What you should know about Windows’ Event Viewer

Windows Secrets' Windows 7 e-book, Volume 2

Last month, we released our first Windows 7 e-book — The Windows 7 Guide, Volume 1 — a handy reference for anyone moving to Microsoft’s latest OS.

As promised, we’re now offering The Windows 7 Guide, Volume 2 — the final steps you’ll need to complete your Win7 setup. Like Volume 1, this edition brings together some of our most popular recent articles from the Windows Secrets archives.

Volume 1 of this two–e-book series covered the sometimes confusing task of installing, optimizing, and effectively using Windows 7. Volume 2 follows up with two equally important topics:

• Tuning, tweaking, and troubleshooting Win7
• Preserving your new Win7 setup and backing up your data

In Part 1, you’ll learn how to make Windows 7 play well in a mixed-OS network environment, how to understand the difference between HomeGroup and the classic networking setup, and how to make Win7 run faster. We also tell you about some of Win7’s less-known tools.

Part 2 gives you the tools and knowledge you need to never lose data again. We’ve all been there — losing a crucial document or that favorite, wacky photo of the family dog can ruin your whole day. Part 2 covers Win7’s extensive OS/data-backup system, shows you how to create a complete OS safety net, and how to recover quickly when disaster strikes.

No matter what your skill level, I think you’ll find that this concise guide saves you time and money — and hopefully relieves a good bit of the stress that always comes with moving to a new operating system.

Thanks to all our readers for your continuing support of the Windows Secrets Newsletter. And if you have a Windows topic you’d like us to consider, send it along to editor@windowssecrets.com. Happy computing!

    — Tracey Capen, editor in chief

All subscribers: Purchase The Windows 7 Guide, Volume 2 for only $9.95 through your Windows Secrets shopping cart (an E-junkie online-commerce site).

What you should know about Windows' Event Viewer

By Woody Leonhard

Most of the Windows utilities we talk about in the Windows Secrets Newsletter help you work faster or better or smarter, but Windows Event Viewer doesn’t fall into that category.

A powerful diagnostic tool, Event Viewer is now being used by online support scammers who make big bucks preying on people’s fears.

As I explained in my Feb. 3 Top Story, scammers are cold-calling people in North America, Europe, Australia, and other locations, claiming to be Windows support technicians — in some cases, gaining access to users’ PCs and personal information.

The con I discussed back in February described how a caller, possibly from India, contacted a Windows Secrets reader in the U.S. and claimed to be working on behalf of Microsoft support. My reader had posted a support question on what he thought was a Microsoft site. It was a very good con: the scammer knew the reader’s name, phone number, and the fact that he was having a problem with Windows XP. He cleverly convinced the reader to open Event Viewer and look at all the red and yellow flags indicating a malware attack. The con almost worked.

Of course, any phone call to a household in North America stands a good chance of striking pay dirt when the topic is some sort of Windows problem. Call ten people in your town at random, and say you’re calling on behalf of Microsoft (and sound like you know what you’re talking about), and I bet at least one or two of your neighbors will take you up on the offer. In my neck of the woods, it would probably be closer to nine out of ten.

In the case of my nearly duped reader, the scammer first tried to get money for the support, claiming the Windows warranty had expired. The reader was almost convinced to give the con artist direct access to the reader’s home computer via Windows Remote Access. Fortunately, the intended victim smelled something fishy and cut off the conversation. But how many other people that day got snookered by that same wily scammer?

It could be many. Lately, I’ve received a rash of messages from people who have been approached in similar ways. There’s even a post about it on the Windows Secrets Lounge. So be aware of this malicious con. To help you understand how it works, I’ll dissect this specific scare technique — used to make you believe you need their help. It all hinges on Windows’ Event Viewer, which I talked about briefly in my March 4 Top Story on the Windows Reliability Monitor.

Here’s the rest of the story.

What the Event Viewer does — and how to use it

Windows has had Event Viewer for almost a decade. Most Windows users don’t know about it, and far fewer still know how to use it. Microsoft states that its utility “maintains logs about program, security, and system events on your computer. You can use Event Viewer to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events.” In other words, it gives you a detailed window into what your system has been doing.

