The best way to merge your contacts with iPhone

Free PC advice for geeks and goddesses alike

Christina Tynan-Wood, who’s contributed columns for PC World and PC Magazine and written for Popular Science, Family PC, and other magazines, is the author of this month’s free book excerpt for our subscribers. How to Be a Geek Goddess: Practical Advice for Using Computers with Smarts and Style is a tongue-in-cheek look at how to get the best deal when buying a laptop or desktop computer.

The printed book won’t ship until mid-November, but for a limited time, Windows Secrets subscribers can get our exclusive excerpt — whether you’re a geek god or a geek goddess. Just visit your preferences page, and then download the PDF for free! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

The best way to merge your contacts with iPhone

By Scott Dunn Many people find that synching a new iPhone with their contact and calendar data from applications like Microsoft Outlook just doesn’t work easily. Fortunately, there are techniques you can use to make sure that your devices are sharing data smoothly.

If you’re having trouble using iTunes to sync your contact data from Outlook or other sources with your iPhone or iPod Touch, follow these steps to get your data where it needs to be.

Step 1. With your phone connected to your computer, make sure iTunes is running. If necessary, select your phone under the Devices category in iTunes’ left pane.

Step 2. With iTunes’ Summary tab in front, make sure the Options at the bottom are set the way you want them. I like to control which files are moved and when, so I uncheck Automatically sync when this iPhone is connected. I also select Manually manage music and videos.

Step 3. Click the Info tab. Select the box at the top of the Contacts section if you want iTunes to sync that information with your phone. Select other settings in that section to control how the data is organized.

Step 4. Repeat the above step for the Calendar and other sections as desired. Click Apply.

That should initiate the synching process. If it doesn’t, wait until the Sync button appears and click it.

No go? Try the official iPhone troubleshooter

If you run into problems while synching your phone via iTunes, Apple offers several strategies that may solve your problem. Here’s a quick rundown of workarounds to try:

• Make sure you have the latest version of iTunes installed. To test for a newer version, pull down iTunes’ Help menu and select Check for Updates.

• Reset the sync history. In iTunes, choose Edit, Preferences. Click the Devices tab and then select Reset Sync History.

• Disable non-Apple add-ins in Outlook by unchecking the boxes for each one in the COM Add-Ins dialog box. The steps to opening this dialog vary between Outlook 2003 and Outlook 2007; consult the programs’ help files for instructions.

• Use Vista’s User Account Control applet to create a new user. Then log off your current account, log into the new account, and try the sync again.

• Uninstall iTunes and then reinstall the program.

Detailed steps for each of these approaches can be found in support article HT1692.

If none of the above fixes things, your iPhone synching problems may be caused by corrupt entries. To test for this, browse through your Outlook contacts list looking for garbled names or other indications of faulty data. (Doing so also helps you eliminate duplicate entries, which are discussed in the next paragraph.) Delete any corrupt or superfluous entries and retry the sync.

One final snafu may remain. When merging address books, entries with minor differences are sometimes interpreted as separate entries, resulting in one or more duplicates. Fortunately, a number of products exist to ferret out and deal with such dupes.

A free program I like is Contacts Scrubber for Outlook from TeamScope Software. It searches your contacts and presents dupes to you one at a time, making an educated guess as to which fields to merge. You can specify which entry is the one to preserve and click inside individual fields to select details to merge, overwrite, or discard.

The free version of Contacts Scrubber can process up to 1,000 items, but TeamScope sells for U.S. $30 a version that goes beyond that limit and includes more advanced features. Contacts Scrubber works with Windows NT/2000/XP/Vista and Outlook versions 2000 through 2007. You can get the free version from Downloads.com.

A phone without stored phone numbers is pretty much useless. Fortunately, the procedures outlined here will solve most iPhone sync problems. Still, you may need to use several techniques until you find the combination that works for you.

Scott Dunn is an associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

XP beats Vista? Could be the OS or poor drivers

By Dennis O’Reilly

For at least one organization, the choice is clear: you’ll get more work done in less time when you use Windows XP instead of Vista.

On the other hand, some problems you encounter while using Vista are not caused by the OS but by a third-party driver.

A reader named Gerry, who asked us not to use his last name or company name, describes the process his firm used to determine whether to stick with Windows XP or upgrade to Vista:

• “When we tested Vista, we configured PCs (both 32- and 64-bit) as we normally would for our users, who are mostly engineers. Our first finding was simple: we did not find a single enhancement that made users more productive.

