I’m a long-time fan of PC Tool’s highly-regarded Spyware Doctor antispyware products, and have run at least one version of this product family on a like number of test and production machines for going on four years now. In the last month, I’ve had problems with their latest and greatest combined antispyware/antivirus offering (Spyware Doctor with Antivirus 2010, version 126.96.36.1998 to be specific) on a couple of my Windows 7 machines. To be specific, the primary service module pctsSvc.exe experiences an application crash at least once a day (my record for any one machine is 7 times in one day) with detail like this screencap from Reliability Monitor to match:
I’ve already switched from this product to Norton Internet Security 2010 on my primary production machine (I didn’t want to leave the machine in an uncertain state while working through this problem), but I’ve left it installed on one of my test machines and am working with PC Tools technical support to try to understand and resolve this issue.
Last Thursday, I conducted a Web chat to report my problems and ask for some advice. The support tech had me stop the Spyware Doctor run-time environment (right-click the icon in the notification area, then select ShutDown from the resulting pop-up menu), uninstall the running version of Spyware Doctor, download a fresh clean copy from their Web site, and reinstall the program. After three days with no problems I was starting to hope that my failure to halt the previous version of the app before doing the first install of the current version caused the problems, but when I logged into my test machine first thing this morning, I found the pctsSvc.exe app crash message waiting for me on that machine when I checked in.
I’ve forwarded the information to PC Tools, along with the same screen cap you see in this blog, and will be curious to see what happens next. The tech I worked with last week said they would e-mail me a copy of the Belarc Advisor, and have me install and run it, so they can examine its output to understand more about my PC. Just for grins I visited the Belarc website to download and run the free version of the Belarc Advisor on a different PC, and here’s what popped up:
It looks like a pretty informative tool, but I didn’t see anything in the output from the free version that would help me or anybody else tackle the Spyware Doctor issues, so I’m guessing the commercial version that PC Tools will send me will provide a bunch more detail, especially on security -related matters. One big concern for many such software companies is the presence of malware that could inhibit or block correct behavior on a PC (which I’m 99% sure is NOT true for this machine, having scanned it with Trend Micro Housecall and the Norton Security Scan and come up clean on both), while another has to be the presence of other programs, drivers, or runtime environments that interfere with the PC Tools runtime environment’s proper operation.
This promises to be an interesting and educational adventure as I work with PC Tools to figure out what’s bollixing Spyware Doctor with Antivirus on my test machine. I’ll keep you posted as things develop further.
[Note added 11/21/2009]: I never heard back from PC Tools Tech Support despite an e-mail follow-up on 11/17. I guess I’ll have to start a new trouble ticket tomorrow. Count on me to keep following up as more info becomes available. In the meantime, pctsSve.exe crashed again on 11/18 and 11/19.
On November 11, 2009, MS released version 2.51 of its Security Compliance Management Toolkit Series through the Microsoft Download Center. Though not all organizations or users will need all of the elements in this offering (a single ZIP file is available with all of the documentation and components; it’s named all.zip) individual elements are also available on a one-off basis.
Here’s a screenshot of what WinZIP finds inside all.zip:
As a quick perusal of the contents illustrates, you’ll find components that target Microsoft operating systems, including Windows XP, Vista, and 7 on the desktop side, as well as Windows Server 2003 and 2008 (including R2) on the server side. You’ll also find elements for Group Policy Objects, Office 2007, and Internet Explorer 8, as well as a general introduction and overview that explains these various items and describes their contents and capabilities.
Suffice it to say that anybody whose responsibilities touch on information security for Windows desktops, servers, or networks will probably benefit from some exposure to this collection of tools and documents — if not rolling up their sleeves and digging into one or more components on a more serious footing.
Here we go again: yesterday (11/10/2009) was another Patch Tuesday. This time around we see some reasonably serious critical level updates, where we find many versions of Windows affected (desktops: 2000, XP, and Vista; servers: 2003 and 2008) but no mention of either Windows 7 or Windows Server 2008 R2 (see the Windows Operating Systems and Components section of the November Security Bulletin for details). Very interesting!