Windows has not just one event log file, but many; there are administrative, operational, analytic/debugging, and application logs. The logs are simple text files, written in XML format.

Every program that starts on your PC posts a notification in an event log, and every well-behaved program also posts a notification when it stops. Every system access, security change, operating-system twitch, hardware failure, driver hiccup, and more ends up in an event log. The Event Viewer scans those logs, aggregates them, and puts a pretty interface on an otherwise voluminous — and often deathly dull — set of machine-generated data.

In theory, event logs track significant events on your PC. (See Microsoft’s Help & How-to page, “What information appears in event logs [Event Viewer]?” for more info on what’s in the logs.) But in practice, what’s significant is a bit squishy — it will be different for a programmer, a repair tech, or just a regular Windows user. What’s vital and self-evident to a programmer, for example, might be useless gibberish to a user.

Still, when a PC’s condition takes a downturn, the Event Viewer can give PC users some insights into the source of problems. If you’ve never used it, I suggest taking a few minutes and checking it out. Note: You’ll need to run Event Viewer with an administrator password or account.

The Event Viewer built into Windows Vista and Win7 runs rings around XP’s version (shown in Figure 1). For Vista and Win7, Microsoft not only built a better interface but made it easier to ignore unimportant events, program more meaningful event notifications, and find what you’re looking for.

Figure 1. Windows XP’s Event Viewer is a very straightforward text-viewing application that looks into XP’s log files.

To start the Event Viewer in Windows XP, click Start, Control Panel, Performance and Maintenance, and Administrative Tools. Then double-click Computer Management.

In Vista, click Start, Control Panel, System and Maintenance, and Administrative Tools. Next, double-click Event Viewer.

In Win7, it’s Start, Control Panel, System and Security, and Administrative Tools. Double-click Event Viewer. (Or just click Start, type event into the Search programs and files box and press Enter.)

In Windows Vista and Windows 7, chances are good that the events you want to look at are in the Administrative Events folder. Double-click it; you’ll see the most important system-wide events listed to the right, as in Figure 2.

Figure 2. Windows Vista and Win7 put the most important events into the Administrative Events folder.

Note that even the best-kept system (well, my production system anyway) boasts hundreds, if not thousands, of lines of scary-looking error messages. That’s normal.

Event-worthy — and not-worthy — warnings

Before you get hot and bothered about the thousands of errors on your PC, look closely at the date-and-time field. The bulk of them probably date back to when you first installed the PC. Chances are good you’ll see a handful more for every day the PC has been on — most of these are just repeats of the same error or warning. Generally, they have little or no effect on the way you use Windows; you may safely yawn and say, “Who cares?”

For example, looking through my most recent event log, I see a bunch of errors generated by the Microsoft Security Essentials program MSESysprep.dll. The warning

“The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows”

sounds ominous, doesn’t it? But if you look up the error message, you’ll find this sage advice from Microsoft MVP Stephen Boots on a Microsoft Answers page: “The Event Viewer is a great tool to troubleshoot issues. If you are not experiencing an issue, take Jeff’s advice … he’s from Microsoft.” Jeff’s advice? Ignore it.

That’s exactly my advice. If you aren’t experiencing problems, don’t sweat what’s in the Event Viewer. And even if you’re experiencing problems, the Event Viewer might not be able to help you.

In some cases, Event Viewer can help you by pinpointing problems or explaining odd behavior that would be very hard to isolate otherwise. For example, TechRepublic’s Greg Shultz blogged about using Event Viewer to diagnose slow boot times on a Win7 PC — and to find a failing hard drive. Sure, there are a dozen ways to monitor hard drives, but you might not immediately associate slow boots with a bad drive. The Event Viewer provided the needed view of the boot sequence’s inner workings.

On Windows SevenForums, Brink explains how to find the results of a Windows CHKDSK run inside the event logs. That information could be handy if you can’t run that important diagnostic command manually.

