Working with Windows 10 Preview, build 10041

In case you need encouragement to have fun

We were distracted last week — by work, I think — from the important rites of St. Patrick’s Day. But we intend to make amends this week. We offer for your viewing pleasure Roy, a herding dog who is a legend in Gloucestershire and who might, naturally, hustle any group of sheepish friends into a pub for a few pints of beer. We can imagine the fun of it, anyway, via a clever Guinness ad. Click below or go to the original YouTube video

Working with Windows 10 Preview, build 10041

After a nearly two-month hiatus, Microsoft has finally released a new Windows 10 Technical Preview build.

You might run into a few hurdles when installing build 10041, but the changes and new features are worth the effort.

Installing Windows 10 Tech Preview 10041

I shouldn’t have to say this, but there are undoubtedly some Windows users who didn’t get the message: If you’re starting with build 10041, don’t install Win10 Preview on a production system. Windows 10 is still far from finished — things will break! (If you’ve been testing an earlier build of Win10 Preview, I assume you already know this.) That’s not just a Windows exhortation, it’s true for any beta OS.

Install the preview on a spare PC (just about any PC made in the past five years will do) or on a virtual machine using VM software (VirtualBox [site] or Windows 8.1’s Hyper-V, for example) — or take the longer, more complicated way around by setting up a dual-boot system.

Also, you can’t install Win10 Preview, build 10041, directly. At this time, Microsoft hasn’t released the installation files — the ISO — yet. The only sane way to get to build 10041 is to start with build 9926 and use Win10’s internal updating tool.

UPDATE: Microsoft has posted the ISO files for build 10041 on the Windows Insider site. Sign in and click the Get started – PC button. Scroll down the “Before you install” page and click Get the preview. Click the download the ISO files link and follow the instructions on the “Download Windows 10 Technical Preview ISO March Update” page.

If you’re already running build 9926, the Web is full of advice for installing it. If you’re starting from a Win7 or Win8/8.1 machine that you wish to upgrade, there’s a quick tutorial on Microsoft’s Win10 Technical Preview download site. Otherwise, you can download the ISO files (site) and set up a VM or dual-boot as usual. See the following Windows Secrets stories for help with setting up build 9926.

• “How to safely test-drive Win10 — step by step” – Oct. 16, 2014, Top Story
• “Solving problems with VirtualBox virtual PCs” – Oct. 23, 2014, LangaList Plus column (paid content)
• “Build 9926 and the importance of Win10 feedback” –
  Feb. 19 Windows 10 article (paid content)

To upgrade to build 10041, sign in to build 9926 with an administrator-level account and then click or tap Start/Settings/Update & recovery/Windows Update. If there are any pending patches, install them all. (Click the Check for updates button. The full update process might require more than one reboot.)

Once build 9926 is completely up to date, click or tap Start/Settings/Update & recovery/Windows Update and then click the Advanced options link (see Figure 1).

At the bottom of the Advanced options pane, under Choose how preview builds are installed, select the Fast option (see Figure 2). Then, in the upper-left corner of the window, click the back arrow to return to Windows Update. Click the Check for updates button.

At this time, there’s no way to turn off individual updates. As soon as you click the update button, the Win10 Preview, build 9926, update (fbl_impressive 10041 Professional) will automatically download and install. Fortunately, that’s what you want it to do.

Be forewarned: Installing build 10041 will seem to take f o r e v e r — and then take even more time. I commonly had machines stall at 2 or 3 percent complete for ten minutes or more — in some cases, up to half an hour. And after the first installation reboot, build 10041 will seem to take another lifetime or two.

In other words, be patient! Don’t unplug anything or manually reboot. It’ll get there — eventually. When the Win10 desktop finally reappears, there’ll be a watermark in the lower-right corner that states, “Windows 10 Pro Technical Preview / Evaluation copy. Build 10041.” That’s your definitive sign that you’ve made it through the upgrade process (see Figure 3).

Putting back some lost core applications

In a Blogging Windows post, Microsoft Win10 spokesman Gabe Aul acknowledges that “the Mail, Calendar, and People apps may be broken.” In fact, I haven’t seen a machine yet that came through the upgrade to build 10041 with those three Universal (tiled Metro) apps intact. That’s not surprising: the current Mail, Calendar, and People apps are headed to the bit bucket — and not a minute too soon. So it’s likely they’re a low priority for Microsoft. They’ll probably be replaced with some sort of Universal Outlook program with associated Calendar and Contacts categories. (The details are still to come.)

You might not even find Mail, Calendar, and People. But if you do, you can easily tell that they’re toast — their tiles will look weird (saying @{Microsoft.win or something equally incomprehensible) — and when you click the tiles, absolutely nothing happens.

If you really want those three Universal apps, here’s how to bring them back:

• Click or tap Start/All apps/Windows System. Right-click PowerShell and choose Run as Administrator.
• Copy the following command into PowerShell and press Enter:

  get-appxprovisionedpackage -online | where-object {$_.packagename -like “*windowscommunicationsapps*”} | remove-appxprovisionedpackage -online

  That’s all one line. If it pastes into PowerShell as multiple lines, you need to go in and manually remove the page breaks. (I recommend pasting or entering the command into Notepad, just in case you need to paste it into PowerShell again.)

• PowerShell should return three lines that look like this:

  Path:

  Online: True

  RestartNeeded: False

  If you don’t see those three lines, go back and make sure you (a) ran PowerShell as administrator and (b) copied the command line correctly. Run it again if need be.

• Close PowerShell, click Start/All Apps, and then click the green Store icon. (The black Store (beta) icon won’t work.)
• In the store, enter Mail in the search box and then click the “Mail, Calendar, and People” app when it appears. (They’re all just one app.) Choose Install.
• Once the notification pops up that “Mail, Calendar, and People” is installed, close out of the Store. Click Start/All apps, then click the first @{Microsoft.win tile on the left. That should bring up the People app. Click on the next tile, and you should see Metro Mail. Click on the third tile and get Calendar.

