Thwart malware attacks by locking out bad sites

Windows Secrets readers get a free e-book bonus

All subscribers, free and paid, are eligible through June 4 to download a 20-page excerpt from Delete This At Your Peril (left). In this hilarious book, the author replied to notorious Nigerian and Russian get-rich-quick spam, asking the perpetrators for more and more outrageous conditions. When they agreed to pay him in golden statuettes, I was falling off my chair laughing — and that’s only the beginning! Maxim magazine calls it “brilliantly deranged.” To get your download, simply visit your preferences page, update your settings, and click Save. —Brian Livingston, editorial director

To get your free download: visit your preferences page
For info on the printed book: United States / Canada / Elsewhere

Tune in May 6 for debate on Microsoft licensing

By Brian Livingston

Craig Crossman’s Computer America radio program, which is broadcast in the U.S. and Canada and on the Web, will carry a special program May 6 on the controversy over the clean-install feature in Windows Vista.

You can listen in to the show and even submit questions you’d like the host to ask.

As you may recall, I reported in a Feb. 1, 2007, article that Microsoft developers had included a set of dialog boxes that clean-install the upgrade edition of Vista on a new PC. At the time, Microsoft was saying that this feature required the purchase of the full edition, which costs an additional $100 or so in the U.S.

After Service Pack 1 for Vista was released in March 2008, Windows Secrets associate editor Scott Dunn was the first writer to report (in an Apr. 3, 2008, article) that Microsoft had left the clean-install procedure in Vista. I wrote in follow-up columns on Apr. 10 and 24 about the reactions in the computer press and from Eric Ligman, the senior manager for Microsoft Partners.

Computer America co-host Carey Holzman has now invited Eric and me to debate this issue on his May 6 broadcast. I’ve accepted, but I haven’t yet heard whether the Microsoft executive has agreed to participate. If not, I’m sure the program will get an equally provocative guest to fill in for him.

Here’s the date and time, and how you can listen via broadcast radio or over the Web:

Computer America Radio Show
Tues., May 6, 2008, 10 p.m. Eastern/7 p.m. Pacific

To listen live on the Internet: visit Computer America and select Streaming Audio.
To find a local radio station: visit Business Talk Radio and search on your ZIP code.

Not all members of the Business Talk Radio network carry the Computer America show, so if the station in your area isn’t broadcasting the program, give yourself a couple of minutes to switch to the streaming audio feed. Thanks for your interest.

One final column before Fred Langa retires

I was hoping this day would never come. But today, we publish Fred Langa’s last column before he retires for good.

We knew something was up when Fred (at left in motorcycle helmet) stopped writing articles for five months: Apr. 19–Sept. 27, 2007. He took the time off to ride his beloved bike on a discovery tour across the U.S. and Canada and give four lucky readers his patented “Housecall” treatment.

After that, Fred wrote columns for another seven months, but this is really it. He’s been writing professionally, mostly about the computer industry, for an unbelievable 1E years! (That’s 30 years, for those of you who still count in decimal rather than hex.)

In an e-mail message, he recently told me and other Windows Secrets contributors, “Part of me will miss the tech writing, but part of me wants to buy an abacus and toss wooden shoes into the gears of high tech.”

Fred’s articles have been appearing recently in the paid section of our content. But this week, we’ve decided to make the last column of his long career available to all our readers, both free and paid. We’re sure that our paying subscribers won’t mind having one fewer column in our paid content, just this once.

I’ll let Fred tell you the rest in today’s column. Get some rest, my old friend. Ride, Fred, ride.

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Thwart malware attacks by locking out bad sites

By Scott Dunn Bolster your antivirus, firewall, and antispyware protection by customizing the IP address manager built into Windows. Redirect ad servers and other undesirable addresses in Windows’ Hosts file and update your unwanted-address list automatically for free with the HostsMan utility.

Forward undesirable IP addresses to Nowheresville

No single security program is guaranteed to keep you safe. That’s why you need to take a multilayered approach to PC safety. A quick, simple, and free way to strengthen your defenses is by editing Windows’ built-in IP address book, a.k.a. the Hosts file.

