Why continuing support for XP is bad math

People in the sky in diamond formation

If you plan to remember an event by living through it, jumping out of an airplane isn’t something you do on impulse. In the fall of 2012, 100 experienced skydivers from 21 countries briefly floated in formation over Perris, California — and by doing so, they set a 100-way, wingsuit world record. They needed five planes, three days of training, and five attempts over four days to execute the 13,000-foot dive recorded in this video. After watching the event, you might be thrilled enough to add sky-diving to your bucket list. If so, we strongly suggest practice, practice, practice. But perhaps it’s best to leave it a vicarious thrill, experienced from the safety of your sofa. Click below or go to the original YouTube video.

Confusion about MS Security Essentials on XP

Microsoft Security Essentials now permanently displays a red at risk flag on XP systems — despite being correctly updated. Here’s what’s going on.

Plus: Undoing a bad change in Group Policies, what to do when suspicious software won’t uninstall, and a free tool to remove search.conduit malware.

Updated MSE antivirus tool warns XP is ‘at risk’

Reader Carl Robinson was one of many readers who thought Microsoft Security Essentials (MSE) had stopped working on XP systems.

• “Since Microsoft Security Essentials has gone bye-bye in Windows XP, what do you recommend as a replacement? Please tell us just which free and paid apps are best. Don’t just give us an unending list of what’s out there; we know them.”

Despite appearances, MSE still works correctly on XP, and Microsoft will continue to send out updated virus definitions through July 14, 2015.

On April 9, 2014 — one day after Microsoft dropped support for XP — MSE started displaying a red at risk flag on XP systems. The warning will be permanently displayed to remind you that XP is unpatched and potentially vulnerable to attack.

This change is explained in more detail on the Microsoft Community Wiki page, “Microsoft Security Essentials 4.5.216.0 on Windows XP — At Risk > 9 April, 2014.”

To be crystal-clear, any currently installed copy of MSE still works on an XP PC. (You cannot, however, install a fresh copy of MSE on an XP system.) The red flag applies only to the XP operating system; it’s another warning that XP is at risk from malicious hacks — even if your anti-malware software is up to date.

But you asked about a “best” AV replacement. I’d love to tell you. Not to sound pedantic, but I have to first ask which “best” you mean.

Are you looking for the best anti-malware for experts? For intermediates? For novices? Do you want the historically best anti-malware product or just the ones that did well in the latest round of testing against the newest malware? There can be many “bests” — best against zero-day attacks; against widespread, pernicious malware; in frequency of updates (scheduled vs. real-time); in transparency (open-source vs. proprietary); in usability; and so on.

In short, you’ve asked a question that can’t be definitively answered. Just as there’s no single PC that’s best for everyone, there’s no one-size-fits-all antivirus app for Windows users. Sure, you’ll find published AV rankings, but those rankings change all the time.

But since you specifically asked for a short list, here’s a very small and manageable group of three popular anti-malware tools that score consistently well in independent testing. There are many more fine products.

• Bitdefender (free and paid; site)
• Avast (free and paid; site)
• AVG (free and paid; site)

I suggest you try them, one after another, to see which one fits your personal preferences — what’s “best” for you.

Just keep in mind: though anti-malware tools can help protect you, no anti-malware tool will fix the fundamental vulnerabilities in XP.

Using XP is now riskier, and it will become even more so over time — regardless of the anti-malware tool you use.

Undoing a regrettable change in Group Policies

David Gosnell was trying to keep unwanted software out of his PC but ended up blocking all new software!

• “I set up a local Group Policy to restrict software loading. Now nothing will install. How do I turn it off?”

If you were following a tutorial, you might be able to go to whatever site provided the instructions and work the steps in reverse.

If you don’t remember which tutorial you were following, you might be able to find what you need in the TechNet article, “Using software restriction policies to protect against unauthorized software,” or the Microsoft Forums thread, “Prevent software installation using Group Policy.”

If you weren’t following an article, your best bet might be to roll your system back to its configuration before you made the change, using a backup or System Restore. (Reminder: As you’ve read many times in these pages, you should always make a backup or create a restore point before performing any serious system maintenance or making any significant system changes.)