See why I warned you that build 10041 isn’t appropriate for your production computer?

Touring through build 10041’s new features

A good way to start looking at the new features in this latest build is to refresh what you know about the features added to build 9926. I stepped through them in the Jan. 29 Top Story, “What’s new — and expected — in Win10, build 9926.”

Build 10041’s start menu (see Figure 4) has changed a bit; there’s a little transparency to the menu’s background (which you can’t see in this narrow screen shot). I’ve seen rumors that other Windows pieces might have optional transparency as well.

Start has a few new capabilities, including the ability to drag programs from the All apps list to the tiled area on the right. But overall, it still doesn’t have anywhere near Win7’s start-menu malleability.

The interface for Task View (i.e., multiple desktops) has changed quite a bit. To launch Task View, click the double-box icon in the taskbar. Click the plus sign in the lower-right corner of the desktop to create a new desktop.

You can now drag windows from desktop to desktop while in Task View. You can have the icons in the taskbar reflect only apps running on the current desktop — or include all running apps on all desktops. You can drag a program’s window to the plus sign on the bottom right of the screen to start a new desktop and put that program onto the desktop.

New options in the Update part of Settings seem to suggest that Microsoft will include some sort of peer-to-peer networking for applying updates. I’m not sure how it will work — Microsoft hasn’t yet released any documentation — but it could be useful when applying updates to multiple Windows 10 machines. You won’t have to pull down multiple copies of the same update from Microsoft.

There’s a new sign-in screen that looks a lot better than any that has come before it, with available user accounts listed in big, easy-to-tap blobs.

You can now install apps to an SD card or move apps to an SD card. That could be a really big benefit for really tiny machines.

Also, the Universal-based Photos app will now pull in images from OneDrive and use them on the live tile on the start menu.

And finally — finally — you can coax the Xbox Music app into pulling music down from OneDrive. Now, any music you copy to OneDrive can be accessed on all Win10 machines that are signed in to the same Microsoft account. It seems that Microsoft might finally be catching up with the competition. Paul Thurrott has an excellent rundown on Music on his new Thurrott.com site.

Where Microsoft is heading — I think

To answer that question, you first have to realize that there are many, many promised features still to come in Win10 Preview. For example: Project Spartan, the new Universal-based browser, is currently nowhere to be seen. I expect that droves of Windows 10 users will abandon Internet Explorer when Spartan becomes the default browser. (Come to think of it, most of us have already abandoned IE.)

Cortana, the Siri-like, eerily intelligent (or at least omniscient) “digital assistant,” hasn’t changed much in this latest build — but it will in future versions. Windows Hello, the biometric recognition routine that’ll let us bypass passwords, is completely AWOL.

The possibility that the final Windows 10 will not let users block individual patches still worries me greatly, and there’s no serious hint, one way or the other, which way Redmond will go.

Last week, most news outlets had headlines trumpeting “Windows 10 free for pirates.” In other words, the upgrade would be free whether for a “genuine” copy of Windows or an unlicensed version. Microsoft has since been in damage-control mode, adding numerous exceptions and clarifications. Expect more changes. (It’s hard to have lived in Asia and worked with local computer geeks, as I have, without having some sympathy for being charged half a month’s gross wages for a copy of Windows.) Ed Bott has a thorough review of the “free” ramifications in his ZDNet blog, “Microsoft’s obsession with piracy threatens to create a Windows 10 licensing mess.”

All in all, with a few notable exceptions, I’m impressed with how Windows 10 is shaking out. Those exceptions include: an advertising pipe that Microsoft might incorporate into the Windows lock screen; Cortana’s data-gathering capability, which needs to be explained or clipped; and the possibility that Windows Update might allow only automatic updating.

We also don’t know anything about when the final release will appear and in what editions. There are many other unknowns.

But the part we know about looks very inviting, at least to my old and admittedly jaded Windows eyes.

Do SSDs require special care and feeding?

Early solid-state drives sometimes needed manual intervention to perform well, especially in pre–Win7 PCs. Here’s what’s needed with today’s SSDs and operating systems.

Plus: The pros and cons of deleting a PC’s hidden OEM and recovery partitions, and weather apps for business and pleasure.

Seeking tips for tuning a Windows-based SSD

Phillip Mitchell wants to make the most of his new solid-state hard drive.

• “I recently splurged and bought a 1TB SSD. It’s the only drive on my computer. Could you give some advice on how to set up SSDs for best performance?

  “There is a lot of conflicting information out on the Web, such as turn on/off hibernation and/or the pagefile (I have 12GB of memory) and so forth.

  “Any advice you can offer would be much appreciated.”

The technology for solid-state drives used for desktops and laptops is still relatively new, and some unusual combinations of drive, OS, BIOS, and so on can cause trouble.

But on normal, mainstream setups — i.e., current-generation SSDs on standard Win7 or Win8 PCs — you shouldn’t need to do anything special to get the most from your SSD.

Here’s what you should know about SSD maintenance.

• TRIM: Periodically, SSDs need to be run through a TRIM process (more info), which prepares previously used sections of the drive for rapid reuse. Without TRIM, an SSD will, over time, drastically slow down.

  Both Win7 and Win8 automatically apply TRIM as needed to SSDs. No user intervention is required. (See the Jan. 7, 2010, LangaList Plus column, “Windows, solid-state disks, and ‘trim.'”)

• SuperFetch: The SSD-aware routines in Win7/8 also disable SuperFetch (info) automatically to help improve performance. SSDs are so fast that SuperFetch’s file pre-caching would only cause delays, needless drive wear, and wasted disk space.

  Windows 7 totally disables SuperFetch; Win8 selectively disables it on SSDs while leaving it enabled for conventional drives. (See the related Microsoft video clip.)

