The pros and cons of switching to Windows 7

The pros and cons of switching to Windows 7

By Woody Leonhard

If you’re still sitting on the fence about upgrading to Windows 7 — after all, it’s been widely available for all of a few hours now — I’d like to regale you with my top eight reasons to jump in with both feet.

I’ll also tell you three possible reasons for keeping the new OS on the shelf — for a while, at least.

After you wade through the Win7 marketing hype, you’ll find a solid core of real improvements in the new release. There are many aspects of Windows 7 that cry out for adopting it and just a few that suggest sticking with Vista or XP.

• 8. Windows 7 is easier on the eyes

No doubt you’re way beyond the stage where fancy wallpaper and cute icons curl your toes, but any way you look at it, Windows 7’s a stunner. From wallpaper that changes itself to the tightly controlled group of icons in the area near the clock, Win7 puts the things you need most where you need them. The OS also moves the flotsam out of the way.

Since there’s no Sidebar in Windows 7 — good riddance, I say — Win7’s gadgets move to the high-rent district of the desktop, where you can move, resize, and snap them together neatly.

• 7. The Action Center puts all the nags in one place

Windows XP and Vista are notorious for scattering important information all over creation. At the same time — and quite perversely — every two-bit application you install on an XP or Vista PC can pop up annoying messages, distracting your attention while you’re trying to get some work done.

Win7 reduces the shrill impositions to a minimum by funneling almost all interactions through the Action Center. Yes, the Action Center has its roots in the old Security Center, but it’s all grown up now.

The Action Center serves as traffic cop for announcements that inform, warn, and often annoy. But rather than a pop-up window, the only alert you’ll see is a flag in the notification area (near the clock) that turns yellow or red as needs dictate.

• 6. Win7’s security is stronger and less intrusive

Security stuff gets complicated very quickly. Suffice it to say that Windows 7 is significantly more difficult to crack than Vista, which in turn was an order or magnitude tougher to break into than XP. (Internet Explorer and the .NET Framework are noteworthy exceptions.)

Compared to Vista’s in-your-face User Account Control (UAC), the equivalent in Windows 7 is clipped and reined in. You can get to the settings easily. For most people, security won’t be nearly so difficult in Win7 as it was in Vista — and it won’t be as, uh, permeable as it was in XP.

• 5. You can make a movie of what ails your PC

If you haven’t seen Windows 7’s new Problem Steps Recorder (PSR), you owe it to yourself to try it. Click Start, type psr, and hit Enter. This little utility lets you record everything on the screen — except the stuff you type — as it happens. When you’re done, PSR spits out an MHTML file that can be opened and played back in Internet Explorer.

Like the Snipping Tool in Vista (also available in Win7), once you try PSR, you won’t know how you ever lived without it.

• 4. Search works — finally!

Windows XP’s built-in search feature is a slow, painful, buggy joke. In Vista, search is a little less labored, occasionally usable, but still unreliable.

In Windows 7, Microsoft has, at long last, woven search into the operating system itself. There’s no noticeable system overhead, searches proceed fairly quickly, and — most important of all — the results are accurate.

You can initiate a search from just about any location in Windows 7: on the Start menu, inside Control Panel, and in Windows Explorer. Although there are a few idiosyncrasies — such as no true wildcard searches and text searches that match only the beginnings of words — searches in Win7 usually find what you’re looking for.

• 3. You get better control of your devices

Windows 7 centralizes control of all devices: printers, MP3 players, phones, keyboards, mice, fax machines, and anything else you plug into your computer. The controls all appear in a place called Device Stage.

The revolutionary part of Device Stage isn’t its omniscience. Windows has had various Devices and Printers–type capabilities for years. Device Stage differs in that manufacturers have started writing their drivers to hook into Device Stage directly.

If you’re tired of having 10 different programs in 10 different places to control your attached hardware, those days are rapidly drawing to a close. The junky little programs that go with the devices will disappear, too. At least I hope they will. So long, commercial driver-update utilities!

• 2. Win7 Libraries beat out My Documents any day

I first described Windows 7’s Libraries feature in my May 14 Top Story. While Libraries don’t do away with the need to organize your files, they make it much, much simpler to track files and put them in the right locations.

“A place for everything, and everything in its place,” as Mom used to say. With Windows 7 Libraries, file management is easier than ever.

