Help for picking your next anti-malware tool

When your problem turns out to be a known issue

Lounge member (and student) bassfisher6522 signed up for the free educational version of Office 365. Using his school email address, he downloaded and installed the suite and began using it.

All was well until one afternoon when Outlook informed him he needed to reactivate his account. It also reported that his sign-up email address did not exist.

When a bewildered bassfisher6522 asked the Microsoft Outlook forum for assistance, a fellow Lounge member redirected him to Microsoft Office 365 support. Microsoft Support informed bassfisher6522 that he was suffering from a known issue — but did not tell him the cause. After a full uninstall/reinstall, Office now works. But bassfisher6522 still wonders: Did changing a black header border to blue break his original installation of Office 365?

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Easy way to migrate settings to new profile?
Word Processing	Changing file attributes in Word 97
Spreadsheets	Converting external links to values
Databases	Can’t add data to child table
Visual Basic for Apps	Applying macro across 300 workbooks; copying results into master Excel file
Microsoft Outlook	Free school version of Office 365 stopped working
Non-Outlook E-mail	Move Eudora OSE files among computers and preserve folder organization
Other MS Apps	Visual Studio C++ 2010 Express program-compile issue
Windows
General Windows	Annoying Adobe
Windows 8	Installing Win8.1 on Win7 PC under special circumstances
Windows 7	Task Manager crashes
Windows Servers	Max paging file for Win Server 2008 and 2012
Internet/Connectivity
Internet Explorer	Showing Favorites toolbar on IE 11
Third-Party Browsers	Trying to download Google Chrome 39 or 40
Networking	Setting up wireless printing
Software Development
Windows Programming	Automate creation of scheduled task and shortcut to circumvent UAC
Other Technologies
Non-Microsoft OSes	Using Android and Google tablets
Security & Scams	Router hardware/security concern
Maintenance	Interesting changes in latest free versions of CCleaner and Macrium Reflect
Hardware	Buying proper Ethernet cable
Graphics/Multimedia	Suggestions for consolidating and organizing photos?
Other Applications	High Skype CPU usage

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Slightly skewed — but true — American history

In the United States, the fourth Thursday of November is Thanksgiving — arguably the most enjoyable national holiday of the year. There are many myths about Thanksgiving. In this video, John Green, novelist, historian, and video blogger, undertakes to set the holiday in its true context with a swift, wry, and factual retelling of the colonial-America story. It’s a version most of us never heard in school. Click below or go to the original YouTube video

Is it a simple software error — or malware?

The causes of anti-malware failure range from minor system errors to raging, full-blown infections. Here’s how to safely sort things out.

Plus: Security concerns about bypassing Windows’ UAC, a reliable DVD drive suddenly dies, and a free DOS-emulator helps you run very old apps and games.

Anti-malware tool vanishes, can’t be reinstalled

Reader Bill experienced problems with multiple anti-malware tools.

• “Fred, I have a problem that is starting to scare me, and I thought you might give me some common-sense advice.

  “I keep my Win7 Pro system fully backed up and updated. Sometime within the past month or so, my installation of Microsoft Security Essentials [MSE] disappeared. I downloaded a new copy of MSE and attempted to install it, but received a useless error message each time.

  “I then downloaded and tried AVG, Ad-Aware, Kaspersky, Avira, and several others. Not one of them would install, and they all gave different error messages.

  “I resorted to using on-line AV scans, but doing that on a daily basis is ultimately a losing effort. I have Malwarebytes Anti-Malware Premium installed, and it works fine.

  “None of the suggestions in Microsoft forums has worked, though I’ve found only a few posts describing problems similar to mine.”

It sounds like you’ve taken the correct first steps. When any primary anti-malware tool acts strangely — an uncommanded shutdown or uninstall, unexpected reinstall, update failure, etc. — it’s a good idea to immediately scan your system with some other brand of on-demand anti-malware scanner.

At the start of an infection, some malware will try to bypass whatever defenses are present on the system. Malicious code that disables your anti-malware tools might then be able to burrow deep into Windows and prevent the successful reinstallation of any anti-malware software. That’s the symptom your PC is exhibiting!