Event Viewer can also help you nail down network access problems; the Windows programs that control network communication spill a large number of details into the event logs. Unfortunately, translating the logs into English can be a daunting task. But at least you might be able to tell where the problem occurs — even if the logs don’t give you a clue as to how to solve the problem.

What to do if you’re getting scammed

At this point, it should be obvious that your event history is a virtual cesspool of information. And that you’re being taken for a ride if you get an unexpected support call — especially if you’re asked for payment or access to your PC.

Yes, under certain circumstances, Event Viewer can give you worthwhile information. But for most Windows users, most of the time, it’s a scary place that can obfuscate issues and intimidate you. It’s especially of little value if you aren’t conversant with terms such as DHCP or DNS or Kerberos — just to mention a few of the Windows processes that recently showed up in my event logs.

If you figure you’ve been scammed, or you know someone who fell for the Events Viewer shtick, you should first make sure that your machine isn’t infested. Letting someone else run their software on your machine is a sure road to disaster. Put your PC through as thorough a scan as you can muster, using at the very least Microsoft Security Essentials (info page) and Malwarebytes (site).

If you let someone onto your machine, you also have to assume they’ve made off with some of your files — many of the scammers are smart enough to pull data right out from under your nose.

If you suspect data theft, start with the U.S. Federal Trade Commission’s Identity Theft site. There you’ll find important information about how to recover from — or at least cope with — the loss.

Also keep in mind that if your data was taken by someone outside your home country, your chances for restitution are zero.

Pat yourself on the back if you kept the bad guys out of your PC. But if you handed over some money, head directly to your credit card company’s fraud reporting unit. Insist that you get your money back; and even if you don’t, at least you’ll be adding your voice to the worldwide call for regulation against these Event Viewer scams.

Most successful scams are exceptionally clever at separating a mark from his (or her) money. Those who get conned are often too embarrassed to report it — or they’re never sure that they were actually swindled.

Bottom line: If somebody calls you, convinces you to open up your Event Viewer, and requests money, it’s a con. And if you’ve been taken, fight back — for everybody’s sake.

Mixed media for e-mail? All advise against it

By Kathleen Atkins

Imagine receiving an e-mail with a five-second audio clip that plays automatically when you open the message.

An attractive idea? Does it depend on what those five seconds sound like? Lounge member RobG floated the audio-clip idea this week on behalf of a friend, who wants to add one to her e-mail signature — believing it will be a positive change.

Our respondents disagree — unanimously. See their list of reasons in the post. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

Making happy history of the Cold War

By Kathleen Atkins Now, here’s a cult to admire: a Finnish rock-and-roll band, the Leningrad Cowboys, with a penchant for performing with choirs. Notable among the band’s collaborators is the official choir of the Russian armed forces. Will the world enjoy peace in our time? Maybe — if we sing “Happy Together” along with the flamboyant Leningrad Cowboys and the rigorous Red Army Choir. You can practice singing with this video: Play the video

Taming aggressive freeware-download extras

By Fred Langa Some so-called freeware isn’t truly free; its download process often aggressively pushes software you neither want nor need. It’s especially irritating when that unwanted, extra software is hard to remove.

Unwanted app ‘Searchqu’ moves in, won’t leave

Reader Kim Hansen found both her installed browsers — Internet Explorer and Firefox — simultaneously affected by the same foistware.

• “I have a problem related to Fred’s [Oct. 6] item, ‘Unwanted extra software download “outrageous.”‘

  “I went to a site to watch a TV show that was not being broadcast in my area. In so doing, I installed software called ‘iLivid.’ It was extremely difficult to get rid of, but I was finally able to do so. However, it left something called ‘Searchqu’ in my [browser] address bar that I cannot get rid of.

  “It appears in both browsers I use — Firefox and Internet Explorer. I have uninstalled everything and have scanned for anything with that name in it. But I come up with nothing — no viruses or orphaned files.

  “I have uninstalled the browsers and reinstalled them, but Searchqu still is there and lurking. I searched Google to see what others have done, but it appears they’re having just as hard a time getting rid of this pest as I am. Any ideas on what to do?”