• 1. HomeGroup makes sharing safe, fast, and fun

A stroke of pure design genius, Windows 7 HomeGroup bundles all the sharing options you’d likely want in order to make files, printers, and media accessible to any other Windows 7 PC on your network.

As described in my May 14 Top Story and my Oct. 1 Woody’s Windows column (paid content), homegroups work only among Windows 7 PCs — there’s nothing analogous in XP or Vista. Still, sharing among Win7 PCs couldn’t be simpler.

Three reasons why Windows 7 isn’t for everybody

Despite these and other Win7 positives, there are at least three good reasons for Windows XP and Vista users to stick with their current OS:

• 3. If your PC isn’t up to snuff, fuhgeddaboutit!

While Windows 7’s hardware demands are less stringent than Vista’s, there are zillions of PCs that simply can’t handle Win7.

In my March 5 Woody’s Windows column (paid content), I described how to convert any three- or four-year-old desktop PC into a Windows 7 wonder by bumping it up to 2GB of memory and sticking in a sufficiently powerful video card. I’ve retrofitted dozens of Windows XP desktops in this way, and the results are hard to believe. With a little bit of goosing and a couple of hundred bucks, those old PCs run Win7 much faster than they used to run XP.

However, if you have a desktop machine or laptop that’s more than a few years old, upgrading its hardware to support Windows 7 is likely more trouble than it’s worth. Don’t bother.

• 2. If your hardware or software demands XP, stick with that OS

The XP Mode built into Windows 7 Professional and Ultimate is a Virtual PC–based implementation of XP. XP Mode makes sense for large companies that want to get the benefits of Windows 7 but have to put up with hardware or software that runs only under Windows XP.

For the typical home or small-business user, however, XP Mode is a pain in the neck. My advice? If the Windows 7 Upgrade Advisor (which you can download from the Microsoft Windows 7 site) indicates that your XP setup isn’t compatible with Windows 7, either upgrade the machine’s software and hardware or give up on running Win7 on the system. Life’s too short.

• 1. Don’t try to fix what ain’t broke

By far the most-compelling argument for staying with Windows XP or Vista is this: The Windows you have now does everything you need, and you aren’t overly concerned about rootkits or other nearly invisible malware hosing your machine. In this case, there’s no compelling reason to go out on a limb with Win7.

Replacing your operating system is slightly simpler than performing a self-administered brain transplant, but it’s still no walk in the park. In the vast majority of cases, upgrades to Windows 7 go in smoothly, with a few minor irritations — maybe you can’t find the install CD for an old program, for example, or you forgot to write down a password.

But in a small percentage of cases, the Windows 7 installation doesn’t go well at all. As they say, stuff happens. Any upgrade could potentially become calamitous, and Windows 7 isn’t immune.

If the thought of upgrading your system makes you lose sleep, hey — don’t worry. Better the devil ye ken, eh?

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

Behind the lens of Google street view

By Stephanie Small Ever wonder what goes on behind the scenes of Google’s infamous street view? Videotaping each street in America simply must be a daunting — yet seemingly fun — job that anyone would want to do, right? Watching this video may make you think differently. Two characters, Evan and Mark (or is it Mike?), provide an eye-opener on what is perhaps the longest road trip ever. The next time you look at Google street view, keep this amusing video in mind — it’ll change how you see things! Play the video

Automatic driver updates may spell trouble

By Fred Langa Automatic software-update tools are great — when they work. However, the more complex and nonstandard your system configuration, the greater the likelihood that an automatic-update tool will go wrong … go wrong … go wrong ….

The trouble with automated driver updates

All Jake Jacoby wanted to do was update his drivers. Then the endless loop started:

• “I have Win XP as my OS. I’ve tried several driver-update programs and always get the same results. They detect drivers that require updating. I use their routines to download the updated drivers. However, for some reason the update never seems to take.

  “The next time I run the update program, I get the same results — drivers need to be updated. Can anyone help me with this problem?”

Ah, Jake. You’re experiencing both the fullest glory and the deepest horror of the Windows world, where there is an almost-infinite number of possible permutations of hardware, software, and user action. It’s a tall order to write update software that can handle such a vast range of PC configurations.

No, strike that: It’s impossible. Even Microsoft — with an army of programmers and a wealth of insider knowledge at its disposal — occasionally stumbles and releases toxic updates for its own operating system. And the third-party drivers that Windows Update occasionally offers have a success record that falls somewhere between “marginally OK” and “truly awful.”