Using online scanning apps is a good first step, but those tools are best for routine, light-duty checkups and cleanings. They’re often unable to detect and cure deep-seated malware infections that are good at hiding on your system — rootkits (more info), for example.

The best tool for digging out deeply entrenched or unusually clever malware infections is a self-contained, self-booting, anti-malware application.

I suggest you try one or more of the products listed in the April 11, 2013, Top Story, “A dozen tools for removing almost any malware.” Skip down to the section labeled “Heavy-duty, self-booting, malware-cleaning tools.”

If one (or more) of those tools finds and removes malware, you should then be able to successfully install the full-time anti-malware tool of your choice. I wouldn’t reinstall the same anti-malware product you were using — it didn’t do its job; your PC got infected. Instead, try a tool from a different vendor.

If the deep scans don’t find malware on your PC, that’s great! Your problem most likely isn’t an infection. Instead, it’s probably just a software or configuration error. Perhaps some part of MSE (or another tool you tried) didn’t fully uninstall, and its remnants are blocking your ability to install other tools. Or perhaps your PC’s updating system is broken. It’s also possible that your copy of Windows Installer (the program that handles most software installations and setups) is malfunctioning.

Those software/system errors can be remedied in fairly short order.

Start by checking Control Panel’s Uninstall a program applet. If any anti-malware tools appear there, uninstall them if you can.

Next, run a Registry cleanup tool such as CCleaner (free and paid; site) to remove any leftover settings. When the Registry cleaner of your choice is done, reboot your PC and then try to install your preferred anti-malware tool again.

Note: Get the anti-malware application directly from the vendor’s site. For example, to get Microsoft Security Essentials, go to its official Microsoft page. If you download an anti-malware tool from a third-party source, the download package could include unwanted alterations or additions.

If you still can’t install an anti-malware app, make sure that the Windows Installer service is running. (Because Bill has Windows 7, I’ll use that OS for my example. But the steps are similar for other Windows versions.)

• Click the Start button and enter services.msc into the Search programs and files box; then press Enter. When services or services.msc appears in the results list, click it — the Services tool will then open.
• In the right-hand pane’s Name column, scroll down to Windows Installer.
• Right-click it and then click Start, as shown in Figure 1. (Note: If Start is grayed out but the Stop and Restart options are available, the Installer is already started.)
  

  Figure 1. Use the Services applet to make sure that Windows Installer is running.

• Next, in the Services toolbar, click File/Exit.
• Now open an admin-level command window. Click Start/All Programs/Accessories, right-click Command Prompt, and then select Run as administrator.
• You’ll now re-register the Installer service. In the command window, type msiexec /regserver and then press Enter. (Note: This step gives no feedback — there’s no prompt to tell you whether the command succeeded or failed.) Close the Command window.

If you plan to use MSE, also try updating Windows Update Agent — the component that manages MSE installations and updates. Microsoft Support article 949104, “How to update the Windows Update Agent to the latest version,” has the necessary how-to information.

With your PC free of malware, with remnants from obsolete installations cleaned from the Registry, and with Windows Installer and Update Agent refreshed and running, MSE (or any other anti-malware tool) should install properly.

If MSE still fails, there are a few increasingly arcane steps you can try. You’ll find them detailed in two Microsoft sites:

• Windows how-to – “I can’t install Microsoft Security Essentials”
• Microsoft Community thread – “Installation error 0x80070643”

But with luck, these simpler steps will be all you need to get yourself going again!

Concerns about bypassing Windows’ UAC

A key Windows security tool, User Account Control (UAC) is intended to keep us safe from unwanted system changes. But its repeated warnings can get annoying.

The Nov. 13 Top Story, “Ending UAC headaches, once and for all,” showed several easy ways to selectively bypass UAC. However, reader Keith wondered whether it would be just as easy for hackers or malware to also bypass UAC.

• “Fred, thanks for the thorough article about Windows UAC.

  “But the article causes me to ask: If third-party good guys can make a UAC workaround, why can’t the bad guys program the same workarounds into their malware?”

It’s an excellent question, Keith. All the techniques and apps described in that article — both native and third-party — require administrator privileges to run.

