Make your computer dual-boot Vista and XP

Make your computer dual-boot Vista and XP

By Scott Dunn It’s getting harder to buy a new computer with Windows XP installed and — after Microsoft stops selling XP on June 30, 2008 — it will become nearly impossible. Fortunately, you can have your XP cake and eat your Vista, too, by setting up your system to boot between the two operating systems.

Add an XP option to your new Vista system

If a new computer arrived in your recent past, or you plan to buy one in the near future, chances are it will come with Windows Vista installed. Although some manufacturers still give you the option of getting XP on your new system, that option is likely to dry up for most consumers later this year when Microsoft stops selling Windows XP.

If you’re not ready to dive into Vista all at once, there is an answer: set up your Vista computer to dual-boot between Vista and XP.

In this article, I’ll tell you how to make your PC give you a choice between Vista and XP every time you start up. In a separate article coming soon, I’ll give you some additional tips that save disk space on a dual-boot system.

Although some sources, such as Computer Shopper Magazine, advise that you need an add-on product like VistaBootPro to dual-boot, you can accomplish the same thing without any additional software other than the two operating systems.

Before starting, make sure you have your Windows XP install discs ready as well as your Windows Vista DVD. In addition, it’s a good idea to make a complete system backup before beginning an operation like this.

Once you’ve laid that groundwork, you’re ready to go to work:

Step 1. In Vista, click Start, type diskmgmt.msc, and press Enter. Click Continue if prompted by User Account Control.

Step 2. Right-click a drive and choose Shrink Volume. Specify the amount to shrink, which in this case is the amount you want for your XP partition. At a minimum, you’ll need around 2.5GB for XP Pro SP2. I suggest you select a larger partition to leave room for updates and other files that may need to be on the same drive as XP. Because I wanted a 5GB partition, I typed 5000 (representing 5,000 megabytes) in the available box. Click Shrink.

Step 3. Right-click the newly available area and choose New Simple Volume. Follow the steps in the wizard to assign a drive letter now, or wait until the next step. When prompted, check Perform a quick format to format the volume with NTFS.

Step 4. When the wizard is done formatting the new volume, you can assign or rearrange drive letters as needed. For example, changing drive letters may also put your CD/DVD drive in a more logical order.

To do that, right-click a volume or the CD/DVD drive and choose Change Drive Letters and Paths. If a volume hasn’t got a drive letter yet, click Add. Otherwise, select the drive icon in the dialog box and click Change.

If you’re rearranging the letters on existing drives, you may need to change the drives in a particular order. Or you may need to give a drive a temporary letter (such as Z) to free up a letter for another drive; you would change the Z drive to something else later. Make your selection and click OK. Repeat for other partitions or drives until you have the order you want.

Step 5. When you’re done with your partitioning chores, exit Disk Management. Insert your XP disc into the drive and restart your system, booting from that disk.

Step 6. Follow the steps to install XP. When asked for the target drive, select your new partition and press Enter. Because you already formatted this partition with NTFS, you can skip the formatting step. At the appropriate screen, arrow down to Leave the current file system intact (no changes) and press Enter. Continue the installation process until it’s finished and XP has started.

Step 7. Your system now boots to XP, so we’ll need to do some fixing to set up a boot menu. Insert your Vista DVD and restart the computer from it. Click Next in the first screen.

Step 8. Don’t click Install when prompted! Instead, click Repair Your Computer in the lower-left corner.

Step 9. When the System Recovery Options dialog appears, make sure Microsoft Windows Vista is selected and click Next. In the next dialog box, select the Command Prompt option at the bottom.

Step 10. In the command-prompt window, type the following commands and press Enter after each one:

bootrec.exe /fixMBR
bootrec.exe /fixBoot

Step 11. Close the command prompt and click Restart.

Step 12. When your computer has booted into Vista, click Start, type cmd.exe, and press Ctrl+Shift+Enter to make the command window open with elevated privileges. Click Continue, if prompted by User Account Control.

Step 13. Type the following commands in the command window, one at at time, pressing Enter after each one. After each command, you should get the response, “The operation completed successfully.” A response of, “The specified entry already exists,” is OK, too. If not, retype your command to make sure you’ve entered it correctly. If Vista is installed on a drive other than c:, change the first command below to use the proper drive letter. The curly braces around {ntldr} in each command must be typed exactly as shown:

bcdedit -set {ntldr} device partition=C:
bcdedit -set {ntldr} path ntldr
bcdedit -displayorder {ntldr} -addlast
bcdedit -set {ntldr} description “Microsoft Windows XP”

That’s it! The next time you restart your system, you should be see a prompt that will let you choose between Vista or XP. Select the one you want and press Enter.

