a laptop with you, they’re much easier to transport. With the right precautions, you can reduce your risks and get the ultimate in portable computing.

Readers Richard Cobb and “Brad” will each receive a gift certificate for a book, CD, or DVD of their choice for their help in researching this topic. Have a tip about Windows? Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

Get official and unofficial fixes for Excel

By Brian Livingston Despite the hotfix that Microsoft recently released for Excel 2007, as I described on Oct. 11, some math errors that you should know about still lurk in both Excel 2007 and Excel 2003. I’ll bring you up to date and explain how you can get better results from Excel.

Baier and Neuwirth offer Excel math add-ins

In a nutshell, this month’s patch for Excel 2007 corrects a bug that treats numbers close to 65,535 as if they were 100,000. To get the fix, see the Oct. 9 entry in Microsoft’s official Excel blog.

Even with the hotfix, however, both Excel 2007 and Excel 2003 give slightly wrong — and, in some cases, extremely wrong — answers to some floating-point calculations. I’ll give you some examples below. First, let’s discuss an independent solution to the problem.

Those who want more accurate floating-point math than any version of Excel supports should download a statistics program called R. This is open-source software that was originally written by Robert Gentleman and Ross Ihaka (“R & R”), who now work with about 20 researchers around the world to maintain the code.

The R program, in turn, can be used with Excel if you install various add-ins by Thomas Baier and Erich Neuwirth called RExcel, rcom, and R(D)COM. Windows Secrets contributing editor Woody Leonhard recommended this in his Oct. 4 column on the Excel problem.

In last week’s article, I rounded off R(D)COM to R, which resulted in me mistakenly saying R was authored by Baier and Neuwirth. Ouch! This floating-point stuff really is hard!

Erich Neuwirth kindly e-mailed me the following explanation:

• “Thomas Baier wrote rcom and R(D)COM, both of which allow you to use R as an embedded library in any Windows program supporting the COM (Component Object Model, not the serial port) interface. I wrote RExcel, which embeds R into Excel and allows you to use R functions as if they were native Excel worksheet functions.

  “So, yes, R can be used as a floating point library for Excel, but it is much, much more. Most computational statistics research nowadays is done using R.”

For more information about R, or to download it free from R-Project.org, visit the R-Project site.

For more information about the Excel add-ins, see Baier and Neuwirth’s R(D)COM page and the RExcel installation instructions.

Some Excel 2007 bugs also affect Excel 2003

I mentioned last week that Excel 2007’s problem with 65,535 was reported to also affect Excel 2003, but that Microsoft wasn’t being clear about this. Reader Charlie Woodall explains that this particular bug is present in Excel 2003 only if Microsoft’s “Save as Excel 2007” converter has been installed:

• “The Excel bug [involving 65,535 in Excel 2007] does not affect the older versions of Excel. However, for those who have applied the Office 2007 Compatibility Pack to older versions of Office, there are two files that are affected by the bug. The two affected files, excelcnv.exe and oartconv.dll, must be replaced by build 12.0.6042.5000. These files are part of the Office 2007 Compatibility pack. The bottom line is that the Excel bug affects the file format converter and not the older Excel versions.”

Even if you install Microsoft’s October 2007 patch to Excel 2007 and to the file converter in Excel 2003, however, other math errors remain in both products. Microsoft’s acknowledgement of the 65,535 problem has resulted in new attention being paid to these errors by commenters in the official Excel blog:

• The dec2hex( ) function gives wrong answers (see comments 5178648 and 5205563);

• Calculations involving a result of 0.1 are slightly off (5192535);

• The trunc( ) function changes the value of calculations that are already truncated (5372326).

Woodall confirms these problems and clarifies what Microsoft’s October 2007 hotfix does and does not cure:

• “You are correct that the bugs addressed in the 4 links affect Excel 2003. They also affect Excel 2007. The hotfix that was issued the other day did not fix these bugs in either Excel 2003 or Excel 2007. The hotfix seems to have fixed the [65,535] calculation bug that affected only Excel 2007 (and the file format converter). In effect, the hotfix makes Excel 2007 calculations agree with Excel 2003 calculations [involving 65,535]. …

  “Microsoft should definitely fix the problems with the dec2hex( ) and dec2oct( ) functions. However, the error 4.1 – 4 = 0.0999999999999996 [which should result in 0.1] is due to the inaccuracy in floating point calculations and is probably not considered a bug by Microsoft.”