If you didn’t manually create a restore point, Windows could have made one for you automatically. If you need it, here’s online information on using System Restore to roll back unwanted system changes:

• Win8: Microsoft Answers thread or “How to refresh, reset, or restore your PC” (scroll down to the section labeled “Restore your PC to an earlier point in time”)
• Win7: System Restore
• Vista: “Turn back time on your PC”
• XP: “How to restore Windows XP to a previous state”

If none of the above helps, you can try manually or semi-automatically returning your system’s security settings to a known-good state. The process can be laborious, but it might be your only option — short of a full reinstall — if you don’t have a usable backup or restore point.

For detailed information, see Microsoft Support article 313222, “How do I restore security settings to a known working state?” and the Jan. 16 LangaList Plus item, “Correcting permissions to re-enable file sharing.”

Suspicious applications won’t uninstall

Henry Shockley found some maybe-bogus software on his PC — and it won’t uninstall by normal means.

• “I have two programs on my PC that evidently came in a bundle with other software. One is called WinCleaner OneClick CleanUp and the other is Ultra WinCleaner 2002.

  “When I decided to get rid of them, neither showed up on Revo Uninstaller or Windows’ built-in uninstall tool.

  “WinCleaner OneClick CleanUp had an uninstall on its menu. When I clicked it, the software almost instantly said it was deleted. Color me super skeptical: I’ve never seen a program uninstall that quickly.

  “The other program, Ultra WinCleaner, doesn’t list any way to uninstall it.

  “I want to get rid of them — but how? Any suggestions?”

Sure! I bet you can get that software off your PC in just a few minutes.

Software that doesn’t uninstall easily is often malware — or at least feels like malware. When automatic tools can’t uninstall software you don’t want, you can almost always accomplish the task manually with these easy steps: delete the software from the Registry, delete it from the hard drive, and then verify that your system is clean. Piece of cake!

Here’s that process spelled out in greater detail:

• Open RegEdit and use the Find function to search the Registry for any instance of the offending software. Delete any keys that reference that software. In this case, for example, I suggest performing separate searches for “wincleaner,” “oneclick,” “one click,” and “business logic” (WinCleaner’s publisher).
• Next, use Windows/File Explorer (or the search tool of your choice) to search all hard drives. Use the same search terms: “wincleaner,” “oneclick,” “one click,” and “business logic”. Delete any applicable files and folders the search turns up. Note: Make sure Explorer is set to search all locations and show all files — including hidden and system files.
• Reboot.
• Ensure your PC has no malware on it; use an anti-malware tool that’s separate from whatever anti-malware tool you normally use. For multiple options, see the April 11, 2013, Top Story, “A dozen tools for removing almost any malware.”
• Reboot.
• Run a good Registry cleaner, such as CCleaner (free/paid; site).
• Reboot again.

Your PC should now be free of the previously uninstallable software!

Free tool removes search.conduit malware

Albert “Fritz” Foster’s browser has been infected with the search.conduit malware.

• “I have been fighting search.conduit for a while. Malwarebytes Pro finds the software and seems to remove it.

  “But search.conduit is cleverly written; it reloads itself and shows up again when I boot Internet Explorer — even though Malwarebytes says it was removed, and I deleted it from quarantine!

  “How can I remove search.conduit for good?”

Search.conduit is a tag-along browser toolbar/extension that typically gets installed along with various other freeware/shareware offerings. You might want to reconsider the types of software you’re downloading — and the places from which you’re downloading them. Your current choices are putting you at risk!

As you’ve discovered, search.conduit can be difficult to get rid of. It will reinstall itself if it’s not completely rooted out. It can also install itself again if you have the same browser on multiple systems and all copies are synched via the cloud. Remove the unwanted software from one device, and the browser-synching process brings it back from one of the other connected devices.

Fortunately, there’s an easy fix for search.conduit. The free AdwCleaner specifically targets this type of software. AdwCleaner (see Figure 1) is available from all the major download libraries, such as Download.com (AdwCleaner page; use the Direct Download link).

Figure 1. The free Adwcleaner finds and removes many types of unwanted software from PCs.

