You’ll get a new Windows Update, like it or not

Get an exclusive excerpt by Fake Steve Jobs

There are only a few more days for our readers to get an exclusive excerpt from the new paperback edition of Options: The Secret Life of Steve Jobs. Written under the pseudonym of Fake Steve Jobs (who’s been revealed as Forbes editor Daniel Lyons), the book is an uncensored fantasy inside the mind of one of the world’s showiest CEOs. The new edition is just now showing up in bookstores, but Windows Secrets & Support Alert readers can get the best chapters free in a downloadable PDF file. All paying subscribers — and all free subscribers who upgrade to paid — can get our bonus download at no extra charge until Sept. 3, 2008.

Special one-time offer for all Support Alert subscribers:
Upgrade to a paid subscription Renew your paid subscription by Aug. 31, 2008, and get 15 months for the price of 12!

Paid subscribers: Download your bonus
Free subscribers: Upgrade to get the bonus
Info on the printed book: United States / Canada / Elsewhere

Time for a summer break — see you on Sept. 4

To give our writers and staff a rest, we skip publication during the last two weeks of August.

That means this is the last newsletter you’ll see until Sept. 4, but if anything important comes up, we can always send out a short news update.

Where in the world is Gizmo Richards?

Our senior editor, Ian “Gizmo” Richards (left), is busily working on new software reviews that we’ll publish in September after our break. Gizmo writes new columns twice a month in the paid section of the Windows Secrets & Support Alert Newsletter. His former Support Alert Newsletter, which merged with Windows Secrets on July 24, was e-mailed once a month.

This week, we have not one but two new software reviews in our paid content. In his PC Tune-Up column, Mark Edwards rates the best free “rescue CD” software, which can help get your PC working again after a virus infection or other disaster. In the Best Software column, Scott Spanbauer tests free and commercial e-mail programs that you can use to replace Microsoft Outlook without paying that program’s high cost. How to get our paid content with no fixed fee

Gizmo and Scott alternate writing the Best Software column each week. We hope you’ll like the reviews you get from both of them — and from our other contributors — in the months to come.

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

You'll get a new Windows Update, like it or not

By Scott Dunn Microsoft will soon install a new version of Windows Update on your computer, even if you’ve set your PC not to download and install any updates. With such a potential for confusion, it’s a good idea for you to know what’s going to be done to your machine by this important but often misunderstood tool.

When turning updates off really doesn’t

Windows Secrets first disclosed on Sept. 13, 2007, that Microsoft had been silently downloading Windows Update (WU) executable components on users’ computers — even when the users’ auto-update settings required advance permission. At the time, Microsoft admitted in its Update Product Team blog that it has carried out this practice for many years, as I wrote in a follow-up column.

This time, Microsoft is being more up-front about its forthcoming refresh of Windows Update. For example, product manager Michelle Haven described in a blog post on July 3 some new features that the upgrade will add.

The new version will reportedly reduce the time WU takes to scan for and send out new updates. In addition, if you use the online version of WU, and you click an update for more information, the new version will offer you more links with additional details.

But the Redmond company hasn’t changed the wording of the Control Panel settings that appear to prevent Windows Update from performing silent downloads — but don’t.

In light of these potentially misleading controls, a few tricks on managing Windows Update are just what the doctor ordered.

To view your Windows Update options in Windows XP, press the Windows key plus R to open the Run box, type control wuaucpl.cpl, and press Enter. In Vista, press the Windows key, type windows update, press Enter, and select Change settings on the left.

According to the aforementioned blog post, the Microsoft Update Product Team considers Windows Update to be turned on when any setting is selected except the last one:

• Turn off Automatic Updates (in XP)
• Never check for updates (in Vista)

Consequently, Windows Update itself may be updated even if you select an option such as:

• Notify me but don’t automatically download or install them (in XP)
• Check for updates but let me choose whether to download and install them (in Vista)

Figure 1. Windows Update may automatically install some executable files, even if you set auto-update configuration to require permission.

If you prefer to decide for yourself when and whether to install updates, but you don’t mind the Windows Update app upgrading itself, use either the second or third setting. For total control, select the last option. (You’ll see regular warnings, which is the price of choosing this setting.)

Keep unwanted updates from bugging you

After you read warnings about a specific update — such as the ones Windows Secrets readers regularly see in Susan Bradley’s Patch Watch column — you may decide that the fix is not for you. If you have one of the “notify me” options set (choice 2 or 3), you’ll see an icon and possibly a pop-up menu in the taskbar tray endlessly pestering you to install the update.