Searchqu appears to be one of those aggressive co-marketing add-ons distributed with — or sometimes by — freeware. In this case, it came along for the ride when you accepted the iLivid Download Manager agreement.

The current iLivid installation dialog is relatively clear about its intentions. It identifies the extra download it offers and gives you the ability to opt out — as long as you don’t simply select the default installation setting (shown in Figure 1). To opt out, you need to select the Custom installation option and unclick the Searchqu offerings.

Figure 1. The current iLivid installation makes it relatively easy to reject the extra download options.

This clear dialog may be a recent change, as there are many, many Searchqu-related complaints online — showing that large numbers of users have ended up with the software installed without their knowing how or why.

Searchqu can usually be removed using the deinstallation methods covered in this nicely illustrated DeleteMalware blog article, “How to remove Searchqu (uninstall guide).”

If that method doesn’t work, you can directly remove Searchqu’s associated files and Registry entries, as explained in the TechArena forum thread, “How to remove Searchqu malware.” Read posts three and four.

Because this kind of software can indeed be a pain to remove, it’s always better to avoid it in the first place. Be sure to read all dialogs carefully before allowing any software — and especially freeware — to download and install on your PC.

Problems with recovering a disk image

Jim Ferguson can’t get his Win7 system image to work the way he wants.

• “This is the error message I receive when trying to recover the imaged drive: ‘No disk that can be used for recovering the imaged disk can be found.’ I don’t know why I cannot restore to the same drive where the image is stored.”

It’s true: you can’t restore an image to the same disk or partition that contains the image file. It’s not an arbitrary limitation — there’s a good reason why it must be this way.

An image file is a byte-for-byte record of an entire disk or partition, from first bit to last. When you restore an image, the process replaces everything on that disk or partition with the contents of the image file. Everything on the target disk or partition gets overwritten.

So if the image file is on the drive or partition you’re trying to restore to, the restoration process will eventually overwrite the in-use image file, causing the rest of the restore to fail — and likely ruining the image file in the process. You’d lose your backup!

Most imaging software (including Win7’s) tries to steer you away from this problem in two ways:

First, when you create an image, you’re prompted to select a location for the image file that’s not on the disk or partition you’re backing up. And later, when you try to restore, the software will likewise prompt you not to restore an image on top of itself — that is, not in the same location as the image file.

Most image-restoration software (including Win 7’s) also checks that there’s enough space available for the restore. You need at least as much disk space as the original disk or partition had when you created the image. If you try to restore an image to a disk or partition that’s too small, you’ll get that “no suitable disk available” error message.

Normally, disk space isn’t an issue; you typically restore an image back to the same location it came from. But if your setup has changed or something reduced your partition sizes since the image was made, it’s possible that the target disk or partition simply isn’t large enough to hold the fully expanded, restored image.

If that’s the case, you’ll need to use a partition-editing tool to resize your partitions — again, providing at least as much space as the original disk or partition had when you made the image you’re trying to restore.

Need a partition editor? Lincoln Spector’s May 19 column, “Four free hard-drive maintenance tools,” discusses several free utilities that can change partition sizes nondestructively and without requiring a reformat.

Two ways to separate user data from system files

In the Oct. 6 article, “Upgrade glitch if user data location moved,” I suggested that there’s no longer much reason to manually separate user data from system files.

In fact, separating the files can cause problems with backups, upgrades, or other tasks which may expect certain files or folders to be in their normal, default locations.

But if you’re willing to take a few extra steps or to use third-party tools, it’s still entirely possible to separate your user data from the rest of your setup, as these next two letters show.

First up, Brad Sanderson’s manual method for relocating user data:

• “I still separate user and data files on Windows 7 and have also found, as you said, that this causes a problem when upgrading. My way around this is to do a full install of my OS and all needed programs. After that, I move my data/user files to other partitions. Next, I do a full backup of the OS, data, and programs partitions. (I keep my programs on a separate partition, as well.) I do weekly and monthly automatic backups of these important partitions.

  “So if I need to refresh and/or correct my OS, I can do so without fear of losing any data. I even have used this method for OS upgrades. Afterward, I just simply tell the OS to use the old data files. Some programs work this way, too, without reinstallation.