Note: If you’re using any form of Web-based browser synching across multiple PCs or mobile devices, work on only one system at a time — keep the others off and inert. This will prevent the software from resynching itself back to your cleaned devices.

Here’s how to clean search.conduit from your browsers:

• Run AdwCleaner; let it remove any malware it finds.
• Reset all your browser settings to default (more on this in a moment).
• Reboot.
• Run AdwCleaner again to make sure search.conduit is truly gone.

Your browser should now be clean!

Your browser’s support pages should have instructions on how to reset the browser to its default state. It usually takes only a couple of clicks.

For example, to reset Internet Explorer, see Microsoft Support article 923737. For Firefox, see the Mozilla support page. For Chrome, see the Google support page.

A free tool and an easy reset should be all you need to make your browser as good as new!

Why continuing support for XP is bad math

More than a few Windows XP users are willing to pay Microsoft for more updates to the now effectively obsolete OS.

In theory, doing so could produce billions in revenue for Microsoft. Here’s why it’s not going to happen.

Paying Microsoft to keep Windows XP current

A Windows Secrets reader recently commented that he’d be more than willing to pay Microsoft a perpetual fee to continue supporting Windows XP. To gain significant traction, the subscription would have to be priced reasonably for the average PC user — perhaps U.S. $25 a year.

It’s an interesting concept. How much money could Microsoft rake in for ongoing XP support? Let’s take a quick look at the math. There are roughly 300 to 500 million PCs in the world still running Windows XP; let’s split the difference and say there are 400 million. Some portion of that figure includes government agencies and major corporations that are already paying Microsoft significant fees for extended XP support.

So let’s cut the number in half and say there are 200 million consumers still using the now unsupported Windows XP. Assuming most of those individuals are willing to pay $25 per year to avoid upgrading to a more modern operating system, Microsoft might see roughly $4 billion in annual revenue.

That’s hardly chump change, especially given that Microsoft’s entire net income for the most recent fiscal quarter was $5.66 billion. And there would be almost no cost to Microsoft; it’s already investigating flaws and developing patches for the supported versions of Windows. At face value, it seems like a win for both Microsoft and Windows XP users.

It isn’t — and Microsoft knows that. There’s almost no chance that the company will implement any consumer-based, pay-for-support program for XP. And we should all be thankful for that fact. The issues with Windows XP run much deeper than just patching known vulnerabilities on the second Tuesday of each month. Moreover, Microsoft has motives and concerns that go beyond patching XP vulnerabilities and fighting off exploits.

An OS that’s now insecure by design

No, Windows XP wasn’t built to be vulnerable; but its architecture has made it so over time. Back when the Internet was relatively new, XP was a great operating system. It’s still a perfectly functional OS — for applications that do not require a network or Web connection.

But from a security standpoint, XP is now simply too archaic. Connecting the OS to the Internet is like speeding down the highway in a car with no seat belts. It’s not only dangerous for you; today’s malware makes it hazardous for every other PC with a shared network or Internet connection.

Patching XP won’t provide the security tools introduced with Windows Vista and enhanced with Windows 7 and Windows 8. Security features such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) can’t be backported to XP without an extraordinary amount of coding effort. (DEP and ASLR aren’t invulnerable, but they do provide additional layers of defense that significantly raise the time and effort an attacker must invest to develop a successful exploit.)

More current versions of Windows also include User Account Control (UAC), which helps protect users running in administrator mode. (Many users are running in admin mode by default.) UAC helps enforce the concept of least privilege: it forces even admins to approve specific changes to Windows, such as installing or updating applications. Most Windows XP users run in an admin-level account, putting themselves at significant risk. It lets an attacker run malicious code with full administrator privileges.

The upshot? All else being equal, Windows XP is almost always at significantly greater risk than newer versions of Windows — even when it’s the same vulnerability across all versions. That fact can skew Microsoft’s vulnerability ratings because any particular flaw’s overall rating is based on the OS most threatened. So a vulnerability rated critical might be rated important or even moderate if Windows XP is removed from the equation.