In other words, only someone who’s a valid system admin can set things up to bypass future UAC prompts.

For example, when you run WinAero’s ElevatedShortcut freeware, you’re immediately presented with a typical UAC warning (Figure 2).

Figure 2: Tools such as ElevatedShortcut require admin-level permission before they can be used to create UAC-bypassing shortcuts.

So the methods I discussed in the Nov. 13 Top Story are not back-door ways to gain admin-level privileges. None of those UAC-bypassing tools or techniques will work from non-admin accounts.

And the long-standing advice about Windows accounts still stands: Use a standard-user account for your routine, daily Windows operations. Reserve your admin-level account — and perhaps the time-saving UAC-bypass tools I discussed — for those occasions when you really need to make significant system changes.

CD/DVD drive works one day, dies the next

Rick Skelton’s optical drive died under suspicious circumstances.

• “After an overnight Windows update, my CD/DVD ROM drive suddenly stopped working. It spins but doesn’t read or write — it only comes up with ‘insert disk.’

  “I’ve been told that a certain update causes CD/DVD failures. Is this true? Is there a way to fix it without buying a new drive?”

Yes, updates can cause hardware failures. But there’s usually an easy way to fix it.

Windows Update sometimes offers lowest-common-denominator driver updates. These drivers are rarely intended for specific hardware models; rather they’re designed to work with a range of similar hardware from a given vendor.

Unfortunately, a generic driver might be incompatible with a specific optical drive, video board, sound card, or other hardware component. Here are my two rules for driver updates:

• If it ain’t broke, don’t fix it! In other words, if your hardware’s working fine, don’t update the drivers.
• If you do need a driver update, obtain it directly from the vendor’s site, using the hardware vendor’s own recommendations and/or update tools. Don’t use drivers offered by Windows Update or other third-party updating services.

So, Rick, I suggest visiting your system or optical-drive vendors’ support sites and downloading the correct drivers. Once your drive is working again, leave its drivers alone!

(For more details, see the Feb. 21, 2013, LangaList Plus item, “How and when to update your system’s drivers.” Also see the Microsoft how-to article, “Change how Windows installs or notifies you about updates.”)

Free tool runs ancient apps and games

Most older software can be made to run inside Windows. (See the Aug. 7 LangaList Plus column, “Running 16-bit programs on 32/64-bit Windows.”)

But Windows’ compatibility-mode tool and general-purpose virtual machines can’t meet the needs of some early software that was specifically written for long-extinct hardware — for example, graphics boards from Hercules and Tandy or audio boards such as Sound Blaster16 or Gravis Ultrasound.

Bart Gordon found a tool that can help.

• “I’ve been fighting a problem recently. I’m trying to get an old, 16-bit analysis program to run on a Win7 x64 system. The solution I found might be of interest to you. It’s a program called DOSBox (site) — a small-footprint MS-DOS emulator that works with all versions of Windows plus several other operating systems. It was primarily developed to run old games, but it works like a charm for my analysis application. It helps that DOSBox has a very versatile configuration.”

Thanks, Bart!

DOSBox is a type of special-purpose, virtual machine that can emulate some of the nearly forgotten hardware that early software might require.

It’s also open-source and free!

Thanks again, Bart.

Help for picking your next anti-malware tool

Picking the right anti-malware app can be onerous; there are dozens to choose from, and rapidly evolving exploits are constantly putting them to the test.

Fortunately, a few independent organizations such as AV-Comparatives are also testing leading security packages and posting the results.

Anti-malware testing is a snapshot in time

Currently, the not-for-profit organization AV-Comparatives (site) claims to run the most comprehensive suite of real-world malware tests, and it regularly reviews popular free and paid anti-malware packages.

AV-Comparative’s evaluations use nearly 600 malicious URLs found online — including currently active exploits, URLs pointing directly to malware servers, and emails containing malicious attachments. They’re the types of infections Windows users are exposed to whenever they browse the Internet.

The organization posts ongoing test results monthly, March through June and August through November, plus summary reports in July and December. (The organization’s site offers numerous other free reports, including tests of security products for Android phones.)