To shut off notifications about a particular update in Windows XP, take these steps:

• Step 1. Click the Windows Update icon in the taskbar tray to open the Automatic Updates control panel.

• Step 2. Select Custom Install (Advanced) and click Next.

• Step 3. Uncheck the items you don’t want to install. Make a note of their Knowledge Base numbers in case you change your mind later. Then click Install (to install remaining items) or Close (if no items are checked).

• Step 4. When the Hide Updates prompt appears, check Don’t notify me about these updates again and click OK.

• Step 5. If you later change your mind and want to install the items, surf on over to Microsoft’s Download Center, enter the update’s KB number in the Search box, and click Go. Follow the on-screen instructions to download and install the update.

To shut off notifications about a particular update in Windows Vista, take these steps:

• Step 1. Click the Windows Update icon in the taskbar tray to open the Windows Update control panel.

• Step 2. Choose View available updates below the Install Updates button.

• Step 3. Find the update you don’t want installed and uncheck its box.

• Step 4. Right-click the update name and choose Hide update.

• Step 5. Click the close box in the upper-right corner to close the window.

• Step 6. To see this and other hidden updates in the future, reopen the Windows Update control panel and click Restore hidden updates in the left pane.

Tips for installing recalcitrant updates

Sometimes an update you want to install never gets loaded despite repeated attempts. What to do?

First, identify any updates that didn’t get installed properly by going to the Windows Update or Microsoft Update site. Choose Start, Windows Update (or Microsoft Update) or Start, All Programs, Windows Update (or Microsoft Update).

In XP, click Review your update history on the left; in Vista, choose View update history. XP shows failed updates with a red X; in Vista, the word “failed” appears in the Status column. (Note that some updates may have failed to install on their first attempt but succeeded subsequently.)

Here’s a checklist of things to try when attempting to coax an update to load:

Consult a troubleshooter. Windows logs troubleshooting info specifically for updates. In Vista’s update history control panel, click the Troubleshoot problems with installing updates link above the list of installed updates.

XP’s troubleshooter may offer more-specific info about the update. Start by checking out your update history as explained above. Click the red X icon to open a window of information about the update. Select and copy the error code in this window.

Browse to Microsoft’s Windows Update Troubleshooter site (you’ll probably need to use Internet Explorer). Press Ctrl+F to open a search dialog, paste the error code into the Find box, and click Next. You may find a link relating to that specific error.

If no such link appears, search for the same error code on Microsoft’s Help and Support site or use one of the support sites I reviewed in my July 10 column. Finally, try skimming through the list of symptoms on the Update Troubleshooter page to see whether any match those you’re experiencing.

Clean up your act. If a specific update is listed as installed, but it’s still offered to you repeatedly, scan your system for spyware and viruses. Windows Secrets contributing editor Scott Spanbauer rated on June 26 several free antivirus packages you can use to do this.

Take the Safe Mode route. If an update doesn’t install properly in normal mode, try uninstalling it and then reinstalling it in Windows’ Safe Mode.

• Step 1. To uninstall an update, press Win+R to open the Run box (in Vista, simply press the Windows key), type appwiz.cpl, and press Enter. In XP, check Show updates at the top of the box and scroll to Windows XP – Software Updates. In Vista, click View installed updates on the left.

Make a note of the problematic update’s KB number, click Remove (in XP) or Uninstall (in Vista), and follow the prompts on the screen.

• Step 2. Browse to Microsoft’s Download Center and enter the update’s KB number in the Search box. Once you’ve found the update, download it to your desktop.

• Step 3. Log into Windows’ Safe Mode by rebooting your system and pressing F8 until you see a menu of startup options. Use the arrow keys to select Safe Mode and press Enter.

Once you’re in Safe Mode, double-click the update on the desktop to install it.

Windows Update isn’t the most transparent or easy-to-use tool, but at least it’s built into Windows and can be made as automatic or as manual as you choose. Of course, you can always jettison Microsoft’s updater in favor of one of the refreshers I reviewed on Oct. 4, 2007.

If you’re having problems with Windows Update that aren’t described above, read MS Knowledge Base article 906602 for official troubleshooting tips.

And, until Microsoft or a third party comes up with something better, keep reading Windows Secrets to determine which patches you need and which you can hold off on.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.

The true tech challenge: keeping it simple

By Dennis O’Reilly Every significant Windows patch is accompanied by a string of conflicts with this or that product or function. A reader asks whether there’s still room for an uncomplicated approach to everyday PC care and feeding.

Knowing when not to futz with Windows’ innards

Imagine having to be an auto mechanic just to drive a car. That’s what anyone who doesn’t have an engineering degree feels like these days just trying to keep a PC running.

