October 13, 2010 2:34 PM
Posted by: Ed Tittel
16 updates in latest Patch Tuesday
, 9 of 13 OS-related October 2010 patches affect Win7
, biggest Patch Tuesday ever for October 2010
Gadzooks! I almost fell out of my chair yesterday, when I checked Windows Update just after lunch, as is my usual wont on Patch Tuesdays. There were no less than seventeen (17!!) updates waiting for me to download onto my production machine, and as I worked my way through my notebook (I’m currently caring and feeding for 6 of them right at this moment, because my Dad and his D630 notebook are visiting right now, and I bought a D620 for him to take back to Virginia with him for my nephew, Collin) and four desktop PCs, the number of updates ranged from a high of 15 to a low of 12 for the rest of those other machines. Of course, one of those items is the standard Windows Malicious Software Removal Tool (October 2010/KB890830) so there is really one less actual security updates and patches involved in this latest batch.
For the complete details on this enormous batch of items, see the Microsoft Security Bulletin Summary for October 2010. For other interesting coverage, see Emil Protalinski’s October 2010 Patch Tuesday will come with the most bulletins ever at Ars Technica, and SoftPedia’s Patches Released for 49 Vulnerabilities in Windows, IE, Office, and .NET. Of the 16 actual security bulletins, 4 are rated Critical, 10 Important, and 2 Moderate. Looking over the mix of operating systems, platforms, frameworks, and applications involved, IT or security staff will want to look these over quickly, and get all of the Critical and at least some of the Important and perhaps even Moderate items into testing, and ultimately into deployment, with some dispatch. Windows 7 is now definitely into the mainstream with many more of the individual bulletins listing both 32- and 64-bit versions of Windows 7 among the affected platforms (only 4 of 13 show “not applicable” for those bulletins that target Windows OSes).
October 11, 2010 1:33 PM
Posted by: Ed Tittel
destruction is the only secure method for hard disk disposal
, don't leave used media in surplused or sold PCs
, risk of exposure costs much more than replacing used hard disks
I’ve been working on revising a couple of books lately — namely, the CISSP Study Guide (going into a 5th edition) and Computer Forensics JumpStart (for a 2nd edition; both books for Sybex/Wiley) — and in that context found this SuperUser.com Q&A extremely interesting. It’s entitled “What’s the best way to compleely remove everything from a computer, without re-installing?” and it addresses sanitization of a PC in advance of its sale to a third party.
In a nutshell, the solution posted to this query essentially involves multiple levels of hard disk clean-up, then free-space scrubbing (so-called/claimed “secure erasure”) to remove all traces of files removed during the clean-up effort (see the posting for the details, which may of interest to individuals seeking to squeak a few extra bucks out of personal equipment, perhaps to help fund the purchase of replacement gear). This is all well and good for machines that have never played host to anything sensitive, proprietary, or protected under various rules and regulations governing customer, client, or patient confidentiality.
This is not a viable solution for corporate gear. Under no circumstances should hard disks that have been used for business purposes ever be re-sold to a third party. Baldly put, these devices need to be securely destroyed to prevent their contents from getting into the wrong hands. After reading (and in some cases writing) about the kinds of tools and techniques available for data recovery and restoration, and understanding the liability and risk exposures that unauthorized access to such data can pose, the only truly safe way to dispose of hard disks used for business purposes is to subject them to some process that damages the platters on hard disks sufficiently that the pieces can’t be put back together again for aggressive scanning and recovery efforts.
That means crushing, shredding, or otherwise mangling the devices so that they simply can’t be accessed and read ever again. With storage as cheap as it is today, it even makes sense to remove and replace drives when equipment is slated for donation to schools or charities, as is sometimes the case with corporate equipment retirements. Anything less risks data discovery, and is simply not worth the potential exposure incurred thereby. Make this stipulation part of your security and lifecycle management policies, and you’ll never have cause to regret this decision.