  “This has been my procedure from Windows XP through to Win7 — it’s worked flawlessly for many years.”

Will Pearce takes a different tack in moving user data:

• “Fred makes a case for not relocating user folders to a different drive in Windows 7. While his point about the problem this causes for reinstalls or upgrades is accurate, it’s worth noting the following:

  – Reinstalls and upgrades are rare events.

  – The primary reason for relocating the User folder (including all data) to a separate partition (and preferably a separate drive) is to make setting up data backups easier.

  – Backups should be at least weekly, if not daily, events.

  “Even with all that, if relocating user profiles were at all complicated, it still wouldn’t be worth it for most Win7 users. Fortunately, that’s not the case. The Windows Club has a utility — Profile Relocator — that makes the process quite simple. It’s available on the Windows Club “How to re-locate Windows Users profile directory in Windows 7” page.

  “If a reinstall or upgrade is needed, moving profiles back to C: is just as easy.”

Thanks, Brad and Will. You haven’t convinced me to segregate my user files, but it’s good to know that it still can be done easily.

Reader-recommended, free, hardware-monitoring tool

David Browning sent in this note in response to my Oct 13 item, “Take your PC’s temperature — for free!”

• “Fred: Great article on monitoring PC temps. I especially like the simple instructions for laptops.

  “A quick note on another free hardware-monitoring tool, HWMonitor [site]. I have used this one for years. Same folks produce a couple of other tools of equal quality, most free.”

Thanks, David. There’s lots of good stuff on that site!

Touching Microsoft Windows 7 and Windows 8

By Katherine Murray Windows 8 Developer Preview is getting a lot of attention because of its colorful Metro interface and its touch-centric approach. But some of Windows 8’s so-called new features are already available in the OS you might be using now — though in a relatively primitive form.

Windows’ touch-screen computing roots

Metro might be all new, but touch-screen computing in a Microsoft operating system isn’t unprecedented: it’s already in Windows 7 — and Windows Vista, too. Obviously, you need a tablet PC or a multitouch monitor to take advantage of touch features in Windows 7, but they’re not so hard to find these days. This article looks at the touch capabilities in Windows 7 and 8, with an eye toward what’s new in Windows 8.

Reach out and touch the Windows 7 screen

With a multitouch system (including some smartphones and most tablets) running Win7’s Windows Touch technology, you can use a variety of gestures to carry out basic tasks — well beyond what a simple single-touch system offers. For example, you’re not limited to just tapping an item (such as a menu option or a tool) on the screen to select it. You can select and drag items, display a context menu, rotate images, and much more.

Here are some of the more common gestures available in a Windows Touch–capable system:

• Tapping and double-tapping are equivalent to clicking and double-clicking with a mouse.
• Dragging with your fingertip is the same as dragging an object with the mouse pointer.
• Pressing and holding an item is analogous to hovering over it with the mouse. When you lift your finger, the right-click list appears.
• Flicking enables you to scroll through a page quickly.
• Rotate an item by pressing with one finger, then dragging with another finger in the direction you want to rotate.
• Pinching two fingers together or apart makes items on the display smaller or larger.
• Tapping with two fingers on an area of the screen instantly zooms in on that area.

Along with these gesture effects, Microsoft promised buttons and thumbnails sized optimally for touch response in Win7. In a March 2009 blog post (foreshadowing what we’re hearing about Win8 today), Microsoft Windows Division President Steven Sinofsky stated that the entire Windows 7 experience was augmented so that it “works great with touch.”

The downside of the Windows Touch experience

Although Win7 users had multitouch capabilities from the start through Microsoft’s Windows Touch, few were able to take advantage of it for the most ordinary of reasons — lack of multitouch-compatible hardware. And with little hardware support, few software developers were willing to build multitouch apps that delivered the smooth performance touch users wanted. Today, the touch capability of Win7 still feels like something that was bolted onto a nontouch user interface.