How XP holds third-party vendors hostage

The liabilities of XP are not limited solely to Microsoft. Third-party hardware and software vendors are also affected. As long as Microsoft supports a legacy operating system, hardware and software vendors typically feel obligated to do so, too. If Microsoft initiated a paid-support subscription for individual XP users, the makers of monitors, keyboards, webcams, and software would also have to continue investing resources to keep their products compatible with Windows XP.

Tripwire security research manager Tyler Reguly recently told me, “No mainstream consumer OS has ever been supported as long as Windows XP. Look at server platforms; even Solaris 8 and AIX 5 [both released after XP] are past their end-of-life dates. Apple released OS X 10.6 [Snow Leopard] in 2009 and dropped support for the OS less than five years later — less than half of the 12 years Microsoft has supported XP.”

So our cost equation isn’t limited just to Microsoft. Adding in the many hardware and software vendors tied to a PC makes the math far more complicated. If you factor in the entire Windows XP ecosystem, that $4 billion of revenue for Microsoft could be offset by many more billions spent by other vendors.

Things change; it’s past time to move on

Not to be facetious, but there were probably people who would’ve paid for continued support of eight-track tapes — or 5.25-inch floppy drives. Technologies evolve, and so do threats to those technologies — and in most cases, the older the technology, the greater the hazard. Most of us are very happy that our cars have seat belts, crumple zones, airbags, and more cup holders.

Windows XP users are still welcome to continue using the aged OS — just as there are those who will still get some use from their effectively obsolete 3.5-inch floppy drive. But all security experts strongly recommend limiting the use of XP to standalone applications. Don’t connect it to the Internet, especially if it shares a network with other PCs. A successful infection on an XP system could easily spread to other machines.

Regardless of whether and how you choose to continue using Windows XP, the concept of paying for support just doesn’t add up. Not for users and not for vendors — not even for $4 billion a year.

Making a list: Counting virtues of Windows 8

If Windows 8 were a kid, it might feel picked on ever since first setting foot on the playground.

But based on discussion begun by Lounge member Prescott in the Windows 8 forum, you might gather that the playground is growing a little friendlier (Windows 8 runs fast, people admit), however grudgingly. Others allow that Windows 8 has grown more attractive in other respects, too. You can tune in to the review of Windows 8 qualities and express your own view on Microsoft’s most controversial OS.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Office 2013 apps not showing up in Win7 submenu
Word Processing	MS Word 2010: Files won’t open due to problems with contents
Spreadsheets	Need Excel button (macro) to consolidate information
Databases	Designing database
Presentation Apps	Convert PowerPoint 2013 document into Word 2013 editable document
Visual Basic for Apps	Outlook: Make visible
Microsoft Outlook	Outlook 2013 messages sent, but copy remains in draft folder
Non-Outlook E-mail	Windows Live email picture problem
Other MS Apps	MS Project single task split into several, in resource-usage view
Windows
General Windows	Connecting to MS OneDrive with Raspberry Pi
Windows 8	Advantages of Windows 8?
Windows 7	Wrong date on computer
Windows Vista	Blue screen crash reboot
Windows XP	Black market for patches?
Windows Servers	Must be in domain to connect to server?
Internet/Connectivity
Internet Explorer	IE 11 doesn’t work
Third-Party Browsers	Firefox ads
Networking	Networking Win7 with Android tablet and iPad
Software Development
Windows Programming	PowerShell 4.0 quick reference guide
Other Technologies
Non-Microsoft OSes	Back up Ubuntu image and Firefox settings to external HD or cloud?
Security & Scams	Flash exploit targeting Internet Explorer, Versions 9 through 11
Maintenance	Question about Vista system reserved (boot) partition
Hardware	Epson printer refuses third-party ink
Other Applications	Opinions please: Auslogics BoostSpeed

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Taking a new approach to old problems

Innovation rarely comes as an entirely new product category. Most often, it puts a new and interesting spin on something that already exists.

That evolutionary form of innovation applies nicely to these four products. Each adds to our computing experience in useful and unexpected ways.

Four terabytes of hard-drive storage to go

The problem: A 1TB external drive has choked on an accumulation of backup files, photos, videos, music, and personal documents.