Last week’s Top Story by Scott Dunn included a bit more Windows information than reader Christine Aichelman cares to hear about:

• “I started with the LangaList and was still enjoying it as it morphed into Windows Secrets. It was a little more technical, but it still had a lot of information that I, as a retired stay-at-home nurse, could use in keeping up my desktop and my husband’s laptop.

  “The publication seems to be more and more for business people and less for the home user. This last publication, instead of showing you how to go into IE or Windows and make adjustments, [suggested] little programs to fix everything. There is less technical know-how and more ‘download this program’ to fix it. I’m constantly trying to simplify. Keep all the unnecessary stuff off so things run faster and more smoothly.

  “Perhaps technology is finally just passing me by, but there must be other people at home who just want to be able to take care of their equipment, get introduced to a few new handy programs, and get the instructions necessary to fix annoying things that crop up, like that Microsoft patch that was incompatible with Zone Alarm. [See Susan Bradley’s July 24 article in our paid content.]

  “I just wanted someone to know we aren’t all IT people.”

It takes a constant effort on our part to come up with articles that will appeal to our readers. We try to include a mix of articles, starting with basics for home users and progressing to more-advanced topics for small, medium, and large businesses.

We’re focusing on software reviews, news, and Windows tutorials. We want to include stories of interest to all stripes of Windows users, so please give us your feedback on the kinds of information you want to see. Let us know via the Windows Secrets contact page.

Where to find the Support Alert search plug-in

In last week’s issue, editorial director Brian Livingston introduced the Windows Secrets browser plug-in that queries articles from back issues of the Support Alert Newsletter. The site also offers a plug-in that searches old Windows Secrets articles and a search page that uses our implementation of the Google API (application programming interface) to query Windows authority sites.

A reader named Robin was unfamiliar with this kind of search technology:

• “In your latest newsletter, you mention a plug-in for a Google Windows-related site search.

  “I don’t know what this is, and I am sure lots of your other readers will be the same! What is this? Are you secretly getting us to install the Google Toolbar?”

It’s not the Google Toolbar, it’s just a browser search plug-in. Each plug-in adds one search engine to the drop-down list in the upper-right corner of IE 7 and Firefox.

Open your browser, pull down the search widget, select Yahoo or some other search engine, enter windows vista or whatever, and click the magnifying-glass icon. You’ll see a page of results from Yahoo or whichever search engine you selected.

After you add our plug-ins, you can choose from three more search engines: Windows Secrets, Support Alert, and our Google API implementation. Using our Google API tool simply makes Google.com refine its search to only those sites that Google considers to be “authorities” on Microsoft Windows. That includes PCMag.com, PCWorld.com, WindowsSecrets.com, and the like.

I find that this produces better results than using the generic version of Google.com when I’m looking for some fact or tip about MS Windows.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.

Groove is in the history books

By Katy Chenoweth Most of us remember John Travolta’s dynamite disco routine in Saturday Night Fever, and who could forget Michael Jackson’s epic moonwalk? Elvis and his gyrating hips simultaneously scandalized and captivated his audiences, and the Brady Bunch’s family-friendly fandangos charmed viewers worldwide. Comedian Judson Laipply revisits each of these nostalgic dance fads and more in his amazing YouTube classic, “The Evolution of Dance.” Watch him trip the light fantastic in this incredible six-minute medley, which is sure to conjure up some hilarious flashbacks. Just make sure you’re alone in the house when you get the inevitable urge to put on some Styx and dust off your old robot moves. Play the video

Best alternatives to Microsoft Outlook, part II

By Scott Spanbauer A free, open-source app and a low-cost commercial program give Outlook, Microsoft’s personal information manager (PIM), a run for its money. They may not be practical for organizations that rely on Microsoft Exchange Server, Outlook’s back end, but these two programs have much to offer typical PC users.

Can these apps out-Outlook Outlook?

In my July 31 column, I admitted my long-term addiction to Microsoft Outlook and described two alternative PIMs that come close to replicating Outlook’s killer features, without the program’s proprietary formats and hunger for memory.

Mozilla Thunderbird 2, with a score of 92, is free, full of features, and highly extensible thanks to a community of add-on developers. i.Scribe — and its more powerful commercial sibling InScribe — is a better fit for older systems where memory is tight. The free version of i.Scribe scored 88, while the $20 version scored 90.