October 8, 2010 6:35 PM
Posted by: Ed Tittel
great audio from your PC
, hot blazing stereo sound from PC or player headphone jack
, or portable player from ZZcoustics
Back in 2005, I had the privelege and the pleasure to work with Mike Chin (the guru behind SilentPCReview.com) and Matt Wright (a PC video maven who writes for sites like MissingRemote.com and HTPCnews.com) on a book entitled Build the Ultimate Home Theater PC. It let me ride a favorite hobby-horse of mine: namely, an intelligent and productive link-up between a PC and a home entertainment/home theater system. Because PCs can do storage, grab stuff off the Web, and organize music, video, and multimedia so nicely, the marriage between a properly equipped PC and a high-end receiver or pre-amp is appealing to me and all kinds of other audio- and videophiles.
Because of that book, and other writings I’ve done for Tom’s Guide and Tom’s Hardware on multimedia and media center PCs, I still occasionally hear from other movers and shakers in that space. About three months ago, a gentleman by the name of Mike Wigle contacted me about his product, ZZcoustics, probably because I’ve been active in the HTPC world for some time and still write about it from time to time. The product is a small box (dimensions of 4x2x1in/10.2×5.2×2.5cm) with a male mini-jack on one side and a pair of RCA jacks on the other side (white and red for left and right stereo channels, respectively).
Plug the headphone jack into the PC, and the RCA jacks into a stereo input on your receiver/pre-amp
Unless you’ve gone to the trouble of installing a high-end audio card into your PC (such as the Asus Xonar HDAV 1.3 Deluxe or the HT Omega CLARO Plus) you will probably encounter line output issues should you try to connect the outputs from a headphone jack or audio connectors from your PC’s motherboard). Simply put, the ZZcoustics does a bang-up job of amplifying the output voltage from its input (the headphone jack side) and delivering standard line-in voltage and impedance from its RCA outputs to your home entertainment sound system.
What does this mean? The oscilloscope audio/video demo on the ZZcoustics site does a pretty good job of showing you: weak, puny audio from the headphone jack on a notebook or desktop PC, blazing hot, clear sound from the output of the ZZcoustics box. At $40 a pop, these units are a great investment for anybody seeking great (stereo) audio from their notebook or desktop PC, or from a compact audio device (like an iPod or MP3 player), into a home entertainment system of some kind.
October 7, 2010 3:30 PM
Posted by: Ed Tittel
Post in-place upgrade from Vista to Windows 7 clean-up
, reclaim 1-5 GB of disk space after upgrading to Windows 7
, safe to delete temp Windows 7 upgrade folders
As I was looking over the boot/system disk for my Dell D620 laptop this morning, I discovered a directory named $Windows.~Q that contained nearly 3 GB of data. Recognizing the leading $ (dollar) sign as a technique that Windows uses to hide shares and directories from casual display and access, I looked the directory up online to discover that it is created during the upgrade process from Vista to Windows 7 (you can’t upgrade from XP or earlier systems to Windows 7; for those older Windows versions a clean install is required). Looking around further, I discovered another hidden folder named $INPLACE.~TR as well.
A little quick research online (see this interesting article at the HowToGeek’s site, for example) informed me that not only it it safe to delete these folders and their contents, but that the effort would free up at least 1 GB of disk space, and often more than that (2.90 GB for the $Windows.~Q folder and 667 MB for the $INPLACE.~TR folder, for a total of 3.55 GB). In fact, I learned that the Disk Cleanup utility will display checkboxes for these items after you click the “Clean up system files” button following an initial cleanup scan on a system that has been upgraded from Vista to Windows 7, as the following screenshot illustrates:
Notice the two checked boxes: each mentions Windows Upgrade
I realize the number of machines that will be subject to in-place upgrades from Vista to Windows 7 will be small at any given company or organization, but if you do find yourself in the boat of using Windows upgrade to build a new image, or perform the upgrade on one or more PCs, don’t forget to take this additional cleanup step after the upgrade is complete. In fact, a quick post-install batch file will take care of these two directories quickly, even if Microsoft didn’t see fit to remove them on your behalf automatically.