The solution: Until recently, 1TB drives have been remarkably cheap. But 4TB models? Not so much — especially compact, portable drives. Seagate’s 4TB Backup Plus Fast (site) takes a novel approach to give you excellent capacity, speed, and portability — though at U.S. $270, it’s still not cheap.

The Seagate drive is about double the thickness of the typical USB-powered portable drive — for a reason. To keep power consumption down, the Backup Plus Fast is actually two 2TB drives, one stacked on top of the other, in one case. Using an internal RAID 0 configuration, the two drives appear as a single volume. (RAID was originally intended for data and drive redundancy. But these days, it’s almost never seen on consumer drives.)

Figure 1. Seagate stacks two drives in one case to make a portable 4TB drive.

Using RAID 0 (more info) helps increase drive speed, but it does nothing for data integrity. In fact — because data is typically striped across two or more drives — if one drive fails, you might lose the data stored on the other drive, too.

For that reason, I’d be uncomfortable using the Backup Plus Fast as my primary backup file-storage device — despite the extremely low failure rates of today’s drives. It’s best used for files you access frequently. You could, for example, use it as mobile storage for your entire collection of videos, photos, and music. But you’d still want those files backed up elsewhere. (RAID 0 is fixed; you can’t change the drive’s configuration to RAID 1, which would allow the two drives to operate separately.)

The drive is powered through its USB connections, which means you won’t have to carry along an AC-power brick. Note that I said USB connections — as in more than one. The drive comes with a single-connector cable for USB 3.0–enabled PCs plus a second Y cable for pre-USB 3.0 systems. One USB port on the PC is used for data; another port is needed to help power the drive.

If you do use the Backup Plus Fast for archiving, Seagate’s intuitive Dashboard backup program is included with the drive. The software includes options for automated backups, or you can select which files to back up and when.

Download free iOS or Android apps, and you can also back up your mobile devices to a Backup Plus Fast drive. You can also upload image files stored on the drive to social-networking sites such as Facebook, Flickr, and YouTube.

True to its billing, the Backup Plus Fast is quick. Copying a 1.6GB video file from my laptop to Seagate’s drive took just 19 seconds. Transferring the same file to an older USB 2.0 drive took just over a minute.

Again, the 4TB Seagate Backup Plus Fast isn’t cheap. But if you need portability, speed, and capacity, it might be what you’re looking for.

Bluetooth headset lets you walk while you talk

The problem: You rely on Skype for clear VoIP connections, but your headset keeps you tightly tethered to the PC. You want to be able to move around while you talk.

The solution: Plantronics’ .Audio 995 stereo wireless headset (site) lets you move about your office — as well as other rooms in your home or business. It connects via Bluetooth to a USB dongle and gives about a 40-foot roaming area. The connection is immediate, and you don’t need to install any software.

Figure 2. Plantronics' .Audio 995 headset lets you roam up to 40 feet from your PC.

I use the headset primarily for Skype calls, but its buttons also let me remotely control music playing on iTunes or Windows Media Player.

The .Audio 995’s ear pads appear enormous, but they prove to be surprisingly light — the cushy, leatherette-like fabric stays comfortable over long sessions of use. Voice sound reproduction is excellent, and the boom microphone automatically mutes when raised. Music sounds good but doesn’t have the dynamic range you find with other higher-end headsets.

The .Audio 995 lists for $100, but you can find it online for nearly half that price.

A power strip designed for today’s devices

The problem: AC-adapter bricks are rapidly proliferating, and each one takes up more than one outlet on a power strip/surge protector.

The solution: Accell’s Powramid Power Center ($25; info) uses a sloped, circular design that’s better suited for the many small power adapters we typically end up with. The $35 Powramid Power Center and USB Charging Station adds two USB 2.1 charging ports. Each model has a heavy-duty, six-foot cable and six AC outlets.

Figure 3. A power-outlet-in-the-round, the Accell Powramid Power Center and Surge Protector makes it easy to plug in up to six small power bricks.

Both the AC outlets and the USB ports have circuit-breaking surge protection. The Powramid will automatically cut power to your electronics if a power surge exceeds 1080 joules, diverting that excess energy to ground. (If you live in an older house, check that your electronics are truly grounded. It will not only protect your devices, but also reduce the risk of fire.)