• Defragging: The classic method for boosting performance on conventional drives isn’t needed on SSDs. The mechanical parts of a standard drive cause various amounts of read/write latency. But an SSD is completely electronic; accessing one data location is just as fast as accessing any other. Not only is it pointless to rearrange your files on an SSD for improved performance, the process wastes time and causes needless drive wear.

  Both Win7 and Win8 know not to defrag an SSD. Vista, however, does not; you should manually disable or unschedule defrag operations on SSD-equipped Vista PCs.

• Partition alignment: Incorrectly aligned partitions can also reduce drive performance. But all current versions of Windows are partition alignment (info)–aware — both for classic hard drives and SSDs. Again, no user intervention is required. (For more on this topic, see the Oct. 4, 2012, LangaList Plus column, “Drive alignment and solid-state drives.”)

So to maximize SSD performance, you don’t really need to do anything. Win7 and Win8 generally handle these already fast drives just fine, on their own.

Removing the pagefile and/or the hibernation file won’t improve drive performance per se but does free up drive space.

That’s generally a worthy goal, though there are good and bad ways to do it. You’ll recall that the pagefile (info) is disk space used as virtual memory. When Windows is running out of space in physical RAM, it temporarily relocates some lower-priority or infrequently changing data from fast RAM to the much slower hard drive — to the pagefile. Effectively, this lets Windows use far more RAM than is actually installed.

Windows can run with either a smaller pagefile or with no pagefile at all — saving disk space. However, if you run lots of apps or really big files, exhausting your physical RAM — and there’s no available pagefile — something’s gotta give. Apps might crash or fail to load, the OS could stutter or blue-screen, or there could be some other unexpected consequence. In terms of system stability, it could feel like you’ve turned the clock back to Windows 3.

So you can run your PC without a pagefile, but only if you’re careful to never load more programs and data than your RAM can hold. That’s not always an easy task to manage. I routinely exceed my main system’s 8GB of RAM. When that happens, Windows uses the pagefile to temporarily borrow some disk space. That’s how the OS is supposed to work.

Only Phillip can say whether his 12GB of system RAM is sufficient to live without a pagefile. Depending on his computing load, 12GB of RAM might simply delay the onset of trouble. To be safe, he’ll need to monitor RAM use and limit the number of apps running at any one time. That’s not how Windows is supposed to work.

That said, here’s how you reduce or delete the pagefile. In a Win7/8 admin account, click Control Panel/System and Security/System. Next, click the Advanced system settings link in the left pane. Follow steps 3 through 7 on the Microsoft help page, “Change the size of virtual memory.”

Removing the hibernation file: Windows creates a hibernation file (info) when you select either hibernation or hybrid sleep. (See the MS FAQ, “Sleep and hibernation: frequently asked questions.”) A hibernation file stores the full contents of RAM, information about what the CPU is doing, and the state of important system services and devices. When you restart your system, Windows uses the hibernation file to more quickly restore the system to its previous, fully active state.

You can eliminate the hibernation file to save space, if you’re willing to forego the hibernation or hybrid-sleep options. But you might also increase the chances of data loss. If your PC is in standard sleep/suspend mode and you lose power or the battery runs down, you will permanently lose any unsaved data.

So, as with the pagefile, I don’t recommend disabling hibernation. But of course, it’s up to you. For help on removing the hibernation file, see the MS page, “How to disable and re-enable hibernation on a computer that is running Windows.” To ensure that hibernation won’t reactivate, deselect all hibernation and hybrid sleep options in your PC’s power profiles prior to removing the hibernation file.

A better way to gain SSD space: Instead of deleting system files and disabling Windows features, simply enable Windows’ built-in file-and-folder compression for your bulkier user folders (e.g., Documents) — or enable drive compression for the entire drive. (See the Sept. 12, 2013, LangaList Plus item, “Two ways to solve a space crunch on SSDs.”) Compression can shrink files an average of 30 to 50 percent, so it’s an excellent way to maximize space without having to delete system files or give up functionality.

In short, on Windows 7/8 PCs, you can have all the speed benefits of today’s mainstream SSDs without resorting to any special performance tricks.

Is it OK to delete OEM and Recovery partitions?

Kirk Bentson would like to recover the space used by his PC’s hidden OEM and Recovery partitions.

• “I’m a long-time paid subscriber with a question for Fred Langa. I have a Win7 Dell XPS with a 1TB hard drive that’s been factory-configured with four partitions. They are:

  1)  OEM partition (hidden) – 39 MB

  2)  Recovery partition (hidden) – 8.93 GB

  3)  C: – 466.45 GB

  4)  D: – 456.1 GB

  “I removed the hidden partitions and combined the reclaimed disk space into the C: partition. However, after that, the computer wouldn’t boot.

  “I used a recovery disc to roll it back, so now everything works. But I’m still stuck with 2 partitions I don’t want. I’m sure there is a way to get rid of them, but I’m not sure what it is. My hope is that Fred can offer some advice.”

I’m happy to help, but it might not be the advice you want to hear.

Removing the OEM and Recovery partitions used to be a good way to free up disk space — a technique I wrote about way back in 2005.

I’d bought a new notebook, and it arrived with hidden OEM partitions that occupied a full one-third of the total available disk space! (Back then, that wasn’t unusual.) I backed up the OEM partitions and then deleted them from the hard drive.

Back then, it worked because OEM and recovery partitions were mostly static repositories holding archival copies of system files.

But things are different today. Now, OEM/EFI/Recovery and other hidden partitions might be part of the active boot process. Removing the partitions can cause trouble — as it did for Kirk.

Avoiding severe boot trouble is sufficient reason to leave OEM partitions alone. But here’s another good reason: the space you regain on today’s drives is trivial.

With a combined size of just under 9GB, Kirk’s OEM and recovery partitions are fairly average. With a 1TB drive (1,000 GB), removing those partitions would gain him an infinitesimal nine one-thousandths (0.009) more space on the drive.

I have to ask: Why bother?

