Simple tips save power and the environment

Get Woody's new e-book bonus

Our contributing editor, Woody Leonhard, thinks Microsoft has done something right with its new product, Windows Home Server. The software shares all your files, photos, videos, and songs with everyone on your network, and it automatically backs up all your PCs. Woody’s new book, Windows Home Server for Dummies, isn’t yet released, but our paid subscribers can download the two best chapters, now through Nov. 28, 2007. Woody’s PDF e-book explains (1) how to access your files remotely and (2) how to break into and reprogram the heart of the server, which Woody calls “my most dangerous chapter.” Free subscribers can get the bonus by upgrading to our paid newsletter. There’s no fixed fee, just make a voluntary financial contribution of whatever it’s worth to you. Thanks! —Brian Livingston, editorial director

• Paid readers: download the bonus
• Free readers: upgrade to get the bonus
• Order the printed book: United States / B&N / Canada / Elsewhere

Next issue: November 29

By Brian Livingston

We’re taking a break on Nov. 22, which is the Thanksgiving holiday in the United States.

Our next regular newsletter will be published on Nov. 29, the 5th Thursday of the month. We’re ignoring our usual policy of skipping an issue on any 5th Thursday that occurs. Publishing an issue will allow us to explain to you any problem that may come to light with the patches that Microsoft released this week.

After that, you’ll see regular issues on Dec. 6 and 13. We’ll then take our traditional two-week break for Christmas and New Year’s, skipping two issues on Dec. 20 and 27.

As always, if something important comes up, we’ll send you a short news update to keep you informed. Please have a happy and healthy holiday season!

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Simple tips save power and the environment

By Scott Dunn Computers and computer peripherals consume dramatic amounts of electricity every year, draining your budget and contributing to greenhouse gases. But for little or no money, you can reduce the number of watts your system and peripherals use, saving cash and limiting the environmental damage.

What’s the easiest way to go green?

Too often, grand concepts like “green computing” are like the weather: everyone talks about it, but nobody does anything. Like it or not, the construction and use of computers still involves hazardous materials and the production of greenhouse gases. Is there anything you can do now without waiting for the perfectly constructed, solar-powered, recyclable computer? Fortunately, the answer is yes.

Without spending any money at all, you can reduce your power usage (saving on climate-changing CO2) and lower your electrical bill at the same time. And, if you’re willing to spend a little on a couple of useful gadgets, you may be able to save even more. Here are a handful of ways to save money while you save the earth.

To sleep, perchance to save

Many of us think nothing of leaving our computers powered up while we go to lunch or even 24 hours a day. A study in PC World found that a running computer consumes between 195 and 305 watts, while a computer in suspend mode can consume as little as 10 watts. Hibernation mode consumes slightly less at 9 watts of power (assuming the PC remains plugged into the wall socker), but hibernation takes longer than suspend mode to wake up from.

You probably already know that Windows provides options for both modes via the Power Options control panel. But Windows consults your BIOS to decide exactly what to do in suspend mode. Most modern BIOSes follow the Advanced Configuration & Power Interface (ACPI), an open power-management standard that was developed by HP, Intel, Microsoft, Phoenix, and Toshiba. (You can download a PDF version of the ACPI spec from the ACPI.info Web site.)

Depending on your particular BIOS, you may be able to choose from any of the following states:

S1. In this state, the CPU stops processing but remains powered. RAM is also powered, but some devices may be powered down.

S2. This option, omitted from many BIOSes, is like S1 but also shuts down power to the CPU.

S3. This state leaves RAM powered, but not much else. This “suspend-to-RAM” feature is what lets you resume where you left off, since your computer’s state is still in memory.

S4. This state powers down RAM, requiring your data to be written to the hard disk if it is to be preserved. It provides only marginal power savings over S3, but is the safest mode for your data if power is cut off entirely. This scheme corresponds to Windows hibernation mode, and is seldom found as a BIOS suspend option.

Get the best from your BIOS

To make sure you’re getting the greatest power savings from Windows’ suspend feature, follow the steps below. Specifics are not possible for all steps, since setup screens vary from one BIOS to the next.

