Neither business nor home users should run PCs without malware or endpoint protection in place. But what one package misses another might still find, so a periodic secondary scan is also wise. That’s why savvy Windows admins usually install or access secondary malware scanners at regular intervals on client PCs. Just as there is a myriad of products that offer real-time protection against malware of all kinds, so are a large number of secondary scanners. Here is my personal list of go-to tools in this category:
Bitdefender RescueCD (create or use a bootable malware repair utility)
Crystal Security (cloud-based security scanner comes in installer and portable forms)
dBug 2.0 (kills all non-essential Windows processes so malware scanners/repair tools can run)
Dr.Web CureIt! (rootkit removal)
Farbar Recovery Scan Tool (FRST, examines Windows runtime environment to seek out malware, works from PE bootable USB)
Kaspersky TDSSKiller (rootkit removal tool)
Malwarebytes AdwCleaner (adware/PUP removal), Antimalware (MBAM scanning-only tool), Antiexploit (beta)
Microsoft Malicious Software Removal Tool (MSRT, also released monthly through Windows Update)
Panda Cloud Cleaner (cloud-based security scanner)
Trend Micro Housecall (general security scanner)
Trend Micro Rescue Disk (bootable disk from which to run malware scans and repairs)
A periodic secondary scan for malware helps promote peace of mind.
Using Secondary Malware Scanners Properly
A secondary scanner offers information, not protection. Though it may also include malware removal amidst its capabilities, a scanner does not offer real-time antimalware protection. Thus admins should use these tools simply to make sure that primary real-time protection isn’t missing anything. Scheduling a periodic task at weekly or monthly interval to run a general-purpose scanner will suffice. Tools in this category on the preceding list include Crystal Security, MSRT, Cloud Cleaner and Housecall. Other, more specialized tools are best held in reserve, and trotted out when a specific type or cause for infection mandates their use. A bootable rescue tool (Bitdefender Rescue CD, FRST properly installed, or Trend Micro Rescue Disk) comes in handy when a system won’t boot, or when booting poses a risk to disk contents.
Keep this thought in mind as you walk the antimalware recovery trail: it may be faster and easier to restore a backup instead. On my systems I can restore a backup in 3 to 9 minutes (I use Macrium Reflect), and it might take another 5 minutes to recover recent files from File History and incremental backups. If you spend more than an hour trying to recover a PC from a virus or other malware issue, you should be thinking about switching to backup recovery instead.
More Resources for Secondary Malware Scanners
There are hundreds of alternate tools for malware scanning, recovery, and repair. You’ll find tons of additional resources on this topic at MajorGeeks or Gizmo’s Freeware. At MajorGeeks, check out these pages: Malware removal & repair, ransomware removal, and rootkit removal. At Gizmo’s freeware, the Security Scanners page will help you find your way into this topic area, and identify active, capable user forums where professionals can obtain useful advice and instructions on dealing with specific infections and problems.
Swapping out disk drives happens on Windows systems for various reasons. Driving factors can include improved performance (HD → SSD), added capacity (smaller → larger disk), or drive replacement (damaged or failing disk → healthy disk). Whatever that reason might be, a typical operation involved in switching disks is called “drive cloning.” This activity involves making a more-or-less complete and exact copy on one disk from another. Here’s a primer or some “Win10 Drive cloning 101” coverage to shed light on that process.
Win10 Drive Cloning 101: The Easy Case of Data Drives
There’s little danger or difficulty involved in cloning a data drive for Windows 10 (or other modern Windows versions). This describes a drive whose role involves only storing information for OS access and use. It’s not involved in booting or running the OS, which require special considerations. One need only use a backup or cloning utility to clone a source drive on a target of one’s choosing. I’ve had good luck with a range of such programs. These include free versions of Macrium Reflect and AOMEI Backupper, and paid versions of Acronis True Image and Paragon Backup and Recovery. In fact, MajorGeeks has a whole page of “drive cloning and imaging utilities” from which one can choose.
Win10 Drive Cloning 101: The Harder Case of Boot/System Drives
Things get more interesting when the source (and target) drives boot a PC, and supply its OS. Old-fashioned BIOS PCs work fine with simple drive cloning. But newer (and more common/modern) PCs boot using the Unified Extensible Firmware Interface (or UEFI). This environment records a globally unique identifier (GUID) for each boot drive in nonvolatile memory, and checks that ID during the boot process. If the value discovered doesn’t match the value recorded, the system won’t boot. Thus one must manage UEFI boot data as part of the drive cloning process.
Numerous tools and methods make this task possible. One approach means using a specialized tool like Paragon’s Migrate OS to SSD. (This web page also includes a nice explanation of the nitty-gritty details). Another approach is to clone the drive, and then to undertake boot repairs. First, disconnect all drives except the boot drive. Second, boot the system from a recovery or repair flash drive. Third, boot into the Advanced options for OS repair, and run the Startup Repair options. This should rewrite the Boot Configuration Data (BCD) to reflect the GUID for the newly-provided boot disk. If that fails, consult this Microsoft Developer Note “Adding Boot Entries” to use BCDedit at the command line for manual repairs instead. (The “BCEDit /set” reference is also helpful when working with this utility at the command line.)