How to customize your boot menu

When you start your dual-boot system, the menu will appear for a few seconds. If you don’t press any keys, eventually Windows Vista will start. Fortunately, you can change this if you don’t want Vista to be your default operating system. You can also customize the waiting period before the default kicks in.

Here’s what to do:

Step 1. Click Start. Type systempropertiesadvanced and press Enter. Click Continue, if prompted by User Account Control.

Step 2. Under Startup and Recovery, click Settings.

Step 3. At the top of the dialog box, select the operating system you want to start by default.

Step 4. In the box to the right of Time to display list of operating systems, specify the number of seconds for the options to stay on screen. Click OK.

Microsoft provides documentation of Vista’s bcdedit command and its parameters in an article in the Windows Vista Technical Library.

Having two operating systems on the same computer definitely takes a little extra disk space. In a future column, I’ll show you some ways to make the two operating systems share some common resources to save on storage.

Have a tip? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending comments we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

Labs provide alternatives in evaluating suites

By Scott Dunn

My Feb. 7 article explained that the WSN Security Baseline summarizes the top ratings of several respected computer publications, but it is only a starting point for those who want to do their own research.

One reader responded with an impressive list of independent labs that evaluate security software and publish the results online.

Finding credible security suite rankings online

The Known Issues column on Feb. 7 discussed the question of how we select the products that are listed in the Security Baseline. To add to the conversation, reader Tunga Kiyak offers these comments:

• “While I agree with your perspective that recommending a suite instead of individual components does make the software easier to use and maintain, and the trade-off in not having the ‘best’ of each component is inconsequential, I must disagree with your stated criteria of using PC World and PC Magazine Editors’ Choices as the selection criteria.

  “I think it is now widely accepted that both magazines, because of staff and budget cuts, do not fully evaluate the software but write cursory reviews based on the spec sheets and press releases that the software companies provide them. And, at times, when they do conduct tests, they conduct only very basic tests within their budget.

  “So may I recommend that you include a few of the independent labs that do a very good job of testing this software?

  “Of course, a caution is in order: these labs do not look at usability or stability or resource utilization of the software; they only look at how well the software does the job it is designed to do. So only using these lab results will also give you only half the picture, but admittedly a better picture than just using PC Magazine and PC World alone (and yes, in some reviews, both magazines refer to one or more of these labs’ results, but not always and not consistently).

  • ICSALabs (monthly anti-virus test results)
  • Virus Bulletin (regular anti-virus tests)
  • AV-Test
  • AV-Comparatives
  • Matousec (for firewalls)
  • Firewall Leak Tester

  “At the very least, you can share some of these resources with your readers so that they can judge the results themselves. But, if they do, many of them will see that Symantec usually rates very highly on most of the antivirus tests, but only slightly better than average in the firewall tests.”

Thanks, Tunga. Please consider this list shared!

Readers, let’s continue this discussion as we work to improve our overview of security products needed by individuals and small businesses. Send your comments via the Windows Secrets contact page.

Norton Removal Tool can damage QuickBooks

My Feb. 7 lead story included a discussion of the Norton Removal Tool, which Symantec provides for correcting incomplete uninstalls. However, as Charles Rathbun points out, this tool is known to cause problems for another product:

• “If you have QuickBooks 2005 or newer on your system, Symantec’s removal tool can really screw things up. It messes with [Microsoft’s] .NET [Framework] software, causing a nightmare when you’re trying to figure out why QuickBooks suddenly stopped loading.

  “Intuit has a warning and explanation about the Norton Removal tool on their Web site.

  “I’ve stopped using this tool if I find any versions of QuickBooks, because of the problems I’ve experienced in the past. I’ve had to eat some serious tech-support time and spent multiple hours reinstalling and fixing QuickBooks due to problems the Norton tool has created.”

Thanks for the warning, Charles.

Commercial software helps finish bad uninstalls

If you’re looking for other tools to help remove inadequately uninstalled Symantec programs or other security software, several readers reported having good luck using commercial uninstaller utilities, such as the free Revo Uninstaller (among others) as well as reputable Registry cleaning utilities.