Step 1. Save all open documents and restart your computer.

Step 2. Follow whatever prompts you see on your screen to enter Setup. Usually this involves pressing Delete or a function key.

Step 3. In Setup, locate the page or screen associated with power settings. It may be labeled something like Power or Power Management Setup.

Step 4. When you find the proper screen, highlight the setting related to suspend mode. It may have a label like ACPI Standby State or Suspend Mode.

Step 5. Change this setting to S3. The option may be labeled “S3 only” or “S3/STR” (for Suspend To RAM).

Step 6. Follow the instructions on screen for saving your settings and restarting your computer.

Work it with Windows

Now make sure Windows is using suspend mode when you’re not working.

Follow these steps for Windows XP:

Step 1. Open the Power Options control panel.

Step 2. On the Power Schemes tab, click the System Standby drop-down list under Plugged in. Select how long your system should be idle before starting suspend mode — for example, After 30 mins. Click OK.

Follow these steps for Windows Vista:

Step 1. Open the Power Options control panel.

Step 2. In the task list on the left, click Change when the computer sleeps.

Step 3. Click the Put the computer to sleep drop-down list under Plugged In. Choose the period of inactivity after which suspend mode should start — for example, 30 minutes. Click Save changes.

Give suspend a nudge

Windows sometimes interprets background tasks (like network activity) incorrectly and remains awake when it should go into suspend mode.

If you have that problem, a simple program called CO2 Saver may help. Once installed, it sits on your desktop and shows how much CO2 you (and other users) have saved by using suspend mode.

Figure 1. Snap CO2 Saver puts Windows into sleep mode even when the operating system wrongly believes there is activity.

To make CO2 Saver encourage Windows’ suspend mode, click the Options link at the right end of CO2 Saver. (If you don’t see the Options link, click the right-arrow to expand the toolbar.) With the Power Saving tab in front, choose Custom from the drop-down list. Then click the link below. In the Custom Power Saving dialog box, check Initiate sleep mode if system doesn’t sleep automatically. Click OK twice.

Make it manual

You can also put your system into suspend mode manually any time you want:

In XP, choose Start and then click Turn off Computer. Click the Stand By option.

In Vista, choose Start, click the arrow button in the menu’s bottom-right corner, and choose Sleep.

In Vista, sleep mode may be the default, so simply clicking the power button in the Start menu puts the computer to sleep.

Try other low-power moves

In addition to getting the most out of suspend mode, you can take other steps to reduce your power consumption and save money:

Use a power strip. Plug peripherals (like printers, audio systems, monitors) into a power strip or UPS. Then turn it off when you want all of your equipment to turn off.

Lose the brick. Once your laptop or notebook computer is fully charged, unplugging the recharger from the wall will save some electricity. As long as the computer is in suspend mode or some other low- or no-power mode, it won’t need to be plugged in again for hours.

Lose the CRT. According to Sask Power, LCD monitors use 66% less electricity than the older CRT type. Maybe this is the time to switch to that LCD screen you’ve been wanting. If you can’t afford to change right now, at least get in the habit of turning off the CRT’s power switch every time you leave your desk for more than a few minutes.

Check power saving options. See if your printer or external hard drives have power-saving modes. For example, many of Western Digital’s external “My Book” hard drives have a GreenPower feature.

Use a smart power strip. Some newer power strips use a motion sensor to decide if you’re still at your computer. If not, they shut down power to certain sockets (such as ones for peripherals) after a user-designated time has elapsed. Other power strips shut off several sockets, based on whether you’ve powered down a device plugged into the “control” socket. The Tree Hugger Web site discusses examples of each.

You don’t need to wait for new computer designs to make your computing a little more green friendly. By tweaking a few settings and getting into a few good habits, you can make a difference for your pocketbook and the planet.

Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine’s Here’s How section.

Handle Registry editing with caution

By Scott Dunn

In a Nov. 8 article, I explained how to disable Windows’ auto-run behavior to protect yourself from inadvertently running malware that might exist on USB drives or other devices you insert into your PC.