The users who work with Windows Touch in Windows 7 often don’t find the interface as easy to navigate as they expected. Lists and options aren’t simple to select. The touch keyboard is also a challenge to use. (For more on Windows Touch, see the Microsoft Windows Touch Help & How-to page plus the Windows 7 Team Blog on the Microsoft Touch Pack for Windows 7.)

Windows 8: Touch from the first move

If you’ve watched any of the video clips available online (or you’ve tried it yourself), you know that the touch in Windows 8 is fluid and fast. You flick the Start screen to the right to display all the live apps. You tap the one you want to use and then navigate through it — scrolling and double-tapping to select, and pressing and holding to display the context menu. Right-swipe Windows 8’s main screen to display the five Win8 charms — Search, Share, Start, Devices, and Settings — for additional options. (See Figure 1.)

Figure 1. Swiping the right side of the screen displays Windows 8 charms, shown here on the screen’s right edge.

By design, Windows 8 apps that support multitouch should give you a full range of available gestures. You’ll also use gestures to snap apps where you want them — and tile programs so you can work with more than one app at a time. (See Figure 2.) For example, you could keep an eye on your organization’s Twitter feed while you’re working on that annual report.

Figure 2. You can use touch to snap apps to the side of the screen and work with two apps at once.

Based on the preview, it’s obvious that Windows 8 is engineered from the ground up as a touch-first endeavor that fits the way users will want to use their touch-capable PCs and devices.

Although Microsoft is quick to say that Windows 8 isn’t just for touch users, recent preview reviews report that mouse and keyboard users aren’t doing cartwheels over the design and navigation of the OS’s Start screen. (All the same navigation techniques will work with the mouse and keyboard, and there’s a hefty list of keyboard shortcuts available for navigating around Win8.) In recent posts on the Building Windows 8 blog (see the Designing the Start screen post), team members defended the design of the Start screen and suggested that efforts to improve features for mouse and keyboard users (or should we call them nontouch users?) are continuing in Windows 8.

I’ve tested and played with Windows 8 on a Dell Inspiron Duo — which has a touch screen, mouse, and keyboard — and I’m a little surprised at how fluidly I’m able to switch among all three inputs, almost without thinking about it. If I were limited to just a mouse and keyboard, however, I can see how the Windows 8 interface could feel limited and disorienting. As the Windows 8 team continues to work toward its milestones, it will be interesting to see how (or whether) new keyboard/mouse navigation features unfold.

The big promise — and the place where touch capabilities in Windows 7 fell flat — is in the developer community. If developers program for Win8 Touch in a big way, and hardware manufacturers give us a variety of touch-capable devices to choose from, multitouch might be a big win for Microsoft’s next OS.

Office 2007 gets its final service pack

By Susan Bradley Microsoft’s optional Service Pack 3 is preparation for the end of mainstream Office 2007 support. While Microsoft will provide extended Office 2007 support for years to come, SP3 is a milestone for the product that brought us the Ribbon.

Office 2007 SP3 (2526086)
MS to scale back Office 2007 support in 2012

Office 2007 SP3 is an optional update, for now. In about 90 days, you’ll see it pushed out to all Office 2007 users via Windows Update. Note that service packs are not like security updates — there’s usually no immediate need to install them, if you’ve been adding regular updates.

Service packs typically include all fixes released after the product was first launched or since the previous service pack. (So SP3 has all patches released after SP2.)

As noted in an Oct. 6 Microsoft Office Updates blog, SP3 is likely to be the last service pack for Office 2007. April 2012 marks the end of mainstream support — its scheduled end of life comes two years later. Microsoft plans extended support through approximately 2017. (Office 2003 is in extended support until 2014.)

(Microsoft typically provides mainstream product support for five years and extended support for another five years. Mainstream support includes free incident support, free security updates, and nonsecurity hotfixes. Extended support includes paid support, additional free security fixes, and paid nonsecurity hotfixes.)

► What to do: Hold off installing Office 2007 SP3 for now. For more info on SP3 or to download the package immediately, see MS Support article 2526086. I’ll follow up next month with a review of the changes.