Both Powramid versions are available in white or black. The top-mounted power switch includes a clear plastic safety cover to prevent inadvertent switches.

I still have a sea of power cables under my desk, but it’s handy to have the Powramid on the desktop for devices I don’t leave continuously attached to AC.

Self-adjusting office chair goes with the flow

The problem: Even a properly adjusted office chair locks your body into one position — which, over time, could contribute to pain and fatigue in the spine, muscles, and ligaments.

The solution: The SwingChair II (site) counterbalances body movements, adjusting itself on the fly.

Consider those long drives or flights. After hours of sitting, we stand up stiff; we might even be in some pain. Office chairs present the same problem, no matter how “ergonomic” they’re purported to be. We can’t do much about the seats in planes or our cars, but changing out an office chair can make work a little easier.

About a decade ago, mechanical engineer Hector Serber experimented with ways to incorporate counterbalancing technology into a chair — one that isn’t fixed in one position but adjusts according to body movements. He eventually invented the SwingChair, an office chair with a seat and backrest that swing independently from a pivot point level with the body’s center of gravity (about navel-high).

Unlike most office chairs with simple height and tilt controls, the SwingChair II has eight levers that adjust the chair to your size, weight, and desk height. But its key feature is the suspension system that immediately adapts to changes in your seated position.

Figure 4. Change positions in the SwingChair II, and it automatically readjusts itself for proper support.

You immediately notice a difference when you sit on the SwingChair’s black, perforated, polyurethane-foam cushions. The seat automatically adjusts to an angle that properly supports your legs and hips. At the same time, the backrest adjusts independently of the seat. Each time I moved, the chair adjusted accordingly for maximum comfort.

It takes a bit of adapting to feel comfortable in a chair that keeps changing its configuration. For example, I was at first a tad put off when I crossed my legs and the SwingChair’s seat immediately angled down. For a moment, I thought I’d be catapulted from the chair. But over time, I adjusted to the chair’s movements — and I noticed that my back was no longer as tight as it often was with my previous chair.

Being able to move around somewhat while the chair maintained proper posture settings helped reduce the painful pressure points that develop when you sit in the typical static chair.

The SwingChair II has an optional headrest (shown in Figure 4), and the company also offers an add-on, pivoting mouse tray. Good office chairs are never inexpensive, but the SwingChair II starts at $695. Having used it now for over a week, I consider it a good investment for a comfortable, pain-free, workspace.

The chair comes in black or red fabric and has caster wheels that work best on carpeting. For hard floors or desk mats, you should use the optional, $29, multi-surface casters. You can save a hundred bucks if you forego the headrest. Shipping is free, and you get a 30-minute ergonomic consultation over the phone to properly set up the chair for your body type and preferences. There’s also a 30-day satisfaction guarantee.

Working with email in browsers and apps

No matter what device we’re using, we read and create email within a browser or a separate email client.

These days, most people handle their personal mail by using a browser, but there are good reasons to use an email client.

We have no shortage of browser-based email — or webmail — services to choose from. Twenty years ago, we had few choices — mostly paid services such as AOL Mail or CompuServe, plus some early bulletin board–services such as the WELL. In the mid-’90s, new ISPs such as EarthLink offered email services along with Internet access.

Free webmail services — for example, Hotmail and RocketMail (which then became Yahoo Mail) — first appeared around 1996. Ten years ago, the now ubiquitous Gmail was still in beta.

Today, AOL and Yahoo live on — mostly on inertia. Hotmail is now Outlook.com, and nearly everyone has at least one Gmail account. There is a host of smaller players, all running on Chrome, Internet Explorer, Firefox, and whatever other browser we might use.

For the purposes of this discussion, email clients are apps that let you manage messages outside a browser. They include such stalwarts as Outlook, Apple’s unimaginatively named Mail, Mozilla’s much-loved Thunderbird, and numerous others. The capabilities of these apps range from simple mail management to full personal-information management. Thunderbird, for example, is popular because of its focus on mail; Forté Agent combines email with Usenet news reading; and Outlook combines calendars, task lists, messages, contacts, and more.