Be aware, however, that careless Registry editing can make your system malfunction or even keep you from starting Windows.

Use care making changes to the Registry

Any tip that requires direct editing of the Registry (whether using the Registry Editor or merging a .reg script) should be approached with caution. The best insurance policy in these cases is to set a Windows “restore point” before experimenting with such advice.

To set a restore point, choose Start, All Programs, Accessories, System Restore. (In Vista, you’ll also have to click Open System Protection.) Follow the instructions on screen to create a restore point. If something goes wrong, launch System Restore again and restore your computer using the latest restore point. (Windows periodically creates its own restore points automatically.)

In addition, keep in mind that some Registry tips require you to restart your system (or at least log out and log in again) before you see the effect of the change.

Open a text editor, not a word processor

Regarding the AutoRun.inf tip, Gerald Ingle speaks for many when he writes:

• “I tried following your instruction to prevent auto-run access. But when I try to merge the suggested file, I receive this error message: ‘The specified file is not a Registry script. You can only import binary Registry files from within Registry Editor.’ “

Despite what the message says about “binary Registry files,” this problem occurs if the .reg file you create is in any format other than plain text. For this reason, I advised using Notepad or another text editor. Most word processors, such as Microsoft Word, will save to their own formats by default.

If you must use a word processor, take care to save your .reg file as a “Text Document,” “Text Only,” or a similar option.

Other readers had a different problem incorporating the NoAutoRun.reg file into the Registry. For example, Robert E. Lee writes:

• “I created the file by copying the text from the Windows Secrets newsletter into an MS Word file, and saved it. I right-clicked the file in MS Explorer but did not see a ‘Merge’ option. Can you explain further how to merge this into my Registry?”

Unfortunately, with many word processors (including Word), just typing a name like NoAutoRun.reg in the Save As dialog box will not keep the program from adding its own extension after the .reg extension you typed. Since Windows hides extensions by default, your file may look as if it’s named NoAutoRun.reg when it’s really named NoAutoRun.reg.doc.

Without the .reg extension at the end, you won’t see a Merge command on the file’s context menu. This problem doesn’t occur if you use Notepad to create .reg files.

To prevent a word processor from adding an extension when you type an extension of your own, put the entire file name in quotation marks in the Save As input box. For example, the following file name will not receive an additional .doc on the end when saved in Word:

“NoAutoRun.reg”

To see the actual extensions on your file names, open Windows Explorer and choose Tools, Options. (In Vista, first press Alt to see the menu bar.) Click the View tab and uncheck Hide extensions for known file types. Click OK.

If you take all these steps and still don’t see a Merge command on your context menu when you right-click your .reg file, you can add a .reg file to the Registry using the following steps:

Step 1. In XP, click Start, Run. In Vista, just click Start.

Step 2. Type regedit and press Enter.

Step 3. Choose File, Import.

Step 4. Locate and select your NoAutoRun.reg file and click Open.

Removing the NoAutoRun fix from the Registry

A few readers suggested it would be a good practice to tell how to undo any tip. As David Edwards wrote:

• “So if we experiment and run the following, how do we reverse the situation if we find that we do not like it and are prepared to take risks like everyone else?”

To remove the information that NoAutoRun.reg adds to the Registry, do the following:

Step 1. Choose Start, Run. (In Vista, just choose Start.)

Step 2. Type regedit and press Enter.

Step 3. Use the tree pane on the left to navigate to:

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion IniFileMapping

Step 4. If necessary, click the plus sign (+) next to IniFileMapping to see the icons nested beneath. Right-click the AutoRun.inf icon and choose Delete.

Step 5. Exit the Registry Editor and restart your computer.

