Keep a healthy PC: A routine-maintenance guide

Keep a healthy PC: A routine-maintenance guide

As with all devices, regular maintenance will keep your Windows PC operating smoothly through the years.

Here are the essential tasks that can help PC users — of all levels — maintain strong, secure, and stable systems.

Last year, Windows Secrets published the Jan. 10, 2013, Top Story, “Let your PC start the new year right!” If you haven’t done much to maintain your PC lately, that article is a great place to start. It’s chock-full of techniques virtually guaranteed to get your PC in the best shape it can be.

Once your PC is in good shape, what then? This article picks up where last year’s article left off.

Simple and routine maintenance is the key

PC maintenance doesn’t have to be time-consuming and tedious. Windows’ built-in functions, with an assist from some third-party tools, can automate much or all of the necessary tasks — making PC maintenance a mostly set-and-forget cinch.

With your PC on a solid maintenance schedule, you’ll enjoy smoother, faster, more stable, and more error-free PC operation all year long!

Oddly, most PC makers don’t include any kind of maintenance schedule in their system’s owner manuals. That might be because PCs are not all used the same way; a “one size fits all” maintenance schedule just wouldn’t make sense.

With that in mind, I’m providing two different maintenance schedules — one for heavily used PCs, another for lightly used systems. Here are some specifics:

Heavy use: Many Windows Secrets readers (including me!) use their systems every day, often all day long, for a myriad of small-office and recreational tasks. We depend on our machines for communicating, research, bill paying and banking, audio/visual pursuits, shopping, and many other activities. In other words, our PCs get a lot of use.

In addition, we not infrequently install new software, and we often modify Windows and application settings to suit our own needs and preferences. Because our PCs are vital to our day-to-day life, we typically pay close attention to their health; we keep Windows and all other software up to date.

Light use: Other PC users (probably the majority) are on their personal systems far less frequently — perhaps an hour or two a day or even less — and primarily for basic activities such as email, Web browsing, or listening to music. (Many of these users spend their work hours on IT-managed machines.)

Lightly used PCs are treated somewhat like an appliance — say, a toaster. The system’s capabilities are relatively fixed, system settings are rarely altered, and software is infrequently updated or changed.

Of course, not every PC falls neatly into one of these two categories. So keep in mind that the maintenance schedules described below are suggestions. Use them as a starting point, and feel free to make adjustments as you see fit.

A final note for all who provide ad-hoc PC support for family and friends. Consider sending them a link to this article, along with your suggestions for a maintenance regime they’re likely to keep. That could make their lives a little easier — and yours, too!

Most important, once you’ve settled on a maintenance schedule, stick with it. For tasks that can’t be automated, consider setting up a routine in your digital calendar — or print it out and stick it to the wall beside your PC. It’ll pay off in a big way throughout the years!

How to use the included maintenance schedules. The tasks listed in the tables below are, out of necessity, tersely worded. If anything looks unfamiliar or is unclear, don’t worry: you’ll find fuller explanations and plenty of how-to information in the text that follows the tables.

Using these tables is a piece of cake. Pick the one that comes closest to your computing style, review the listed tasks within it, and then look for the specific task header below for full details. Note that the charts in this article are images. You’ll find customizable Excel versions in the related Windows Secrets Lounge thread. (See the link at the bottom of this story.)

Figure 1. The heavy-duty PC-maintenance chart. This suggested combination of automated and manual tasks should keep even the most heavily used PCs running well.

Figure 2. The light-duty PC-maintenance chart. For these systems, you can mostly employ automated, set-and-forget procedures.

The nitty-gritty of regular maintenance tasks

Here are the specifics — category by category — including links to how-to articles and free software.

► Security:

• Anti-malware tasks: For maximum security, use an anti-malware tool that offers continuous, always-on protection. It should update itself and scan your system for malware on a fully automated schedule — and on demand.

  There are dozens of good anti-malware tools available. Here are some popular free apps to consider — and you’ll find many more, free and paid, with a simple Web search.

  – Microsoft Security Essentials/Windows Defender. Both are available as free downloads (site) for XP, Vista, and Windows 7. Defender is built into Windows 8 (no separate download needed). For more info, see the April 4, 2013, Top Story, “Microsoft’s six free desktop security tools.” Note: Microsoft Security Essentials and Windows Defender work best for experienced users. The following free alternatives might be better choices for less experienced users.

  – Avast Free Antivirus (more info)

  – AVG Antivirus Free (info)

  – Avira Free Antivirus (info)

  – Comodo Antivirus (info)

  Most anti-malware tools let you choose both quick and full scans. A quick scan typically targets just the hard disk areas where malware most commonly resides and takes just a minute or two. Full scans examine most or all of the files on your PC; it’s much more thorough but also takes much longer.

  The above maintenance tables suggest that you run both quick and full anti-malware scans at given intervals. Check your anti-malware tool’s help system for specific information on setting the frequency and type of scan — and for establishing an automatic-scan schedule.