This system file converts domain names, such as “www.google.com,” into their corresponding IP addresses. In IPv4, the address is four sets of one-to-three numbers, with each set separated by a period. (For example, the last time I pinged www.google.com, the IP address was 74.14.253.99, though the service has oodles of addresses.)

The Hosts file performs a function similar to that of the DNS (Domain Name System) used by network servers. But unlike DNS, the Hosts file is under your control and overrides any mappings found in the DNS.

For example, when you enter a name such as WindowsSecrets.com in your browser’s address bar, the browser checks the Hosts file to see whether the domain name’s corresponding IP address is listed there. If the address isn’t in the file, the browser looks for it on a DNS server and then makes the connection.

By modifying the Hosts file yourself, you can prevent anyone using the PC without an administrator account from accessing unwanted sites. Prime candidates for blocking via this method are sites that host advertising, which can sometimes be a conduit for malware, as I explained in my Apr. 17 story.

To block a file served by the DoubleClick ad server, for example, you would add this line to your Hosts file:

127.0.0.1 ad.doubleclick.net

That’s because “127.0.0.1” is the local machine’s IP address, so your browser looks in vain on your own computer for files that are supposed to come from DoubleClick.

This technique not only blocks ads from the redirected sites, but also cookies and any other content they attempt to send.

Automate your Hosts-file tweaking

Of course, manually editing the Hosts file to include the hundreds of ad servers and other undesirable sites on the Internet — not to mention keeping it up to date — would be a Herculean chore.

Fortunately, a number of sites maintain files listing dangerous addresses with this very purpose in mind, and they make updates available on a regular basis. The most popular of these sites is WinHelp 2002, which orignally focused on blocking ads and banners but has since expanded to guard against many Internet threats.

Other useful sources for prefab Hosts files are Mike’s Ad Blocking Hosts file, Dan Pollock’s Hosts file, and a Hosts file from Bluetack Internet Security Solutions.

Many of the services provide an installer or batch file that can be used to replace your existing Hosts file with their own. If no such installer is included, back up your existing Hosts file and copy the new file in its place. Your Hosts file is located here:

C:WindowsSystem32driversetc

Some writers, such as Thomas Hruska, argue that your PC’s performance may be hindered because site blocking in this manner forces your browser to look in vain for a site it cannot find. If you notice a performance hit when you try this technique, you may be better off using special ad-blocking software such as NoScript for Firefox, as mentioned in my Apr. 17 story.

On the other hand, the WinHelp 2002 site argues that “a well-designed Hosts file can speed the loading of Web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load.”

Unfortunately, malware makers are also aware of the power of the Hosts file. Worms and Trojan horses are sometimes crafted to alter your Hosts file to block major antivirus and security sites. This prevents you from receiving the updates you need to stay protected from the dark side.

Other malware modifies the Hosts file so that when you try to visit your bank’s Web site, for example, you’re redirected to a phishing site mimicking the bank’s, where the crooks attempt to trick you into handing over account numbers and passwords.

Just as insidious, a malicious program could modify the Registry, which tells Windows where to look for the Hosts file. If that happens, you may be spending your time protecting the wrong copy of the file. The key is named DataBasePath and is located at:

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters

As a result, you also need to make sure both the Registry and your Hosts file are protected.

Start by checking whether your current security software has tools for protecting the Hosts file and monitoring Registry changes. Both the $40 ZoneAlarm Pro firewall and the $50 ZoneAlarm Internet Security Suite from Check Point Software protect the Hosts file from changes and notify you of attempts to do so.

Among free security software, Spybot Search & Destroy has a feature for locking out changes to the Hosts file. The free version of WinPatrol warns you if changes are made to the Hosts file or critical system files and lets you keep the previous version.

You can also keep your Registry and Hosts file protected by logging in to a nonadministrator account in Windows. This prevents any changes to these and all other system files.

Finally, regularly overwriting your Hosts file via one of the third-party updates I mentioned above will delete any changes made by malware.

Keep your Hosts file up to date

You’ll need an easy way to keep your custom Hosts file current. A number of free utilities will automatically download and install updated copies of third-party Hosts files. I tested several tools designed to manage your Hosts file, and my favorite is HostsMan, which includes a button for quickly disabling and enabling your Hosts file. This is useful if your browser is having difficulty contacting a site you’re sure you want to view.