Readers Ingle, Lee, and Edwards will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

Saving the world with dial-up

It’s 1994. Who knew that in the day of single-word coffee orders and Netscape Navigator, the world of national security was such a struggle? Luckily for us, and Jack Bauer, things have progressed a little since those days. Sorry, terrorists. Jack’s got his BlackBerry now! About three minutes into the video, we’re definitely reminded of a simpler time… Windows 3.1! Play the video

Part eight: Regedit can fix Symantec problem

By Fred Langa In this, my eighth and final column on my Housecalls across the continent, we see how editing the Registry resolves a Symantec networking problem. Symantec’s Norton Antivirus requires a larger IRPStackSize than the default value in order to handle data in a peer-to-peer network.

Increasing stacks resolves network issue

So far in this series, you’ve seen:

• How to use some free, powerful tools to declutter a PC and speed boot times;
• How to resolve an address conflict on a small network;
• How to test the basic security of an Internet connection;
• How to reduce the size of areas where enormous numbers of junk files can quietly accumulate;
• How some very popular software can ruin the performance of some PCs;
• How to reduce fan noise in a PC; and
• How to get Scheduled Tasks to run properly if you don’t have the normally-required login password.

If you missed the earlier installments, here are links to Parts One, Two, Three, Four, Five, Six, and Seven.

When we left off last week, we were trying to solve a strange error message I’d never seen before: “Not enough server storage is available to process this command.” Franz, the winner of one of my four Housecalls, would see this message when trying to connect to his wife’s PC via his peer-to-peer home network. His network didn’t have a central server, and Franz’s machine (the closest thing to a server in the network) had abundant RAM and disk space. What was going on?

The solution is in an obscure parameter known as IRPStackSize. IRP stands for Input/Output Request Packet. This packet contains specially formatted data that device drivers use to communicate with each other deep within Windows’ core, or kernel. A “stack” in this context is a kind of scratchpad memory used by the operating system. Thus IRPStackSize determines how much scratchpad memory is set aside to handle IRPs.

How Symantec conflicts with Windows’ stack size

In small networks, you normally don’t have to worry about IRPs. The default IRPStackSize is 15, and that’s plenty of space for typical operations. But some software can use up the available space in the stack. When one too many IRPs come in, whatever input/output operation was going on screeches to a halt and you get the error message “Not enough server storage is available to process this command” or “Not enough memory to complete transaction.”

Symantec tools seem to be the worst offenders for causing this error. Microsoft specifically fingers Symantec’s Norton Antivirus in Knowledge Base article 177078, which refers specifically to IRP stack space running out. The Symantec site also contains an article covering the error. Both Microsoft and Symantec focus on Norton Antivirus, but a general Web search reveals that many users also associate this error with Symantec’s Norton Ghost.

IRPs have been part of Windows since NT 3.5 came out in 1994, 13 years ago. You’d think the Symantec folks would have gotten things straightened out by now. But this is another example of the problems that can, and do, happen all too often with Symantec’s offerings — just look at how often problems with Symantec’s software have come up in my eight-part series.

Fortunately, you can solve the problem with a little judicious Registry editing. (Note: all the standard warnings apply. As always, make a backup before you make any significant changes to your operating system.)

Edit the Registry to increase IRPStackSize

Open the Registry Editor (Regedit) and navigate to the following key:

HKEY_LOCAL_MACHINE System CurrentControlSet Services LanmanServer Parameters

Figure 1. The Registry (click photos to enlarge). Editing the Registry is the only way to get around the networking problem caused by Symantec software. Here we’ve created a new blank DWord and are about to type in the name: IRPStackSize.

Open the Parameters folder and left-click once in an empty portion of the right pane. If IRPStackSize is already shown under Name in the right-hand pane, double-click it, select Decimal and increase the value shown in the Value data by at least three. (More on this in a moment.)

The odds are that IRPStackSize won’t even appear in the right pane. This means Windows is operating purely on its internal default settings for IRPStackSize. In this case, point to Edit/New, and then click DWord Value. Enter IRPStackSize as the new value in the right-hand pane. (The name is case-sensitive; enter it exactly as shown.) Right-click on the entry you just created and select Modify. Then select Decimal and, in the Value Data box, enter the number you want. (See below.) Close the Registry and reboot. See if the problem is resolved.