• Verify anti-malware is up to date. Set your anti-malware app to auto-update regularly — ideally, every day. Check weekly that the app’s automatic updates are actually being installed.
• Anti-malware: Full scan with standalone scanner: A separate standalone scanner is used periodically to verify that your main anti-malware tool is doing its job properly — and to remove any malware that made it past your primary defenses. Many such tools are available; most are free. For more on these apps, see the April 11, 2013, Top Story, “A dozen tools for removing almost any malware.”
• Check Updates: Verify that Windows is fully up to date by opening Windows Update (e.g., via Control Panel/System and Security/Windows Update) and clicking the Check for updates link. While you’re at it, check other important software — especially browsers, Java, and Adobe Flash — via each app’s update mechanism.
• Verify firewall: Firewalls are usually reliable, but they can be compromised by malware, accidental settings changes, or software problems. Verify that your firewall is working properly with any of several simple, free, and fast testing tools such as Steve Gibson’s ShieldsUP site and the HackerWatch site. For more info, check out the March 11, 2010, LangaList Plus column, “Let’s put your firewall to the test” (paid content).
• Change passwords: You can significantly improve your online security by regularly changing all passwords. And never use the same password on different sites. If your cranial data storage isn’t up to the task (mine sure isn’t!), password-management software makes keeping dozens or even hundreds of passwords easy. (See the Oct. 17, 2013, Top Story, “Protect yourself from the next big data breach”; skip down to the section labeled “Stepping up to a standalone password manager.”)

► Cleanup:

• Clean temp files: The more you use your PC, the faster Windows accumulates various temporary files and folders. Left unchecked, the number of temp files can become massive, wasting disk space and dragging down system performance. There are many excellent disk-cleanup tools available, including Windows’ own cleanmgr.exe (see the March 13, 2008, LangaList Plus article, “Using Windows’ hidden Disk Cleanup options”; paid content).

  However, free third-party tools offer more options and easier automation. See, for example, Piriform’s free CCleaner (site) or the other tools discussed in the Nov. 10, 2011, Top Story, “Putting Registry-/system-cleanup apps to the test.” A Web search will reveal even more cleanup options.

• Clean Registry: Windows offers no built-in way to remove obsolete and erroneous Registry entries. Fortunately, many of the same cleanup tools mentioned above (e.g., CCleaner) can declutter Windows’ Registry. A Web search will reveal more Registry-cleaner apps. Beware, however, cleaning suites that over-promise their ability to greatly improve system performance. (See the Nov. 10, 2011, Top Story, “Putting Registry-/system-cleanup apps to the test”.)
• Remove obsolete update files: All versions of Windows — XP through Win8.1 — retain copies of old Windows Update files, even when those updates no longer serve a useful purpose. If your PC has been in use for several years, it’s likely that you’re carrying around multiple gigabytes’ worth of these unnecessary files! Delete them using the techniques described in the Jan. 9 LangaList Plus column, “Clean out obsolete, space-consuming update files” (paid content).
• Uninstall unused apps. Streamline your system by removing old, unneeded, unused, or obsolete applications. It’s typically a simple, straightforward process — use Control Panel’s uninstall applet (e.g., Win7’s Programs and Features) or the uninstall tool that came with the no-longer-needed software.

► Data Integrity:

• Data integrity is all about backups — making sure that your data will be safe, no matter what.

  As most Windows Secrets readers know, there are three primary types of backups. Incremental backups (including Win8’s File History), copy only those files that have changed since the previous backup. These backups are typically fast and small. Full backups copy all targeted files, even if they’ve been archived in previous backups. Image backups capture everything on the disk; they are slow to create, but they can quickly restore a system to its exact condition when the image was created.

  Backups used to be a hassle, but automated tools now make them set-and-forget simple. There are many third-party backup tools available, but I recommend trying Windows’ built-in offerings first. After all, you’ve already paid for them!

  Previous Windows Secrets articles have all the information you’ll need about Microsoft’s backup systems:

  – Win7, Vista, XP backups and imaging: See the May 12, 2011, Top Story, “Build a complete Windows 7 safety net.”

  – Win8, 8.1 backups: See the July 11, 2013, Top Story, “Understanding Windows 8’s File History.”

  – Win8’s imaging: See the October 10, 2013, Top Story, “Creating customized recovery images for Win8.”

• Verifying backups is a simple matter of opening your backup tool and making sure that the backup files and/or images are actually being created — in the correct location and on schedule.

► Disk health:

• Chkdsk, defrag, SMART: Windows’ built-in “Check Disk” (chkdsk.exe) and defragmentation (defrag) tools might be all you need to verify and maintain your disk’s basic health. (Note: Win8 calls its defragmenter “Optimize.”) In Win7 and 8, the built-in tools know how to recognize and correctly handle solid-state drives (SSDs). For more information and how-tos, see the Jan. 10, 2013, Top Story, “Let your PC start the new year right!”; skip down to the section titled “Check the hard drive’s physical/logical health.”