October 4, 2010 10:15 AM
Posted by: Ed Tittel
46% improvement in Windows 7 boot-up by turning off unused drivers
, Soluto can take a page from the SysInternals drivers tab
, SysInternals Autoruns helps optimize Windows 7 boot
I’ve been a big fan of the SysInternals stuff since the mid-90s, so it was with some interest that I noticed a recent update to their “ultimate Windows start-up management tool” Autoruns.exe on September 29, 2010 (it took me a while to get around to checking out the new release, so that’s why I’m writing about it today, and will probably write about it further fairly soon). Here’s a basic screen cap of what the program looks like:
Autoruns looks at every facet of Windows boot and start-up
I’ve been writing regularly about a Windows boot-up optimization tool lately called Soluto (9/13/2010, 9/16/2010, and again on 9/27/2010) and have thus stayed interested in topics related to speeding Windows boot-up and start-up lately. When I noticed the latest Autoruns.exe had a tab devoted to Drivers I decided to drop in and take a look at what Windows was loading on my production machine, and found a bunch of items getting loaded that I knew my current runtime environment wasn’t using and would probably never need — most notably, a whole slew of RAID, Serial-Attached SCSCI (SAS), SCSI, and Fibre Channel (!) device drivers, but also various AMD drivers for this all-Intel machine, along with some PS/2 stuff as well.
Lots of interesting and unexpected items show up in Autoruns Drivers tab
If you’re inclined to avoid loading drivers you’re not going to use, I do recommend that you first make an image backup of your system before turning things off willy-nilly. That way if you turn something off that hoses your machine, you’ll be able to get back to operation if all other fast-fix strategies fail (like returning to the LKGC or booting in Safe Mode to rerun Autoruns and turn things back on). That said, I turned off all the device drivers I knew weren’t in use on my machine and realized a pretty substantial decrease in boot time: from 1:16 to 0:41 (info courtesy of Soluto) for a savings of 0:35 (46%!!). I’m going to back and turn some other things off that I missed on the fist round and see what happens next, but this looks like another great way to boost Windows start-up times substantially. [Note added 15 minutes after original posting: turning off all Adaptec and other SCSI related storage drivers and a few other odds'n'ends dropped my start-up time to 0:38, exactly half of the original 1:16. Way to do, Autoruns!!]
Soluto, are you guys looking into testing for presence of devices for which drivers are loaded as part of your optimization analysis? If not, let me be the first to recommend adding this to your bag of tricks (which would be easy to implement simply by comparing the results of device enumeration in Windows to the drivers and driver classes actually loaded during startup, and recommending turn-off for those not actually in use). I’m even going to copy the Soluto team on this blog so they can let me know what they are doing in this regard.
Count on me to report further on the latest version of Autoruns, as I spend more time with the program and learn further tips and tricks.
[Note added 10/11/2010: After I shared this blog with the folks at Soluto, they responded by saying they, too, were keenly aware of AutoRuns and while they do have future plans to offer options to remove unused and unneeded drivers from the boot-up sequence, they're not ready to talk about them just yet. I guess we'll just have to stay tuned...]
September 29, 2010 1:04 PM
Posted by: Ed Tittel
ASP.NET gets out of band security update (MS10-070)
, MS releases MS10-070 out of band
, out of band updates for September 28 2010
I’m always curious when Windows Update drops something into my hopper outside the normal second-Tuesday-of-the-month timing for regular updates. Yesterday was no exception, when five updates appeared right after lunch. It turns out that only one of them merited a security bulletin (MS10-070), so I have to guess the others were dropped in because they were already ready to go and with MS pushing something critical out the door, these items simply came along for the ride.
Yes, there is an out-of-band security bulletin for 9/28/2010
The critical item addressed in MS10-070 addresses a vulnerability in two different versions of the .NET Framework — specifically, versions 3.5 SP1 (also denoted as 3.5.1 in MS publications) and 4 — that could, in the words of the bulletin text itself “…allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain access to information.” It is a publicly disclosed vulnerability in ASP.NET that could let attackers read data (MS mentions the view state specifically, even though it has been encrypted by the server). The vulnerability could also allow data tampering to decrypt and alter data encrypted by the server. Versions of the .NET Framework that precede version 3.5 Service Pack 1 are not affected by the file content disclosure portion of the vulnerability, but users all the way back to version 1.0 Service Pack 3 should still apply this update, which rates an “Important” severity rating across the board.