What size should you specify? The default value is 15, but you can go as high as 49, if you need to. (Technically, you can go all the way to 50, but Microsoft says using the maximum value may cause more problems, so it’s best to stay south of that maximum.) Raising the IRPStackSize to 25 solved the problem on Franz’s system.

If 25 doesn’t work for you, a little trial and error may be necessary to get things right for your setup. Just keep bumping the number up until you no longer see the error message.

With this fix, Franz’s PCs were able to communicate across his network, and my final Housecall drew to a close.

I’d like to thank our four winners, John, Gene, Dan, and Franz, for their hospitality during my Housecalls. And I’d like to thank you, the Windows Secrets reader, for following along on this cross-country journey.

Figure 2. See you around! Hope you enjoyed riding along with me!

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

Use disposable e-mail addresses to minimize spam

By Mark Joseph Edwards Spam is a major problem, so keeping your e-mail address private is paramount. This week, I tell you where you can get free, disposable e-mail addresses and how to automate the creation of those addresses.

Use a different e-mail address for each Web form

Many Web sites require that you provide an e-mail address before you can download software or read content. Sometimes, it’s OK to enter your real address. In other cases, you should have a high level of suspicion as to how a site might really use your address. Any amount of spam is too much, so defending your personal inbox is undoubtedly very important to you. That’s where disposable e-mail addresses come in handy.

There are several services on the Net that let you create temporary or disposable e-mail addresses. Two of the services I recommend are TemporaryInbox.com and Mailinator.

Both services let you make up any inbox name you want on the fly. The sites automatically accept e-mail for your new address on a temporary basis. No sign-up is required and no configuration is needed.

For example, make up an email address (such as temp123 at temporaryinbox.com or temp123 at mailinator.com), enter it into whatever Web site happens to require your e-mail address, and then visit TemporaryInbox.com or Mailinator.com to check mail for that e-mail address.

When using either of these sites, be aware that anyone can read the mail inside your inbox if they guess your inbox name. That means you should pick a fairly complex name.

Also note that TemporaryInbox.com allows you to forward mail from your temporary inbox to your real inbox, which might be useful. Mailinator doesn’t currently offer that feature.

If you use the Firefox browser, you can download an add-on called Temporary Inbox (for use with TemporaryInbox.com). The extension will generate a random inbox name with the simple click of a button. You can then cut and paste the complete e-mail address into a Web form quickly, and click another button to go directly to TemporaryInbox.com home page to check for e-mail.

Firefox open to attacks from .jar files

A problem with the way Firefox handles .jar files was recently discovered. In case you don’t already know, .jar files are Java applications compressed in Zip format. The JAR extension tells your browser and operating system that a file is a Java application.

Firefox’s problem is that someone can include documents in .jar files and use those documents to launch cross-site scripting attacks. In such an exploit, an untrustworthy site would be able discover information from another site you visit, such as the password you use to access an online banking site. Compounding the problem further is the possibility that bad guys might use .jar files to infect your system with malware.

The Mozilla Foundation is aware of this problem, but there’s no official fix yet. There is a way, however, to protect your system. Get a copy of the latest development version of the NoScript plugin for Firefox. It’s recently been updated to defend against this particular avenue of attack.

Keep in mind that, since NoScript v1.1.8.1 is still in development, it could have bugs. But, even if it does, at least your systems will be protected against these particular .jar attacks.

Servers should be upgraded to PHP version 5.2.5

If you use PHP on your servers, be sure to load the latest version, PHP v5.2.5, which was released late last week. The upgrade fixes numerous security problems, including problems with Apache Web Server .htaccess files.

You can find the latest version at the PHP Group’s download page.

phpMyAdmin is a useful app, but vulnerable

phpMyAdmin is a robust, PHP-based Web interface for managing MySQL databases. If you happen to be using this excellent tool, be sure to upgrade soon. A couple of vulnerabilities were recently discovered, which could let bad guys inject HTML and other code into your database records.