To my mind, the cost in time, effort, and possible complications far outweighs any possible value gained from recovering a tiny amount of space. Some tasks just aren’t worth doing.

Kirk, my sincere advice to you — and everyone else — is to leave the OEM, recovery, and similar partitions as they are.

Here’s some related reading:

• “Do OEM partitions need routine maintenance?” – July 26, 2012, LangaList Plus article
• “Windows 10 will save disk space and no longer require a recovery partition” – March 16 SuperSite for Windows article

Options when a favorite weather app fails

With the recent heavy snows in my hometown of Boston, keeping an eye on my favorite weather site has become especially important. But everyone benefits from having accurate weather information readily at hand — from knowing what to wear out the door right now, to what to expect when you step off the plane on a business trip or vacation, to receiving potentially life- and property-saving alerts about approaching storms, and so forth.

Reader Gerry Wilder became annoyed when his preferred weather app suddenly failed.

• “I like to monitor the weather at several locations of interest to me. However, about three weeks ago, all the locations said: Cannot connect to service. Does that mean that Microsoft and the weather people haven’t renewed their service agreement? Or is my Win7 x64 computer suffering from a problem?”

Wow, what an incredibly vague error message! It could indicate several different kinds of trouble.

“Cannot connect” could be an internal problem with the app itself, a missing data feed (say, a weather station or the National Weather Service going offline), a problem with some element of Windows, or a failure in your overall networking setup.

That might sound like a lot of troubleshooting, but you can usually work through the problem in just a few minutes.

Start by trying to access some general weather websites. If they work normally, you can most likely rule out a Windows or local networking problem.

The National Weather Service (NWS) data feeds are very reliable; when outages do occur, they’re usually resolved quickly. You can check whether the NWS has current data for your locations of interest by visiting its site and manually looking up the data. If the data’s visible and current, you’ll know the problem’s not with the NWS. (It almost never is.)

Local data feeds can have their own problems. For example, some weather apps report crowd-sourced data for some locations. The data is supplied by privately owned, Internet-enabled weather stations. If the private station you select is offline for any reason, you won’t get any data for that location. There’s nothing you can do about this; your only options are to wait for the station to come back online or to find a different, nearby station.

If it’s not the data feed, not Windows, and not your network, it must be the app itself. You might try uninstalling and reinstalling it to see whether that clears up the trouble.

If nothing works, it just might be a poorly made app. Fortunately, there are many, many good alternative apps and sites available. Here are just two examples.

Although I dislike the cutesy name, the free WeatherBug app (site) is a good source for basic weather reports and radar images. It can display up to five locations. It can also place a widget in your Windows notification area that will continuously display local outside temperature. The app can be set to pop up an alert box and sound a tone when the Weather Service issues a watch or warning for your area.

Business travelers, private pilots, serious weather buffs, and those whose work hinges on the weather might prefer a full-fledged website such as Weather Underground (free with ads, $10/year ad-free membership). Weather Underground provides detailed local forecasts, a choice of technical or prettified radar, aviation weather, professional-level discussions of weather events and trends, and the best forecast-graphing tool I’ve ever seen. Try the customizations. (Note: Weather Underground also offers Android and iOS apps, but they lack the depth of technical information available on the main site.)

In any case, there’s no reason to be stuck with a malfunctioning or unreliable weather app. There are tons of apps and sites available. Give some new ones a try!

Keeping tools of the always-changing trade

Because Lounge member mrjimphelps couldn’t get online recently, he was forced into an investigation of causes.

He discovered quickly enough that not one of his USB devices was working.

Because something like this had happened before, albeit on an earlier version of Windows, he moved relatively swiftly to a fix. He then reported on the problem — and the solution — in the Windows 8 forum.

His keyboard uses a PS/2 port, but his mouse is USB. He solved that problem with a USB-to-PS/2 adapter. However, many recent computers no longer have PS/2 ports, so other Loungers offered tips to get around the obstacle. Should you, too, at some time find yourself with nonfunctioning USB devices, this is a good thread to read.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Modern business apps for old-fashioned small business
Word Processing	MS Word stopped working
Spreadsheets	Excel database duplicate validation
Databases	Rich Text Format and HTML issues
Visual Basic for Apps	PowerPoint macro: Copy text from slide text to slide notes area
Microsoft Outlook	Schedule archiving in Outlook 2013
Non-Outlook E-mail	Sudden Windows Live Mail error
Other MS Apps	Can’t edit Excel file on phone
Windows
General Windows	Should HD be reformatted before clean install of Windows?
Windows 10	Problem installing Win10 from DVD
Windows 8	No USB on my computer
Windows 7	Screen blanks out every 20 minutes
Windows Vista	Vista recovery errors
Windows XP	Memory sticks not recognized
Windows Servers	Touchscreen support in RDS environment
Internet/Connectivity
Internet Explorer	Install Java just to do speed test?
Third-Party Browsers	Firefox add-ons page mostly in Portuguese
Networking	Network problems in Japan
Social Media	Facebook B2B
Other Technologies
Security & Scams	Malwarebytes Pro and Kaspersky blocking something
Maintenance	Want file-synching software that keeps date and time stamps
Hardware	Dell XPS fans
Graphics/Multimedia	Adobe Shockwave Player crashes almost daily
Other Applications	How to make Skype work?

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Wireless devices: From desktop to mountaintop

Cutting the cord is an essential part of our shift from a desktop PC–centric world to mobile computing.

New devices help solve some of the drawbacks of portable devices and wireless connections.

This month, I checked out a quartet of products that offer enhanced data archiving, help unclutter our desktops, expand Wi-Fi, and secure our keyboards.

Automatic local and cloud-based backups

IDrive was started with a novel idea for cloud backups. As I noted in the Nov. 7, 2013, Best Hardware column, for a yearly subscription starting at U.S. $35, the company sends out a loaner 1TB external hard drive for your initial PC backup. You then send it back, postage-free, to IDrive, where your data is transferred to your cloud-based account. All incremental backups are then transferred over your Internet connection. That’s much more efficient than waiting hours or days for all your files to upload to the cloud.