It’s really a testament to clever programmers that update tools work as well as they do on the majority of PCs. Indeed, if you have a fairly standard machine with a typical configuration of hardware and software and use it in fairly standard ways, automated maintenance tools may work just fine.

But for you and most of the people reading this newsletter, chances are your system has been — or will be — modified in some way that alters the standard mix of drivers. Maybe you’ve changed monitors or swapped out the video board or sound card. Maybe you’ve added or upgraded a drive or reconfigured the PC’s network setup.

Also, you’ve probably hung all manner of gizmos off the USB ports, whether temporarily (like a camera) or semi-permanently (like a printer). Many of those USB devices require their own drivers. Heck, some of you have even changed your system’s entire motherboard, introducing all-new on-board hardware.

And I bet you don’t always accept the default settings offered by your software’s installation routine. To top it all off, there’s a near-certainty that your copy of Windows isn’t even close to the same configuration it was on the day you first booted it.

Pile up enough of these customizations and changes, and you can end up with a system that’s simply beyond the ability of update software to manage.

There’s no harm in trying various automated-update tools. If you follow the instructions carefully and run the program as an administrator, the updater will work fine on most PCs. But the more you use and customize your system, the more likely you’d do as well updating your drivers manually rather than via an automated tool.

That’s why I prefer to perform manual driver updates — and recommend that you do likewise.

Drivers usually don’t change all that frequently, so two or three times a year, make the rounds of the sites of your system’s hardware vendors. For big-brand PCs, the OEM site probably offers a one-stop shop for all current drivers as well as for brand- and model-specific update software that works much better than generic, third-party or all-purpose update programs.

If you piece-built your system or have modified it significantly, visit the site of each major subsystem maker. For example, look for new drivers for your video, audio, motherboard, and network subsystems — plus any printers, cameras, or other major hardware you connect to the machine.

Before you install the new drivers, read their descriptions and determine what has changed since your existing drivers came out. There’s no particular benefit to getting the very latest drivers unless the new software fixes a bug you’re experiencing or is clearly an improvement in some other way.

If your current driver is working fine and the newer driver doesn’t address issues that could improve your setup, leave your existing (stable) driver alone.

Once you’ve figured out which — if any — new drivers you really need, download and install them one by one rather than all at once. Use your system for a while after each installation to ensure that everything’s hunky-dory. Then install the next new driver and repeat the process.

The manual approach to driver updates will likely fix your problem, Jake, and let you accomplish what the automated update tool couldn’t!

Make one file appear to reside in many places

John Madison needs a way to have files seem to be in many different locations while actually being in only one:

• “If I want to access a file or document from several different locations, how do I do it? For example, I have a business letter from my brother saved in My Documents. I want to be able to see that document from different locations (folders), such as ‘family letters,’ ‘brother correspondence,’ ‘business,’ etc.

  “Can I do that without having an actual copy of the letter in each separate folder?”

Sure, John. There’s an easy way to accomplish this in all Windows versions, and Windows 7 introduces an even easier way.

In any Windows version, first create a shortcut to the file you want to access from multiple locations. Then copy that shortcut to whichever folders you wish.

So if the letter from your brother is in the “family letters” folder, open that folder, right-click the file, and select Create shortcut. Copy and paste the shortcut to any other folder you wish: “brother correspondence,” “business,” etc. The original file will stay where it was, but you can now access it via the shortcuts in those other folders.

Windows 7 extends this concept via its Libraries feature. Think of a Windows 7 Library as a kind of virtual folder that can contain files or folders from anywhere else without actually moving those files or folders from their original location.

For more on Libraries, see Woody Leonhard’s “Two big reasons why you’ll like Windows 7” in the May 14 Woody’s Windows column.

Either the shortcut approach or Win7’s Libraries gives you multiple ways to access files without having to duplicate the files themselves.

Capture text in dialog boxes and folder windows

Roy Stehle needs an easy way to capture text that’s normally “uncopyable”:

• “I’m looking for a tool that will capture a textual version of the files displayed by Windows Explorer or the [Windows] search tool. If I highlight the content, it copies the files rather than the names and properties of those files.

  “I could do a screen capture and do OCR on the result, but that’s awkward and error-prone. I can use DOS dir commands for directory listings, but that doesn’t capture the content of windows, such as the search results. Any ideas on how I can accomplish capturing special window contents as text?”