The difficulty of representing numbers like 0.1 and 0.01 in crude binary fractions is the reason the world has statistics programs like R. If Microsoft won’t build precision into Excel, other people will.

For his part, RExcel developer Neuwirth has his own dirt on the Redmond spreadsheet app:

• “My main concern with Excel is its inconsistent handling of rounding: int(1000–2^–41) and quotient(1000–2^–41,1) never should produce different values, and that is what Excel does. Int(1000–2^–41,1) also never should be negative, but Excel gives a negative result. These are more than floating point issues, this is a logical problem.”

What to do: I recommend that you install the hotfix to Excel 2007 and to Excel 2003’s “Save as Excel 2007” converter, but you shouldn’t expect this to solve every Excel calculation error. Just because a number comes out of a computer — or a program comes out of Redmond — it ain’t necessarily reliable.

Readers Neuwirth and Woodall will each receive a gift certificate for a book, CD, or DVD of their choice for sending comments we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Brian Livingston is editorial director of WindowsSecrets.com.

Go a little ape with human Donkey Kong

Almost everyone has heard of Donkey Kong, the 1981 arcade in which the heroic Mario makes a laborious climb to rescue his sweetheart Pauline while dodging moving obstacles from a barrel-hurling gorilla. (Ah, the good old days!) This remake takes the game to new levels of realism &#8212 and reality &#8212 by having humans fill the roles. After viewing the video, you might be tempted to ask: just who is the donkey in this game? Play the video

Part four: WU, Symantec suite can slow PCs

By Fred Langa This week, a Windows Secrets reader learns what has been hogging his computer’s resources and causing sluggish performance. In this article — the fourth in a series of eight on my Housecalls with readers — we identify the Symantec/Norton security suite as the main culprit responsible for a PC’s drastic drop in performance.

Delete Windows Update files to free space

So far, you’ve seen how to use some free, powerful tools to declutter a PC and speed boot times; how to resolve an address conflict on a small network; how to test the basic security of an Internet connection; and how to reduce the size of areas where enormous numbers of junk files can quietly accumulate. (If you missed the earlier installments, please take a look at Parts One, Two, and Three.)

As you may recall from last week, I was at Windows Secrets reader Gene Foster’s home in Tacoma, Wash., trying to figure out why his machine was bogging down. We’d already performed a thorough software housecleaning and had found and removed some 3GB of junk files from his system. In fact, we’d already done all the tune-up tasks listed in the first three parts of this series, but his PC was still not performing as well as Gene remembered it once had.

We dug a little deeper and found that, like many systems, Gene’s c:windows system folder contained a ton of files with names like $NtUninstallKB826939$ and KB935839.log. The actual numbers were different for each file, but they all followed the same basic pattern.

The NtUninstall files contain data needed to roll back or uninstall a Windows Update item. The .log files are a record of what each Update item did when it was installed. Obviously, these files are most useful immediately after you run Windows Update. If the system has a problem with the Update, you can uninstall it with the NtUninstall data or troubleshoot the problem by using the .log file.

But Gene’s system was stable, and he had no need or desire to uninstall his Update items, so all those files could be deleted. (Note: Windows will prevent the deletion of some NtUninstall items, but the vast majority can be dumped.) Removing the unneeded files cleaned up and shrank Gene’s Windows folder considerably, but still didn’t do much to help with the slowdown.

To be honest, I already had my suspicions about what the problem really was, but was hoping I was wrong. That’s why we pursued the simpler cleanup options first.

Symantec security suite slows performance

You see, Gene was running the full Symantec/Norton security suite. I used to be a huge fan of Norton products, going all the way back to when Peter Norton was personally involved in making them. (Symantec acquired the rights to continue to use the “Norton” name when they bought Peter’s company years ago.) Over time, what were once Peter’s lean, functional, powerful programs have become larger and larger and require more and more system resources. They are increasingly aimed at users who want a “black box” experience: stick in the setup CD and let the software do its thing without having to think about it very much.

In that regard, the Symantec/Norton stuff usually works pretty well, although system performance takes a hit. With the full security suite running, there are myriad processes bubbling in the background and eating system resources. Yes, the software does work well to protect users, especially “black-box” type users. And, on most systems, the performance hit is acceptable. But on some systems — and I know of no way to predict which ones — the hit is intolerable. The system simply slows down too much.