In some cases, the distinction between webmail and email client is blurred. For example, that MS Exchange–based mail you typically manage via Outlook can also be accessed via a simple webpage. And Google offers a local-client app that lets you read your Gmail offline — as long as it’s in the Chrome browser.

To further complicate things, IMAP and mail forwarding let you read the same batch of messages across almost all webmail services and local email clients. Naming can also be a problem: Outlook and Outlook.com have similar names, but they’re very different beasts.

Also, the supplier of your email address — whether Google, Microsoft, your ISP, or even a hosted website you created — has almost no impact on whether you use a webmail service or email client. For the most part, the choice is up to you.

As noted above, you can even use both types of mail managers — whichever is most convenient based on your current location, the mobile or desktop device you’re using, or simply personal preference. Webmail can be accessed from almost any device — as long as it’s connected to the Internet. An email client lets you work offline, such as when aboard ship or locked in a plane (though Web access is now common on even those once Internet-free places).

Email clients offer flexibility and convenience

Aside from the online-vs.-local aspect of email applications, most of the differences between an email client and a webmail service boil down to manageability, security, convenience, and personal preference. It’s no longer the case that webmail services are feature-poor substitutes for local email clients.

Whether within a browser or on the desktop, both types of email managers now provide advanced features such as support for multiple email accounts and both POP and IMAP. (IMAP is the preferred email protocol for synchronizing your mail between devices.) Good webmail services provide excellent search capabilities and let you organize your mail in multiple ways — such as by applying filters, setting up custom folders, flagging messages, and using other tools.

At one time, email-client apps were significantly faster than browser-based services. But with today’s high-speed Internet connections, that distinction has largely disappeared.

But email-client apps still have advantages over webmail services, as noted below. Keep in mind that these are generalized points; both email clients and webmail services differ considerably in how they work and what they offer. There’s no one best webmail service or email-client app — nor is an email client always better than webmail services. What’s best for you emerges from how you work.

• Managing multiple mailboxes: Although browser-based email managers let you send and receive email for more than one account, those accounts typically appear as one inbox. That can get confusing if, for example, you need to work simultaneously with personal and business accounts but want to keep them separate.

  On the other hand, an email-client application makes it relatively easy to have separate inboxes. It’s also often easier to set the synchronization and retention properties of each inbox. For example, the messages in one inbox might be automatically deleted when they are more than, say, 30 days old. But the messages in another inbox are retained indefinitely.

• Archiving: It’s unlikely that Gmail will crash and lose all your archived messages. On the other hand, a local hard-disk failure might wipe out years of mail. However, if an important message ends up in the webmail service’s trash can and, say, 30 days later it’s cleared from the trash, it’s most likely gone for good. Mail stored locally is typically backed up with all other data on your system. Assuming you make regular backups, you might be able to recover that lost message.
• Privacy: With a webmail service, all messages are saved on the service’s servers — and in most cases, only on those servers. An email client lets you decide where messages are stored. If you use a POP account, it can be set so that email is downloaded to your local system and then immediately deleted from the Internet-based server. Or you can have the messages live both locally and in the cloud. Either way, it’s your choice.

  One other privacy issue with webmail services is a bit fuzzier. There’s much discussion about whether and how Microsoft and Google scan the mail on their webmail services and use the gathered information to send targeted ads. An April 15 Inquirer report notes that recent changes in Google’s privacy terms would let the company read any content you send or post through its various services.

  If your ISP host is providing your email service, you might prefer not to keep your email on its servers. Otherwise, if you change ISPs (admittedly not that easy to do), your archived messages might be lost.

• Ease of use: One of the common complaints about webmail services in browsers is their stripped-down UI — designed that way primarily to make them fast and compatible with various versions and brands of browsers. If, say, you’re using a Microsoft account for your email but you don’t like the way Outlook.com works or looks, there’s not much you can do about it. Gmail gives you themes, but that doesn’t make some of its UI features any less obscure.

  Email clients, on the other hand, take advantage of all the UI features provided by operating systems such as Windows, OS X, and Linux. They often have a variety of options that let you customize the way they display messages and how you work with them. And because they’re integrated with the OS, you can more easily configure alerts for new messages.