Like security software, you’ll want to consult reviews and do your homework before using just any old utility for this job. For more information on Registry cleaners, start by reading the Mar. 1, 2007, article on the subject by Windows Secrets editor-at-large Fred Langa.

Readers Kiyak and Rathbun will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed.

Suffering the slings of Cupid's arrow

Cupid. That sweet, cherubic boy of Valentine lore who, with a single pluck of his bow, can bring together star-crossed lovers, awaken a cold heart from its frosty slumber, and famously inspire love down through the ages. Sadly, the Cupid in this hilarious, two-minute video created at the Savannah College of Art & Design seems a bit green. Someone apparently forgot to tell him that Cupid’s arrows are usually metaphorical. Play the video

Task Scheduler tricks help you save time

By Fred Langa Some excellent reader feedback came in this month that lets us get even more out of task automation. One little password trick and two freeware tools can help you ease your PC maintenance chores and unleash the full power of Windows Task Scheduler.

What if Task Scheduler demands a password?

My article on Jan. 10 generated some excellent follow-up questions. You may find the answers useful in setting up your automated tasks and getting past any glitches you encounter.

First, a reader named Jim touches on a very common problem in systems that were originally set up with minimal logon security:

• “I really liked the article on scheduling complex tasks. In fact, the example (Spybot Search & Destroy) was exactly the software I wanted to automate.

  “However, I ran into a problem: I do not use account passwords on my system. As a result, the scheduler doesn’t want to run the task.

  “I am reluctant to molest my system without a clear idea of the correct way to proceed. How can I painlessly convert to a password-based system?

Piece o’ cake, Jim.

In the following explanation, I’ll use XP’s default naming and verbiage conventions. But please note that different versions of Windows and different views of Control Panel may use slightly different nomenclature. Even so, the differences are minor enough that you should be able to follow along without trouble.

From any administrator-level account, click Start, Control Panel, User Accounts, Change an Account. Select the account you want to change by clicking on its icon in the Pick an account to change dialog box.

Next, in the What do you want to change about your account dialog, select the option for creating a password.

Follow the on-screen instructions for password creation, and you’re done. That’s all there is to it!

What if Vista ‘needs permission to continue’?

A reader with the handle of Hiflyte has a question that’s of interest to Vista users:

• “I use Vista as my OS and was following the examples in the Task Scheduler article.

  “I entered the line of sample code (by cut and paste) into the cmd line and all worked well until the command hit the Vista ‘allow’ box. How do you overcome this problem?”

One of Vista’s built-in security features is User Access Control. UAC helps you avoid malware problems by letting only programs you know about run on your PC.

A drawback to UAC is that you can be peppered with lots of annoying prompts asking if you do, in fact, want to allow various programs to run. Apple even made a joke about this annoyance in one of its Mac vs. PC ads.

But you can easily turn off many of those prompts with only a modest loss of security. A free utility called TweakUAC lets you toggle the prompts on or off on the fly. With the prompts off, programs that used to stop and ask for permission will run unimpeded.

The TweakUAC site explains it this way:

• “[Y]ou keep all the positive effects of UAC, such as Internet Explorer operating in the protected mode, applications starting without the administrative privileges by default, etc. The only thing that gets changed is that you will no longer see the infamous ‘Windows needs your permission to continue’ messages whenever you attempt to make a change to your Vista configuration, or when you run a program that needs administrative rights.”

It’s not 100% accurate to say that disabling the elevation prompts lets you keep all the positive effects of UAC. Windows Secrets contributing editor Susan Bradley points out in her excellent blog that disabling UAC is like a woman swimming in heavy waves with an untied string bikini. Things might go fine, but she might be sorry she wasn’t suited for the surf more securely.

There is, indeed, some added risk in disabling the prompts. This is why the TweakUAC site recommends the software only “[i]f you are an experienced user and have some understanding of how to manage your Windows settings properly…” I’d further add that turning off the prompts also makes sense only if you’re running the normal complement of security software, including antivirus and antimalware tools.

So, should you use TweakUAC or not? A separate blog, 4Sysops, gives reasons in favor of disabling the UAC prompts. Susan provides some good reasons not to. Read them both and decide for yourself.

If your answer is no, you don’t want to disable the prompts, you may be able to achieve a similar effect by using Vista’s right-click, Run as administrator option on software that causes the nagging. Microsoft Knowledge Base article 922708 provides detailed information on this route.