Gene’s was one such system. We poked around the Symantec suite, turning components on and off, and found that things did speed up as we let the suite do less and less. Gene’s slowdown solution would be simply to uninstall the Symantec suite.

But he had three months left on his current subscription for updates to his suite, so I recommended that he let the subscription run out and not renew it. He could then uninstall the Symantec software and seek less invasive (but still effective) alternative software. The Windows Secrets Security Baseline currently recommends the ZoneAlarm Internet Security Suite, for example.

Of course, because Gene is neither a newbie nor afraid to poke around with software, he may choose to separately select a firewall, an antivirus tool, an antispyware tool, and so on, creating his own security suite from different components.

PrintScreen key saves screenshot to Clipboard

With the slowdown culprit identified, Gene had a final question for me, unrelated to any of the foregoing. He, like many other users, was stymied by the PrintScreen function on his keyboard. It doesn’t seem to do anything.

It actually works fine, but in a very nonobvious way. When you hit PrintScreen, Windows invisibly saves an image of your current screen to the Clipboard. There is no indication whatsoever that this saving has occurred, but if you open a graphics tool (e.g., Paint) or a graphics-capable application (such as Word), you can then paste the image and work on it from there. If you just want a screenshot of your foreground application (not the entire screen), use Alt+PrintScreen to copy just the current window.

In the Canadian Rockies en route to Toronto

With that, I took my leave of Gene and started riding east: my next Housecall was on the other side of North America &#8212 2,600 miles (4,200 km) away &#8212 and I wanted to get there in three days!

Figure 1. Canadian Rockies (click photos to enlarge). The Canadian Rockies are at least as geologically impressive as their American counterparts, but are much snowier due to the colder, more northern location.


Figure 2. Banff, Alberta. Near Banff the mountains become more isolated and monolithic, very different from the chockablock profusion of mountains in the central Rockies.


Figure 3. Vast plains. These wide expanses of land begin very abruptly at the foot of the Canadian Rockies and stretch almost unbroken across the rest of Alberta, all of Saskatchewan, and most of Manitoba &#8212 in fact, almost all the way to the Great Lakes.


In next week’s article, I’ll be in Toronto helping a reader install new hardware for his PC.

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

Good ways to protect your sensitive data

By Mark Joseph Edwards Protecting your data is paramount, especially with the ever-growing risk of Trojans and phishing attacks. This week, I tell you about three new tools that can help defend your data and ensure than any files you delete are not easily recoverable.

Three new security tools from Lavasoft

You’re probably familiar with Lavasoft, publisher of the popular Ad-Aware antispyware tool. The company recently launched three new products: Digital Lock, File Shredder, and Privacy Toolbox.

• File Shredder is a tool designed to erase files from your disk so that they become extremely difficult, if not impossible, to recover. The tool lets you erase individual files or everything in the Recycle Bin, and works by overwriting disk sectors used to store files selected for deletion. File Shredder (U.S. $29.95) overwrites files using any of a dozen different algorithms, including several used by the military and one developed by the notable security professionals Bruce Schneier and Peter Gutmann.

• Digital Lock ($29.95) is basically an encryption program that lets you encrypt files on your disk or files that you might send to people using email. The tool can also shred the original document after an encrypted copy is made. Digital Lock lets you select from various encryption algoritms, including 256-bit AES, 448-bit Blowfish, 256-bit Twofish, 480-bit SafeIT, and MD5 hashes.

• Privacy Toolbox is what you need if you want to use both of the above tools. It’s a combination of File Shredder and Digital Lock in one application ($39.95).

For more information, and to download the apps, visit the Ad-Aware download pages for File Shredder, Digital Lock, and Privacy Toolbox.

How MS’s Malicious Software Removal Tool works

Each month, Microsoft releases an updated copy of its Malicious Software Removal Tool (MSRT). The utility is designed to help remove specific malware after your system has already become infected. Therefore, it’s not meant to act as an antivirus defense but instead acts as a remediation tool.

One of our readers, Norman L. Donaldson, wrote to ask when the tool runs, how to run it again, and whether the tool operates in the background.