To sum up Part I of this review, the applications rated #1 and #2 are as follows:

#1: MOZILLA THUNDERBIRD 2
#2: MEMECODE I.SCRIBE/INSCRIBE

This week, I look at two other worthy replacements for Outlook: Poco Systems’ Barca 2.5 and the Open Source Applications Foundation’s just-debuted Chandler. Barca is a commercial application that in many ways mimics Outlook but costs less and requires less system memory. Chandler is a free, open-source organizer that may not be the best e-mail program but shows promise as an innovative group-communication tool.

As I mentioned in the last column, if your company uses Microsoft’s Exchange e-mail server, it makes little sense to dump Outlook in favor of another e-mail client. Every user covered by your Exchange Server license also receives a license to use Outlook.

Nevertheless, just as Outlook alternatives are available for those looking for a less-expensive and less-proprietary e-mail experience, replacements for Exchange itself are also starting to crop up. One of the most notable is the open-source Zimbra Collaboration Suite.

#3: POCO SYSTEMS BARCA 2.5

A light-weight, low-cost Outlook alternative

If you’re looking to escape Outlook, Poco Systems’ Barca is a solid, small-footprint, feature-rich PIM that should satisfy both casual and power e-mail users. Barca grabs your mail from mulitple POP and IMAP accounts, and like Thunderbird, it incorporates newsgroup and RSS readers.

Barca imports contacts, messages, and account settings from the leading mail programs and PIMs, as well as calendar data stored in the iCalendar (.ics) and vCalendar (.vcs) formats.

Don’t look for workflow innovations like those in Chandler, however (see below). In Barca, a message is a message and appointment is an appointment, though you can right-click a message and create a new task or appointment from it. Barca doesn’t offer the equivalent of Chandler Hub or Server, so to share calendars, you’ll need to buy the $80 Barca Pro version.

Barca’s interface, though visually brighter and more modern than Outlook’s, functions much like the Microsoft program circa Office 2000: rather than stars or labels, the program uses folders and multi-colored flags to note the urgency of a message (see Figure 1). The sticky notes you add are yellow by default, and you can create and save outgoing-message templates.

Figure 1. Barca’s user interface is brighter than Microsoft Outlook’s.

Other features let you organize contacts into mailing lists and filter incoming messages using complex rules. You can use the program’s scripting language to automate routine e-mail tasks.

Barca offers the best of both junk-mail filtering technologies: Bayesian statistical analysis, and white/black lists for senders, receivers, and subjects.

So why buy a product that’s so much like Outlook when you could just use the original? One reason is that at $60, Barca is much cheaper than Outlook’s list price of $110. Also, Barca includes support via e-mail.

Another reason is that Barca consumes far less memory than Outlook — only about 8MB on my Vista system. Users of online calendars such as Google Calendar will probably want to stick with Thunderbird as an e-mail and calendaring client because Barca can’t connect to your online appointments. However, if you’re content in your own private Idaho, Barca is an excellent Outlook replacement.

#4: OPEN SOURCE APPLICATIONS FOUNDATION CHANDLER

Open-source option for managing personal info

Years in the making, Chandler is a free, open-source PIM designed to be the central repository for all of the e-stuff you need, whether it lives in your inbox, on your calendar, in an address book, or in a task. This first version of the program makes a valiant attempt to unify e-mail, appointments, and tasks within a single dashboard view, and it comes close to pulling it off.

In Chandler, everything starts as a note, whether it ends up in your outbox, your calendar, or your to-do list. Incoming messages arrive in your inbox, but you can drag them to your calendar, where they transform into appointments. However, unlike Gmail’s handy Create Event command, Chandler doesn’t automatically grab the appointment date and time information from the message contents. OSAF needs to add this feature to Chandler 1.1.

Like leading e-mail clients, Chandler lets you organize your mail using stars and “collections,” which function much like folders or Gmail’s labels. By OSAF’s own admission, however, Chandler is not yet a full-fledged e-mail client. For one thing, the program lacks a contact list. For another, although it allows you to send and receive mail using POP3 and IMAP servers, the only messages you will see in your Chandler inbox by default are those sent by other Chandler desktop clients.

Nevertheless, I found an easy way to see all of my Gmail messages in Chandler. The program places three folders on your IMAP server corresponding to Events, Mail, and Starred Items. By labeling all of my incoming mail with the Chandler mail folder/label (something you can configure Gmail to do automatically), I was able to see all of my Gmail messages.

If your mail server supports IMAP and can filter incoming messages, you’ll have no problem using Chandler as your e-mail client. If it doesn’t support these features, Chandler won’t do. (Note that although Chandler’s readme file states that the program has been tested only on Windows XP, I ran it under Windows Vista without trouble.)