|MS09-063||Critical||Windows versions||WSDAPI vulnerability allows remote execution|
|MS09-064||Critical||Microsoft Windows 2000||bug in license logging server allows remote execution|
|MS09-065||Critical||Windows versions||multiple vulnerabilities in the Winodws kernel that allow remote code execution|
|MS09-066||Important||Active Directory||denial of service possibilities for AD, AD application mode, and AD Lightweight Directory Service|
|MS09-067||Important||MS Office Excel||multiple vulnerabilities could allow remode code execution when user opens specially formatted/crafted Excel file|
|MS09-068||Important||MS Office Word||privately reported vulnerability could allow remote code execution if user opens specially formatted/crafted Word file|
Whenever Microsoft rolls out a new OS, it’s always interesting to see what kinds of shortcuts get eliminated, added, or changed in that process. From my own experience, Windows7 offers plenty of neat and usable shortcuts to help savvy users make the most of its runtime environment. Thus, for example, my personal favorite at the moment is a quick right-click on any icon in the task bar. Instead of opening the linked application (or providing a list of active windows if it’s already running) as it would with a left click, this pops up a jump list of previously accessed views, documents, or related data objects (above the line), and gives you the option to close any open Windows, unpin the app from the taskbar, or launch a new instance of the same application in its own window instead (below the line).
But that’s just the tip of a formidable iceberg of hidden, or at least, non-obvious shortcuts that Windows 7 makes available to it users. Here’s a list of interesting resources on this subject that you should find entertaining, if not downright useful, as you begin climbing the Windows 7 learning curve:
- Lifehacker.com: Best New Windows 7 Keyboard Shortcuts
- Microsoft Windows 7 Home: Keyboard Shortcuts (organized into 13 categories, of which general keyboard shortcuts and Windows logo key keyboard shortcuts are very much worth exploring)
- ExtremeTech: 12 Must-Know Windows 7 Shortcuts
Shoot! I’ve even written an article/guide on this topic myself (with my frequent “partner in grime,” Justin Korelc) for InformIT.com. As soon as that story posts, I’ll add it to this list. In the meantime, the preceding items should give you plenty to chew on and play with. Enjoy!
In the past few years I’ve written about numerous utilities from Nirsoft, Nir Sofer’s superlative source for what he aptly describes as “small and useful freeware utilities.” Although it’s been out since April, I just came across mention of his BlueScreenView utility in the November issue of PC World (that issue isn’t accessible online just yet, but here’s an earlier, more detailed review by the same author entitled “BlueScreenView Relays BSOD Autopsy Results“).
I’ve worked with numerous crash dump tools for years, including the Microsoft Windows Debugging Tools, and have yet to find a better tool for quick, straightforward crash dump analysis than this one . (When it comes to detailed, down-and-dirty crash dump analysis, nobody knows this topic better than Windows maven Mark Russinovich: see Chapter 15 of his recent book, Windows Internals 5 for the best overview and discussion of this topic I know of anywhere.)
BlueScreenView doesn’t tell you anything the other tools don’t also tell you but it works quickly and presents the information in a readily-accessible and intelligible form (and lists all the crashes for which it can find dumps on your system). Take a look at this most recent output from my primary desktop system, which I loaded and ran a couple of weeks ago. As soon as I saw the events for August 19 through September 28, I immediately knew I had to go out and find a better ACPI driver for this PC. Since I did that on or about October 15, I’ve had no further ACPI problems with this machine (though as you can see I sat down this morning to learn that usbhub.sys had fomented a crash on this box. Sigh).
If you would like a fast understandable crash dump analysis tool, grab yourself a copy of BlueScreenView right away. You won’t be sorry you did. It comes in the form of a 52 KB zip file. To run the program simply unzip the contents into a readily accessible directory (you can even put a shortcut on your desktop, or pin the BlueScreenView.exe file to the Start Menu or the Taskbar as you may choose). It works like a peach with Windows 7 and Vista, and I suppose it’s just a matter of time before I’ll try it out with XP as well. Enjoy!
This weekend I got an email from my old buddy Mike Drips, who informed me he’d found a nice little tool for building a bootable, installable UFD for Windows 7 at the Microsoft Store. Alas, I had to call him this morning to get the full title of the tool — namely, the Windows 7 USB DVD Download Tool — because no amount of searching around with purely descriptive titles on that site helped me turn it up. But turn it up I did with title in hand, at the aforementioned link.
Given this free download and a valid Windows ISO image file, you can create a bootable UFD (that’s a USB Flash Drive, for those not in the know about this MS acronym) or burn a DVD from which to install Windows. Although the tool specifically identifies itself as for Windows 7, I was able to confirm by experiment that it also works with Windows Vista ISO image files as well ad Windows 7 files of the same variety. Reset your PC’s (or notebook’s) BIOS so it will boot from a UFD and presto! you can boot from the UFD to run the Windows installer.