If your answer is yes, you should grab yourself a free copy of the program at the TweakUAC site.

What if a scheduled task requires mouse input?

Last but not least, if Task Scheduler just won’t cut it for you, reader Bill Tomlinson sends in some information about an alternate way to automate programs. The free AutoIt tool he recommends works with almost any program and can simulate typing, mousing, and clicking, as needed. This lets you automate almost anything your software is capable of doing:

• “Although a bit more complicated than the command-line method you discussed, you can use the following method to automate those programs that do not provide a command-line interface for Task Scheduler to access.

  1. Download and install AutoIt from AutoItScript.com/autoit3;

  2. Use AutoIt to create a script that will automate the clicks, dialogs, etc. It appears to be VBScript-like in its syntax.

  3. Use Task Scheduler to call AutoIt with the script file. AutoIt provides a command-line interface.

  “I used this method to turn off sounds on a third-party screen saver between the hours of 9 p.m. and 6 a.m. (the computer is in my bedroom). The screen saver did not have a way to do this by itself, so I used Task Scheduler and AutoIt to do this at the designated times.

  “AutoIt is very powerful and robust, but the catch is that it will require a bit more effort on the user side to implement.”

Thanks, Bill!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

A few jolts to increase your desktop performance

By Mark Edwards Some of your systems might be running slowly — but maybe you don’t have to replace them just yet. This week, I tell you about some tips and tools you can use to boost performance on Vista, XP, and even older versions of Windows.

A dozen ways to speed up Windows Vista

I recently came across a page at Microsoft’s Web site that offers tips on how to speed up Vista. When you read the document, “Optimize Windows Vista for better performance,” you’ll find 12 tips that help boost performance. While some of the tips are rather self-evident, some are not so obvious.

According to Microsoft, the best ways to boost performance are as follows:

• Delete programs you never use.
• Limit how many programs load at startup.
• Defragment your hard drive.
• Clean up your hard disk.
• Run fewer programs at the same time.
• Turn off visual effects.
• Restart regularly.
• Add more memory.
• Check for viruses and spyware.
• Check your computer’s speed.
• Disable services you don?t need.
• Don’t settle for slow.

As you read Microsoft’s outline, you’ll find semi-detailed explanations that’ll help you take advantage of each of the suggested performance improvements. The tips’ explanations are tailored for Vista users, but keep in mind that many of the same basic principles apply to any version of Windows.

At least one of the tips, “Restart regularly,” is true but puzzling. In my experience, Windows slows when I don’t reboot it for a long period of time — usually a week or more. Interestingly enough, I also have a Linux desktop, which never slows down regardless of how long I go between reboots. To be sure, that’s only the case until I run some sort of application that has leaky memory or fails to release unused memory when it’s not in use.

Even in the absence of an app with a memory leak, however, Windows does need to be rebooted once in a while to keep it at maximum performance. If any of your Windows systems are pokey, read Microsoft’s document and benefit as much as you can from the suggestions.

Turn off unwanted programs that load at startup

One of the performance improvement techniques that I mentioned in the previous item is to limit how many programs load at startup. That tip applies to any Windows system, not just Vista. So how do you find out what programs automatically start themselves when a system starts up or a user logs in?

You could use Autoruns for Windows, a program written by Mark Russonivich and Bryce Cogswell, both of whom now work for Microsoft. Autoruns is a fairly powerful discovery tool. It’ll help you find autorun programs that may be located in a wide variety of locations, including Startup folders, several areas of the Registry (such as Run and RunOnce hives), shell extensions, helper objects, etc.

You might have a copy of the tool already. If so, be aware that Microsoft recently published Autoruns for Windows version 9.12. If you haven’t downloaded a new copy in the past week or two, head on over and get the latest version.

Upgraded version of WinPatrol improves detection

I’m certain that many of you know about and use WinPatrol. But for those of you who haven’t heard of this program, it’s a powerful system-monitoring tool that can inform you about a wide range of activity.

You can use WinPatrol to help keep your systems running optimally. For example, WinPatrol can tell you when a new program configures itself to start up automatically or when newly hidden files appear on your system. Either of these scenarios can lead to slower system performance, if not big security problems.