Here are the other items that coat-tailed their way into this out-of-band update:
- September 2010 cumulative time zone update for Windows operating systems: Changes to daylight savings start/stop dates for Middle East Standard Time, Namibia Standard Time, and US Eastern Standard Time in Indiana
- Update for Microsoft Silverlight (KB2416427): This update fixes an incompatibility issue between Microsoft Silverlight 4 GDR 1 (4.0.50826.0) and earlier versions of the Bing Toolbar. The current release of Bing Toolbar (version 6) is not affected. Other update description info (from the MS Update details): “This update to Silverlight improves security, reliability, accessibility support, startup performance, enhances line-of-business support and includes several fixes to support rich internet applications.”
- Update for Windows 7 (KB979538): “Stop 0x0000007E” or “Stop 0×00000050″ Stop error message in Windows 7 or Windows Server 2008 R2. Install this update to prevent unexpected shutdowns or bluescreens when you are using a USB video device. After you install this item, you may have to restart your computer (caused restart on all 7 of my Windows machines, none of which uses a USB video adapter).
- Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2362765): This continuing series of updates makes “…Web sites designed for older browsers look better in Internet Explorer 8.” Usually requires a restart of IE 8 after it’s installed (moot if the machine restarts anyway).
It’s always noteworthy when an out-of-band item appears between Patch Tuesdays. For those using .NET 3.5.1 or 4, this one’s important, but the rest of these items seem pretty humdrum to me.
September 27, 2010 3:55 PM
Posted by: Ed Tittel
amazing customer service from Soluto for their Windows boot optimizer
, Soluto fixes all the problems I reported
, Soluto Windows Boot Optimizer gains great stability
In the past two weeks I’ve written twice about Soluto, a Windows boot optimization program that observes the Windows boot process and makes recommendations about programs that run at boot time intended to speed up that process:
Now that two weeks have elapsed since my initial encounter with Soluto, I really have to take my hat off to these guys (and thereby expose my gleaming “chrome dome”). If you look at the 9/16 blog above you’ll in the Table therein that my production machine, my wife’s PC, my new HP notebook, and my primary test machine all failed to get Soluto to install or run correctly. Today, I’m both stunned and pleased to report that the software is now working on all seven of the PCs I included in the 9/16 blog. Here’s an updated version of the table that appeared in that blog (linked in the preceding paragraph, if you want to see the original):
||Win7 Pro x86
||Asus Eee PC 1000HE Netbook: minimal setup means minimal savings (original time: 01:51)
||Win7 Ultimate x86
||It already booted pretty fast (00:58) but Soluto still manged to help me shave off 6 seconds
||Win7 Pro x64
||DIY computer with P53 Pro mobo, Intel Q9450 CPU, 8 GB RAM, down from 79 to 69 programs at boot-up
||Win7 Pro x64
||HP HDX9200 notebook with T9500 CPU, 8 GB RAM (original time 02:28)
||Win7 Pro x86
||Dell Latitude D620 with T7200 CPU, 4 GB RAM (original time: 1:35)
||Win7 Pro x86
||DIY mini-ITX with MSI mobo, T2300 CPU, 4 GB RAM; slow machine means not much savings overall (5.6%)
||Win7 Pro x64
||HP dv6 notebook PC with i7 720M CPU, 6 GB RAM, down from 91 to 81 programs at boot-up
Not all of the PCs in my equipment pool benefited hugely from the Soluto software, but I’m hopeful that as the company gets further along with its application database (known as the “PC Genome”) recommendations on as-yet-undocumented items will help me understand better what might also be delayed (until boot-up completes) or paused (not run at all) to shave boot times even further.
But that’s not why I’m blown away by the improvements in Soluto’s behavior on my various PCs. I received four personal emails from various Soluto staff members informing me as each of the bug/problem reports I had filed with them were addressed, and in each case when they said “the software should be working now for machine X” in fact it was working for machine X the next time I tried it. They even offered to do a remote control session on my BSOD machines to help me address any issues that might have popped up. I’m sorry I didn’t have time to take up those offers, but I’m totally jazzed that they jumped on the problems I reported and have apparently fixed all of them. You don’t see customer service like this very often these days, and as a beta user I’m not sure I’m a “real customer” anyway.