  “However, our biggest surprise was performance. Universally, we found that our engineering applications required 65% more time to complete tasks [on Vista] compared to XP on the same hardware. We estimated that the average user would waste at least an extra 60 minutes each day simply waiting for things to happen.

  “All of this testing was done on Vista-certified hardware that was no more than six months old. We worked directly with Microsoft and the hardware and software vendors to address these issues. Although they helped, it was a losing battle.

  “In our earliest tests, the applications required 500% more time to complete. After patching and updating drivers, we were able to get that down to 65%. For our 200 engineers at a $50/hour burden rate, that equates to a loss of $20,000,000 (or more) per year.

  “Now add the cost of hardware upgrades to support Vista. Then deal with the driver and application compatibility issues.

  “Therefore, we found no business case for Vista.”

In Vista’s defense, Microsoft’s main pledge was to make Vista more secure than XP, and in that regard the company succeeded. However, safer and faster is the winning combination — something that many people find to be missing from Vista.

That said, it’s not fair to point the finger at Microsoft whenever Windows fails to work as advertised. The problem might not be the Redmond company’s fault, as Bill Hobson found when he diagnosed a glitch with his Vista 64 PC:

• “I have a Dell Precision Workstation running Vista x64 Business with a Broadcom integrated NIC. I noticed that Outlook Web Access was taking 15-20 seconds to bring up the login screen. I tested with both IE 7 and Firefox 3 and got the same results.

  “So I went to Dell’s site and got the latest NIC drivers from there. Still poor performance. Then I went directly to Broadcom’s site and downloaded version 10.1, upgraded, and still had the same poor performance.

  “I disabled that NIC, installed an Intel Pro 100, and now the page loads in less than 1 second.

  “I have a Dell tablet with Vista Ultimate and a Broadcom NIC, and it suffered from the same poor performance, but fortunately there is a better [32-bit] driver available that fixes this speed issue.

  “I am hoping that Broadcom gets their act together and puts out a decent-performing x64 driver soon. Bottom line: it may not be Vista that is the problem!”

As much as we’d like to think that hardware and software vendors work together like a well-oiled machine, the responsibility for keeping our PC’s components on speaking terms is sometimes difficult to pin down.

Clickjacking scores its first victims

In last week’s Top Story, Windows Secrets associate editor Stuart Johnston described a technique being used by bad guys to infect your PCs and steal your personal information. Now we hear from a reader named Graham, who has first-hand experience that clickjacking attacks are real and likely to become more common.

• “Yep, clickjacking is in the wild. I build, fix, and de-badware computers for family, friends, and businesses. I had a friend complain that his eBay page kept popping up with auctions when he hadn’t accessed eBay. So, dutifully, I went to see what was going on and found that he had been trawling through some [game] crack sites.

  “When he clicked some links, he would also pop his eBay page up (he had his eBay cookie set). Bingo! The crack-page vendors had scored his login details. I quickly apprised him of the risks of visiting said pages and, of course, quickly reset his eBay password and scanned, cleaned, and disinfected his computer.

  “Hopefully, I have left him a much wiser if not a safer surfer. So the hack is out there and, I am sure, soon to spread to more legitimate sites as hackers break into badly protected Web pages. And I am sure more nastiness will soon present itself rather than this more benign attack (and I am not lessening the seriousness of this type of attack, just that this was easily fixed).”

To repeat the precautions that Stuart outlined in his article: (1) use the Firefox browser with Giorgio Maone’s NoScript script-blocking add-on installed (donation requested) and allow only trusted sites to run scripts, (2) update to the latest version of Adobe’s Flash Player, and (3) stay away from questionable sites.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.

Hush ... Google knows what's best for you

By Katy Abby With today’s busy lifestyles, technological assistance seems indispensable. Cell phones and PDAs keep you up-to-date on anything that “just can’t wait” until the next time you’re in front of a computer. From the palm of your hand, you can now check your e-mail, peruse the latest headlines, manage your to-do list … and receive unsolicited dating advice? Watch as a poor, unsuspecting lad accidentally places his love life in the hands of the all-knowing Google SMS. The beep of an incoming text has never sounded so ominous… Play the video

How to update Windows without Windows Update

By Fred Langa You know that you have to keep your PC up-to-date, but what do you do when Windows Update is unavailable or broken? Here are some easy alternatives to use when you can’t use Windows Update — or if you simply choose to update your PC on your schedule, not Microsoft’s.