  Many defrag tools offer different levels of defragmentation, such as quick and full. Quick defrags take only minutes and resolve the worst instances of drive fragmentation; full defrags can take much longer, but they completely reorder your drive’s files for maximum efficiency.

  Most hard drives also collect highly detailed disk-health data via their built-in Self-monitoring, Analysis, and Reporting Technology (aka SMART) subsystem. To look for signs of impending drive trouble, you can use free software to retrieve and analyze this data. See the Sept. 6, 2012, LangaList Plus item, “Using and understanding SMART hard-drive tools.”

• Verify free disk space: Windows needs elbow room to run well. When a hard drive has less than about 15–20 percent free space, Windows can slow down — and some operations such as defragmentation might not run at all.

  Periodically checking that you’re not running out of space is easy. In Windows/File Explorer, right-click on each drive in turn and select Properties. Note the graph and text detailing the amount of disk space used/available. If space is tight, try deleting files and uninstalling programs, use disk compression (see the Sept. 12, 2013, LangaList Plus item, “Two ways to solve a space crunch …”; paid content), or buy a larger drive. (For more info on gaining drive space, see the TechNet article, “Forty ways to free up disk space.”)

► Physical system:

• Clean and de-dust: Most PCs have fans that constantly draw in room air. Eventually, a PC’s cooling system can become choked with dust, leading to unsafe operating temperatures that can cause malfunctions and lead to premature system death. A complete PC maintenance routine includes physically cleaning out your PC from time to time. You’ll find cleaning information in the July 1, 2004, LangaList Plus article, “Right and wrong ways to de-dust a PC” (paid content), and in a Feb. 25, 2005, InformationWeek article, “Getting the grunge out of your PC,” that I wrote for another publication.
• Check drivers, BIOS: Generally, you should replace system drivers and/or update the BIOS only if the system is experiencing some kind of hardware or driver trouble. The one exception is when a driver or BIOS update corrects a security vulnerability — then it’s worth installing. In those cases, visit your system or component maker’s website and see what drivers or BIOS is available for your system.
• Check batteries: All PCs use some kind of battery, if only to run the clock when the system is powered off. Portable devices have larger batteries, and uninterruptible power supplies (UPSes) have still larger batteries. Whatever size, all batteries have a finite life — even rechargeables can withstand only so many recharge cycles.

  Check whatever batteries your devices use, and make sure they’re intact, corrosion-free, and not leaking or bulging. Try running your device entirely on battery power, if possible, to see how long a charge lasts; replace batteries if their power is inadequate for your needs. For more information, see the Jan. 21, 2010, LangaList Plus column, “Extend the life of your laptop’s battery” (paid content).

Maintenance helps only if you do it

This should be obvious, but it’s well worth repeating: once you have a maintenance schedule in hand, stick with it! Regular, routine maintenance doesn’t have to take long, and it can pay off in a big way with a PC that runs smoothly all year long!

How to manage the contents of your hard drive

When Lounge member Moon1130 asked for guidance about when to expand/increase his hard drive, his fellow Loungers in the General Windows forum approached the question differently than he had.

With 68 percent free space in his C: drive, Moon1130 had some time to digest the Loungers’ advice.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Office and Epson scanner stopped communicating
Word Processing	Word: Insert content based on combo box results
Spreadsheets	How to limit what files user can select?
Databases	Link-from-form issue
Visual Basic for Apps	Opening Word template appears as ‘Read-Only’
Microsoft Outlook	Sorting by category?
Non-Outlook E-mail	Cisco filtering emails
Windows
General Windows	When should C: drive be increased/expanded?
Windows 8	Fixing hard disk with Win7 chkdsk: Urgent
Windows 7	Freezes on splash screen after reboot
Windows Vista	Loss of video sound after Windows update
Windows XP	Adding button for new folder in Windows Explorer
Internet/Connectivity
Internet Explorer	Adding favorites options to IE 10
Third-Party Browsers	Chrome update: No video but sound OK
Networking	Win7 Home can’t access Win7 Pro shares
Social Media	How to quit LinkedIn
Software Development
Windows Programming	PowerShell and SendTo
Other Technologies
Security & Scams	Lost Wi-Fi connection after mysearchdial removal attempt
Hardware	Help me design my new computer
Graphics/Multimedia	Easiest software for making logo
Other Applications	Mixing CD tracks to make new CD

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

Are you mad about the costume, pet?

If a certain canine or feline member of your household has recently eaten your socks or shredded your ficus tree, you might want to reflect on what you did to deserve it.

Perhaps it was that silly costume. Dress your pug as a pink unicorn or turn your cat into Santa Claus, and it’s only natural your pet might harbor some resentment — and find a way to express it.

Here’s a compilation of faithful companions who are probably considering their options. Click below or go to the original YouTube video.