HostsMan’s true talent is in keeping the Hosts file updated. While most Hosts-file fresheners tie you to a specific third-party file or site, HostsMan installs any or all of four popular third-party Hosts files. If none of those files suits you, HostsMan lets you edit the update list to add the URL of your favorite Hosts source.

Figure 1. HostsMan’s main window includes buttons for toggling, updating, or opening the Hosts file.
__________

The program’s update option (which can be invoked manually at any time) can either merge or overwrite your Hosts file with the updates you’ve chosen. I recommend the overwrite option, in case your file has been compromised by malware. When you install updates from multiple sources, HostsMan deletes duplicate entries automatically.

If your updates add Web sites you’d rather not block, just place those sites’ URLs in HostsMan’s exclusions list to keep them out of your Hosts file permanently.

HostsMan was also the only utility I tested that checked the Registry to find the Hosts file used by Windows. Other applications just keep working with the Hosts file in the default location, even if that location was rendered useless by a changed Registry key.

Unfortunately, HostsMan updates itself to the new Hosts location only when the program starts. If you leave HostsMan (and your computer) running all the time, you may need to restart the program if you think malware has compromised your Registry’s Hosts setting.

If you keep HostsMan running in your system tray, the program automatically updates your Hosts file in the background. The current version gives you no control over these updates, though; automatic updating occurs every 12 hours, whether you want to update or not.

The other Hosts-file updaters I tried were Hosts File Updater, HOSTS Secure, B.I.S.S. Hosts Manager from Bluetack Internet Security Solutions, HostsXpert from Funkytoad, and hpHosts. All five offer tools for editing, managing, and updating your list of URLs to avoid, although they lack HostsMan’s automaticity and other useful features.

Ad-blocking Hosts files aren’t the be-all and end-all of your malware woes. You still need a full arsenal of antivirus, antispyware, firewall, Flash blocking, and other security tools to keep your computer and your data safe.

Still, an additional layer of free protection is difficult to pass up. And when you have a tool like HostsMan to do the updating work for you, that’s more icing on the security cake.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

Checking IE7Pro's background gives a reader pause

By Dennis O’Reilly It should take more than glowing reviews to convince you that a free program is trustworthy. Suspicions have been raised about the source of one of the free apps a column recently listed, but there appears to be no cause for concern.

Who’s behind that ‘great’ free program?

When it comes to free software, it pays to be suspicious. Most such programs come with serious “gotchas”: some are loaded with ads, while others have many of their most useful features turned off unless you upgrade to the paid version.

And how do you know that the person or company behind the program isn’t putting your personal data at risk? Reader Sascha Timm questioned the legitimacy of one of the freeware programs Scott Dunn highlighted last week, concerned that IE7Pro may come from an unreliable source:

• “I used IE7Pro, too — and loved it, as it has features that are sadly missing in IE 7. However, I deinstalled it recently. Why? I figured out that the people behind IE7Pro are also behind Orbit Downloader (a downloader for embedded Flash, streaming audio, etc.). What is more, both domains (and more than 92 others, like iescripts.org and lyricsday.com) are registered to the same person.”

There’s nothing unusual about a single person registering dozens of domain names, nor one person or company offering many different programs. Still, if there’s anything about a program that raises suspicions that aren’t easily laid to rest, give it a pass and look for another that offers the same functions but comes from a source you’re comfortable with. There’s no such thing as an indispensible software program, no matter what Microsoft may claim.

The free Foxit Reader may be a challenge to find

How can you fault a company for pushing the fee-based version of its free programs? After all, everybody’s got to make a living. Still, it starts to look a lot like bait-and-switch when you see a free program promoted on one site and then, when you go to what you think is the program’s download page, you’re prompted to purchase the commercial version.

That’s what happened when readers Robert Eden and Armin Fields tried to find the free Foxit PDF Reader utility and were directed to the $35 Foxit Reader Pro Pack. Armin was even offered an odorous “bargain” from Foxit Software:

• “Foxit Reader is not free and does not belong on your list of free stuff. I just checked; they charge $35 unless I buy some product (say $29 for cigars; I don’t smoke).”