Unfortunately, completing a full data restore was still subject to relatively slow Internet speeds. Recovering anything amounting to more than a few small files might take hours or days. Recently, the company addressed this problem with its IDrive Wi-Fi device (more info), a USB 3.0 external drive (Figure 1) that combines local and cloud backup. The drives cost $100 for 1TB or $150 for 2TB, and the system supports iOS and Android mobile devices.

Both Seagate and Western Digital have offered Wi-Fi-enabled/cloud-connected backup drives for a couple of years, but they’re typically limited to local backups and access to the drive via the Internet. (Some Western Digital models will back up your Dropbox folder, which does provide a less-than-ideal form of local and cloud-based backup.)

That said, the IDrive box is dedicated to data backup. Unlike the models from Seagate and Western Digital, it can’t stream stored media (music, video, photos) wirelessly to mobile devices.

(There are pro and cons to using general storage services — Dropbox, Google Drive, OneDrive, etc. — versus dedicated backup services such as IDrive, Mozy, Carbonite, and so forth. Lincoln Spector discussed those differences in the Nov. 20, 2014, Best Practices article, “Cloud data protection: Synching versus backup.” Some dedicated online-backup services such as Mozy offer software that supports both local and cloud-based archiving. But you typically have to provide the hard drive.)

When I originally signed up with IDrive, I chose the free, 5GB, cloud-based backup service. When I added the 1TB IDrive Wi-Fi, I was automatically upgraded to a one-year, 1TB subscription, currently priced at $44.62. (Cloud-based backups just for mobile devices is $5 per year — no IDrive hard-disk purchase required.)

To set up local IDrive backups, start by downloading the IDrive’s software for your PC and mobile devices. The apps are easy to work through: on the PC, there are simple choices for selecting the files and folders you want archived and for scheduling backup times (or just “Backup Now”). On mobile devices, I selected either Cloud Backup or Local Backup (see Figure 2). IDrive uses AES-256-bit encryption to protect your all data.

A pop-down menu in the iOS app let me instantly back up my Facebook or Instagram data, set file sharing, and create shortcuts to frequently accessed files. There’s also a toggle switch for automatic photo archiving. Both on the drive and online, backups are saved in separate folders, based on device. For example, my folders were named “PC-Mike,” “iPad-Mike,” and “iPhone-Mike.”

The IDrive Wi-Fi would be better if you could do a quick backup to the local drive and then let it update the cloud-based backups. Currently, it’s two separate processes — that means you can do a quick backup locally and then shut down your computer. Cloud-based backups will catch up the next time the computer is turned on.

Backup speeds over Wi-Fi (typically, from mobile devices) will depend on your local network setup. When I saved over 200 iPad photos to the drive, the entire process took about two minutes.

A while back, I learned, the hard way, the value of having both local and cloud backup when my computer crashed and my external backup drive failed. I was forced to use an expensive hard-drive restoration service. Now, my two-way backup system gives both speed and security. And when I upgrade to a new mobile device, transferring files to the new system will be a breeze.

Flexible multiple-device synching and charging

I confess that I probably have way too many portable devices — each, it seems, with a different connector for synching and charging. My desktop was starting to look like some sort of badly wired, patched-together control panel.

Devices for reducing cable clutter abound. But there’s always room for a better solution. Eggtronic’s 20-watt, AC adapter–powered HUB IT (site; Figure 3) takes a new approach to reducing cable chaos.

The black-plastic box works like a digital Grand Central Station, letting you charge and/or sync up to seven devices simultaneously. Beneath its easily removed cover are compartments for Tic-Tac box–size cartridges, each with its own retractable connection cable. The $80 Hub It station comes with four cartridges for micro USB, mini USB, Apple 30-pin connector, and Apple Lightning Plus. Additional cartridges are only $8 each (more info), and there are versions for Android phones and tablets, Nintendo game consoles, and various cameras. There’s even a cartridge for wireless charging, and for wireless Qi charging (more info).

The HUB IT has slots for four cabled cartridges (plus one wireless-charging cartridge; see Figure 4) and three fixed, standard USB connectors. All seven ports support high-speed USB 3.0, and all ports can be connected to a PC via a single USB cable. The box also has built-in surge protection. Because HUB IT is self-powered there’s no drain on laptops.

This one-hub-fits-all solution isn’t cheap, but it’s a well-conceived solution for bringing some order back to my desk.

Get secure Wi-Fi anywhere there’s cell coverage

It’s a bright, sunny day in San Francisco’s Golden Gate Park. I have purposely walked deep into an outlying dell where there’s no hint of Wi-Fi reception. But when I power up the compact AT&T Velocity (more info), my Dell laptop and iPad 3 immediately have a strong Wi-Fi/Internet connection via AT&T’s 4G LTE network.

The five-ounce box is powered with a rechargeable lithium-ion battery that lasts up to 10 hours per charge. It also has a bright, color touchscreen that makes using the device quick and easy, and it reportedly handles up to 10 computers and mobile gizmos at the same time.

About the size of a bar of soap, the Velocity includes a micro SD-card slot, letting you share or stream up to 32GB of files to connected devices. And, like current 5GHz/2.4GHz routers, the Velocity can simultaneously provide a second guest network with its own password.

As with any Wi-Fi service, bandwidth speed depends on distance. The Velocity claims to offer a 30-foot range, which my informal tests seem to confirm. As I move out to about 35 feet, the Wi-Fi signal strength quickly drops to one bar and streaming videos stutter and freeze.

And similar to subsidized cellphones, AT&T practically gives the Velocity away. You can either pay 99 cents with a two-year service contract, or you can buy it outright for $149. Service plans vary, but figure on about $25 per month for 2GB of data or $50 per month for 5GB. Currently, two-year contracts lock you in for the $50/5GB plan. (You can save some money by combining the Velocity’s data usage with an existing cellphone service.)