Fixes for network access and sharing issues

Sometimes, Windows’ network and file-sharing settings get royally messed up, making access and sharing impossible. Here are some fixes.

Plus: More on relocating default folders, avoiding cloud-encryption “back doors,” and a new Windows Defender Offline for Windows 8.1.

Correcting permissions to re-enable file sharing

Reader Ralph Sandifer encountered a problem I’ve run into myself with Windows’ HomeGroup and traditional networking. Small errors in security settings or networking/file permissions can make accessing shared files and folders on networked PCs all but impossible.

• “Every time I attempt to communicate with another computer on my homegroup, I get an error message stating that it can’t connect — and I get the option to have Windows troubleshoot the problem. Windows Network Diagnostics eventually reports: ‘Your Computer appears to be correctly configured, but the device or resource is not responding.’

  Can you help me?”

This can be one of those tear-your-hair-out problems. The root cause is often buried in hard-to-get-at networking- or security-permission settings. These settings are often so deep-seated that they resist fixes via Windows’ automated repair mechanisms.

But with a bit of work, you can usually get things working properly through one or more manual methods.

By far the simplest fix is to use System Restore to roll back Windows to a point in time when everything worked. If that doesn’t help, try restoring an earlier system image or backup.

No suitable restore point, backup, or image available? Kick yourself — you missed the easy solution, and you’re left with digging through Windows’ many settings.

Start by forcing Windows to rebuild all current network settings — cleanly and from scratch. You can do this via a soft reinstall of the network adapters on all networked PCs.

On each system, open Device Manager, right-click the PC’s network adapter(s), and select uninstall. When Device Manager asks whether you also want to remove the current drivers, select no — leave the current drivers in place. Reboot; Windows will then discover “new” networking hardware. (It’s the same hardware as before, but Windows doesn’t know that.) Windows will then build new network settings from the ground up. For more info on this process, see the July 23, 2009, LangaList Plus item, “How to correct Device Manager hardware errors.” That article is for a different hardware subsystem, but the process is identical.

With luck, that’ll clear things up. But if it doesn’t, the next-most-likely-to-succeed solution is to reset all file/folder permission attributes to their default condition.

For this task, you’ll need a copy of subinacl.exe, a free Microsoft Resource Kit tool designed to let admins quickly modify NTFS file and folder attributes: permissions, ownership, and domain. Using SubInACL, you can, in a matter of minutes, reset the permissions for all files and folders on an entire NTFS hard drive.

A Microsoft Answers thread contains a 10-step how-to on downloading and using subinacl.exe to reset file/folder permissions to defaults.

If that doesn’t work, your options narrow down rapidly. You’ll probably have to edit your file/folder security attributes. Alas, it’s not a particularly easy thing to do. Microsoft Support article 313222, “How do I restore security settings to a known working state?” lists the options.

Fortunately, the simpler fixes — System Restore or restoring a full system backup — almost always work!

More on relocating Windows’ default folders

After reading the Dec. 19, 2013, column, “Why relocating default folders is no longer wise,” Frank Glaser asked for some amplification.

• “What about My Documents, My Pictures, My Music, and My Videos? Is it unwise to relocate them, too?

  “I’ve got about 700GB of data in those folders, which I relocated to a separate internal hard drive.

  “Doing so made creating backup images of C: much faster. Because they’re relatively small, I can keep lots of C:-drive images. And, if I have to roll back Windows, my data isn’t affected.”

I have good news and bad news. Let’s start with the bad news: as Windows becomes increasingly self-maintaining, it expects to see all its default folders in their normal places. Moving Windows’ default folders might interfere with system self-maintenance — and even prevent smooth future upgrades of your operating system! Especially with Windows 8 and beyond, it’s time to stop relocating default folders.

But here’s the good news. You still can put your files anywhere you want! Leave the default folders in place, even if they’re mostly empty. Then, use Windows’ Library function to include files you’ve placed elsewhere. They’ll be in the same virtual location as the default folders.

For example, leave your default My Pictures folder alone, but put all or most of your photos on another drive. Then include the My Pictures folder along with other photo folders you’ve created in a single library. Give the library a name such as “Pictures.” Your photo folders will then function as if they’re all in one place, but you won’t be messing up the default folder structure that Windows increasingly expects to see.

To keep your system images fast and small, tell your backup tool to exclude libraries and anything not on the C: drive.

Libraries take a little getting used to. For more information, see the March 10, 2011, Top Story, “Make the most of Windows 7’s Libraries.” Win8’s libraries work the same way.

Is there a back door in Boxcryptor?

After reading the Dec. 12, 2013, Top Story, “Pre-encryption makes cloud-based storage safer,” reader Ian Smith had a disturbing thought.

• “Fred, how do we know that Boxcryptor does not have a back door? Sad that we now have to be this suspicious.”