October’s chart is shown below (Figure 1). It reveals the results of tests of 22 products as well as the free Microsoft Security Essentials app — noted by the horizontal line across the middle.

Figure 1. AV-Comparatives October anti-malware performance chart includes 22 vendors. Source: AV-Comparatives

Two interesting measurements in the chart are false positives and Windows’ “Out-of-box production,” which includes the built-in Defender for Windows 8 and the optional Microsoft Security Essentials for Windows 7. The false-positives number is an especially important stat; more on that below.

When looking at this or any other AV performance table, be aware of numerous caveats. For example, AV-Comparatives notes that while some products might achieve 100 percent protection in the tests, that’s not a guarantee that you’ll see the same level of protection. The tests are extensive, but they don’t include all malware. Moreover, the results are a snapshot in time. Existing exploits can adapt quickly, and new forms are popping up every day. (It’s the reason new virus definitions are offered frequently — and are necessary!)

Blocking good data can cause serious problems

Obviously, we all want an AV package that’s 100 percent effective. But in their efforts to be absolutely thorough, some anti-malware apps flag perfectly safe sites, files, and code as dangerous and block them.

Nearly all AV products have a few false alarms, but frequent flagging and blocking suggests an overly aggressive antivirus monitor. Useful and safe data might be automatically quarantined, never seen by the recipient. False positives are akin to important email messages that get lost in your junk/spam folder.

As noted in a Wikipedia page (see the subsection “Problems caused by false positives”), an AV product that automatically deletes or disables an important file can break important applications — possibly even Windows.

According to the October AV-Comparatives chart, F-Secure blocked around 98 percent of the malware thrown at it. But it also had, by far, the highest number of false positives. Other products were equally or more effective but reported few, if any, false positives. F-Secure’s high number somewhat diminishes its overall effectiveness.

What the AV-Comparatives chart doesn’t show

On the surface, AV-Comparatives’ interactive Real-World Protection Test (site) chart shows results for 22 antivirus applications in simple, colored bars. But if you hover your cursor over the various areas of the chart, popup boxes will show the exact percentages for each product. A dropdown box above the chart lets you sort by anti-malware vendor or performance score. (Note: If you have problems viewing the chart, try a different browser.)

These details show overall relative effectiveness at stopping malware, but they don’t tell us about a product’s price/subscription length, ease of use, or the toll the software takes on your system’s performance.

Obviously, the fees (most are annual) are given at each vendor’s site. Finding information on ease of use and system-resource use requires more research on the Web. Typing “antivirus reviews” into Google or Bing returns a useful list of sites that have compared and tested a host of antivirus applications. Some review sites even offer discount codes for specific anti-malware products.

An important note: Testing an AV product’s ease of use or resource utilization is relatively easy — any competent tech publication or PC tester can do it. But reliable, fair, and accurate testing for malware detection and removal is extremely difficult. Only a few security labs have that capability. AV-Comparatives is one such organization; another is AV-TEST (site). When reading comparisons of anti-malware products, consider the source of the malware-detection/-blocking data.

Here are some of the sites I find valuable when considering my AV tools. Each site has a different perspective and different evaluation criteria — and a different top choice. You should base your pick on which characteristics are most important to you — or to those whose PCs you’re managing. For example, a power user most likely wants a less intrusive AV product; but you might want to install a more aggressive package on a child’s or novice user’s system. (Windows Secrets should, of course, be one of your primary sources for malware news.)

• PC Magazine’s Antivirus section
• PCWorld’s Antivirus-software category
• Laptop’s AV section
• TopTenREVIEWS’ list

Testing AV software’s effects on PC performance

An antivirus/malware detector might block nearly every threat that comes your way (even AV products can’t always protect us from ourselves), but if the app causes slow computing speed or severe disk-access delays, we’re likely to reduce its suite of protections or possibly even turn it off.

You’ll find performance tests at both AV-Comparatives (site) and AV-TEST (site). AV-Comparatives runs several everyday PC tasks to see how a system’s overall performance is affected when a particular AV product is turned on or off. The tasks include copying files, archiving data, installing/uninstalling apps, encoding media, opening Office docs, opening PDFs, and downloading files. The organization also runs Futuremark’s PCMark 8 benchmark suite (more info). Charts in downloadable PDFs summarize the results.