If you need cellular-based Wi-Fi occasionally, the Velocity isn’t cheap. But in remote areas where cell-based connections are the only option for Internet access, it might be your best choice. It also offers more security than public Wi-Fi, because you’re basically using a secure, encrypted VPN connection.

An encrypted, wireless keyboard and mouse

Keyloggers are a classic means for stealing user names and passwords. The malware installs itself on your PC, furtively captures every typed character, and sends that data back to a cyber criminal (or possibly agencies such as the NSA). There are numerous ways to be infected by keylogging code, most of them outlined on a related Wikipedia page.

Wireless keyboards are especially vulnerable to keylogging. As reported in a recent VentureBeat article, a security researcher hid a keylogger in a fake USB charger. It was able to sniff data from wireless Microsoft keyboards, but it reportedly works with other wireless keyboards as well.

By default, most wired and wireless keyboards don’t use any sort of encryption. Those that do, typically reveal this in their names or descriptions. I found a few on Amazon, and they usually sell for over $100.

German-based ZF Electronic Systems’ Cherry division (site) makes heavy-duty mechanical keyboards for businesses and the government. The company has now released a wireless keyboard/mouse combo that uses AES128-bit encryption to defeat keylogging. The $80 Cherry JD-0400EU-2 keyboard (site; Figure 6) boasts secure data transmission and an advanced energy supply. The kit includes a single charging cable for the keyboard and mouse and a wireless-to-USB transceiver.

Mechanical keyboards (every key has its own mechanical parts) are a specialty. But oddly, the Cherry JD-0400EU-2 uses the less-expensive membrane switches — all keys sit on a single layer (membrane) of plastic.

Nevertheless, Cherry does not seem to have skimped on the quality of the parts, design, and features. Key feedback is firm — not spongy like most cheaper keyboards. Four extra keys above the number keypad offer convenient functions geared for both office and home users; they include a shortcuts-to-a-calculator app, email, and browser homepage — plus a lock key that instantly switches the PC to its sign-in screen (if passwords are activated on the system).

The three-button optical mouse is comfortable for both righties and lefties, and there’s a switch to select 1,000 or 2,000 dpi resolution. My only gripe: the mouse doesn’t have a visual signal that indicates the active resolution. Also, I wish the keyboard had lights indicating that Caps Lock and Num Lock are on.

Cherry offers customizing software for reassigning function keys and hotkeys at their download page.

The JD-0400EU is probably overkill for home applications — assuming you keep your anti-malware up to date. But it’s certainly valuable in office settings — especially when handling sensitive information such as personal data or financial information. Good security requires a multifaceted approach.

March's patching goes out like a lamb

Nearly every month brings a few patching issues. March’s are mostly resolved — it’s time for the end-of-month patch cleanup.

With Windows Server 2003 hitting its end of life in four months, the biggest March headache was reserved for admins.

MS15-027 (3002657)

A fix for Server 2003 gets its own fix

Here’s a public-service announcement for those who manage Server 2003 systems. Warning: Official support for the application ends July 14, 2015. That timeline won’t be so worrisome for workstations, but for server installations, it’s essentially tomorrow.

After the July deadline, Microsoft will no longer send out security updates for Server 2003 — unless you’re willing to pay for premier support. You’d think that most businesses would be in the last stages of moving off that platform. But given the number of reports of issues with the initial release of KB 3002657, it appears that’s not the case. That March patch was intended to fix a vulnerability in the Windows Server Netlogon service.

Specifically, many businesses using Server 2003 as a domain controller got hammered by the faulty update. As reported in various blog sites, including a TechNet post, the side effects impacted anything that required network authentication — from SharePoint to MS Exchange to mapped-drive access. That included access to services hosted on other platforms such as Server 2008 R2 and even 2012 R2 — if the authentication server was Server 2003.

On March 16, Microsoft reissued KB 3002657. The patch had no side effects on other platforms. The new version should be posted in Windows Update. (This update was offered only to servers.)

What to do: KB 3002657 (MS15-027) is now safe for all affected Windows Servers systems.

3033929

Update causes problems only on dual-boot systems

This past October, Microsoft released KB 2949927, an update that added SHA-2 security-signing support to Windows 7 and Server 2008 R2. Unfortunately, the patch would not install properly on some systems and, in other cases, caused problems with the Windows updating system. Microsoft soon pulled the patch from its servers and recommended that Win7 users uninstall it.

This month, the patch was reissued with a new number: KB 3033929. But soon there were new reports of problems. (I gave this update a thumbs-up in the March 12 Patch Watch because it wasn’t affecting the key system file, Win32k.sys.) Despite making headlines, the issues with KB 3033929 were never widespread. In fact, the only systems affected were those with dual-boot configurations.

As noted in the update’s support page, you should not install KB 3033929 if you’re using a third-party boot loader and you have both Windows and Linux installed.

The solution, according to the support page, is to use Windows as the default boot loader or to temporarily change the BIOs so that the startup process goes directly to the Windows boot loader. Once the update is installed, you can go back to your original settings. This is another example of how nonstandard configurations can run into trouble with Windows updates — and why it’s good to wait a bit before installing patches.

Again, the update adds support for SHA-2 code signing so that Microsoft can phase out the older and less secure SHA-1. As the related security advisory states:

“The root cause of the problem is a known weakness of the SHA-1 hashing algorithm that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original. These issues are well understood, and the use of SHA-1 certificates for specific purposes that require resistance against these attacks has been discouraged. At Microsoft, the Security Development Lifecycle has required Microsoft to no longer use the SHA-1 hashing algorithm as a default functionality in Microsoft software.”

This is one of those behind-the-scenes updates that will have no visible impact on your PCs. But it’s important for making Windows systems and installed software more secure.

What to do: KB 3033929 should be installed on all Win7 systems. If you have a dual-boot setup, read the patch’s MS security advisory first.