Here’s a gallery of screenshots from installing (first four images) and using (next seven images) this tool that will give you a pretty good idea of what it is and how it works. Definitely worth grabbing, for those installs you plan to do “by hand!”
So much for installing the software. The next series show how it’s used to create a bootable UFD (warning: copy everything on that drive before you turn a UFD over to this program, because one of its first actions is to format the drive).
All you need to do to use this tool is to access setup.exe after inserting the UFD into a Windows machine (only works when installing a 32-bit OS from a 32-bit OS, or 64-bit OS from a 64-bit OS) or after booting from the UFD itself. Check it out! I think you’ll like it…
As far as I can recall, Windows XP was the first Windows version to support 64-bit operation (in fact, according to the 64-bit software timeline in the Wikipedia article “64-bit” the first such version was released on April 30, 2005 quite a bit later than the 32-bit XP release date in August, 2001). I haven’t messed with 64-bit versions of XP much, but came to appreciate them with Vista (where both 32- and 64-bit versions released simultaneously).
My appreciation is only improving with Windows 7. That’s because while the requirement that all drivers be signed might seem restrictive it is actually proving to result in more stable and reliable 64-bit systems for me as compared to the same systems running in 32-bit mode on the very same hardware. This observation has been dawning for me slowly as I migrate more of my production and test systems to Windows 7, and observe the differences in reliability and stability between the two OSes.
Here are three cases in point, to help illustrate my contention:
- My primary test machine is built around an Asus P5K motherboard with an older QX6800 quad core processor, 8-12 GB of DDR2-800 RAM (I vary the amount of memory according to current usage patterns), an NVidia GeForce 9600GT, and three Samsung 1 TB SpinPoint drives. I’ve got Windows 7 Professional 64-bit running as the host OS, and also run 32- and 64-bit versions of Windows XP, Vista, and Win7 as guest OSes as well. This machine has had exactly 1 (!) runtime error since I updated the machine to that OS on August 8, 2009. Remarkable!
- One of my test notebooks is an MSI PR200 with a T7300 Mobile Core 2 Duo, 4 GB DDR2-667 RAM, Intel GMA X3100 graphics, and so forth (details appear in this Tom’s Hardware Review from 2007). I’ve run both 32- and 64-bit Win7 versions on this platform and while the 64-bit version maxes out at about one minor hiccup weekly, the 32-bit version easily triples or quadruples that experience.
- My primary production machine has always and exclusively been 32-bit since I first built it in 2006 for Vista. Readers of this blog and my ViztaView blog know that I’ve been plagued with bizarre and interesting hardware issues on this machine for years, and seemingly conquer them as they appear only to have them replaced by other, equally bizarre and mysterious issues. Guess what? I’ve now switched to 64-bit Windows 7 Professional on this machine, and it’s quieted down considerably (from a dozen or more error items in Reliability Monitor weekly to one, or at most two).
Yes, I know, this is far from a sufficiently large enough sample to be statistically significant. But for me it’s significant in another, even more important way: I now spend less time troubleshooting systems, and more time working. The boss (my wife, that is) likes this, and so do my creditors and my bank balance. And thus, maybe — just maybe — the 32- to 64-bit switch may also be worth considering for those of who you’ve yearned for a more stable and reliable Windows desktop environment, especially on machines subjected to constant tinkering and upgrades (as mine, and I have to believe also, some of yours are as well).
I was expecting more stuff to hit the MS Download center in the wake of the Windows 7/Windows Server 2008 R2 release last Thursday (10/22/2009) and boy, was I right. Check out the “new items” page for a complete listing. I’m only going to toss out some highlights that reflect my own recent download activity, and/or topics I believe will be of interest to enterprise Windows desktop administrators. Here goes:
- Security Compliance Management Toolkit: provides a pretty complete (MS calls it an “end-to-end solution”) package for those who need to plan, deploy, and monitor security baselines for Windows machines and 2007 office applications, including support for Win7, BitLocker Drive Encryption, and IE 8.
- Debug Diagnostic Tool v1.1 plus related “How-to“: a tool designed to help troubleshoot system hangs, slow performance, memory leaks and fragmentation, or crashes in 32-bit (Win32) user-mode processes — applications and system utilities, in other words. Could be quite useful.
- Virtualization Overview, Methods, and Models: covers various approaches to planning virtualization within an organization, including Windows Server 2003 and 2008, plus Windows XP, Vista, and 7.