There’s another raft of considerations involved in switching from legacy BIOS to UEFI when swapping a boot/system drive. See the TechNet article “Converting Windows BIOS Installation to UEFI” for a broad introduction (the article focuses on Windows 7 and 8 versions, but also applies to Windows 10 except that partition 1 should be 450 MB, and partition 2 — the EFI partition — 100 MB in size; see also UEFI/GPT-based hard drive partitions for layout data).
If you’ve followed this blog lately, you know I’m a big fan of TenForums.com. This Windows 10 self-help site is a huge source of news, information, and tools referrals. I hit paydirt yesterday when I found a mention that German website Win-Raid offers updated USB 3.0/3.1 Win10 drivers. Actually, Win-Raid offers quite a bit more than that. Its forums also include AHCI/RAID, NVMe, Intel Chipsets, and more. The site’s curator, Fernando (aka Dieter), has done a tremendous job in organizing this stuff. He’s broken out the individual .cat, .inf, .dll and other files that go into collections so users can manually update drivers in DevMgr. Thus, users can pinpoint individual drivers and update them easily.
Taking Advantage: Win-Raid Offers Updated USB 3.0/3.1 Win10 Drivers
Interested admins and power users must follow forum instructions carefully. For USB 3.0/3.1 this starts with downloading the necessary files from the General: Storage Drivers forum. For the Intel USB 3.0 controllers on several of my systems, that meant first registering Win-Raid’s certificate with my local certificate authorities. The download includes a .cmd file that automates the job if launched from an admin command prompt (or PowerShell environment). Next, comes a manual update for the generic Intel USB 3.0 eXtensible Host Controller. After that, likewise for the USB 3.0 Root hub. And for those with a USB 3.0 Switch device, there’s a similar update (none of my systems includes such a beast, however). Here’s a “before and after” screencap from a system with a Z87 (Intel 8 Series) chipset:
DevMgr USB device info: before Win-Raid install left; after right.
[Click image for full-size view]
Installing the Win-Raid drivers replaces the 1.0 (Microsoft) USB 3.0 eXtensible Host Controller with a newer version. The latter shows a file date of 8/18/2016 on the Driver tab/Properties window, instead of a 2013 date. Ditto for the root hub. Better than new, however, is those drivers’ stability and performance. Both offer improvements over the default items. Sure you must jump through some hoops during the install process, but the results are worthwhile. Check it out!
Last week’s cumulative Win10 update KB3201845 apparently delivers unwanted side-effects. For some users, that update clobbered the Connected Devices Platform Service (CDPSVC). In turn, this kept DHCP from working. No DHCP, no IP address; no IP address, no Internet access. Thus, MS hurried out another cumulative update on Patch Tuesday, 12/13: KB3206632. But as with other recent updates, some encountered problems getting the whole download, or installing the update completely. For those unwilling to try WUMT as a WU alternative, it seems that a DiagTrack stop fixes Win10 update ills for KB3206632.
The DiagTrack service is kept Running by default, but may be stopped and restarted under admin user-level control.
[Click Image for full-size view]
Why Is It That a DiagTrack Stop Fixes Win10 Update Ills?
The DiagTrack service in Windows 10 already has something of a black eye. At least, it scares members of the tinfoil hat brigade and those concerned about unwelcome surveillance. The Task Manager Description for DiagTrack explains much: “Connected User Experiences and Telemetry.” Ed Bott helps debunk this paranoia in his ZDNet story “Windows 10 telemetry secrets: Where, when and why MS collects your data.” In that piece, Ed explains cogently that
Microsoft uses telemetry data from Windows 10 to identify security and reliability issues, to analyze and fix software problems, to help improve the quality of Windows and related services, and to make design decisions for future releases.
He also explain how to tweak telemetry settings. That’s how users can reduce, if not eliminate, opportunities for MS to glom onto and extract personal or sensitive data from Windows PCs. This should calm the fears of those worried about Microsoft spying on them.
But what does DiagTrack have to do with downloading and installing updates? I don’t know, and haven’t yet found any information that sheds light on how or why it might interfere with WU. Be that as it may, users have reported that stopping the DiagTrack service can help. Do so before firing off Windows Update enables the downloads to occur, and installation to complete. (Remember to restart the service when the update process is done.) As an added bonus, in fact, it also appears to speed updates significantly. That’s why I can’t wait to try it myself when the next cumulative update appears. Alas, by the time I’d learned this, the latest Cumulative Update had already made its way onto my Win10 PCs.
I follow the online traffic on various heavily-trafficked Windows 10 forums. As I keep up, I’m amazed how many users suffer after scheduled or unscheduled system changes. Every capable admin knows that restoring a system back before trouble strikes is a sure cure. But alas, not everybody apparently does this. Here’s my take on steps involved in recovering from unexpected change. These may simply cause a Windows PC to misbehave, or they may render it inoperable.