What you need, Roy, is a text-capture tool that can grab any text that appears anywhere on your screen and turn it into plain, ordinary, editable text that you can copy and paste as you wish.

The tool I’m most familiar with is TechSmith’s Snagit, which has a 30-day free trial and costs $49 thereafter. Visit the TechSmith site for more information and a download link. I use Snagit primarily to capture the text that’s displayed in dialog windows, and it works fine for that purpose. But Snagit is really a general-purpose screen-capture tool that lets you grab and manipulate anything that appears on the screen, including video and graphics. As such, the program may be overkill for your needs.

If you want to capture only text, the aptly named CaptureText may be just the ticket. Read more about the program and download it from the vendor’s site. It comes with a 21-day free trial, so you can see whether it’s to your liking. If you keep it past that, you have to pay $29.95.

There are several free text-capture tools out there, but I’ve never found one that works as well as the commercial models.

What’s with the ‘no room on the server’ error?

James P. Biddle’s network is denying access with an unusual error message:

• “I’ve allowed file sharing on my network. On one other computer, I can see the shared-files folder but can’t open it or view the files. I get some message that there’s no room on the server. The computer with the files is XP Pro. The other computers on the network are a Vista (soon to be Win7) and an Ubuntu. On that one, I get a ‘failed to mount’ error. Any suggestions?”

I’m guessing the exact Windows error message was the uncommon, “Not enough server storage is available to process this command. …” This message can appear when trying to establish a network connection on a PC with a too-small IRPStackSize parameter. It’s uncommon, yes — and also pretty obscure.

IRP stands for Input/Output Request Packet. A “stack” in this context is a kind of scratchpad memory. If Windows’ IRPStackSize is too low, the OS starts refusing new service requests, including network connections.

The problem is so rare that it hasn’t come up in this column for almost two years, but I hope you’re glad to know that it has come up before. You’ll find the full solution — including easy instructions for changing the IRPStackSize parameter — in my Nov. 15, 2007, LangaList Plus column, “Increasing stacks resolves network issue.”

Isn’t it nice when an obscure problem has an easy solution?

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.

More on router upgrades, settings, and passwords

By Ryan Russell Readers responding to my Oct. 8 column on router security asked primarily about three things: upgrading a device’s firmware, saving its configuration settings, and encrypting wireless devices. These activities can be tricky but can also pay huge benefits when done deliberately.

Is upgrading a router’s firmware worthwhile?

If you’re thinking about upgrading your router’s firmware, you need to answer three questions:

• Should I upgrade to the latest release simply because it’s available?
• Where do I find the upgraded firmware?
• How do I determine what is fixed or changed in the new firmware version?

Good reasons to update your router’s firmware are (1) to enhance performance, (2) to improve reliability, or (3) to add a new and useful feature, such as a stronger form of encryption. Unfortunately, it’s not always easy to determine an upgrade’s new features.

The first place to look for a list of new features is the same place you found the firmware itself: the vendor’s site. The trick is finding the information, which for some reason is often hidden.

For example, I use a D-Link DIR-450 router. In my search for a firmware upgrade, I went first to the D-Link site and clicked the link for the DIR-450 product page, then Support Resources, and then Firmware. There I found download links for firmware releases 1.03 and 1.02. Beside the first link, it says Added support for Verizon PC5750. OK, that’s clear enough.

But accompanying the second download link are two notes: Supports Pantech PX-500 card and Fixed DDNS. The first one I get, but the second’s a little terse. Is that a security fix? I couldn’t find any release notes to explain Fixed DDNS in greater detail.

Next, I checked a couple of vulnerability databases. At SecurityFocus, I found a description of a bug in the D-Link DIR-400: an Unspecified Remote Buffer Overflow Vulnerability, to be exact. That’s not the same model as the DIR-450, but the D-Link site disavows any knowledge of a model DIR-400.

Is that because the DIR-400 has been discontinued? A Google search confirms that there was a D-Link DIR-400 router. Do I assume that the two models share code and, therefore, vulnerabilities? The listings at the Open Source Vulnerability Database site have no information on the D-Link DIR-400 or 450, but the database indicates that there are lots of bugs in other D-Link routers.

After weighing the pros and cons, I decided to apply the latest firmware version. You may have better luck when you research the firmware update for your router, but there’s likely to be some detective work involved in the process.

Will an update knock out my configuration?