There are also over a hundred updates dated 10/26 and 10/27 for all kinds of platforms and servers in the new downloads section as well. If you also manage updates, you’re probably already aware of these. If not, you may want to take a look just to see what’s available.
In switching my test and production PCs over from Vista (or creating dual boot Vista/Win7 or XP-SP3/Win7 setups), I’ve observed that while Windows 7 does a very good job of identifying most hardware and then loading the proper driver, I’ve also recently observed that its accuracy is less than perfect. This can lead to interesting problems and apparent stability issues, so it’s a possible culprit worth pondering when otherwise rock-solid Win7 installations start showing signs of driver-related instability.
Case in point: My Dell All-in-One (AIO) 968 inkjet printer. As I documented in a ViztaView blog a little over a year ago, that OS also misidentified this printer as a Dell AIO 968 XPS printer. XPS is the Microsoft XML Paper specification created as a platform independent document exchange format, and essentially forces the printer driver to convert all other print input forms into XPS prior to allowing the printer to output any files deposited into the AIO 968’s print queue. As it turns out, Win7 also falls prey to the same misidentification, which produces a slew of “Print Filter Pipeline Host” errors when the whatever-format-to-XPS conversion runs into trouble (which it does all the time, if my experience with this particular device misidentification is any guide). Thus, if you look at this Reliability Monitor display for 10/23/2009, you’ll see 6 instances of the “Print Filter Pipeline Host” “stopped working” errors on that day, as I printed a bunch of stuff (coloring pages for my son, actually).
When Dell released a new Windows 7 driver for this printer on October 5, I happily installed it and kept my nose to the grindstone without really checking my work. Had I done so, I would have noticed that the device had been incorrectly identified as a “Dell 968 AIO XPS Printer” rather than a “Dell 968 AIO Printer.” Because the former always invokes XPS conversion as part of the print process, and that process throws lots of errors — particularly when printing Web pages — I suddenly found myself back in the swamp with those “Print Filter Pipeline Host” errors once again.
It wasn’t until I went into Devices and Printers, right-clicked the Dell 968 entry and forced it to be identified as the right printer that I got things working. Simply uninstalling the driver and letting Win7 re-detect the hardware did no good whatsoever, because the OS misidentified this device as a “Dell 968 AIO XPS Printer” all over again, instead of the plain-vanilla version of the device. A quick manual override fixed this, and now things are working fine. (Hint: click the Set as default pop-up menu entry, and both printers will appear, so you can select which one to set as the default. That does the trick!)
All I need to do in future is to remember to make this manual change, if I ever need to re-detect that hardware in Windows 7 again. Just another little Windows eccentricity to add to my list of things to keep track of!
Gosh! There’s so much hype and hoopla surrounding yesterday’s Windows 7 launch that I’m almost disinclined to add to the clutter myself. But hey: a guy’s gotta blog, so there’s plenty of interesting new stuff going on around this “big event” to provide grist for the mill. So far my favorite fluff coverage item is a snapshot of Linux father Linux Torvalds squatting in front of a big Windows 7 display in a Japanese high-tech outlet giving the thumbs-up sign (he’s in Tokyo to attend the Japan Linux Symposium, apparently).
But enough fluff, already. There were no less than 21 items released to the Microsoft Download Center yesterday, and at least three of them relate to Windows 7 and may therefore bear download and inspection. Here goes:
- A revised Windows licensing fact sheet, that adds Win7 coverage to Windows 2000, Windows 95, Windows Vista, and Windows XP.
- The Windows 7 Training Kit for Developers, which includes presentations, hands-on labs, and demos designed to help developers get up to speed on building Win7 compatible applications (I’m not sure, but I think this is a final release of a beta that’s been out for months).
- The Windows 7 Product Guide: a PDF (62 MB) or XPS (30.5 MB) version of the color, glossy MS Windows 7 intro, with a detailed tour of the new OS’s capabilities, interface, and design features (140 pp)
A few other potential items of interest amidst the plethora of recent downloads include:
- Installation Instructions and Release Notes for Windows Virtual PC and Windows XP Mode: pretty much self-explanatory, but the Download Windows XP Mode page now offers access to the final version, instead of the release candidate. Those already running Windows XP Mode are advised to uninstall the RC or beta version and download and install this version instead (be sure to back up your VHDs and ancillary files first, and you can run them inside the new version without a hitch).
- A new version of the Microsoft Baseline Security Analyzer 2.1.1 is available, modified to also work with Windows 7 and Windows Server 2008 R2.
Lots of new stuff to look at, and some of it actually interesting and/or informative, too. Enjoy!