931125
Root-certificate updates for XP come calling

While Vista’s and Windows 7’s root-certificate updates are automatic, Windows XP’s have to be installed manually. So XP users might see root-certificate updates offered soon through Windows Update. The fact that the update is optional gives me the discretion to say “no” for now.

I have a beef with the current state of root certificates: the issuers often don’t fully document the changes in root-certificate members. That was certainly made plain in the recent out-of-band DigiNotar update (KB 2607712), which took many of us by surprise.

► What to do: Given that recent history, my recommendation is that XP users should not install KB 931125 at this time.

2603229
A confusing Registry fix for 64-bit systems

Some of the second-round, Tuesday updates released each month leave me scratching my head. But the update in MS Support article 2603229 is giving me a real itch. It’s my job to be authoritative when reporting on updates. However, with little clear information, I have to guess at the underlying cause for this update.

Based on the description in article 2603229, it might be that some OEM manufacturer laid down the wrong Windows Registry keys somewhere, causing failures when installing 32-bit software on 64-bit Windows 7 machines. Initially, I couldn’t find the Registry keys referred to in the article anywhere on my 64-bit system. But then I realized I was looking in the wrong place. They’re not subkeys under CurrentVersion; they’re REG_SZ values.

The update is designed to match these incorrect 32-bit Registry keys:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTcurrentversionRegisteredOrganization

with these correct 64-bit keys:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTcurrentversionRegisteredOrganization

► What to do: Until I can better understand which machines are impacted by this update and report back, pass on KB 2603229.

2607576
Patch for the disappearing jump list

There are two camps for this patch: those who nod their heads and say, “Yes, I’ve seen this issue;” and the others, who have no idea what a jump list is. The answer for the second group is simple: it’s the list of recently used files and destinations that pops up when you right-click an application on the taskbar. Every Win7 user should be familiar with it by now.

According to the extremely brief explanation in MS Support article 2607576, the jump list for a specific application can apparently hold more items than it displays — up to 99 items. When the jump list exceeds 999 items, it permanently disappears.

Before this patch, the solution given on various websites was to delete the problem-app’s jump-list file, found in this folder:

%APPDATA%MicrosoftWindowsRecentAutomaticDestinations

► What to do: Keep KB 2607576 on your list of optional patches.

If you missed Java 28, don’t worry: we’ve got 29

Oracle’s latest release of Java is designed to fix problems with SSL implementation and to correct man-in-the-middle vulnerabilities, as documented in Oracle’s October “Critical Patch Update advisory.” If you’re surprised to be jumping from Java 27 to Java 29, keep in mind that Java 28 was a new-features release, not a security update.

Members of the patchmanagement.org listserv have reported a few serious problems after installing Java 29. But most of these issues were fixed by uninstalling all Java updates and reinstalling only Java 29.

► What to do: Accept the update, but be sure to uncheck the ASK toolbar offered during the update’s installation.

Google releases a security update for Chrome

As with all Chrome updates, Version 15.0.874.102 should appear automatically when you launch the browser. The update fixes a number of security vulnerabilities, such as URL-spoofing attacks.

► What to do: It’s always important to keep your browsers up-to-date. Confirm that you have Version 15.0.874.102 (more info) by launching Chrome, clicking the wrench (settings) icon, and selecting About Chrome. If you are not already on the new version, those steps will make Chrome check for updates.

IE 9: It’s time to install it — or hide it

In my June 23 Top Story, I strongly recommended updating to IE 9. I felt it had significantly better security protections than previous versions. But I also acknowledged that anyone with line-of-business needs or apps that don’t support IE 9 could wait. Now I think it’s time to either fish or cut bait — either install IE 9 or hide its update on your machines.

► What to do: If you decide to install IE 9, add KB 2547666 and KB 2545698 to the process. The former fixes a problem with deleting long URLs from the browser history; the latter takes care of fuzzy fonts in IE 9.

Regularly updated problem-patch chart

This table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed below as safe to install will be removed from the next updated table. For Microsoft’s list of recently released patches, go to the MS Safety & Security Center PC Security page.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

The Patch Watch column reveals problems with patches for Windows and major Windows applications.