As I mentioned in my previous article, firmware upgrades are risky because there’s a small chance you’ll brick the router. Also, you’ll probably have to reconfigure the device once the upgrade is finished. That’s why you should upgrade only if doing so will provide some clear benefit.

Reconfiguring your router after a firmware update is a hassle, no doubt about it. Some readers, pointing out that their routers have a “back configuration up” option, wonder whether they could use it to restore their current configuration after the upgrade.

The answer is, of course, a resounding “maybe.” In fact, you might not lose your current configuration when you upgrade your router’s firmware. But I’d be doing you a disservice if I said you could count on that. Whether an upgrade will preserve your current setup depends on the router and on which version of the firmware you’re upgrading to.

Moving from version 1.0.2 to 1.0.3 is likely to retain your custom settings, but jumping from version 1.0.2 to 2.0.4 might reset the device to its default configuration. Play it safe by writing down or printing your current settings. Then try the saved-configuration option, if it’s available. If you need to twiddle the device post-update, you’ll be ready.

Even if the upgrade appears not to have changed your settings, it’d be wise for you to check your configuration after the upgrade. Also, if you suspect your router’s settings were changed by the update, you’ll have a copy of the previous settings for comparison. Having a backup on hand is always a good idea.

If you saved the configuration file before the firmware upgrade and find that the settings changed post-update, there’s no harm in attempting to restore the previous setup. But there’s a good chance the new firmware won’t recognize the configuration file saved by the previous version.

Is the wireless-encryption password important?

My earlier column on the subject emphasized changing your router’s default administrative password. Reader J. T. Merrill points out that I should give equal time to a wireless device’s encryption password.

Quite so. You probably know that your wireless-encryption password should be as random as possible. The consequences of using one that’s easy to guess may not be obvious. Anyone within wireless range could sign in to your gateway and use your Internet connection for heaven knows what. Your router password also provides access to your computer, so the interloper will be privy to its information, too.

The usual password advice applies: use 12 or more random characters and avoid common words, names, phone numbers, and any other guessable sequence. For more on crafting tough but easy-to-use passwords, see WS contributing editor Becky Waring’s Aug. 6 Top Story, “Gmail flaw shows value of strong passwords.”

If your router still uses the old Wired Equivalent Privacy (WEP) encryption standard — or even worse, if you’re currently using no encryption on your wireless network at all — upgrade right away to a wireless access point that supports the newer, safer Wi-Fi Protected Access standard (WPA or WPA2).

WEP is tantamount to using no encryption at all. Instructions for breaking WEP are easy to find on the Internet. See the Wi-Fi Alliance site for more on WPA2, the strongest wireless encryption that’s commonly available.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Mozilla blocks, then unblocks Microsoft add-ons

By Susan Bradley Two Microsoft add-ons for the Mozilla Firefox browser — .NET Framework Assistant and Windows Presentation Foundation — were temporarily blocked this week by Firefox staff because of vulnerabilities announced by the Redmond company on Oct. 13. Firefox experts may allow the use of both add-ons by the time you read this, but for safety’s sake, users of all browsers should apply the Microsoft patch immediately.

MS09-054 (974455)
Firefox users need to apply so-called IE 8 patch

Many Firefox users were greeted with a rude surprise when they opened their browsers on Oct. 16 or later. A dialog box advised Web surfers to disable two Microsoft add-ons that some Firefox users didn’t even know they had: .NET Framework Assistant 1.1 and the Windows Presentation Foundation (WPF).

The Mozilla Foundation had placed the Framework Assistant and WPF on its list of blocked Firefox extensions, saying the add-ons posed a risk of remote code execution.

In a blog post on Oct. 16, Mike Shaver, Mozilla’s VP of engineering, explained that the two add-ons had been blocked because these extensions posed a threat and many users had difficulty removing the extensions manually.

An updated post by Shaver on Oct. 19 explained that the Assistant was not vulnerable, causing the block to be lifted. WPF is vulnerable, he wrote, but Mozilla will unblock it as soon as Microsoft’s fix has been widely installed.

My Feb. 12, 2009, Patch Watch column warned that the .NET Framework update known as KB 951847 added an extension to the Firefox browser without warning. Furthermore, the extension grayed out the Uninstall button that such programs usually support.

(My March 12 column included instructions for manually removing the unwanted .NET add-on from Firefox. Microsoft subsequently released a version of the extension that could be disabled or uninstalled via Firefox’s own user interface, as described in KB 963707.)