No need to pick up any habits just to secure a discount on a “free” software program. You can get it from Download.com’s Foxit PDF Reader page without the vendor’s runaround.

This puts a new twist on an old axiom: “If at first you don’t see the free-download link, try, try another site.”

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.

All good things come to an end as Fred reboots

By Fred Langa My final Windows Secrets column prompts some reflection and summation. Thirty years after getting my first PC, it’s time for me to hang up my mouse.

A look back at how it all began

I got my first real, non-kit personal computer almost exactly 30 years ago. I wrote software for that little beast and started a small company with a friend to market the programs we wrote. I also wrote magazine articles about the historic first crop of small PCs, including one of the very first type-and-run programs (in BASIC) to appear in a noncomputing magazine. I’ve been writing about PCs ever since.

Thirty years is a very long time in the computer industry, or in a human life, and it’s time for me to try something else. In short, it’s time to say good-bye.

In preparing to wrap up my work for Windows Secrets, I was asked by editorial director Brian Livingston a question that was as profound as it was simple: “What have you learned from the computing industry over the last three decades?”

Here are my short-form answers:

Don’t sweat the small stuff

For example, we all know someone who obsesses over CPU clock speeds, GPU texture fill rates, broadband RWIN size, or some other performance variable as if it held the key to computing happiness. The fact is, most computer users don’t notice performance differences until they’re in the range of 15% to 20% below “normal.”

People who use their PCs a lot and are well-accustomed to how their systems work are a bit more sensitive to performance, but even they don’t normally notice differences until the slowdown is greater than 10%. Computer pros and some very well-attuned individuals may notice speed drops of around 10%, but almost everyone needs a stopwatch to discern performance changes in the single-digit-percentage range. So why obsess over small differences that will most likely go unnoticed anyway?

Note that this doesn’t apply just to CPUs and GPUs. It also affects operating systems, hardware name brands, and even non-tech issues in life. Most small differences just don’t matter and aren’t worth getting worked up about.

The grass isn’t really greener in the next yard

All software has bugs and vulnerabilities. All hardware contains design flaws and can fail. Anyone who tries to tell you otherwise is nuts. For example, you’ll hear people claim that there’s a far smaller incidence of malicious hacking in the Linux and Apple worlds, and it’s true — up to a point. But there are far, far fewer target systems in those worlds. With most of the planet’s crackers trying to subvert Windows, is it really a huge surprise that more flaws are found in Windows than in other OSes?

This isn’t to say that Windows has been a paragon of security; heck no. But to flip it the other way and say “Linux doesn’t have many bugs” or “Macs don’t get hacked” is just plain silly. Nothing is perfect, and you’ll be happier with your PC — and with your life — if you simply deal with the flaws you encounter and move on. Perfection doesn’t exist.

There’s no such thing as a magic bullet

This is a close relative of the greener-grass myth. By the time you can buy a PC that’s twice as fast as the PC you have today, the software you’ll want to run will need twice today’s power. In fact, there’s no single thing — no new operating system, CPU, graphics card, etc. — you can change that will suddenly make all of your computing problems go away. Sad to say, your PC will always run slower than you want it to.

Hang on to your sense of wonder

There’s something in human nature that allows us to become accustomed to even the most remarkable things. For example, my current PC clocks almost 2,000 times faster than my very first PC, and it has over 4,000 times as much RAM; yet in inflation-adjusted dollars it cost literally about one-tenth of that first system!

Is there anything else in our lives that even comes close to that kind of improvement? If you can manage not to get jaded about the many wonders in the world of computing or in our wider daily lives, you’ll enjoy yourself that much more.

Remember your humanity

Alas, the world of high tech isn’t immune to some of humankind’s baser impulses. For example, consider Apple’s elitist marketing. A PC is a tool, not a lifestyle, but Apple embraces the dark side and tries to sell its PCs by appealing to vanity and narcissism, implying that owning an Apple makes you smarter, cooler, and just plain better than those sorry-assed PC people.