I think it’s OK to start checking out Soluto in your test labs, and I withdraw most of the caveats I’ve stated about the software in earlier blog posts. I must still add this admonition because it’s completely common-sensical: “Remember, this is beta software. Use it at your own risk, and only on non-production/test PCs” (if, like me, you do use it on a production machine, be sure to make an image back-up prior to its installation, and to make regular backups daily thereafter, so you can restore your machine to an operational, pre-Soluto state, with all post-Soluto data files at your disposal).
Great job, Soluto!
September 22, 2010 2:07 PM
Posted by: Ed Tittel
, Prowess SmartMigrate supports XP to Windows 7 VM migration free to home users
, SmartMigrate could shake up commercial XP-to-Windows-7 migration tools marketplace
Last week, I spent a fascinating hour on the phone with some engineers from Prowess, a Seattle-based software and services firm that offers a free software product called SmartMigrate (at least, it’s “free for individual, at-home use” according to the language on the product page at the Prowess Web site). Basically, what SmartMigrate does is to virtualize a system that’s already installed on a PC — and my title for this blog assumes that such a system is very likely to be running Windows XP, even though the Prowess engineers tell me it will work for just about any modern Windows OS, including Vista and even Windows 7, as the source for creating a VM to run inside Windows 7 (or some other operating system).
SmartMigrate seeks to turn running XP installs into Windows 7 VMs
What makes SmartMigrate cool and interesting is that it’s free for at-home use and thus also for one-off experimental “let’s see how this works” test implementations. Right now, the target virtual hard disk that SmartMigrate creates works with Microsoft’s Virtual PC and Virtual Server products (and probably also with the new Windows Server 2008 R2 HyperVisor as well), and Prowess is working hard to extend its reach to include VMWare Workstation, Parallels Workstation, Oracle VM Virtualbox, and other virtual runtime environments as well.
I’m still waiting for the chance to try this out and see how it works, and just found a working link to the SmartMigrate download (use the Download button at the bottom of the page). In the meantime, I’m wondering how a free product for home use will affect the bottom lines of companies like LapLink (PC Mover) or Zinstall (Zinstall and ZPod) who make a paying business out of selling to customers what Prowess is currently trying to give away. Could be interesting, eh?
September 20, 2010 1:42 PM
Posted by: Ed Tittel
IE9 beta fast and minimalist
, IE9 earns accolades from Paul Thurrot
, IE9 offers improved HTML5 and CSS3 support
How about this for a quote from Windows guru and maven Paul Thurrot?
Unlike its immediate predecessors, IE 9 is not about more for more’s sake. Instead, IE 9 takes the same path Microsoft plowed with Windows 7 and then Windows Phone 7. It’s clean, simple and fast. It gets out of the way, letting web site content take center stage. It’s everything that IE has never been, then, and in addition to being the best browser that Microsoft’s ever made, it may very well be the best web browser on the market, even in this early public beta version. Maybe.
Internet Explorer 9 Beta (Paul Thurrot, SuperSite for Windows, 9/15/2010)
The IE9 Beta is ready for download
Wow! Talk about an incentive to tackle a Microsoft beta — something I’m rarely willing to do, outside of major OS and Service Pack releases. And because I’m working on a new thirteenth edition of my immortal classic HTML, XHTML, and CSS For Dummies and therefore also working with HTML 5 and CSS3, I am more than merely curious about how IE9 fares in the areas of support for such emerging Web standards. (FWIW, IE8 does OK with HTML 5, but is definitely way behind Google Chrome and Apple Safari in supporting CSS3).
I’m planning to dig into this environment over the next couple of weeks and will report on how IE9 does with HTML 5 and CSS 3 markup, particularly in areas where IE 8 proved deficient as we were working on our latest book. In the meantime, if you want to try it out for your own self — on a test machine or in a disposable VM, please — grab it and go from the IE 9 Beta Home Page.