Last week, Microsoft acknowledged a vulnerability in .NET Framework, as Computerworld’s Gregg Keizer reported on Oct. 19. MS security bulletin MS09-054 (974455) plugs that hole, which affects users of Internet Explorer 5, 6, 7, and 8. It’s ironic that Mozilla officials such as Shaver now say the .NET Framework Assistant isn’t vulnerable in Firefox.

Whether you use IE or Firefox as your primary browser, make it a priority to install MS09-054. To verify that this update has been applied to your PC, open Windows Update or Microsoft Update. In XP, choose Review your update history. In Vista, select View update history. On the resulting list, look for words such as “Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB974455).”

The purpose of Microsoft’s .NET Framework Assistant and WPF is to allow corporate applications developed with .NET to run in Firefox. If you use no such apps, you should remove the two extensions to avoid any inherent security flaws.

To do so, launch Firefox, pull down the Tools menu, and select Add-ons. Click Extensions, scroll to Microsoft .NET Framework Assistant 1.1, and choose Disable. Next, click Plugins, scroll to Windows Presentation Foundation 3.5.30729.1, and click Disable.

You can also neutralize extensions by turning on the Disable check box if you see a Firefox dialog warning you about add-ons with security problems. (See Figure 1.)

Figure 1. The Firefox alert notifying users of blocked add-ins now allows the Disable check box to be checked or unchecked by users.

Initially, the Firefox alert didn’t offer an option to retain the two extensions. The dialog reported only that the add-ons had been blocked, and it recommended restarting the browser. (See Figure 2.)

Figure 2. The original Firefox blocked-extension warning didn’t allow users to unblock the Microsoft add-ons.

Corporate users complained that they needed the extensions to run in-house apps in Firefox. In response, Mozilla added the Disable check box, letting people retain use of the .NET and WPF add-ons if desired.

By contrast, you may wish to rid your system entirely of .NET Framework Assistant and the WPF plug-in. Merely uninstalling the software, however, does not suffice for maximum security. You must also apply MS09-054 (974455) to ensure that your system is protected.

Adobe Reader update demands AIR time

Users of Adobe Reader 9.1.3 and Acrobat 9.1.3 should update this week to versions 9.2 of the programs. Unfortunately, you must be aware that the Adobe Reader update available for download from the company’s site installs the Adobe AIR runtime environment. You must also be sure to uncheck an option to install the Google Toolbar when you apply the Reader update.

Users running version 8 of Adobe Reader or Acrobat should update to version 8.1.7. Those using version 7 of either app should update to version 7.1.4. I recommend against using versions older than 7 because they’re insecure.

To avoid installing unwanted junk, you can update to version 9.2 of Adobe Reader without downloading AIR as well. To do so, go to the Reader page on FileHippo.com, which has the new version without the AIR component. After you install the update, reboot to ensure that your system is protected.

I haven’t heard of any problems when applying the new versions of Adobe Reader and Acrobat. However, I’m not fond of Adobe bundling AIR with its Reader update.

It’s time for consumers to vote with their downloads and choose an alternate PDF reader, such as Foxit Software’s free Foxit Reader. It can be downloaded from the company’s site.

MS09-056 (974571)
Patch knocks out MS communications servers

In the week since MS09-056 (974571) was released, organizations using Microsoft’s Live Communications Server (LCS) and Office Communications Server (OCS) have been struggling with a huge problem caused by the patch. Microsoft, as of this writing, hasn’t released a fix. The glitch makes the servers think they’re running an evaluation copy of the software, one that has since expired.

Considering that Microsoft uses LCS and OCS on its own internal messaging systems, the problem and lack of a fix are doubly irksome.

The minute you install MS09-056 on a server running either of these two programs, the internal messaging systems stop functioning. A message pops up, stating that the software is in trial mode.

An easy workaround is to uninstall the patch from the servers. This makes the internal messaging systems start working again after a reboot.

However, uninstalling the patch makes the machines vulnerable to a spoofing attack. Many small organizations rely so heavily on Live Communications Server that possible spoofing is considered an acceptable risk. But for large firms, the situation is not so easy to ignore.

Microsoft should have caught this major “oops” before the update went out the door. This black eye for Redmond provides one more example that people who patch on Day 1 may get arrows in their backs rather than the stability they sought.