Yes, it’s a small thing, but the world has enough divisive issues in it without Apple marketers trying to invent silly new ones. It’s just a computer, Apple! How about thinking really “different” and coming up with ads that don’t promote snobbery and elitism?

Apple execs aren’t the only tech snobs

This is a corollary to the above item. Apple’s leaders just happen to be the worst offenders in the computer industry, and that’s why I’m singling them out here. But I personally boycott any products whose main sales pitch is based on making one group of people think that they’re inherently better than others. If you’re as bothered by such ugly marketing ploys as I am, perhaps you’ll consider a similar personal boycott.

Reboot from time to time

A full reboot is a chance to shut down, cool off, clean out, and start fresh without carrying along needless baggage from previous operations. Windows, Mac, Linux, and most personal electronics devices all can benefit from a periodic full shutdown and restart. And, you know, so can your real, human life.

And that’s what I’m about to do: reboot my life. I’m not sure what comes next, but part of the fun will be in finding out. (If you’d like to come along for the ride, check out my free non-computer-related blog.)

Although I’m stepping back from day-to-day computer writing, I’ll still be reading Windows Secrets so I can stay on top of the essential information I need to keep my own PCs humming smoothly. I’ll be a reader here, right beside you, for a long time to come.

But for now, let’s see how this reboot thing works: Ctrl+Alt+Del . . .

Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.

Another reason to keep both hands on the wheel

The universe works in mysterious — and often entertaining — ways. There are a few things fate clearly doesn’t appreciate: polluters, chemically imbalanced celebrities, and race car drivers who celebrate their victories before they actually cross the finish line. Nobody can say karma doesn’t have a sense of humor, though it really does have a way of catching up with you just short of your goal. Play the video

Five antivirus programs ace the PC-defense test

By Mark Joseph Edwards Avira Antivir and four commercial programs come out on top in tests of 37 antivirus packages. The big surprise: only one widely known brand made the list of the best protectors.

Putting antivirus solutions to the test

In my Apr. 14 column, I wrote about the best and worst firewalls. Afterward, I received a few e-mails asking which is the best antivirus program, a subject of more-than-moderate debate among computer users.

A number of groups routinely test antivirus software to gauge how well the programs protect PCs from infection. While their respective results vary only slightly over time, some programs repeat regularly as top contenders in terms of their ability to detect viruses.

One source I rely on for antivirus test results is the Virus Bulletin, a paid publication specializing in malware technology and trends. The publication is worth every penny of its $175-per-year price. After all, it’ll probably cost you far more than $175 if one of your vital systems is destroyed by malware.

Virus Bulletin’s April 2008 edition tested 37 antivirus solutions. The tests were run on Windows Vista PCs and included a list of viruses known to be circulating in the wilds of the Internet as of January 2008: worms, bots, polymorphic viruses, file infector viruses, and even legacy virus strains.

Five products notched perfect 100% detection rates (prices include one year of virus-signature updates): Avira Antivir Personal (free for noncommercial use), ESET NOD32 ($40), Fortinet FortiClient ($28), Frisk FPROT Antivirus ($29 for up to five PCs), and Symantec Norton Antivirus ($40).

Several other antivirus programs achieved near-perfect scores of 98% or 99%, including some of the usual suspects:

• McAfee Antivirus Enterprise
• Microsoft’s Forefront Security Client and Windows Live OneCare
• Webroot Spysweeper
• Bitdefender Antivirus 2008
• CA eTrust Antivirus and CA Internet Security
• Check Point ZoneAlarm
• Kaspersky Antivirus
• MWTI eScan Internet Security
• Redstone Redprotect
• Sophos Anti-virus
• Bullguard

The detection ability of antivirus software is directly related to two factors: signature-update turnaround time and heuristic detection. New viruses appear regularly, and whenever a new strain hits the Internet, any number of variants are sure to follow.

The sheer volume of viruses puts a tremendous burden on antivirus companies as they strive to keep their signature databases as current as possible, as quickly as possible. The vendors also rely on heuristics to detect viruses based on the miscreants’ characteristics rather than by adding the specific signatures of the new viruses to the products’ databases.

If you want the absolute best antivirus protection available, choose one of the top five virus fighters listed above.