There’s more than one way to update the OS

A reader named Jimmy sent in this question from a friend’s PC. That’s a significant fact, as you’ll see soon enough:

• “Presently, I don’t have an Internet connection. What can I do to update my Windows system?”

This is actually a fairly common problem, Jimmy. There are any number of glitches that can stop the normal update process in its tracks, including simply being stuck offline. As long as you have temporary access to a borrowed Internet-connected PC, you have several options.

On the borrowed PC, go to the Microsoft Download Center. Manually select the updates or other files that apply to your own system and save those files to a floppy, flash drive, CD, or other removable medium. Bring the saved files back to your PC and run/install them there by clicking the saved files one by one.

By the way, one of your first downloads should be the Microsoft Baseline Security Analyzer, a free diagnostic tool that you can download from Microsoft’s TechNet site. The program helps you determine which updates and patches your system needs.

If you can’t use a borrowed PC to download the files you need, you can use it to order service packs on CDs directly from Microsoft. They’re quite inexpensive.

For example, on the home page for Windows XP Service Pack 3, you’ll see in the left-hand column a link labeled Order the Windows XP SP3 CD. The North American English version of the CD currently sells for the very modest fee of $4. Other versions are priced about the same.

Note that it’s not just operating systems that have service packs. You can also order inexpensive CD-based service packs for Microsoft Office products at the company’s download page.

Wipe or overwrite when reinstalling everything?

Mike Lee asks:

• “I was wondering whether wiping a hard drive is as good as or better than deleting a previous installation of XP. I know that, during reinstallation, I am offered the opportunity to simply delete the previous install. I just wonder which way is actually better.”

Good question, Mike. In a routine reinstall of any OS — not just Windows — deleting the previous installation is usually fully adequate. It’s true that this type of “deletion” doesn’t actually remove the old files. It simply erases the index of the files and their locations, leaving the actual files intact but invisible to the operating system. Undelete and unformat tools exploit this fact to work their magic.

Because the new installation doesn’t know about the old files, it reuses the same disk space, overwriting the old files with the new ones. In most instances, this is perfectly fine.

A disk wipe goes further. In addition to removing the records of the old files and their locations, disk wipes overwrite the old files with random patterns of ones and zeroes to make the old data more difficult to recover.

Disk wiping is time-consuming, so it’s usually done only when you need to prevent someone from recovering the drive’s old data. For example, if you’re discarding a PC or donating it to someone else, it’s wise to wipe the drive to make sure that all your personal information is beyond the reach of ordinary data-recovery tools.

However, if you’re just refreshing your own PC’s operating system, you don’t really gain anything by wiping the drive first. A simple overwrite is fine.

Secure data erasure is a very interesting topic. You’ll find basic information on the subject in a Kim Komando article titled “Clean the hard drive before dumping your PC” on Microsoft’s Small Business Center.

Help and Support bug leaves reader helpless

Help needs help. No, I’m not stuttering. Reader L.D. Taylor asked for help in repairing Windows XP’s Help and Support Center:

• “I reformatted my hard drive and reinstalled XP Pro with SP3. Now when I click Start, Help and Support, I get an error message: ‘Windows cannot find helpctr.exe.‘

  “If I manually locate helpctr.exe and double-click it, I get [a dialog box saying] something like: ‘Can’t open this file. Go to Help and Support to solve this problem.’ Of course, I can’t go to Help and Support — that’s the problem!”

Helpctr.exe has a long and checkered history, L.D. The actual content of Windows Help has improved tremendously over the years — to the point that Windows’ built-in help system is now by far the best documentation within any major OS. But hey — this is Microsoft we’re talking about — the underlying software still causes trouble from time to time.

The good news is that the helpctr.exe problem is so well known that the solution is sprinkled in multiple places throughout the Microsoft Knowledge Base, including an article titled “You cannot open Help and Support Center in Windows XP.” If you don’t find a solution to your problem there, try a Knowledge Base article titled, “Unable to load Windows Help and Support.”

Various Microsoft references tend to give the same advice, so I won’t repeat it yet again here. Just follow the simple step-by-step instructions described in these articles, and your Help and Support Center will be working again in no time.

‘Get your greasy fingers off my screen!’

Ron Smith was bugged by something he saw in his office:

• “I see a few computer techs at work pushing on LCD screens to show users something. Is it a good practice to push on or touch an LCD monitor?”

I’m with you, Ron. To me, needlessly touching a computer screen is just plain dumb.