Back up before applying iPhone updates

In addition to updating Windows machines in my office, I also patch Macs and iPhones. Recently, a glitch that occurred while I was updating an iPhone to software version 3.1.2 reminded me of the importance of backing up the devices before installing updates.

The patch in question fixes a freeze-up problem and adds other performance enhancements. Unfortunately, one of the iPhones being patched froze up during the update process, causing the phone to revert to its factory defaults. All the apps purchased for that device were lost as a result.

By synching the device before installing updates, you ensure that its applications are also backed up. If you neglect to sync beforehand, a possible workaround is to return to the Apple App Store. As a previous customer, you should be reoffered — for free — the apps you purchased.

However, you may forget which apps you actually bought, and the App Store checks your purchase history only after you choose to buy the program again.

Having a full sync in place is better. That way, you’ll be able to list all the phone’s apps without having to rely on your memory.

MS09-061 (953297)
Reinstalling a fix cures a .NET patch headache

Yet another .NET patch is sending IT staffers scrambling for the Excedrin bottle. Applying MS09-061 (953297) generates error codes 0x643 and Ox64c for many PC users. Typically, the only fix is to uninstall .NET and then reinstall it. What fun!

If you have this problem, please let Microsoft know about it. The company needs to see the impact of .NET patching problems on its customers.

To report the problem in the U.S. or Canada, call 1-866-PC-Safety or use the e-mail or chat options on Microsoft’s support site. In other countries, you can find support information on the company’s international support page.

To fix the patch errors, use Aaron Stebner’s free .NET Framework cleanup tool, which is available on Aaron’s MSDN blog. Then reinstall .NET minus the problematic patch.

Every time a .NET patch is released, these types of problems arise. I think it’s time Microsoft got an earful from the people who work so hard to clean up the company’s messes.

MS09-062 (970892)
More headaches from SQL patch on XP SP3 systems

Another major headache caused by this month’s patches is the SQL update MS09-062 (970892), which is trashing XP systems in particular.

Before applying the update, click Start, Control Panel, Administrative Tools, Services. Scroll to the “M” listings. Make sure all services beginning with the letters MSSQL have the status of Started.

If doing this doesn’t avoid the problem, call 1-866-PC-Safety in the U.S. and Canada or go to the Microsoft support site and contact the company via e-mail or chat. Outside the U.S. and Canada, find the support number for your area on the company’s international support page.

Cryptic CAPI2 errors hit Vista workstations

Several readers have contacted me recently after finding cryptic CAPI2 Event ID 11 errors in the event logs of their Vista machines.

The error indicates that the system can’t extract the third-party root list from the auto-update .cab file. Also, a required certificate isn’t within its validity period when compared with the current system clock or the timestamp in the signed file. Whew!

This may be caused by corrupt certificate data on the server. Microsoft support personnel recommend that you back up and delete the contents of the following folders in Vista:

• C: Windows  System32  config  systemprofile  AppData  LocalLow  Microsoft  CryptnetUrlCache  Content
• C: Windows  System32  config  systemprofile  AppData  LocalLow  Microsoft  CryptnetUrlCache  MetaData

Next, back up and delete the certificates listed under the following Certificates key in the Registry:

HKEY_LOCAL_MACHINE  Software  Microsoft  SystemCertificates  AuthRoot  Certificates

Finally, restart the computer and verify that the problem is fixed.

MS09-054 (974455)
IE patch may cause scripts to generate errors

MS09-054 (974455) — the same bulletin that caused Firefox to block two Microsoft extensions this week — also introduces new safety checks to address security vulnerabilities. As a result, you may find that certain Web sites generate a Type Mismatch script error on pages using VBScript or JavaScript.

The error is documented in KB 976749. At this time, Microsoft recommends leaving the patch in place. Most of the pages affected are hosted on non-U.S. servers, but pages hosted in any country might display the error.

MS09-058 (971486)
Some patches just don’t know when to quit

Many people report being offered MS09-058 (971486) over and over again. If this happens to you, please let me know via the Windows Secrets contact page.

So far, I’ve seen a couple of posts about this problem in the PC Review and Secunia forums. The affected machines run Windows XP and appear to be from HP, Dell, Compaq, and System Builders.

The solution: Overwrite the update so it copies over the affected files. The Bit Defender forum provides instructions for doing so.

I hope Microsoft will eventually fix the update so it can overwrite the corrupt OEM files. But in the meantime, the workaround should solve the problem.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.