3033889, 3048778

Explorer hangs after Asian systems updated

Released this month, KB 3033889 was a critical update, needed to fix a Windows vulnerability. As I noted in the previous Patch Watch column, the threat was essentially a repeat of the infamous 2010 Stuxnet DLL exploit.

However, in yet another case of unintended consequences, KB 3033889 proved troublesome for Internet Explorer on Windows 8/8.1 systems using Japanese or Korean input method (IME). After the update is installed, Windows Explorer stops responding. Microsoft’s solution is KB 3048778, proactively offered to all Windows 8 and later platforms.

What to do: Apply KB 3048778 only if Windows Explorer becomes unstable after you’ve installed the March updates.

3000850

Revisiting an optional Windows 8 update

Back in November, Microsoft released KB 3000850, a bulky update designed essentially to set the new “baseline” for the Windows 8.1 platform. The update was optional, and my esteemed colleague Woody Leonard recommended skipping it.

But I disagree — or, more precisely, I strongly suggest that you do some prep work before installing it. Be sure to make a full system backup first. Then, if you’ve had no history of update problems on your Windows 8.1 machine, go ahead and install the update. Avast fixed its issue with the update a while ago, and I’ve seen no other recent reports of significant problems with the patch.

KB 3000850 includes many fixes, including defense-in-depth security and Schannel-hardening enhancements — both valuable tools for protecting Windows systems. Although the update was originally tagged as optional, Microsoft recently changed its status to important, which means it might suddenly appear — still unchecked — in the Windows Update “Important” list.

What to do: Install KB 3000850 after ensuring that you have a current system backup.

2952664, 2976978, 2977759, 3008273

A few end-of-the-month compatibility updates

Updates released outside of Patch Tuesday are now fairly rare. Typically, they’re emergency patches for new zero-day threats or fixes for broken updates. But in the latter half of March, you should have received several compatibility updates.

For example, KB 2952664 helps with upgrades from Windows 7 to Windows 8.1; KB 2976978 helps determine whether Windows 8 and 8.1 will have upgrade issues; and KB 2977759 checks Windows 7 for possible upgrade issues.

These are all essentially telemetry updates designed mostly to help Microsoft with its future development work. If you plan to take Microsoft up on its reportedly free upgrade to Windows 10 later on this year, you may wish to install these updates — this will help Microsoft determine whether your system will have issues with the upgrade process. (Keep in mind that you won’t get any specific information about your system — you’re simply providing anonymous data about your system’s configuration.)

KB 3008273 is another push by Microsoft to migrate Windows 8.0 users to Windows 8.1.

What to do: Nonsecurity KBs 2952664, 2976978, 2977759, and 3008273 are completely optional. I suggest skipping them if you have no immediate plans to upgrade your systems to a newer Windows.

3050995, 3046310

Digital certificates are in a real mess

It seems every week sees a new report of a certificate authority improperly issuing a trusted root certificate — one that could lead to certificate-spoofing attacks. So far, two such certs were released this month. MS Security Advisory 3046310 warns about a bogus live.fi domain certificate, and Advisory 3050995 discusses a certificate released from the subordinate CA, MCS Holdings, that could be used to impersonate some Google sites.

Vista and higher systems automatically obtain certificate updates — no action on your part is needed. You can check that the fix has been applied by opening your Applications event log. Click Control Panel/Administrative Tools and then select Event Viewer. In the left column, click Windows logs/Application to view the event log. Next, in the right column, click Filter Current Log and search for event 4112 by entering the number into the All Event IDs box.

You should find that your system has updated its disallowed certificate list, as shown in Figure 1. The date of the event should be March 13 or later. If you don’t see this event, make sure you have KB 2677070 installed, which ensures that your system automatically revokes untrusted certificates.

What to do: Review your event log to see whether your PC is properly revoking certificates.

MS15-023 (3034344), MS15-026 (3040856)

Two March security updates ready to install

In the March 12 Patch Watch column, I recommended putting two security updates on hold. Rated important, KB 3034344 is a kernel-mode driver update that fixed the fuzzy-fonts issue KB 3013455 created on some Vista systems.

KB 3040856 corrects vulnerabilities in MS Exchange Server. Rated important, the update fixes, among other things, a cross-site scripting threat to Outlook Web Access.

What to do: Both updates appear to be safe. Install KB 3034344 if offered; admins should, of course, deploy KB 3040856 only after testing the patch.

A new release of EMET needs a do-over

Version 5.2 of Microsoft’s Enhanced Mitigation Experience Tool (EMET) was released on March 13 — appropriately, right before the annual CanSecWest (site) security conference and Pwn2Own hacking contest. Almost immediately, Microsoft received reports of compatibility issues with EMET and Internet Explorer 11 on Windows 8.1 systems. A reissued EMET 5.2 was released on March 16 to fix the IE problems and some issues with certificate pinning, as noted in a TechNet post.

I’ll be reviewing EMET again in an upcoming article, but for now, EMET users should know that certificate pinning is still a bit too bleeding-edge to be used effectively.

The Pwn2Own contest is always interesting. This year, none of the browsers successfully fended off attacks. In fact, South Korean hacker Jung Hoon Lee single-handedly took down Chrome, IE, and Safari — and reportedly walked away with U.S. $225,000 in prize money.

What to do: Consider installing EMET on machines that routinely process highly sensitive data — and prepare for browser updates in the weeks ahead.

Skype delivered to Skypeless machines

Microsoft is finding new ways to offer software you might not want — specifically, via Windows Update. Silverlight, for example, now shows up regularly as an optional update, even when you don’t have it already installed. Now Microsoft is pushing Skype via Windows Update.

This update is a good example of why you should not enable Windows Update’s “Give me recommended updates the same way I receive important updates” setting. If that option is checked, a potentially unwanted update such as Skype will show up with updates you need to install (under the Important tab, instead of the Optional tab).

Note: There are reports that this Skype update might offer to change your browser’s homepage to MSN and reset your default search engine to Bing.