I agree; it is sad. But there’s really no way for end users to know whether any given piece of software might contain a back door.

But if you use Boxcryptor along with the automatic encryption built into most cloud-storage services, a hacker — even one on a government payroll — would have to breach two separate systems to decrypt your data.

That still doesn’t guarantee absolute privacy; this level of certainty simply doesn’t exist online — never has! But double encryption will certainly secure your data against the kinds of financially motivated hacking and identity theft that make up most of the online malfeasance we see today.

So, even though 100 percent security is unrealistic, you can still tilt the odds heavily in your favor. And that’s about as much as any of us can do these days.

No Windows Defender Offline for Windows 8.1?

Steven Vas was surprised when he discovered he couldn’t run Microsoft’s self-contained and bootable anti-malware scanner — Windows Defender Offline — on his new Win8.1 PC.

• “I’ve updated from Windows 8 to Version 8.1. Since updating, I’ve been unable to download and install Windows Defender Offline (WDO). I get a message stating, ‘Setup can’t be used on your operating system. Your version of the operating system is not supported by this program.’ I contacted Microsoft but didn’t get a satisfactory answer about WDO updates.

  “Do you have any solution to my (and, I assume, others’) problem? I’ve found WDO very useful on previous versions of Windows. Any information/solutions will be welcomed.”

You’re right, Steven: the original Windows Defender Offline simply won’t work on Win8.1. Microsoft is working on a new version, which is currently available as beta software (download site).

But why use beta software when other perfectly good standalone software scanners are available?

My favorite self-contained, bootable anti-malware scanner is Kaspersky Rescue Disk (free; site).

But you’ll find other excellent (and free) choices listed in the April 11, 2013, Top Story, “A dozen tools for removing almost any malware.”

Check ’em out!

Enhancing KeePass: Plugins and other tools

KeePass Password Safe might be the best solution for an open-source, free password manager, but that doesn’t mean it’s perfect.

Luckily, as with many open-source apps, a slew of add-on tools makes KeePass more powerful and customizable than most competing products.

Creating your personalized application

In the Jan. 9 Best Software article, “Why and how to use an open-source password manager,” I discussed the basics of password managers and why I think an open-source product such as KeePass Password Safe 2.24 is the best option.

KeePass, like any good password manager, can keep track of your sign-in credentials, create new passwords that will take centuries to crack, and store all of that information where no one else can get at it. But KeePass isn’t perfect — at least not the version you initially download and install. It doesn’t, for instance, integrate well with common browsers (unless, of course, you consider Windows’ clipboard a form of seamless integration). And though KeePass runs fine on a Windows machine, it won’t help you on phones and tablets running Android or iOS.

But true to its open-source roots, KeePass does accept third-party plugins, making it relatively easy for developers to build add-on applets that enhance and customize the base application. You’ll find an entire host of useful and interesting add-ons on the KeePass Plugins and Extensions webpage.

Keep in mind that anyone with some coding skills can make and post KeePass plugins. So it should be no surprise that some of the password manager’s enhancements don’t work well — or make sense. For example, you don’t really need a separate tool for backing up your password database; it’ll get saved with the rest of your data when you run your regular backup routine.

That said, here are four free KeePass enhancers that do work — and also fix some of the password manager’s initial deficiencies. The first two let you integrate KeePass with Google Chrome and Firefox. (I haven’t found an Internet Explorer solution worth recommending.) The other two let you access your passwords from a smartphone or tablet.

KeePass and browsers: Just getting along

Many people store their passwords in their browser. It’s convenient — the browser automatically fills in your security credentials — but it can also be risky. Browser-stored passwords are notoriously easy to hack. You’re also vulnerable if you tend to leave your browser up and running for long periods of time.

Non-browser-based password managers provide much better password security, but they can be far less convenient. KeePass, for example, requires that you enter its master password, find a website’s entry within the program, click the button that opens the associated webpage in your browser, click the site’s username field, and then tell KeePass to autotype the sign-in information.

Fortunately, add-ons such as chromeIPass and KeeFox make signing in to sites faster and easier. You still have to open KeePass and enter the passwords — there really is no other way to be truly safe — but once you’ve done that, signing in is almost as convenient as using a browser’s automated password-entry system.

These aren’t perfect solutions. You’re bound to come upon sites that just don’t work with apps such as chromeIPass and KeeFox. In those instances, you’ll have to enter your username and password manually. But if that happens with, say, two out of 10 websites, it’ll still make the task of securely signing in to sites with unique passwords much easier.

(Note: To avoid potential conflicts between password managers, consider turning off your browser’s built-in password-saver before setting up and using these KeePass plugins. In Chrome, go to chrome://settings/ and then scroll down to the Show advanced settings link. Click it, scroll down to Passwords and forms, and deselect Offer to save passwords I enter on the Web. In Firefox, select Tools/Options/Security; in the Passwords section, deselect Remember passwords for sites.)