First of all, you can get the tool in a number of different ways, including via Windows Update, Automatic Updates, and via Microsoft’s Download Center.

When you download the tool via Windows Update or Automatic Updates, the program runs once as part of the monthly update process. MSRT might not show a dialog box, depending on a variety of factors.

If you want to run the tool more than once a month, you need to download a copy of the program from Microsoft’s Download Center.

Before you use the tool, you should read Knowledge Base article 890830, which covers everything you need to know, including specifics about using the tool with different versions of Windows.

Lightning brings calendar functionality to Thunderbird

In the Jan. 25 edition of this newsletter, I wrote about OpenOffice, which is an excellent and free alternative to Microsoft Office. After looking into OpenOffice, reader Ramiro Anzola wrote to say that it “seems quite impressive. The only element missing from MS Office is Outlook.”

Ramiro is right; OpenOffice doesn’t come with an e-mail client. I think the reason is probably because there are many other e-mail clients already available.

Those of you who use Firefox Web browser might know that the Mozilla Foundation also produces Thunderbird, which is a pretty good e-mail client. However, unlike Outlook, Thunderbird doesn’t have any built-in calendar features. There’s an easy way, though, to add that functionality.

Take a look at Mozilla’s Lightning and Sunbird tools, both of which are full-featured calendars. Lightning integrates directly into Thunderbird. Sunbird is very similar to Lightning, except that Sunbird is a standalone application. Both Lightning and Sunbird are free.

You can keep up to speed with the ongoing development of the code base by reading Mozilla’s Calendar Weblog.

Notepad2 — supercharged replacement for Notepad

Having a good text editor available can be very useful, especially for taking notes, making lists, and quickly editing text-based files. Windows has always included Notepad, which as you you may know is very basic and somewhat underpowered. If you find yourselves using Notepad or other plain-text editors a lot, have a look at Notepad2 by Florian Balmer.

Notepad2 is similar to Windows Notepad, but it’s “supercharged.” For example, Notepad2 offers syntax highlighting for a wide range of file types and different source-code standards. This makes it a really handy tool for stuff like editing HTML, Cascading Style Sheets (CSS), PHP code, JavaScript, VBScript, Perl, batch files, and a whole lot more.

Notepad2 also supports advanced drag-and-drop functionality, various character sets, and has other useful features that you won’t find in Notepad. Plus, Notepad2 doesn’t rely on any Registry settings, so you can easily put a copy on your flash drive and use it as portable software. (See associate editor Scott Dunn’s article this week.)

You can download a free copy of Notepad2 at Balmer’s Web site.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

Internet Explorer 7: missing in action or not?

By Susan Bradley Internet Explorer 7 is back, having been missing in action after the IE team announced that WGA testing was being removed from the IE 7 download. In other post-Patch Tuesday news, Sun Java starts advertising Open Office, and I revisit my misgivings about the recent Outlook Express patch.

Internet Explorer 7
IE 7 is back on Microsoft Update

Various Usenet posters started reporting a few days ago that the download of Internet Explorer 7 was missing from the Microsoft site and unavailable via Windows Update. As of Sunday evening, Oct. 14, it appears the download is back.

The Internet Explorer team announced that they were once again releasing the tweaked version of IE 7, which has its menu bar enabled by default and no requirement that a PC pass a WGA (Windows Genuine Activation) test.

We honestly don’t know why IE 7 was gone for nearly a week. People are assuming that it was removed while the menu bar and WGA changes were being made. The IE team has never explained why the browser couldn’t be downloaded during that period.

Users currently see IE 7 offered up as a high-priority patch. The patch process is now as follows:

Step 1. You get a prompt to install IE7.

Step 2. You see a EULA to approve.

Step 3. Finally, you get a notification that IE 7 will be installed along with the Redmond company’s update to MSRT, the Malicious Software Removal Tool. (See Figure 1.)

Figure 1. Microsoft offers to install the tweaked version of IE 7 and scan using MSRT.

The MSRT update is actually a key step for the successful deployment of IE 7. Microsoft found that several spyware programs were programmed to sense the patching or updating of browsers. The company had to build into the IE 7 install process a way to remove these pieces of malware. This is why MSRT scans your system for malicious software during the install of IE 7.