  Best of all, you can use almost any email service with any email-client app. This means if you don’t like the way Outlook works, you can simply move all your mail over to Thunderbird or some other app.

  One other benefit of working with client email: it’s easier to cut and paste portions of an email into a new message.

Setting up accounts in an email-client app

There are basically two ways to have an email account managed by your client application. The first is to forward mail to it from the original service. For example, you can set up a Gmail account to automatically forward messages to another account, which are then downloaded to your Outlook, Thunderbird, Apple Mail, or other local client. It’s relatively easy to set up, but it will also make managing your mail complicated over time. You’ll likely end up with duplicate or extraneous messages in the different accounts.

Forwarding is best for specific types of messages. For example, you might set up a Gmail account just for receiving newsletters such as Windows Secrets. You can then have Gmail automatically forward the newsletters to the email account attached to the local client, where newsletters are easier to read. To set up forwarding in Gmail, simply click the gear icon, choose Settings, and then click the Forwarding and POP/IMAP tab. Follow the instructions for forwarding an entire account or for using filters to forward specific types of mail.

The better technique is to have the email client directly access the servers hosting an email account. This takes more work to set up, but it lets you use the IMAP protocol to keep your mail synchronized. You’ll find instructions online for setting up an account in a particular client. For example, see the following:

• Microsoft Windows page, “Set up an email app with Outlook.com”
• Mozilla support page, “Thunderbird and Gmail”
• Yahoo help page, “Access your Yahoo Mail account with another mail program”

Email is essential for almost all computer users. It’s a critical form of nearly real-time communication, a repository of data, and an archive of the evidence of our interactions with others. Using an email-client app can make managing that wealth of information easier.

The fuss about a new IE zero-day vulnerability

A newly revealed Internet Explorer flaw received an extraordinary amount of news coverage.

The vulnerability was widely reported, mostly because the U.S. Department of Homeland Security’s Computer Emergency Readiness Team had issued an alert.

The many headlines about KB 2963983 took me by surprise. To date, there have been only limited attacks using this exploit — no more than we often see with a typical zero-day threat. Moreover, for every successful zero-day exploit we know about, others go undetected.

According to Microsoft Security Advisory 2963983, this latest remote code-execution threat exploits a flaw in the way IE handles objects in memory. The exploit affects IE Versions 6 through 11. Until an official patch is released, the advisory lists ways to mitigate the threat — including using Enhanced Mitigation Experience Toolkit 4.x.

This might be the first instance of an MS security posting that doesn’t mention Windows XP — now that the OS is no longer officially supported. XP users must keep in mind that Microsoft won’t release an official XP patch for this exploit. (This is only the first of numerous unpatched items we will see for XP.)

As part of a defense against this zero-day threat, I recommend that XP users unregister vgx.dll. (Vista, Win7, and Win8.x users can apply this method, too.) Here’s how:

• Open a command window (click Start/Run and enter “cmd“).
• At the command prompt, enter:

  regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

  

  Figure 1. VGX support successfully removed

• On 64-bit Windows (Vista, Win7, and Win8.x), add the following command:

  regsvr32 -u “%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll”

I suggest keeping this setting going forward. The vgx.dll file is associated with Microsoft Vector Graphics Rendering (or Vector Markup Language; VML). It’s an out-of-date technology that’s rarely used anymore. Should you need to restore the setting, enter the following command:

regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

You can test whether the change is in effect by going to the VMLmaker.com page in Internet Explorer. It should be a blank page. (If you receive the notice, “A VML capable browser is required …,” you must add vmlmaker.com to IE’s Compatibility View list. Click Tools/Compatibility View settings.)

This particular IE vulnerability is associated with Adobe Flash Player. All Flash users should now be on Version 13.0.0.206 — see the Adobe version checker (site) to verify.

This latest exploit is targeted at IE, but we should always be a bit paranoid while on the Internet, regardless of the browser and operating system we’re using.

What to do: Update to Adobe Flash 13.0.0.206, unregister vgx.dll, and consider using another browser — at least temporarily.