The latest version, WinPatrol 14.0, was released in late January 2008 and has some spiffy new features. The developers say they’ve enhanced the tool’s built-in keystroke-logger monitoring, optimized the detection of new system services, decreased CPU utilization, enhanced WinPatrol’s cleanup of Registry entries, and added a few other enhancements.

WinPatrol is free, but there’s also a Plus version that costs $29.95 USD for a single user. The Plus version gives you access to WinPatrol’s knowledge base along with a “real-time infiltration detection” subsystem that can immediately detect when new forms of adware or malware install themselves onto your computer.

Track the use of USB devices on your network

I recently learned about a new tool called USB CopyNotify, which helps you monitor USB storage device usage on your network. The tool alerts you any time such a device is used, which might come in handy if you’re worried about possible data loss from your company or the misuse of company resources.

For example, your business could get into hot water if someone uses your network to illegally download audio or video onto their iPod or other multimedia devices.

CygNET Systems, the program’s maker, provides a free copy of USB CopyNotify that lets you monitor two computers. If you need to monitor more than that, you’ll need to purchase a license. The registered version starts at $135 and supports the ability to monitor 10 computers.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

Instead of roses, send a dozen patches today

By Susan Bradley A whopping 11 security patches and 7 nonsecurity patches were released this month for Windows, Firefox, Acrobat, and QuickTime, which means a potentially rough patching month. Rather than giving your loved ones red roses or fat-laden chocolates for Valentine’s Day, show them how much you care by fixing their systems with these updates that the patch gods have sent us.

Make time to run this free, post-patching test

Before I begin discussing the very complex set of patches we face today, I want you to set aside time to run Secunia’s free Personal Software Inspector after installing this month’s patches. The PSI tool can be downloaded from the Secunia Web site.

Checking the status of your PCs after patching them is very important this month. In addition to the many large patches that have just been released by Microsoft, patches are also needed, according to the latest Secunia advisories, for Sun Java 5 and 6, Skype, QuickTime, and Adobe Reader 8.x.

As noted on the Secunia blog, over 80% of the PCs recently tested by the firm’s software are vulnerable to one or more threats that vendors have closed by releasing patches.

Since the day that blog entry was posted, Firefox has come out with an additional update, as well. Chances are that — even if you’re diligent — you might miss an update for a piece of software, not realizing that the app is vulnerable and needs updating.

I don’t want you to be in that vulnerable category. Be sure you visit Secunia this week, review the vulnerable software you may have, and take the appropriate actions that are recommended by the service.

MS08-010 (944533)
Be aware of IE 7 possibly overwriting IE 6

After a light patching month in January, we’re back to patching the usual suspect, better known as Internet Explorer, in MS08-010 (944533).

Both versions of IE, 6 and 7, are still fully supported by MS. But the Redmond company’s WSUS (Windows Server Update Services) this month changed the manner in which IE 7 is being deployed.

If your WSUS patching server was set to auto-approve update rollups, as described in the official WSUS blog, IE 7 now installs over and replaces IE 6. I most recently wrote about this new behavior, and how to prevent IE 7 from overwriting IE 6 if you’re company isn’t ready for the new browser, in my Jan. 24 column.

If you haven’t yet deployed IE 7 because one of your key, line-of-business applications still requires IE 6, you need to discuss this issue immediately with your vendor. Even if patched, IE 6 is not as secure as IE 7.

This month’s IE updates do not include an upcoming fix, which will no longer require an extra “click” to use certain Web technologies. Microsoft has released a preliminary “patch preview” of the upcoming fix, which is expected to be included in April’s IE rollup. Patch 947518 is available now, if you wish to disable IE’s so-called click-to-activate behavior.

I’ll revisit this issue in April, but in the meantime, you should expect IE’s browsing behavior to change in this way that month.

You need to watch out for cases, which unfortunately occur a bit too often, in which antivirus and firewall vendors can’t quite keep up with the updates to Internet Explorer. KB article 942818 documents one such issue.

After an update to IE 7 is installed, antivirus and firewall programs may cause an error page to be displayed. You may need to disable and re-enable the security software to allow the browser to work.

This month’s security update includes many fixes for both IE 6 and IE 7, so I recommend installing this patch.

MS08-009 (947077), MS08-011 (947081), MS08-012 (947085), MS08-013 (947108)
Office 2003 gets critical fixes for SP2 and SP3

The series of Office patches that I’ve grouped into this topic are surprising not just for their number (four). Nor are they notable merely because I’ve seen no problems with them so far.