Figure 2. AV-Comparatives October performance results. Even the slowest product in this group had relatively little impact on general system speed. Source: AV-Comparatives

Keep in mind, however, that the results shown by AV-Comparatives, AV-TEST, or any other organization indicate an AV app’s performance only on that organization’s test systems. You might see very different results on your system, depending on its particular configuration of memory, disk, CPU, Windows settings, and applications. In other words, published results are only a general guide to the impact an AV package might have on a Windows system.

In the past, many anti-malware products had a significant impact on overall system speed — especially the big AV suites. That’s far less the case today. As dozens of stripped-down antivirus products became available for download, all anti-malware vendors were compelled to lower system demands. In the above chart, scores range from 1.2 (Avira and Bitdefender; fastest) to 25.3 (Lavasoft). But that breadth of low and high scores could initially be deceiving. In AV-Comparative’s 10 tests, Lavasoft scored “fast” or “very fast” in eight tests — and received no “slow” scores.

More important, the AV-Comparative tests don’t measure an AV product’s impact on system boot time. Depending on the product and system configuration, boot times can be affected noticeably. More frustrating, your PC can seem to boot quickly, only to grind to a virtual halt a few minutes later while the anti-malware system runs some necessary process.

Bottom line: AV software speed tests are one metric in selecting the best product for your system. Give them a higher priority if your system is already relatively slow.

Another metric is, obviously, the ongoing cost of the AV package. Don’t be put off by multiple choices of packages each vendor offers. You’ll have to decide whether any extra features justify higher prices. I recommend sticking to the basics.

Beware the hacker routing of your router

Avast, whose anti-malware software was highly rated by AV-Comparatives, reports that four of five Internet-connected households in the U.S. are at risk of attack via their Wi-Fi-equipped router (DNS hijacking). According to Avast’s research, a survey of 2,000 households found that more than half of the routers had not had their easily hacked default password changed or had no password protection at all.

Hackers can use compromised routers to redirect user data to a malicious site. Think of it as a quick and dirty way to capture your online banking sign-in credentials. Avast, of course, would like you to know about a feature in its latest paid and free AV packages (site) that the company claims is unique. Its Home Network Security Solution specifically guards against router threats such as Domain Name System (DNS) hijacking and weak passwords.

Better yet, simply ensure that your router has a strong password. For safekeeping, write the password down on a small piece of paper and tape it to the bottom or back of your router. That way you’ll never lose it.

Keep in mind that network-access passwords based on WEP encryption are easily cracked. (Even WPA and WPA2 can be cracked if you use a simple, obvious password.)

For even tighter security, create a custom SSID network name. A default SSID such as “Netgear” or “2Wire100” is a flag to hackers that your network might be an easy target. Also consider enabling Media Access Control (MAC) Address filtering in your router’s management console. Every networked device has its own MAC address. Once filtering is set up, only devices with known addresses can connect to the network.

Finally, ensure that firewalls are on, both in the router and in Windows.

PC security is an ongoing task. Set some time aside every few months to review your entire security system. No one else is going to.

A remote Windows Secrets Thanksgiving

To celebrate the Thanksgiving holiday, Windows Secrets’ editor in chief is on the road, visiting family.

This age of Internet everywhere and mobile computing makes remote publishing relatively easy — especially with a bit of preparation.

In this case, the challenge was setting up a temporary, remote office in a home with adobe walls and a wireless router sitting at the wrong end of the house. It’s a networking nightmare. Fortunately, Windows Secrets stories such as Lincoln Spector’s June 20, 2013, article, “Filling Wi-Fi holes once and for all,” plus tips in the Lounge helped provide answers.

The equipment list for the mobile office included a ThinkPad notebook, external monitor and keyboard, two powerline networking adapters, and a small Wi-Fi-equipped router. The setup was fully configured and tested before being packed up for the car journey from Seattle, Washington, to Monterey, California. (The drive included a snowstorm in central Oregon.)