I don’t understand why people insist on poking computer monitors — whether it’s their own display or someone else’s. First, let’s clarify that we’re not talking about touch screens: these flat-panel displays are meant to be touched as you move the cursor, select items, and otherwise interact with the PC as you would with a mouse.

Standard flat-screen displays can withstand some modest pressure without immediate visible damage. Press hard enough, though, and you may break something. However, just using your finger as a kind of cursor or pointer isn’t likely to cause serious damage.

More important, the screen is optical equipment. Why on earth would you want to leave grease, dirt, smudges, and scratches on something you have to look at — and through — all the workday? Although you can clean off the dirt, frequent prodding (and frequent cleaning!) will cause tiny scratches. Over time, the damage can accumulate enough to make the screen appear dull, impairing its contrast.

By the way, if you have a flat screen that’s seen better days — perhaps as a result of too many finger prods — there’s a fast and easy way to make it look much better: use your favorite automotive-type plastic dressing. I use Armor All, but I’d guess that competing products probably work just about as well.

Test a small area of one corner before cleaning the entire screen. If the area you clean looks better, clean the rest of the glass surface. Use a soft cloth such as microfiber; never use tissues or paper towels. With just a little luck, the dressing will fill in and hide small scratches and other surface imperfections and thus restore some of the lost clarity and contrast to the screen.

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

Flash cookies are putting your privacy at risk

By Woody Leonhard With a market penetration somewhere north of 97%, just about every Windows user — heck, every Mac and Linux user — runs Adobe’s Flash Player. Few people realize that Flash maintains its own cookies in the form of Local Shared Objects that are completely outside your browser’s control, so managing them involves some significant gymnastics.

Flash objects aren’t your grandma’s cookies

I don’t get too worked up about plain old browser cookies these days, but I’ve become aware of a new threat to Web privacy: the Local Shared Objects (LSOs) stored in Adobe’s Flash Player. LSOs are bigger — and potentially badder — than your average everyday cookie.

But first, let me give you a little cookie refresher course.

I probably don’t need to tell you that a cookie is a text file written to your computer by a Web site (but I just did). The site puts identifying information inside its cookie, such as the date and time of your last visit, how you like your start page to look, and other “remember me” kinds of stuff.

These “first-party” cookies serve a useful purpose: they allow a site to personalize the information you see based on the data it retrieves from the cookie it stores on your computer.

In theory, a site can read and change only its own cookies. Of course, nothing ever goes precisely as planned. There have been bugs in the way browsers — Internet Explorer in particular — handle cookies. Rogue sites have at times been able to retrieve information from cookies that were written by other sites.

These and other security problems have evoked much sound and fury among Web users and led to concomitant legislation in many countries. These days, first-party cookies rarely include any interesting information at all. They’re used primarily to store innocuous settings and perhaps a randomly generated number that’s used to track a customer in the company’s database. To a bad guy, the factoids stored in most cookies run from banal to useless.

Tangled in a Web of third-party tracking

Third-party cookies are another story. These are sometimes called “tracking cookies,” and they have significant commercial value because they can be used to monitor your Web surfing.

Say ZDNet sells an ad to DoubleClick. When you venture to a ZDNet.com page with a DoubleClick ad on it, both ZDNet and DoubleClick can stick cookies on your computer. ZDNet can retrieve only its cookie and DoubleClick can retrieve only its cookie. Cool. DoubleClick might keep information about your visiting a ZDNet site that talks about, oh, an Android phone.

Now Dealtime sells an ad to DoubleClick. You go to a page on Dealtime.com and both Dealtime and DoubleClick can look at their own cookies. Dealtime might be smart enough to ask DoubleClick whether you’ve been looking at Android phones and offer you a bargain that’s tailored to your recent surfing.

Multiply that little example by ten, a hundred, or a hundred thousand, and you begin to see how third-party cookies can be used to collect a whole lot of information about you and your surfing habits. There’s nothing illegal or immoral about it. Still, some people (present company certainly included) find these cookies disconcerting.

Clobber the spying cookies lurking on your PC

Blocking first-party cookies can break many Web-based applications, so it isn’t a great idea. Blocking third-party cookies, however, merely dings the coffers of Google (which owns DoubleClick) and other information-gathering companies.

By default, Internet Explorer 7 blocks third-party cookies from companies that don’t properly post a particular kind of privacy statement called the Platform for Privacy Preferences (P3P), an initiative spearheaded by the W3C. That doesn’t do much for you, though. P3P has been roundly criticized by privacy advocates and the technical press, so it’s largely unenforced and is of questionable value.