What’s tricky is that, if you’re running Office 2003 with Service Pack 3, you’ll be offered three of these patches, even though the updates are supposed to be limited to Office 2003 with SP2.

Security bulletins MS08-009 (947077), MS08-013 (947108), and MS08-012 (947085) are not strictly applicable to Office 2003 SP3. But some of the files that are included in these patches have a higher version number than the files used by SP3. This means Office 2003 SP3 users will be offered these “SP2-specific” updates.

As you can see from Figure 1, you should be prepared to install patches for multiple versions of Office. If you updated old versions of Office 2003 by installing Office 2007 atop them, parts of the older programs can remain.

Figure 1. Many different MS Office versions may need patches that ostensibly are for Office 2003 SP2.

I was surprised to see that even Works 2005 might be present, as mentioned in bulletin MS08-011 (947081).

MS08-004 (946456), MS08-007 (946026), MS08-008 (943055)
Vista SP1 immune to exploits, if you can get SP1

You may be one of the lucky few running Service Pack 1 for Vista, a major upgrade that hasn’t yet been officially released.

If so, you’ll be pleased to know that you are not vulnerable to new malware attacks that are stopped by security bulletins MS08-007 (946026) and MS08-008 (943055). You’re also not at risk for a denial-of-service attack that’s closed by MS08-004 (946456).

Most of us, however, don’t yet have access to Vista SP1, which was finalized and released to manufacturing in the early part of February. Although the service pack is complete, it’s not widely available for download.

Mike Nash, Microsoft’s VP of Windows product management, announced Feb. 11 in the official Vista blog that TechNet and MSDN customers will have access to SP1 soon. For the rest of us, it sounds like it’s actually wise for us to wait until a bit later.

Nash indicates that MS developers are still working through driver issues that can prevent the deployment of SP1 via Windows Update. In my own testing, I’ve seen only one issue caused by faulty third-party drivers. Vista Business on one test machine required revalidation after the service pack was installed. Other than that, the update sailed through my experiments.

SP1 is an upgrade that you’ll definitely want for Vista, because the speed improvements alone are noticeable.

MS08-003 (946538), MS08-005 (KB942831), MS08-006 (942830)
Admins of IIS face a series of critical updates

I’ve grouped three patches into this section, because they are primarily intended for server administrators.

The critical component in two out of the three patches is a service that runs Web server software called IIS (Internet Information Services). This software can run on Windows XP and Windows Vista machines, but typically this service is installed on Windows Server.

Even “light” installations of Windows Server, such as Small Business Server 2003, are affected, according to bulletin MS08-006 (942830). Microsoft says that a default install of IIS is present on these systems, so they are rated a “critical” risk, not the “important” rating that the overall bulletin shows.

You should also consider bulletin MS08-005 (942831) to be a high-priority patch if you run a Web server. While this threat presents the greatest risk to those using FTP (File Transfer Protocol), it’s wise to patch any servers that are running IIS due to their exposure to the Internet.

Finally, your firm should carefully review bulletin MS08-003 (946538). The risk is “only” a denial-of-service for Active Directory, which is why Microsoft rates the hole “important,” not “critical.” But if you need that server to stay up, you may decide that you need this patch sooner versus later, in case any attacks may circulate.

Rapid-fire fixes for Firefox, Adobe, QuickTime

By now, those of you who are running the Firefox browser should have been offered an update to version 2.0.0.12. This security upgrade fixes several security issues, detailed on a Mozilla Corp. Web page, with fixes for 10 security issues, including some that are rated “critical.”

In addition, look for updates for Adobe Reader and Acrobat, both of which are being upgraded to version 8.1.2. On my Vista workstations, installing these patches required a reboot and then a separate updating process.

Some commenters in the Windows Update newsgroup have reported that they keep getting prompted to reboot yet again after installing the patch. At this time, I’m not aware of the underlying cause or a fix, other than to uninstall the update.

I’ll be tracking this and will follow it up in my next column on Feb. 28. In a normal situation, you should see only once the Adobe update dialog box shown in Figure 2.

Figure 2. Patches for Adobe Reader and Acrobat require a reboot, after which installation continues, but some people report that this dialog box appears repeatedly.

Apple QuickTime also needs updating to version 7.4.1, both on the Windows platform and the Apple Macintosh platform. This upgrade is described in the Apple security bulletin 307407.