If you’ve already tried downloading the new IE 7, and you’re having issues accessing the Internet, as I stated in my Oct. 11 column, be sure to check your third-party security software. Knowledge Base article 942818 hints at the issues involved. Third-party firewalls, in particular, are known for mistakenly blocking IE 7’s access to the Internet.

I personally like IE 7’s tabbing and improved security features so much that I’m willing to work through any deployment issues that arise. Even if you mainly use Firefox, ensuring that Windows has the latest version of the IE files keeps your entire system more secure.

Sun Java update offers OpenOffice, too

I was prompted to install a new version of Sun Java this week. It’s one that you should be sure to install, as Java has been a malware infection point in the past.

What I wasn’t expecting was that Sun would take the opportunity to make the company’s new MS Office-like product, OpenOffice, available for downloading if I merely clicked on “More Information.” (See Figure 2.)

Figure 2. Sun uses the system tray to hawk OpenOffice.

When I saw Sun’s advertising down in the system tray, I thought to myself, “What’s next? Microsoft advertising Office 2007 down there?”

It just seems to me that a system-tray patching icon should only let me know that I need to patch my software. Please, Sun, don’t make the system-tray notifier into an advertising billboard. Leave it for what it should be, a notification for patching and nothing more.

The new version of Java, which I recommend that you get, is Java Runtime version 6, update 3. It can be obtained from the Java download site.

If you can first uninstall prior versions of Java, you’d be wise to do so. If you can’t, because some apps you use still need the functionality of an older Java version, be aware that this exposes you to some risk of infection by malware. In that case, be extra-sure you keep your antivirus and antispyware programs up to date.

MS07-056 (941202)
A tentative approval for OE/Windows Mail patch

I held off in my Oct. 11 column from giving my “thumbs up” to MS07-056 (941202). This is a patch for Outlook Express and Windows Mail, the e-mail client built into Vista.

I saw a few folks indicate that a similar issue affects OE and Windows Mail as the one that nags at the new IE 7 download. Namely, third-party security software can interfere with Internet access by Outlook Express and Windows Mail, as described in KB 942818.

In my own tests, I haven’t seen any issues, so I’m giving this patch a tentative OK — as long as you watch for Net access conflicts.

MS07-059 (942017)
Fixes may help you with SharePoint patching

I hope you SharePoint users heeded my warning from Oct. 11 and backed up SharePoint 3 and Office SharePoint Server 2007 before installing Microsoft’s recent patches.

Exchange MVP Vlad Mazek suffered issues with the patches, but found that KB 932091 could be used to fix things up. He documents on his Vladville site how he was able to get his SharePoint sites functional again.

Remember, issues you have with a security patch are a free call to Microsoft — but here’s hoping you don’t develop any reason to call support.

IE 7 flaw with ‘mailto’ and similar protocols

I included a late-breaking news item in my Oct. 11 column on security advisory 943521. The Microsoft Security Response Center posted additional commentary about the problem in Oct. 10.

In a nutshell, if IE 7 is installed on Windows XP (or any version prior to Vista), merely clicking a protocol such as mailto: can let an attacker take over your PC.

IE 6 does not suffer from this problem — it’s an IE 7-specific security regression. The development community is hotly discussing the fact that this isn’t just a Microsoft coding issue. Every vendor that hooks into a browser should be mindful of the security issues that holes like this present.

What does this flaw mean to you, the reader? I’ve seen a few examples of the “bad URI handling” that launch this exploit. A good dose of paranoia, combined with up-to-date antivirus software, is your most effective protection against clicking on malformed “mailto” links and other nasty stuff.

I admit that this level of paranoia means that I’m not even trusting real vendor e-mail attachments these days and don’t open them, either. You’d be surprised at the number of finance-related vendors I deal with who send me e-mail attachments without any prior notification and actually expect me to click on them. These institutions are teaching bad security habits. I’d rather be safe and paranoid, rather than sorry and cleaning up a computer.

Oracle releases 51 patches for databases

On Oct. 16, Oracle released 51 patches. The company’s prerelease bulletin listed five of these as being remotely exploitable — without even requiring any sort of username or password to access your data!

You may think you’re not using or running an Oracle database, but the chances are that some key data-handling that you rely on is.

Database administrators normally take time to test before deploying patches such as Oracle’s. I’m hoping that these admins will jump on their testing and get Oracle’s new patches installed as soon as possible.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.