If you want to block all third-party cookies in Internet Explorer 7, click Tools, Internet Options, Privacy. Under Settings, choose the Advanced button (not the Advanced tab). Check the Override Automatic Cookie Handling option, and under Third-party Cookies select Block.

In Firefox, it’s much simpler: click Tools, Options, Privacy. Uncheck Accept third-party cookies.

In the current beta of Chrome, click Tools, Options, Under the Hood. Under Cookie settings, choose Restrict how third-party cookies can be used.

Flash Player’s novel approach to cookies

Adobe’s Flash Player doesn’t use cookies. At least, it doesn’t use the kind of cookies we’ve come to know and, uh, love. Flash’s Local Shared Objects may look and act like cookies, but they’re quite different.

Just for starters, cookies are limited to 4KB of text; by default, LSOs can be as large as 100KB. Cookies are controlled by your browser, but LSOs are controlled by the Flash player, using settings that are tucked away in a very obscure location (see below).

Setting your browsers to block cookies or clear them from your computer has absolutely no effect on LSOs. While it’s easy to view a list of all the cookies on your PC, coming up with a list of LSOs is anything but straightforward. You can set an expiration date for cookies: your browser can be instructed to delete cookies more than n days old. Not so for LSOs.

LSOs can be set and read by Web pages, even if you can’t see a Flash animation on the page. In fact, many page designers and programmers use LSOs when they want to store a whole bunch of data on your computer. I’ve seen tips for using LSOs to store small databases that can be scanned on demand, without having to refer back to the main database on the Internet. One of my friends says his bank stores data in an LSO, even though the bank’s Web site doesn’t have any (visible) Flash animations.

Just like regular third-party cookies, Flash LSOs can be used by third-party advertisers to track your movements online. By default, Flash accepts all third-party LSOs.

Sounds like a good deal for the advertisers, eh?

Get a grip on the LSOs stored in your system

In and of itself, the Flash Player doesn’t provide any tools for viewing, deleting, or controlling LSOs. To see what’s really sitting on your computer, you have to go to Adobe’s Flash Player Settings Manager site, which is shown in Figure 1.

Figure 1. View the LSOs on your system in the Adobe Flash Player Settings Manager.

Keep in mind that Adobe doesn’t store a list of all the cookies, er, LSOs on your computer. What you see when you go to the Flash Player site is the output of a program running on your computer that retrieves information about your LSOs. We’re assured that none of the details are transmitted to Adobe.

Take a look at the Website Privacy Settings tab — the second tab from the right — to see the LSOs stored on your computer. I bet you’ll be surprised. On my systems, I got some very unexpected entries (MSN?), some that are completely predictable (123greetings, YouTube, MTV), and many that rate as inscrutable. (Hint: YTIMG.com = YouTube Image Generator, which shows thumbnails.)

If you find a particularly offensive LSO, delete it by clicking the LSO’s name and choosing Delete website.

Stay private by blocking third-party LSOs

Just as there is almost no reason to allow third-party cookies on your computer, there’s precious little reason to invite third-party LSOs onto your hard drive.

To prevent the Flash player from storing third-party LSOs, open the Flash Player Settings Manager via the link above and click the second tab from the left to view the Global Storage Settings dialog. Uncheck Allow third-party Flash content to store data on your computer.

The change takes effect immediately.

Adobe treats your privacy as an afterthought

The Flash Player’s security settings have a long, checkered history. At one point, rogue Flash programs could activate your computer’s camera or microphone without your knowledge or consent. Fortunately, that hole’s been plugged.

You have to wonder whether Adobe can guarantee that its LSOs can’t be abused. Microsoft has had trouble with bugs that expose cookies to miscreant programs. Can Adobe succeed where Microsoft has failed?

I’d like to see Adobe build two key features into the Flash Player. First, we need a way to make security and privacy changes to the program without having to go to the company’s site. The Flash Player Settings Manager is an anachronism that doesn’t do anyone any good.

Second, we should be warned whenever there’s Flash content on a page. I don’t like the idea of running a Flash program with no visible indication that something’s going bump in the night.

Of course, for those so inclined, a browser add-in such as Giorgio Maoni’s NoScript (which Becky Waring described in her Best Software column on July 17, 2008) will prevent Flash programs from running without your permission. Still, we really should have LSO-blocking features built into the Flash Player itself.