You should have received a notification from QuickTime that your software needed to be updated. However, after all of the other patching you need to do this month, I strongly urge you to use the Secunia Software Inspector, which I described earlier, once you think you’ve completed your patching for the month. You just might find that you missed something and aren’t done yet.

938371, 937287, 943302, 943899, 947172
Vista preliminary patches are SP1 prerequisites

Last month, Vista machines that support BitLocker (Vista Enterprise and Ultimate) got the first of three “prerequisite” patches, 935509. This update prepares these systems for Vista Service Pack 1, which is slated for wide release some time in March or April.

This month, we’re getting the final two updates that will get all Vista systems ready to handle SP1: patches 938371 and 937287.

As discussed on the Windows Vista blog, one of the two pre-SP1 patches that Vista users will be offered this month is 938371. I also found that machines are once again being offered the December compatibility patches, numbered 943302 (which fixes an issue with SpySweeper) and 943899 (which corrects compatibility issues with some SATA drives).

As prompted by Microsoft Update, I installed the security patches, the reoffered performance patches, and yet another patch, 947172, which keeps Vista Media Center Edition from freezing when changing channels while watching digital TV via an Xbox.

After rebooting, I thought the process would be complete, but I was surprised to be offered 937287 immediately. This is the last of the three pre-SP1 patches (the second of two this month) for Vista.

Fortunately, patch 937287 does not require a reboot of your system. This means you can approve it at this point (as shown in Figure 3) without needing to reboot your box a second time this month.

Figure 3. Patch 937287 is offered after other patches this month have been installed, but you can accept it without another reboot being required.

If you’re running the 64-bit version of Vista, patch 937287 at this writing has trouble installing via Windows Update. As described by security MVP Steve Wechsler in his blog, if you manually download 937287, it installs correctly on 64-bit Vista. Only the patch that’s on the Windows Update site has the problem. Vista 32-bit editions install the patch just fine.

Prevent Apple from learning your blocked sites

Perhaps to keep up with the Joneses — in this case, the Microsoft camp — Apple has released its own patches: security update 2008-1 and an OSX 10.5.2 update.

Documented on the Apple Web site, the security update addresses several issues, including the fact that parental controls were notifying Apple.com of which Web sites were being blocked when a parent set such bans.

Figure 4. An update for Max OS X is one of the patches now available from Apple.

After installing the patch this month, I did have to manually reboot a MacMini machine. The process appeared to cause the system to hang during reboot, but a manual restart restored the system to normal working order.

Users have reported problems with both the security patch and the post-graphics update in MacFixIt articles dated Feb. 13 and Feb. 12, respectively.

More visibility for SP1 of .NET 2 and .NET 3

With all the other patches we have to deal with, I was not looking forward to the fact that Microsoft moved Service Pack 1 for both .NET 2 and .NET 3 to the upper section of the patching window on Jan. 22.

I normally delay patches that are in the “optional” section. Until this month, when the two .NET service packs were switched into the “critical” and “high priority” patching sections, I hadn’t gotten around to installing these service packs on some systems. That’s partially because .NET patches can be troublesome.

ATI video control panel software, for example, uses .NET and can be maddening when installing .NET patches. The .NET application may remain active, preventing the patch from updating properly.

Figure 5. Service Pack 1 for .NET 2 and 3 has been promoted by Microsoft into the list of “high-priority” updates.

In my testing, I’ve personally had no issues installing .NET patches. Of course, I’ve found that most of my workstations run Nvidia video drivers, which may explain the lack of difficulty.

You are likely to need several different versions of .NET on your workstations or servers to support specific applications. If you run into problems with an update, the “easiest” way to install a .NET service pack if it fails to complete is to uninstall that particular version of .NET completely and reinstall it from scratch. Yuck.

No server access? You may need to reboot remotely

This appears to be the month for reboot issues to appear after patches have been installed.

I’ve seen reports at a Web hosting company — and in my own personal testing — that servers can get stuck when rebooting after patching. While the server may still be fully functional, you cannot access the server remotely.

Fortunately, there’s an easy fix. I contacted the Web hosting company, OwnWebNow.com, with advice to reboot the server manually.

If you ever do remote patching, you may need to ensure you have some alternative way to reboot your server. Dell and HP ship servers that have remote-access cards called DRACs and ILOs. These give you the ability to access the server if the operating system is not working as it should.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.