ChromeIPass: Connecting KeePass to Chrome

Perry Nguyen’s chromeIPass makes Chrome and KeePass work together — at times, to the point of complete transparency. Once the plugin is set up, simply go to a site’s sign-in page; your username and password are then automatically entered — usually.

On some sites, signing in with chromeIPass requires clicking a few buttons and fields. On other sites, it doesn’t work at all (but that’s typically the case with all password-manager automation functions).

Before you can run chromeIPass, you have to download and install the KeePassHttp plugin (site). Save the downloaded file to your KeePass program folder — probably C:\Program Files \KeePass Password Safe 2 or C:\Program Files (x86)\KeePass Password Safe 2. If KeePass is running, close the program and open it again.

That’s how you install most KeePass plugins — but not Chrome extensions such as chromeIPass. Instead, go to the app’s Google webstore page, click the big Free button in the page’s upper-right corner, and then confirm your choice.

You’ll now have a KeePass logo in the upper-right corner of your Chrome window. The first time you click it, you might be told that you need to configure it. Just press the Connect button and then, in the dialog box that opens, enter any text string into the Key name field.

After that, signing in will usually be easy. Again, when you go to a site’s sign-in page, more often than not the username and password will fill in automatically (assuming that KeePass is open, of course). If it doesn’t work properly, click the KeePass icon in the browser, then click Choose own credential fields for this page (Figure 1). An overlay page will help you tell chromeIPass where to fill in the blanks (Figure 2).

Figure 1. The Choose own credential fields for this page button lets you define a website's sign-in fields for KeePass.

Figure 2. ChromeIPass steps you through sign-in field selection.

Occasionally, you’ll find a page that simply won’t work with chromeIPass — but not often.

KeeFox: Simple KeePass/Firefox integration

There’s a chromeIPass work-alike add-on for Firefox called PassIFox (site). It even requires KeePassHttp.

But I think Firefox users have better options for KeePass integration. My favorite tool is Luckyrat’s KeeFox (info). KeePassHttp is not required.

On Mozilla’s KeeFox download page, click the big Add to Firefox button and then click Install Now. After you’ve shut down and restarted Firefox, you’ll find yourself at a KeeFox tutorial website. Don’t worry about it. This program is so simple you don’t need a tutorial. You might also see a request to set up KeeFox. Simply press the big Setup button. You should be done.

KeeFox adds another toolbar to Firefox. If KeePass is closed, you won’t find much there, but if you click the Logged Out button, it will open KeePass and let you enter your password. And once you’ve done that, the Logins menu comes alive. (Initially, you might see a popup bar in Firefox with a Load my password database … button. That should go away once KeeFox is fully set up.)

The Logins menu (shown in Figure 3) provides access to your KeePass categories and items — although it’s limited to those with an entry in the URL field. Select one, and Firefox goes to the appropriate page and fills in the required sign-in credentials. (The URL in KeePass must point to the sign-in page, not the homepage, if they are different.)

Figure 3. In Firefox, the KeeFox add-on makes it quick and easy to access KeePass-stored sign-in credentials.

You don’t have to use those menus. As with ChromeIPass, KeePass often fills in your credentials automatically when you go to the sign-in page.

Another nice touch with KeeFox: You can right-click an item in the Logins menu and select Edit login to open the KeePass entry dialog box.

KeePass for Android and iOS: Passwords on the go

You’re not always at your computer when you need your passwords. If you carry a tablet or smartphone, you’ll want your passwords there as well.

KeePass doesn’t directly support either Android or iOS. But thanks to the program’s open source code, you can find plenty of KeePass-compatible apps for both platforms.

However, with these mobile apps, your password database file will live in two or more devices. Obviously, you’ll want keep them synched. You can solve this problem with a cloud-based storage service such as Dropbox or SkyDrive. When you change a password on one device, it will sync with the others.

Unfortunately, these tools don’t sync as transparently in Android or iOS as they do in Windows. For instance, on both my Windows PCs, all files in my Dropbox folder are always up to date — it just happens automatically. But on my iPad and my Android phone, I must open Dropbox on each device and wait for changed files to upload and download. That’s just asking for trouble when changing an important file on multiple devices.

The solution: Use a KeePass-compatible app that directly supports Dropbox (or your preferred storage service). That way, the app keeps your password database in sync.

Keepass2Android: Up-to-date passwords everywhere

For Android use, I recommend Philipp Crocoll’s Keepass2Android (Google play store page). It’s safe, it works, and it has some extras.

For instance, the app integrates with Chrome. When you’re at a sign-in page in your browser, you can tap the menu, select Share, then select Keepass2Android. After you enter the KeePass password, you’ll be asked to change your input method to Keepass2Android. This adds to the keyboard an icon for pasting in the right information (see Figure 4).