Chandler’s calendaring features, like those for e-mail, are not yet fully formed. The program lets you import your existing calendars from other apps that support the iCalendar (.ics) calendar-exchange format, including Outlook and Lightning (the Thunderbird calendar add-on). You can also import Web-based calendar data from Google and .Mac using the iCal protocol.

Unfortunately, Chandler doesn’t yet support two-way synching with third-party, Web-hosted calendars. To its great credit, however, OSAF does provide a free Web-based calendar host of its own, called Chandler Hub, which mirrors your local calendar. This allows you to sync your home and office PCs, for example, and share your calendar with coworkers who are also running Chandler.

If you don’t trust OSAF with your data, you can download the Chandler Server software for the Chandler Hub and run your own private hub. This is probably the best use for Chandler right now — as a dedicated communications tool for groups of collaborators working remotely via the Web or on a local area network. Despite its missing features, Chandler is a rock-solid group-organization tool you can start using — for free — today.

Scott Spanbauer writes frequently for PC World, Business 2.0, CIO, Forbes ASAP, and Fortune Small Business. He has contributed to several books and was technical reviewer of Jim Aspinwall’s PC Hacks. He alternates writing the Best Software column each week with senior editor Ian “Gizmo” Richards.

Bootable rescue CDs can fix your damaged Windows

By Mark Joseph Edwards When your system is so corrupt with malware that it becomes unstable or won’t even boot, a bootable rescue CD can give it the scrubbing it needs. The free anti-malware rescue CDs I describe today have all the tools you need to remove viruses and restore Windows’ health.

Two anti-malware rescue CDs outshine the others

When your PC is infected with one or more types of vicious malware, the machine may behave erratically or not boot at all. The best cure is to boot the system using another OS and scan the PC’s hard drives to find and remove the malware.

But how can you do all that without installing a whole new OS? The answer is simple: use a bootable anti-malware rescue CD.

At a minimum, such a CD should contain a decent anti-malware scanner, although such CDs usually include other helpful tools, such as a partition manager and Web browser. You boot your system from the rescue CD, select options from a menu, and let the tool scan your PC to detect and possibly remove malware. Hopefully, that process resolves your problems.

Some desktop anti-malware solutions allow you to create a rescue disk. However, there are at least six vendors who make standalone, downloadable rescue CDs that anyone can get their hands on: Avast!, AVG (formerly Grisoft), Avira, BitDefender, F-Secure, and Kaspersky. All of these solutions are offered for free except the ones from AVG and Avast.

The advantages to using a bootable rescue CD are that you have access to another vendor’s solution and you don’t need to install a full-blown desktop application in order to create a rescue disk.

I found each of the products to be useful, though one is clearly better than the others: Avira’s free AntiVir Rescue System. When it comes to anti-malware detection and removal, however, one vendor’s solution may not handle every issue that other vendors’ solutions can.

I suggest that you download all four of the free solutions. If you administer a business network, you should seriously consider buying the AVG and Avast solutions, too. That way, when you’re in a pinch, you can try all the possible options to clear up a problem.

When you’ve got at least four free anti-malware solutions to choose from, which one do you use first? That comes down to which tool provides the best on-demand malware detection rates. Since I don’t have a full-blown anti-malware test lab — which is a complex and difficult-to-maintain service — I defer to the experts who do maintain such labs.

As in the past, I rely on the results published by Virus Bulletin, a well-known and respected independent lab. Virus Bulletin recently tested 35 anti-malware solutions using samples from the WildList as it stood in April 2008. The tests were conducted using product releases available as of June 24, 2008. Five of the 35 virus scanners are available on their respective vendors’ rescue CDs and are reviewed here.

My overall scores cover the ready-made free products; I also summarize the features available in the two commercial products and offer a couple of other rescue alternatives.

All of the products that I rate work basically the same way: there is no installation or removal process required with a boot CD, and disk scanning is performed by selecting menu items. My ratings are based on each product’s ability to detect malware and on the other features included on each CD. As it turns out, the tools with the most features also have the best on-demand scanning capabilities.

#1: AVIRA ANTIVIR RESCUE SYSTEM

The rescue CD with the best malware detection

Avira’s solution is the best anti-malware rescue CD you can get today. The AntiVir Rescue System doesn’t come with a full-blown Linux GUI-based desktop, as does BitDefender (my #2 choice). But the program’s text-based command shell comes in handy for such basic tasks as copying, moving, and deleting files.

You can set the AntiVir Rescue System to update its anti-malware definitions when it boots up, although this requires an active Internet connection. What makes AntiVir the #1 rescue CD is that its malware scanner has the highest virus-detection score of all the products I examined.