Heads up: zero-day vulnerability in QuickTime

Last week, the research team over at GNUCITIZEN published some tidbits regarding a new vulnerability they discovered in Apple’s QuickTime player running on Windows Vista SP1 and XP SP2. Fortunately, the team is responsible enough not to divulge too many details about the problem, although the group did inform Apple, which is undoubtedly working on a fix.

Based on the sparse information currently available, the QuickTime vulnerability allows an attacker to launch remote code by inducing the victim to visit a malicious Web site or open an e-mail attachment. If you log into Windows using an administrator account, such an attack might allow the bad guys to take over your system.

If you can’t wait for a fix from Apple to protect your systems in the event that someone else discovers the same vulnerability and unleashes an exploit, the only sure defense is to uninstall QuickTime. Apple provides step-by-step instructions for uninstalling QuickTime on Vista and XP.

Double your undelete options with two freebies

In his Jan. 3 column, Woody Leonhard explained how to undelete pictures on your digital camera. Woody suggested that you use the free PC Inspector Smart Recovery 4.5, which is indeed a good file-recovery utility.

Over the years, I’ve found that one undelete tool will work on some files but not on others. In some cases, recovering any part of a file — even if the results are garbled — is better than nothing. This is especially the case when trying to recover crucial documents or large amounts of script code that took a long time to write.

That’s why it’s a good idea to have a number of undelete tools at your disposal. I recently learned of two free undelete programs that might save you hours of time and trouble: Piriform’s Recuva and Touchstone Software’s Undelete Plus.

Both programs run on versions of Windows back to 98. The latest version of Recuva claims to help restore files even after you’ve reformatted or repartitioned your hard drive. Here are some screenshots of the program’s interface.

Note that Undelete Plus is free for noncommercial use only for a limited time, so grab a copy while the offer is in effect.

More storage for the same amount of money

Remember the days when an 80GB hard drive cost a couple of hundred dollars? Today, that same $200 will buy you at least 500GB of storage — more than six times as much as it purchased six years ago. For twice that price, you can get a drive with 1TB of storage!

Last week, Buffalo Technology announced a new addition to its DriveStation line of external hard drives. The new DriveStation Combo 4 comes with 1TB of storage and connects via USB 2.0, Firewire 400 and 800, or eSATA. The disk itself spins at 7200 rpm, which improves the drive’s data-transfer performance.

What also caught my eye about this particular storage solution, aside from its $349 price, is the backup and encryption software it includes. The drive’s encryption program supports 256-bit AES encryption.

Buffalo Technology also makes 500GB and 320GB versions priced at $189 and $149, respectively. The drives work with Windows 2000, XP, and Vista, plus Mac OS X, without any additional drivers. If you’re looking to expand your PC’s storage capacity, one of these units will be a great solution for you.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

What you need to know before you install XP SP3

By Susan Bradley Windows XP Service Pack 3 will soon be available, but that doesn’t mean every IT pro should rush out and install it on all XP systems. My philosophy is that while service packs should always be installed, they don’t necessarily need to be added right away. XP SP3 is no different.

Plan your service-pack implementations

XP Service Pack 3 is reportedly the last major update for the operating system. The service pack includes all previous XP security fixes. Having all XP patches on a single installation routine makes it easier for IT staff to build new machines. Before XP SP3’s release, a new XP Service Pack 2 workstation required that you install about 80 or 90 patches separately after you finished loading the operating system itself.

The new service pack also integrates other XP features that previously needed to be added individually, such as Microsoft Management Console 3 and Core XML Services 6. However, if you want to use Internet Explorer 7 and Windows Media Player 11, you’ll have to add those versions of the browser and media player separately.

Yes, you read that right: IE 7 and WMP 11 are not included in XP SP3. Even though both releases have been available for more than a year, the service pack ships with IE 6 and WMP 10. Go figure. If you want to deploy a clean version of XP SP3 with IE 7 and WMP 11, you’ll need to add those programs to the installer manually.

APC magazine provides a tutorial that describes how to build a bootable version of XP SP3. Instructions for making your own slipstream media to facilitate XP SP3 installation is at Tommy P.’s HFSlip.