Preconfiguring the portable network proved to be a valuable exercise. Setting up the remote office in Monterey took less than 20 minutes and went without a hitch. The powerline adapters delivered Ethernet from the main Comcast router at one end of the house to the temporary Windows Secrets office at the other end of the house. The portable router’s Wi-Fi provided Internet connections to two notebooks and a smartphone.

Setting up a portable office proved a relatively easy challenge. Perhaps we’ll try publishing from somewhere even more pleasant — such as Hawaii.

For U.S. citizens, Thanksgiving is a time for visiting with family and friends. (As holidays go, it might be the least stressful — unless, of course, you’re the one responsible for properly cooking the turkey.) Windows Secrets readers will no doubt forgive us for newsletters that are a bit smaller than usual.

Among other things, we give thanks for your continuing support. Reader contributions provide most of the revenue needed to keep the lights on at Windows Secrets. And for those who celebrate the holiday, we hope you have an excellent Thanksgiving.

Cleaning up a rough PC-patching month

November not only suffered from several patch do-overs, it also saw a few unexpected, out-of-cycle patches.

As Adobe releases a quick fix for Flash, Google adds SSL-security enhancements to Chrome.

An unexpected update for Adobe Flash

According to an F-Secure post, an October Adobe Flash Player update blocked an exploit named Angler but did not fix the underlying vulnerability. When F-Secure notified Adobe of the partial fix, Adobe responded with an out-of-cycle update.

Given Flash’s vulnerability history and the frequency of updates, you might want to bookmark the “Adobe Flash Player” page, which lists the most current versions and shows the version you have installed. Launch the page in every browser you use.

Windows and Mac users should now be on Flash Player 15.0.0.239. Chrome and Internet Explorer 10/11 users will be updated automatically. (A Chrome Releases page notes that the browser was updated as well. When you next launch those three browsers, give them a bit of time to update before working online.)

As noted in the Nov. 25 Adobe security bulletin, the critical updates give additional protection from exploit CV-2014-8439 (more info).

What to do: Whenever manually updating Flash, watch out for potentially unwanted software offers.

Google slowly backs off SHA-1 support in Chrome

Back in September, a Google post warned that it would begin removing support for Secure Socket Layer (SSL) certificates that include SHA-1 values. A component of data encryption, SHA-1 was found to be vulnerable to attack nearly a decade ago. But it’s still widely used. Windows, Chrome, and Firefox SHA-1 support will officially end in 2017, according to a Wikipedia page.

During the transition from SHA-1, most browsers will probably start displaying warnings that sites you visit are a bit less secure. Those warnings will get more severe as the 2017 deadline approaches.

For example, beginning this month, Chrome 39 will tag essentially all webpages using SSL certificates that contain SHA-1 information as “secure, but with minor errors.” In the upcoming Chrome 40, webpages with certificates that use SHA-1 and expire after Dec. 31, 2017, will be tagged as “lacking security.” In Chrome 41, those same certificates will be labeled “affirmatively insecure,” and the https portion of the related sites’ URLs will be colored red and crossed out.

An Oct. 1 digicert blog post summarizes the SHA-1 issue nicely.

These warnings are important for all who use the Internet because many websites will be slow to migrate off SHA-1 cryptography. On the flip side, if you’ve purchased SSL certs for yourself or your business, I recommend testing your site with an online service such as Qualys SSL Labs’ “SSL Server Test” page. Also, check out the Qualys blog page, “SHA1 depreciation: What you need to know.”

What to do: Watch for security flags in your browser’s URL-address box and review all SSL certificates you’ve purchased.

Microsoft Update broken for XP and Server 2003

As reported by Woody Leonard in an InfoWorld article, some XP users and Windows Server 2003 admins are having problems with Microsoft Update. The root cause appears to be an authcab.cab file with a Nov. 17, 2014, expiration date. Impacted users are essentially blocked from future updates.

For now, the solution appears to be to flip your system back to Windows Update. Again, the problem seems to affect only systems with the Nov. 17 authcab.cab expiration date. (Note: I don’t recommend changing dates on your system; it could lead to other authentication and patching issues.)