AntiVir detected all worms, bots, file infectors, and polymorphic virus strains. The program also caught 98.27% of all Trojans thrown at it. Very little gets past AntiVir, and that’s a big reason why Avira’s solution earns the top rating.

#2: BITDEFENDER RESCUE CD

A rescue CD that’s packed with useful tools

BitDefender’s Rescue CD features are far superior to those in the other free solutions I tested. Still, what makes this CD really great is that it boots a version of Knoppix Linux — complete with a desktop GUI — for easy access to its many useful tools.

Among these are a rootkit scanner, network-vulnerability scanner, partition manager, file recovery tools, wireless network monitor, network diagnostics, and Mozilla’s Firefox browser. When you boot the CD, the software tries to download anti-malware definition updates if the system has an active Internet connection.

Features aren’t nearly as important as the ability to detect and remove malware. Like AntiVir, BitDefender detected all worms and bots, file infectors, and polymorphic strains thrown at it by Virus Bulletin. But it caught only 94.75% of the Trojans.

The “more info” link in the box at right leads to an index page from which you can download Bitdefender’s .iso file. For an explanation of how to burn this file to a CD using freeware or commercial tools, see the Petri IT Knowledgebase.

#3: F-SECURE RESCUE CD

Capable malware detector a notch below the best

Like the rescue CD from BitDefender, F-Secure’s solution is based on the Knoppix version of Linux. Unlike BitDefender, the F-Secure rescue CD is strictly text-based, although you can access a command shell just like the one in the AntiVir Rescue System.

The F-Secure Rescue CD provides an auto-update mechanism for its anti-malware definitions. However, F-Secure didn’t fare as well as Avira or BitDefender in detecting malware. The solution identified all the worms, bots, and file infectors thrown at it. Unfortunately, the program was able to detect only 98.55% of polymorphic viruses and 94.15% of Trojans.

Even so, you should keep a copy of this tool handy in case the first two rescuers can’t detect or remove the malware present on your problematic system.

#4: KASPERSKY RESCUE DISK

Updates are a challenge for this rescue CD

The Kaspersky Rescue Disk is a useful tool, even though it doesn’t provide a command shell or a mechanism to automatically update its malware definitions. Because of the latter, this rescue CD isn’t nearly as useful as the other three free contenders. Still, it’s a good idea to have it nearby if you need a rescue CD to fill in where the others might be lacking in terms of malware detection and removal.

Like F-Secure’s solution, Kaspersky’s standalone Rescue Disk detected all worms, bots, and file infectors in Virus Bulletin’s tests, as well as 98.55% of polymorphic viruses. But the program caught only 93.79% of the Trojans, making it slightly less effective than F-Secure’s product.

If you decide to use the Kaspersky Rescue CD, check for the latest version on the vendor’s site before you put it to use. That way, you can be sure that you have the latest malware definitions available. As I write this column, the last release was issued on June 28, 2008, which means it’s already nearly two months behind the times.

To Kaspersky’s credit, this tool isn’t meant specifically for widespread public distribution. It’s more likely that Kaspersky provides it as a helper tool, since an up-to-date rescue disk can be created at any time, according to a Kaspersky FAQ page. To do so, you must have the company’s antivirus solution installed on your desktop, along with BartPE and PE Builder and a copy of Windows XP with SP2.

The anti-malware-rescue-CD also-rans

Other popular free rescue CDs include the Ultimate Boot CD and Hiren’s BootCD, both of which contain a DOS version of F-PROT Antivirus and McAfee Antivirus. However, their antivirus definitions haven’t been updated for over a year.

There is also a beta available for Ultimate Boot CD 5, which adds the open-source ClamAV anti-malware scanner. And there’s BartPE, which lets you build a Windows-based bootable CD and incorporate plug-ins for ClamAV, McAfee malware scanners, and even BitDefender. However, BartPE is a solution you have to build from scratch.

Two ready-made commercial tools worth considering are Avast! Bart CD and AVG Rescue CD, each of which costs $150 for a one-year license. Along with anti-malware detection and removal, Bart CD comes with a Registry cleaner, Registry editor, disk checker, data shredder, file manager, text editor, and command shell.

AVG’s product is similar to Bart CD. The anti-malware solution is complemented by a command shell, Registry editor, network-settings tool, disk scanner, text-file editor, and network-mapping tools.

So which of the two commercial tools is better at removing malware: Avast or AVG? That I can’t tell you, because Avast didn’t take part in the most recent Virus Bulletin tests. What I can tell you is that AVG didn’t do nearly as well as the free tools in this review, managing to catch only 99.94% of worms and bots, 99.21% of file infectors, 89.95% of polymorphic virus strains, and 97.36% of Trojans.