Your exposure is somewhat limited, since a bad guy would need to guess the name of one of your MySQL user accounts that has CREATE_DATABASE privileges in order to take advantage of the flaws. Nevertheless, it’s better to be safe than sorry. Get version 2.11.2.1 at the phpMyAdmin Web page at SourceForge.

Microsoft plans to remove ActiveX prompting

Microsoft will soon issue an update for Internet Explorer 7 that eliminates the familiar prompt you see before certain types of multimedia content will play.

Microsoft originally added the prompt because loading certain types of content without first prompting a user is covered by the so-called Eolas patent. After a patent lawsuit, Microsoft has licensed parts of Eolas technology, so the prompt can now be removed.

If you’ve become accustomed to using that prompt as a reminder of potential security risks, be aware that the reminder will soon disapppear. You can read details on this at PC World.

Three more excellent replacements for Notepad

In the Oct. 18 edition of this newsletter, I told you about Notepad2, which is an excellent replacement for Windows Notepad.

Dave Perry recently wrote to tell me about Notepad Plus, another fantastic replacement — especially for developers. It supports syntax highlighting for many common programming languages, including HTML, XML, Javascript, PHP, Pascal, C++, and many others.

Ron Bujok recommends the free Notetab Lite, which I’ve used in the past. While the Lite version is pretty good, it isn’t as full-featured as the Standard and Pro versions, which cost U.S. $19.95 and $29.95. Nevertheless, the Lite edition is still a good tool with lots of bells and whistles.

Finally, Doug Rizzo wrote to tell me about PSPad, which is another good Notepad replacement, with its own advantages for developers. Like Notepad Plus, PSPad features syntax highlighting, but also supports macros, templating capabilities, a built-in FTP client, a hex editor, and much more.

Thanks, guys, for sharing awareness of these great tools with all of us! Readers Perry, Bujok, and Rizzo will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips that I printed. Send tips via the Windows Secrets contact page.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

URI patch for IE 7 needs action now

By Susan Bradley A new patch for Internet Explorer needs to be installed quickly, in addition to more Vista patches that you need to know about. Administrators of WSUS (Windows Server Update Services) also got yet another surprise this week — a poorly punctuated category name caused problems with the patching interface.

MS07-061 (943460)
Internet Explorer 7 gets long-awaited fix

This Patch Tuesday, we received a much-anticipated patch to Internet Explorer 7. This fixes a hole that malware has exploited to infect computers, using Adobe Acrobat files and other files as the infection vehicle.

You should install MS07-061 (943460) as soon as possible to close this threat, which has been brewing for several weeks. The hole involves a malformed URI (Uniform Resource Indicator). In plain English, this means if someone crafts a Web link or some other Internet resource and places it into an e-mail or on a Web page, clicking the invalid link could give someone complete control of your system.

While this hole affects only IE 7, as a precautionary security measure it will also be offered to systems that use IE 6. This definitely is a patch you should put on the fast track for installation. At this time, I’m not seeing any issues or negative side-effects.

(941649, 941600 and 941229)
Vista gets more parts of Service Pack 1

The Windows Vista blog announced this week a few more parts of what will ultimately comprise Service Pack 1 for Vista. For those of you who are running Windows Vista, you should look for 941649, a patch to improve battery life and wireless networking, plus other fixes that are designed to improve reliability. The second patch you’ll see offered up is 941600, which improves USB components and fixes about 1% to 2% of the system crashes that people are reporting.

For those who are running Vista Media Center, you’ll see KB941229, which fixes issues with XBox when used as a Media Center extender.

Figure 1. This month’s Patch Tuesday offers a relatively small number of new fixes.

Microsoft is also distributing a new Junk E-Mail Filter, 905866, and Malicious Software Removal Tool, 890830. But this month was a fairly quiet month for patches.

WSUS causes major download headaches again

For the second time in less than a month, Windows Software Update Services administrators were impacted by a surprise issue. Last time, WSUS wrongly installed Windows Desktop Services, which bogged down workstations network-wide by indexing hard drives without warning. This time, a pair of quote marks (“) around the name of a beta category caused the WSUS administration console itself to fail.