Microsoft knows of the problem but has not released even a manual fix. According to Charles Sullivan’s patchmangement listserve post, Microsoft stated that it updated the authorization.xml file with a new expiration date of 2017. That’s great, but to download the new file, you’ll have to run through the old routine of stopping the Automatic Update service and renaming the SoftwareDistribution folder. That’s not a good solution, in my book. I’m looking forward to a better solution after the holidays.

What to do: Stay tuned for more information on this bug.

3000853

Rollup patch for Windows 8 is reissued

As noted in last week’s Patch Watch Update, November will go down as the month of patching do-overs and out-of-cycle updates. Rollup KB 300853, for Windows 8 and Server 2012, was released a second time to fix a flaw that could cause Volume Shadow Copy Service (VSS) backups to fail. Rollups typically contain previously released patches; apparently Microsoft included the wrong version of KB 2996928 within KB 3000853.

What to do: If you’ve already installed KB 300853, I recommend installing the corrected version — even if you’ve not had any problems with the original patch.

3008273

Pushing Windows 8.0 users to Version 8.1

Microsoft also reissued KB 3008273, an update that will automatically migrate Windows 8.0 systems to Windows 8.1. The reason for the second release appears to be a mystery to all but Microsoft.

What to do: If you’re not ready to move to Windows 8.1, don’t install KB 3008273 — and be sure that automatic updating is turned off in Windows Update.

3000850

Avast runs afoul of a Windows 8.1 update

November’s Win8.1 rollup update was significantly larger than most. And the more patches rolled up into one update, the greater the potential for problems. In this case, some users of Avast Antivirus ran into serious conflicts with KB 3000850, as noted on various websites. A Tech Worm article discusses the problem with Avast and also notes other issues with the update.

What to do: Given the size of this update and the likelihood of more problems, I recommend keeping KB 3000850 on hold for a while longer.

MS4-079 (3002885)

Quiet month for Windows kernel fixes

I was pleasantly surprised that KB 3002885 appears to be a painless update. The patch prevents possible denial-of-services attacks using malicious TrueType fonts.

What to do: Install KB 3002885 (MS14-079).

End of the month, nonsecurity update recap

November’s numerous nonsecurity fixes have been out a bit over two weeks, and I’ve not run across any reports of problems with the following updates. For more information on Office updates, see MS Support article 3012392.

Windows 7

• 2977759 – Windows 7 RTM compatibility
• 3004469 – vLite Vista to Win7 upgrading

Windows 8 and 8.1

• 2976536 – Windows Defender update
• 2976978 – Windows 8 and 8.1 compatibility
• 3000853 – November rollup update
• 3003663 – Camera formats
• 3003667 – Camera formats
• 3003727 – USB 3.0 debugger fix
• 3008188 – Cumulative fixes and improvements
• 3008627 – Unexpected UAC prompt after KB 2918614

Office 2007

• 2597972 – PowerPoint: User experience with OLE objects
• 2899525 – Outlook: Junk-mail filter

Office 2010

• 2589386 – Office: PDF text display
• 2687275 – Office: Pivot-table issue
• 2837602 – Office: Server linking
• 2878251 – PowerPoint: User experience with OLE objects
• 2889828 – Office: German and French proofing tools
• 2889935 – Excel: Pivot-table issue
• 2899521 – Outlook: Junk-mail filters

Office 2013

• 2837654 – Office: Searching Help issue
• 2863859 – Access: Crashes when using Portuguese (Brazil) language setting
• 2881008 – Office: Improved language localization
• 2889857 – Office: German, French, and Russian proofing tools
• 2889936 – PowerPoint: Several improvements
• 2899493 – Office: Inkjet error messages; Offline Address Book downloading; other fixes
• 2899500 – Word: Document Inspector
• 2899504 – Outlook: Certificate errors; Offline Address Book fix
• 2899506 – Outlook: Junk-mail filter
• 2899509 – Excel: Multiple issues when using pivot tables
• 2899510 – Office: Various OneDrive issues

Other updates

• 2899497 – Visio: Error messages; slow responses
• 2899507 – Lync: various issues; check known issues and prerequisites
• 2899513 – OneDrive for Business: Various improvements

What to do: Install when you’re ready.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page. See our “Windows Secrets master Patch Watch chart” post for a more extensive list of recent updates.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.