That’s not very impressive, compared to Avira AntiVir and BitDefender. Nevertheless, when other scanners fail to clear up problems on your systems, it certainly won’t hurt to try the rescue CDs from Avast and AVG.

Protect your systems against Snapview exploits

Microsoft released a patch this week for a problem related to its Snapview ActiveX control, which is used to view Access databases. However, if you don’t have Microsoft Office installed, you probably won’t be offered the patch via Windows Update.

Nevertheless, it’s definitely wise to take defensive action now by setting the killbits for the relevant Class IDs used by this ActiveX control.

According to Windows Secrets columnist Susan Bradley, even if you don’t have the ActiveX control installed, it’s possible that some sites might try to push the control out to your system. This could happen when you visit a malicious Web page that’s specifically designed to deliver the control. Susan reports that this exact situation occurred to her recently.

Set the killbits now, just to be on the safe side. You can find detailed instructions on how to do this in Microsoft’s related advisory, “Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution.” You’ll find all the information you need to address the problem in the Suggested Actions section of the advisory.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

IE security holes lead Microsoft's patch parade

By Susan Bradley As usual, patching the browser could lead to conflicts with third-party security programs. Still, now that malware can be found on legitimate Web sites, you need to install the latest Internet Explorer patches right away.

MS08-045 (953838)
Fixes for remote-code-execution vulnerabilities

First up in Microsoft’s monthly fix-a-thon is our regular patchaholic, Internet Explorer, which gets several fixes to block execution of remote code on Web sites. As always when patching IE, pay close attention to third-party security programs that may be affected by MS08-045 (patch 953838). Be prepared to disable and re-enable your firewall, which may not take well to the Internet Explorer patches.

Install these fixes as soon as you can, because these days even “good” Web sites can be malicious. Legitimate sites may inadvertently host bad code via advertisements from third-party vendors, particularly if the sites don’t properly check the validity of their advertising source.

MS08-041 (955617, 955441, 955440, 955439)
Microsoft Access zero-day hole still unpatched

In his column this week, Mark Joseph Edwards describes the unpatched part of MS08-041 (955617), which involves snapview.ocx, a vulnerable ActiveX control that a Web site may attempt to download. Other related vulnerabilities that impact Access are also being patched.

Office 2003, Office XP, and Office 2000 are all getting patched; Office 2007 is not affected. However, as Mark discusses, I’ve personally visited a Web site that offered up the snapview.ocx ActiveX control.

This patch demonstrates why it’s important to use IE 7 or an alternative browser. I went to a nice, normal Web site this past weekend to order some supplies from a vendor that I’ve used before. When I clicked the products section, the site tried to install snapview.ocx.

Fortunately, I was using IE 7 running on a Vista PC, so the ActiveX control was not automatically installed pending my approval via Vista’s prompt. Since I was unsure what the download file was, I declined and then went searching for more information about it.

I soon realized that I had stumbled across an “in the wild” example of this attack. Whenever you get to a site that starts to do something it never did before, either switch to a different browser or just decide not to buy anything that day, which is what I did.

Microsoft states that the snapview.ocx control will be patched in a seperate release.

MS08-044 (921595, 921596, 921598, 921596, 925256, 955428)
Microsoft Office image files pose a threat

Next up is a patch that may be a bit troublesome to install on certain workstations. MS08-044 is a multi-patch that protects against malicious image files that can be opened in Office programs.

Office patches can be tricky to apply on versions prior to Office 2003, because the fixes may require that you dig out your installation CD.

Already in the newsgroups, we’re hearing reports from folks who use Microsoft Works about problems they encounter when installing the patch. If you don’t have your Office installation CD handy, try downloading the full patch 955428 from the Microsoft Download site.

MS08-042 (955048), MS08-043 (954066), and MS08-051 (949785)
Avoid opening mystery Office files

The three patches I describe in this section address a problem that can be triggered by opening an infected Word, Excel, or PowerPoint file.

MS08-042 for Word, MS08-043 for Excel, and MS08-051 for PowerPoint protect you from infection in the event that someone attempts to send you a hacked file that’s designed to take control of your system. For Macs, MS08-043 for Excel and MS08-051 for PowerPoint fix that platform as well.

As always, if you weren’t expecting a file, don’t open it. Call or e-mail the person who sent it to you and ask them if they meant to do so. Open only those files you’re expecting.

MS08-046 (952954)
Other image files can also do harm to your PC

We’re patching an image processor again ths month, but this time it’s the one built into Windows XP and Windows 2003. MS08-046 fixes the way images are handled by the Microsoft Image Color Management (ICM) system to prevent potential remote-code execution in your browser.