LSOs have been around for more than five years — forever, to a first approximation. Isn’t it time Adobe gave us the tools we need to track and control them?

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

The best sites for identifying suspicious files

By Ryan Russell How can you discern whether some mystery program running on your computer is malicious or serving a useful purpose? Online services help you determine the best course of action after you find a file you suspect may be malware.

Best online malware scanner that identifies risks

When you find malware on your PC, the best thing to do in most cases is to run a program designed to remove such pests. These include antivirus programs, antispyware programs, and rootkit removers. When you become infected by spyware, the program usually attracts other malware, so your system may be overrun in short order.

Anti-malware programs will eliminate the bulk of the infections and make your system usable enough to allow you to troubleshoot further. Of course, the safest and simplest response is to format your hard drive, reinstall your OS, and start over. That’s rarely the most practical solution, however.

The volume of new malware is huge, and even the best anti-malware programs aren’t perfect — even when you keep them updated. Also, your AV vendor may not offer defenses for the latest zero-day threats; someone always has to be the first victim.

Sometimes that first victim might be you. For any number of reasons, you may someday have a virus or other malware on your computer even though your anti-malware program says your PC is clean.

Easily, my favorite site for checking suspicious files is VirusTotal.com. Simply browse to the site and follow the instructions to upload the files. The site will scan the files, which usually takes only a few minutes.

VirusTotal runs the files through updated versions of 36 anti-malware programs that the service maintains, and then presents you with the scan results. As an example, I submitted a file that showed up unsolicited in my e-mail, purporting to be a video of a certain starlet. I uploaded anjelina_video.zip and was informed by VirusTotal that 26 of the engines had flagged it as a Trojan.

Most antivirus vendors offer a similar file-upload service that uses their own virus engine. These services can also be used to submit a file that’s infected with a form of malware that the AV vendor has never seen before.

As a side note, don’t play with malware samples the way I did. It’s far too easy to make a mistake and infect your own system. I have done so a couple of times, and I consider myself pretty knowledgeable. This is the sort of activity that makes real AV engineers point at me and laugh. However, if the file is already running on your machine, there’s no harm in checking it out at that point.

Best sites that describe particular filenames

Malware-scanning sites are great, but they’re way too slow if you have a dozen files you need to analyze right away. For these situations, start by searching for a description of the file and then decide whether it needs to be scanned. For that function, I use sites that track files by name and describe their purpose.

When you enter a filename in Google, you’ll likely be pointed to a handful of sites that help you identify files by their names. My favorites are File.net, UniBlue’s ProcessLibrary.com, and WhatsRunning.net.

Each of these sites lets you search for a filename and then gives you some idea of the file’s source and purpose. Usually, the description provides all the information I need to determine that the file is safe and should be running on my PC.

Note that most of these sites feature a downloadable utility program or Web service you can use to scan for files. I have used only their database functions and have not looked at these extra services. If you would like me to review one or more of those, please drop me a line via the Windows Secrets contact page.

Other sources for help with mystery files

On occasion, these steps will not be sufficient to identify your enigmatic files, so you’ll need some advanced techniques. This may require some specialized skills such as reverse-engineering and disassembly. These advanced approaches can’t be taught in a few short columns. Also, the tools required are expensive. But don’t fear; you have simpler, less-expensive options as well.

First, if you pay for an antivirus subscription, almost all AV vendors offer a way to submit samples. If they turn out to be viruses, the service will produce signatures that will detect and remove them. These upload services should be your first option.

If you have the patience to follow the detailed instructions and perform several iterations, you can use a site such as CastleCops.com, where many malware experts gather to assist people in using advanced virus-scanning tools and interpreting the scan results.

I’ve seen many threads at CastleCops wherein someone had posted a strange symptom and an expert was able to offer advice on techniques to try, ultimately resulting in removal of the malware in question. Nice work.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Sandboxie works with 32-bit Vista but not 64-bit

By Dennis O’Reilly

We received a positive response to Gizmo Richards’ sandboxing-utility review that appeared in last week’s Best Software column.

However, Adam Benson was one of several readers to alert us to the fact that, contrary to what the article stated, Sandboxie does work with 32-bit versions of Vista, just not with Vista 64:

• “It talks about Sandboxie, which is a simply amazing product that I’ve been using for a few years — most of which has been on Vista 32-bit. The article says Sandboxie doesn’t support Vista, but that is not correct. It does have issues with 64-bit Vista but runs fine on 32-bit.”

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.