For me, the question isn’t whether you should install a service pack, but when. There’s no need to deploy the service pack on the day it is released (which was recently moved back from the planned release date of Apr. 29).

My service-pack strategy is to apply the patches first to systems I rely upon the least. This lets me ensure that there are no problems related to the update. Then, and only then, I deploy the service pack to the rest of the XP PCs in the office.

I’ve been beta-testing XP SP3 on many different machines and have thus far experienced no problems with it. So go ahead and deploy this service pack, but run it on a test machine or two initially and then update your critical PCs in a week or two, once you’re certain everything’s running smoothly.

Black hole routers and other XP SP3 updates

Rich, a Patch Watch reader, has a question about XP Service Pack 3’s ability to detect black hole routers. Many of the problems caused by these devices are discussed in Microsoft Knowledge Base article 314825. They include connectivity glitches that may occur when such a router drops packets between you and the Internet because the router’s maximum packet size has been exceeded.

XP SP3 automatically activates the EnablePMTUBHDetect setting in the Registry, which fixes the problem of routers dropping packets. The key is located here:

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters

If you need to disable this setting for any reason, give the key a value of 0 rather than 1, as documented in a Microsoft TechNet article.

Update your virtual machine before adding XP SP3

If you’re runnning XP on top of Mac OS X using either VMware’s Fusion or Apple’s native Bootcamp virtualization programs, you need to update those apps before you can install XP Service Pack 3. Computerworld reported that these two programs need to be refreshed before you can apply XP SP3.

I’ve yet to hear any line-of-business application vendors state that they don’t support XP SP3, but I recommend that you check with your software vendors to ensure that they support the service pack before you install it on your office’s PCs.

Don’t rush to install Access 2003 SP3, either

Database patching is always tricky. Applying a service pack for a database is even trickier. And installing a service pack for Microsoft Office that can’t be uninstalled is my least favorite update of them all.

After Service Pack 3 for Microsoft Access 2003 was released, there were several post-installation issues reported. Microsoft fixed some of these, as described in KB 945674. The problems affected combo box controls and list box controls containing no or incorrect values. On Apr. 16, another Knowledge Base article was released for a separate issue relating to the Access 2003 service pack. KB 950753 addresses the issue of append queries that don’t include all databases.

In general, your best bet in dealing with Access 2003 SP3 is to make sure your line-of-business vendors support the patch before you implement it. Several vendors support only SP2 because they are already aware of the issues affecting that service pack, while hotfixes continue to be released for SP3.

My company still runs a line-of-business application on Access 2000 and has not updated the program since then. As I stated about XP SP3, be cautious about installing service packs. Look to your third-party software vendors, and follow their lead.

XP will still be available after June 2008

Brian Williams, a Microsoft Partner, is upset with Microsoft, and I don’t blame him one bit. Brian recently blogged that he was about to send a notice to his clients that after June 30, they would not be able to purchase computers with XP installed on them.

Then Brian read that Lenovo, Dell, HP, and several other PC vendors would continue to sell machines running “Vista Business with XP Downgrade rights.” These systems actually ship with XP, along with media that allow you to upgrade to Vista when you’re ready to do so.

Anyone building a computer after June will be able to download all XP updates and patches as well. What will be more difficult to do, and in fact is already no walk in the park, is to buy a PC with XP on it from a retail store.

The bottom line: businesses that truly need to buy PCs running Windows XP after June 30 — the date that Microsoft said it would stop selling the OS — will still be able to purchase them.

Upgrade to Windows Live Mail, or else

Outlook Express has always been a bit of a stepchild e-mail program. Beloved by many, but seemingly not by the very folks who created it, the program recently got another nail in its coffin when it was announced that as of June 30, you can no longer use OE to access your Hotmail account.

As reported by Computerworld, Hotmail users are being encouraged to upgrade from Outlook Express to Windows Live Mail or Outlook or risk losing access to Hotmail.

While I use Outlook for my business e-mail and Mozilla Thunderbird to manage my personal e-mail, it’s always frustrating when a vendor decides that it will no longer support a version of a product that you’re comfortable with and that will take an effort on your part to replace.

Outlook Express has never gotten the love it deserves. Now it’s getting its last rites. OE, RIP.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.