As with other patches that impact browsing, you can’t always tell a good site from a bad site, so I recommend that you put this patch on a fast track as well.

MS08-048 (951066) and MS08-050 (955702)
Microsoft mail, IM may disclose private info

“Loose lips sink ships,” as the old saying goes. When it comes to Patch Tuesday, loose Outlook Express, Windows Mail, and Windows Messenger programs get patched to address an information-disclosure problem. MS08-048 (951066) patches Outlook Express and Windows Mail, and MS08-050 (955702) fixes Windows Messenger.

The problem these patches fix do not affect Windows Live Messenger, but rather the instant messenger client built into Windows. If you installed Windows Messenger 4.7 on Server 2003, you won’t be offered this patch automatically and will need to go to the Microsoft Download Center to install the updated version manually.

If you manually installed Windows Messenger 5.1, you will need to update the program manually via this page on the Microsoft Download Center.

MS08-047 (953733) and MS08-049 (950974)
A fix for systems that ignore IPsec policies

Two of this week’s patches are of particular interest to network administrators rather than to PC users. Internet Protocol Security (IPsec) is used mostly in newer operating systems. Thus it’s no surprise that MS08-047 impacts only Vista and Windows Server 2008. The fix addresses a problem in which IPsec policies are ignored and data is inadvertently transmitted in clear text.

Few of us spend much time poking around in Windows’ event log, but for administrators, the event log provides all sorts of useful information. Most of this information admins augment with such external sources as EventID.net. MS08-049 fixes a hole that could allow remote-code execution via the Windows Event System. It affects all versions of Windows since Windows 2000.

(953839)
ActiveX killbits get their own patch

I was a bit surprised to see security advisory 953839 released this week. I expected its content, which deactivates two troublesome third-party ActiveX controls, to be included in a full-fledged security bulletin, not merely in a security advisory. The killbits in this advisory squelch the problem controls; the advisory also includes ActiveX killbits from previous bulletins.

I like the fact that Microsoft is providing cumulative killbit patches, but I’d prefer that they were included in a security bulletin. That way, people would treat them as they do a normal security bulletin and the fixes would get the attention they deserve.

Yes, you may now install XP Service Pack 3

For Windows XP users who continue to be greeted with the reminder that Redmond wants them to install Service Pack 3, it may be time to say “yes.”

All of the issues relating to XP SP3 appear to have been identified. But before you proceed, back up your system. Among the problems you may encounter are ones involving Symantec’s Norton Antivirus and missing device-manager settings. Check out KB article 953791 for more.

If your PC uses an AMD processor, see 953356 for a description of potential glitches. If you have problems installing SP3 in general, read 950718 to see if your specific hang-up is addressed.

Do not completely turn off Windows updates. I know that it can be a struggle each month — especially this month — to install all of these patches. Microsoft’s confusing error messages don’t help much, nor does the “ping pong” of support you get as you’re bounced between Microsoft and your hardware and software vendors.

I may hold back and install patches when I have time to deal with possible patch issues, but I do ultimately install all of them. If you “hide” specific updates, as Scott Dunn describes in this week’s Top Story, you may put your system at risk. (Note that the technique Scott describes is intended to be used only to prevent Windows from prompting you to download a patch you’ve already installed.)

In addition to a full system backup, have another Internet-connected computer handy (even if it’s just an iPhone) in case you get stuck. And while I personally set the update controls in my systems to “download but do not install,” I strongly recommend against taking the drastic step of disabling all updates completely unless you take the equally drastic step of unplugging yourself from the Internet and never attaching that device to the Web again.

Scott Adams’ Dilbert cartoon from Aug. 9, 2008, demonstrates why patching can sometimes be a no-win situation. But for the vast majority of us, the monthly Windows patch process is worthwhile and sends another bloody nose to the bad guys.

Malicious Software Removal patch a must-have

This is a doozy of a Patch Tuesday, so I’m not going to list every single patch that was released. Rest assured that I installed the Malcious Software Removal Tool this month without hesitation (as I do every month). I also install the Vista and Server 2008 application-compatibility patches every month they’re offered.

However, you may want to pass on installing Microsoft’s Silverlight media-player software. Also feel free to uncheck the install of the Safari browser along with your Apple iTunes and QuickTime updates; Apple attempts to install Safari every time it updates the other two apps, as I described on Mar. 27.

If patches are not specifically security-related, take control and say “no” every now and then. Trust me, it will make you feel just a little bit better.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.