As product manager Bobbie Harder discussed on the WSUS blog, the quotes in the name of the category were soon removed. If you had a WSUS 3 server, and you did not have automatic synchronization selected, all you needed to do to correct the problem was to manually resync your server. For those running WSUS 2 who had their server set to manually synchronize, but happened to get bonked by the misnamed category, Harder provides instructions to manually remove the quote marks from the database.

I was hit with this issue myself. I woke up to the impact when my SBS 2003 R2 server’s daily e-mail failed to report the status of the server.

The SBS blog posting on the issue showcases the symptoms we were seeing. By the afternoon, those who were affected were able to resync the servers, or simply wait until the 10 p.m. normal resync time for the issue to clear up.

Here’s hoping that Microsoft can get WSUS back to the dependable patch tool that we need it to be for server administration.

MS07-062 (941762)
Domain name servers need spoofing prevention

For those of you who run servers that provide domain-name services, a different update should be installed quickly as well.

MS07-062 (941762) closes a problem that allows DNS servers to be “spoofed.” A spoofed server has been tricked into responding to servers higher up in the food chain that they shouldn’t be responding to.

For most end users, the DNS servers that your computer uses to “talk” to the rest of the Internet are maintained by your ISP (Internet Service Provider). Those of you who are running any kind of network, however — even those who use only Small Business Server 2003 — need to install this patch.

(Max OSX Leopard)
Leopard upgrade proves to be a minor event

The upgrade from Tiger to Leopard was uneventful on my MacMini workstation. After the successful installation, I installed the two updates that were immediately offered to me. I downloaded the Login and Keychain upgrade, which patches the software used for login and passwords, as well as the upgrade to Apple’s remote desktop software. Remote desktop is used for remote access to the computer.

In addition, I did a little editing of an “Easter Egg” that the Macintosh developers left in the released code of Leopard. As the Engadget blog reported, the coders left behind a Blue Screen of Death in the icon used to signify Windows and other non-Apple machines on a network.

The unofficial Apple weblog recommends that you may want to wait on installing this upgrade. This would be true if you have a lot of customizations of your Tiger platform, your Mac interacts with Windows networks, and you are dependent on your system working.

Upgrading is not a task to be taken lightly for mission-critical systems, even if they are Macs. It’s always wise to ensure you have a backup.

944938
Zune firmware upgrade may have Flash conflict

For those who own a Zune music player from Microsoft, version 2.1 of the software is now being offered up to owners of the platform. The Zune interface will inform you that an update is available, but you can also download the upgrade from Knowledge Base article 944938 and install it from there.

If you have problems with the upgrade, you can call Zune support at 1-877-GET-Zune to get help with the upgrade, or check Zune’s contact page.

You can also get some guidance with patching issues on the Zune-Online.com forums, including an interesting thread on software error 0x80070643, which prevents the installation of version 2.1.

A commenter near the end of that thread reports that the Zune upgrade could not be installed until the old Zune software was removed with a tool called UnZoone from Remove-It.org. That did the trick for me, too. I had to rip out the old Zune files before I could install the new stuff.

The music-player upgrade isn’t a security patch, so I found it interesting that Microsoft’s support hours for Zune are 6 a.m. to 10 p.m. The last time I checked, that’s one hour more telephone support than is provided for Windows XP.

So far, I’ve seen an issue with Macromedia Flash not unregistering, thereby causing a problem with the update. If you see this happen, contact me via the Windows Secrets contact page.

Connect iPhone to iTunes to avoid iOwnYou hacks

For those who own the “other company’s” cellphone and music player, better known as the iPhone and the iPod Touch, the latest updates for those platforms will be offered up by iTunes. Apple details the updates in an article.

If you have one of these devices, ensure that you connect to the iTunes interface to install the necessary updates as soon as possible. There have already been proof-of-concept postings about security flaws. I’m sure someone would love to have bragging rights for the first exploit of an iPhone in the wild.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.