Figure 4. Keepass2Android added to the Android keyboard

You can also use Android’s standard copy-and-paste function, although Keepass2Android doesn’t offer a Copy Password button to make that chore easy. But if you’re comfortable with Android, you’ll know how to copy a password. (Tap the eye icon near the top of the screen so you can see the password; then tap and hold the entry’s password until it becomes selected. Tap the copy icon in the upper-right corner.)

Keepass2Android fully supports Dropbox, Google Drive, and SkyDrive — and does so transparently. The app downloads your database file when you open it and uploads it again automatically when you alter it. Your passwords will remain synched across all your devices.

Keepass2Android contains one convenient feature you probably shouldn’t use: QuickUnlock. This option lets you open the password database with only three letters from your master password. That might make it quicker to open your password vault, but it also makes it easier for someone to break in. I recommend leaving this option unchecked.

MiniKeePass: The best of a disappointing iOS lot

I wish I could recommend an iPhone/iPad/KeePass-compatible app that syncs flawlessly with your cloud storage service. Oh, there are plenty of KeePass-compatible apps that claim to support Dropbox and its competitors. But when you look at them, there always seems to be a problem. Either they don’t really synchronize, or they have some other, serious flaw — such as not supporting KeePass 2.x files.

So I’m reluctantly recommending Flush Software’s MiniKeePass (no pun intended — at least on my part — with the company name). Why? It’s simple, easy, and free — and it works.

And it sort of works with Dropbox. You can open your Dropbox app, select your password database file, and tell Dropbox to open it in MiniKeePass (see Figure 5). This will download the file into MiniKeePass’s own local storage space. But if you add or alter something, your changes will be saved only locally.

Figure 5. Opening the MiniKeePass vault in iOS Dropbox

I handle this shortcoming by pretending that MiniKeePass is read-only. I download the most up-to-date file to MiniKeePass, but I never make password changes within the app. That way, I don’t have to worry about the databases getting out of sync.

Otherwise, this is a simple, workable password manager for iOS devices. Just tap and hold on an entry’s username or password to copy it to the clipboard.

An elusive goal: security with ease of use: When it comes to maintaining passwords, there are no perfect solutions. How can there be? Anything that makes it too easy will make it less secure. But KeePass, mixed with the right supporting programs, can give you the right balance.

January updates: Something new, something old

Good news! We’re sliding into the new year with relatively few security updates — and a possible fix for the Windows XP Svchost issue.

There is one oddity this month: a rarely seen reissue of a troublesome Windows kernel update.

Is the XP Svchost debacle finally fixed?

On my office network, there’s a server that hands out updates to all attached Windows workstations. The server routinely sends me notifications whenever there’s any sort of unusual event. Recently, one such alert really caught my interest: 613 updates had “expired” off the server. In other words, Microsoft flagged them as useless members of the update team and voted them off the island.

Many of these now obsolete updates were very old Internet Explorer patches; a considerable number of those were the updates blamed for the recent XP Svchost issue. As you’ll recall, svchost.exe — a common Windows system process/service — runs amok on some XP systems, making the machines completely unusable for several minutes or hours. Some users solved the problem by manually installing all IE updates.

Why should my aforementioned server notification interest XP users? It’s likely that those updates expired on my server because Microsoft had retired them from its master update server. With the problematic updates now effectively gone, the Svchost issue should be fixed. I asked Microsoft whether this was the case but did not receive a reply in time for this column. If I hear back, I’ll post that information in the Windows Secrets Lounge. In the meantime, any XP users who’ve been affected by Svchost should check whether they still have the problem. Let me know in the Lounge, using the link at the bottom of this column.

What to do: Use XP’s Task Manager to see whether svchost.exe is consuming excessive CPU cycles.

MS14-002 (2914368)

XP systems get a fix for a zero-day threat

Those XP users paying any attention whatsoever know it’s nearly midnight (April 8, 2014) for official Microsoft support. Nevertheless, XP updates are still coming out of Redmond. Impacting only XP and Server 2003 systems, KB 2914368 clears up a zero-day vulnerability first seen in the wild this past November.

By itself, a hacker would need local access to a targeted system to exploit the flaw fixed by KB 2914368 (rated important). But as noted in a Nov. 27, 2013, FireEye Labs blog, attackers combined this vulnerability with a remote-control exploit that used malicious PDF files. This is another example of hackers’ combining exploits to crack systems.

If you’ve already installed the fix it provided in MS Security Advisory 2914486, remove it before installing KB 2914368. If you don’t, you might find that dial-up and virtual private networking connections no longer work.

What to do: Given reports of attacks on XP systems, install KB 2914368 (MS14-002) without delay.

MS13-081 (2862330)

A do-over for a Windows kernel update

On the rare occasions when Microsoft reissues a patch, it’s a public acknowledgment that something wasn’t done right the first time. KB 2862330 was originally released last October, and now Microsoft is releasing it again. It’s one of several kernel patches included in MS13-081 and applies to all versions of Windows. In the Nov. 28, 2013, Patch Watch column, I concluded: “If you installed KB 2862330 and your USB devices work properly, keep it installed. Otherwise, leave it uninstalled and hidden in Windows Update.”