What to do: Install the optional Skype offering only if you want it. And review your Windows Update settings.

The March list of nonsecurity updates

This month’s nonsecurity updates for Windows, Office, and other Microsoft products all seem to be on their best behavior. Here’s the list.

(Unless otherwise noted, these patches typically contain multiple fixes and/or improvements.)

All Windows platforms except Vista

• 3037623 – Hyper-V; improved backup and restore for Win10 Technical Preview

Windows 8 and 8.1

• 3012702 – Remote Desktop Server; lost associations for roaming users
• 3025417– Windows Defender; general update
• 3032613– Windows Store; Polish, Bulgarian, and Greek text doesn’t display
• 3036562– APN database entries for Y!Mobile and Truphone

Windows 8.1

• 3012235 – Print Pictures wizard; stops responding
• 3013172 – Safely Remove Hardware tool; devices can’t be ejected
• 3018133 – Lock screen; content displayed incorrectly after KB 2919355 installed
• 3022796 – RichTextBox controls and ALT codes update
• 3024751– Surface Pro 3; Tab key inserts a tab stop when entering Wi-Fi credentials
• 3024755– Calculator; multi-touch gesture no longer works after exit
• 3027209– General reliability improvements
• 3029606– Improved Bluetooth-driver diagnosis
• 3029803– “STOP Error 0x0000009F” when resuming from sleep mode
• 3030947– Compatibility issues
• 3034348– Windows Store apps; “Access denied” error when configuring printer properties
• 3035527– Win32 apps; problems pinning to and unpinning from taskbar
• 3035553– Lock screen; black screen after quick up/down swipe
• 3036228– “0x00000119” Stop error when playing video
• 3036612– Windows Store; apps crash

Windows Server 2003

• 3000988 – Fixes issue introduced by security update KB 2918614

Windows Server 2008 and Vista

• 3008627 – Fixes issue introduced by Security update KB 2918614

Office 2007/2010

• 2817561 – Visio 2007; ActiveX issues after installing KB 2596927
• 2820813 – Office 2010; ActiveX issues after installing KB 2553154
• 2837601 – Access 2010; ActiveX issues after installing KB 2553154
• 2920794 – Office 2007; 2596927
• 2956104 – Office 2007; junk-mail filter
• 2956141 – Office 2010; improved proofing tools
• 2956203 – Outlook 2010; inability to disable Empty Delete Items Folder option
• 2956205 – OneNote 2010
• 2956207 – Outlook 2010; junk-mail filter

Office 2013

• 2767996 – Outlook; LinkedIn Social Connector no longer loads by default
• 2920754 – Office; ActiveX failure after installing MS14-082
• 2956145 – Excel
• 2956148 – PowerPoint; problems with presentations containing CMYK JPEG images
• 2956154 – Office; improved Customer Experience Program logs
• 2956160 – Office
• 2956165 – OneNote
• 2956167 – Office; error when registering Office app for testing
• 2956168 – Office; improved proofing
• 2956169 – Office
• 2956170 – Outlook
• 2956171 – Excel; issues with PowerPivot add-in
• 2956172 – Outlook junk-mail filter
• 2956174 – Lync
• 2956176 – Access
• 2956177 – Office
• 2965206 – PowerPoint

(Note: Office Click-to-Run client updates are contained in versions 14.0.7145.5001 and 15.0.4701.1002.)

Other updates

• 2553480 – Project Server 2010
• 2878283 – Visio 2010; ActiveX issues after installing KB 2553154
• 2880993 – SharePoint Enterprise Server 2013 SDK; WaitForItemEvent issues
• 2881032 – SharePoint 2010; BLOB cache update failure
• 2956147 – SharePoint 2013; improved proofing
• 2956155 – Visio 2013
• 2956159 – SharePoint Enterprise Server 2013; cumulative update
• 2956162 – Project Server 2013; cumulative update
• 2956166 – SharePoint Enterprise Server 2013; cumulative update
• 2956178 – Project 2013
• 2956187 – Project 2013
• 2956198 – Project Server 2010; cumulative update
• 2956201 – SharePoint 2010; cumulative update

What to do: Install any of the above patches offered in Windows Update.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
3020393	01-13	Telnet service	Optional
3000483	02-12	Group Policy; only PCs connected to domains	Install
3001652	02-12	Visual Studio; reissued	Install
3004361	02-12	Group Policy and domains	Install
3013455	02-12	Kernel-mode driver; possible font issues, see KB 3037639	Install
3021952	02-12	Internet Explorer cumulative update	Install
3021953	02-05	Flash Player for IE 11	Install
3023562	02-12	Kernel-mode driver; except clients attached to Server 2012 R2 Essentials	Install
3029944	02-12	TIFF image exploits	Install
3031432	02-12	Windows validations; also KB 3004375	Install
3032328	02-12	Office; see MS15-012 for full list	Install
3033857	02-12	Office; KBs 2910941, 2920748, and 2920795 (see MS15-013)	Install
3035898	02-12	Virtual Machine Manager; see MS15-017 for full list	Install
3002657	03-10	Windows Netlogon; for Windows Server	Install
3030377	03-10	Windows Task Scheduler	Install
3030398	03-10	VBScript; also KB 3030403	Install
3032323	03-10	Adobe font driver	Install
3032359	03-10	IE cumulative update	Install
3033889	03-10	Windows Text Services; also KB 3039066	Install
3034344	03-10	Windows kernel-mode driver	Install
3035017	03-10	Remote Desktop Protocol; also KB 3036493 (Win7)	Install
3035126	03-10	Windows Photo Decoder	Install
3035131	03-10	Windows kernel	Install
3035132	03-10	PNG image processing	Install
3038999	03-10	Microsoft Office; see MS15-022 for full list	Install
3040856	03-10	Microsoft Exchange Server	Install
3046049	03-10	Windows Schannel; combats FREAK exploit	Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.