Apparently, that was a good call. This Patch Tuesday’s release of KB 2862330 is supposed to fix instances where the patch failed to fully install on some systems with certain third-party drivers.

What to do: This might be a reissue, but it’s still a kernel update. Put KB 2862330 (MS13-081) on hold for now. I’ll keep an eye on it and give an update in the next Patch Watch.

MS14-001

Reinforcing the unknown-attachments rule

A long-standing — and too-often ignored — rule for safe computing is to not open attachments you’re not expecting. The three vulnerabilities fixed by KB 2916605 are more proof of that axiom: they can be exploited only if users open malicious Word or related documents in MS Office.

If you regularly receive email attachments from unknown or little-known sources, you might consider opening them on a non-Windows system — or make sure you have full and recent backups and don’t mind rebuilding your PC from time to time.

Office 2010 users might not see Word updates offered if they installed KB 2837593 or 2837590 last month. For all other versions of Office, expect the following:

• KB 2827224 and 2863834 for Word 2013
• KB 2837615 for Office compatibility pack
• KB 2837617 for Word 2007
• KB 2863866 for Word 2003
• KB 2863867 for Word Viewer

What to do: Install any of the updates listed in MS14-001 as soon as they’re offered.

MS14-003 (2913602)

A Windows kernel update just for Win7

Typically, kernel-mode driver updates impact all supported versions of Windows. But KB 2913602 impacts only Windows 7 workstations and systems running Windows Server 2008 R2 SP1. The update is rated just important because an attacker must be able to sign in to a targeted system locally with valid credentials.

Regular Patch Watch readers know that kernel updates can conflict with installed antivirus software — or have other issues. So I’m going with my usual recommendation: hold off installing this update until we know there are no unwanted side effects.

What to do: Put KB 2913602 (MS14-003) on hold until I give the all-clear.

MS14-004

A fix for the somewhat obscure MS Dynamics AX

To close out January security updates, four updates (KBs 2914055, 2914057, 2914058, and 2920510) fix a vulnerability in Microsoft Dynamics AX. I confess I had no idea what Dynamic AX was until I looked up its Wikipedia entry. It’s Microsoft’s mid-sized business-planning and inventory platform. The software includes general ledger modules, CRM, Accounts receivable, and various other modules to help businesses stay in business.

Because it’s business software and server–based, Dynamics AX updates are available only via the Microsoft Download Center and a Partner Portal site. It should not show up in Windows Update. The patches fix potential denial-of-service attacks that could prevent users from accessing the software.

What to do: If you’re an MS Dynamics AX admin, check out MS14-004 for more information on KBs 2914055, 2914057, 2914058, and 2920510.

Keeping browser add-ons fully up to date

Hard to believe, I know, but there’s no Internet Explorer update this month. But we still have updates for apps used with our browsers.

As detailed in Adobe’s Jan. 14 Security Bulletin, you should now be running Flash Version 12.0.0.38.

Java users need to update to Version 7 Update 51. As noted on the update’s info page, this release blocks self-signed and unsigned applets on Java’s High Security setting. When you complete the update’s installation, you will be given an option to “restore the security prompts for any prompts that were hidden prior to installing the latest release.” Oracle recommends restoring Java application security prompts every 30 days for better protection.

What to do: Watch out for any third-party app offers prechecked in the Java installer. If you still use Java, update it as soon as possible.

Windows 8 nonsecurity patches to put on hold

We’re starting out 2014 with Microsoft releasing numerous nonsecurity Windows 8 and 8.1 updates on Patch Tuesday. As usual, I recommend leaving them for later in the month so there’s no chance of complicating the installation of needed security updates.

Win8 users might see the following:

• KB 2903938 – a rollup update for Windows RT, Win8, and Server 2012
• KB 2904440 – a servicing-stack update for Windows RT 8.1 and Win8.1
• KB 2911101 – another rollup for Windows RT, Win8, and Server 2012
• KB 2911106 – a rollup for Windows RT 8.1, Win8.1, and Server 2012 R2
• KB 2913270 – Windows 8.1 Store improvements
• KB 2913431 – a fix for the Win7 Windows Filtering Platform (possible crashes due to conflicts with antivirus apps)

What to do: Put off installing these updates for a couple of weeks while we wait for any reports of update issues.

Google Chrome 32 out with indicator tabs

Chrome release 32.0.1700.76 for Windows includes 11 security updates, as noted on the update’s release page. But it also adds new tab indicators for sound, webcams, and chromecasting. It’s reportedly a fast way to find out which tab has a site playing unwanted audio. See ExtremeTech’s article on the new feature.

What to do: Open Chrome to receive the latest updates — and check out the new tabs.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

See our “Windows Secrets master Patch Watch chart” post for a more extensive list of recent updates.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.