Pre-preparing for Windows problems is like keeping your pencils sharp, and ready for action.
That’s why those steps also call for tools. The watchword is that, indeed, proper protection counters failed Win10 changes.
Tools for Protection Counters Failed Win10 Changes
Several items keep PCs prepared for trouble and recovery. They include the following:
A bootable USB recovery flash drive (see this TenForums Tutorial: Recovery Drive – Create in Windows 10)
Scheduled System Restores capture snapshots no less often than daily (see these TenForums Tutorials: System Restore Point – Create in Windows 10 and also Restore Point – Automatically Create on Schedule in Windows 10)
Regular system backups capture incremental changes daily, plus an image backup no less than weekly (see this TenForums Tutorial: Macrium Reflect – Backup & Restore; Enterprise-class users will work with their own backup environments)
Using Protection Against Failed Win10 Changes
When trouble strikes after an update, upgrade, or application install, the applicable remedy and its related toolset varies. A lot depends on whether or not the PC is bootable. If it is, the first repair effort should be to apply a restore point. These don’t always work, but when they do, they work reasonably quickly. Returning to the point time captured in a restore point seldom takes more than 10-15 minutes, often less. Admins won’t waste much time trying this quick and relatively easy fix first.
But when a restore point doesn’t work , or misbehavior continues, it’s time for more serious action. That’s the point when restoring a backup makes sense. If a mechanism such as File History provides ready access to files, documents, images and so forth, restore the most recent image backup. Next, recover/recopy missing items through File History. If File History (or some similar mechanism) isn’t available, apply all interim incremental backups (or the most recent differential) to the image just backed up.
Finally, when a system won’t boot, the Recovery Drive provides an alternate boot environment. Here, too, one can try Restore Points first, and go to backups second. But many seasoned vets skips the restore points and go straight to the image backup (and File History or intervening incrementals) and bypass the chance that the restore point might not work. This makes for a short and hopefully sweet return to normal operating conditions.
On December 8, Microsoft released its first major Windows 10 build using the new Unified Update Platform. So far, many users — including yours truly — experience Download hanging at 0% progress. MS has issued a workaround that lets users download despite that difficulty. Unaware that the problem was widespread, I immediately tried the Windows Update MiniTool when I got stuck myself. I’m pleased to report that WUMT works with UUP, and grabbed the update for installation without a hitch. In fact, I experienced my fastest ever download times using the tool yesterday, hitting a whopping 450 Mbps on my putative 300 Mbps connection.
Though WU got stuck, WUMT happily downloaded — and starting installing — Build 14986.
[Click image to see full-size version.]
What WUMT Works with UUP Means
Aside from the obvious — that WUMT works quite happily with UUP — this informal test tells us that the internal mechanisms for UUP don’t alter Windows Update deliver fundamentals. I’d been wondering if UUP would change things enough to make WUMT fail. It’s nice to see it continue working in the face of changes to Windows Update behavior. We know that UUP checks the manifest of installed updates on PCs requesting them. It sends only missing items in response. It’s great that these changes don’t keep WUMT from working.
I had already recommended WUMT as a Windows Update replacement and reported that WUMT Does Updates When WU Can’t or Won’t in earlier blog posts here. It tickles me that WUMT keeps on ticking, even as UUP makes the scene.
[Note: I recommend the download link for WUMT from MajorGeeks.com. Its anonymous creator, Mr. X, first published this work on the Wilders Security Forums in October 2015. Apparently, Mr. X is a Mexican software developer: his identity is tied to website ru-board.com, but the Wilders link to his account is no longer live. I’ve been using this tool for several months now, despite its deliberately shrouded origins, and have found it to be fast and capable. Would that all freeware were this good.]
Microsoft’s declaration in November that the latest version of Windows 10 is enterprise-ready created confusion in some businesses that had already been using it for months.
After Microsoft releases a Windows 10 Anniversary Update, as it did in August, the company spends 90 days noting and responding to all the issues customers and independent software vendors have. IT experts who were not aware of this process said they’d like better communication from the vendor.
“Microsoft has always done a poor job of communicating this kind of stuff,” said Doug Grosfield, president and CEO of Five Nines IT Solutions, a Microsoft partner in Kitchener, Ont. “And then there is always a cleanup operation involved. It’s unfortunate for the customer and creates extra work.”
For example, Grosfield’s customers faced issues with VPN client software from providers including Dell, Cisco and SonicWall. Following the installation of the Windows 10 Anniversary Update, some businesses needed to reinstall their VPN client software for them to work again, Grosfield said. Initially, this caused many problems and halted productivity for remote workers.
Microsoft should have addressed these and other issues and labeled the Windows 10 Anniversary Update as enterprise-ready when the company released it, Grosfield said.
“Microsoft has got some ground to make up on the Anniversary Update because it was released in a way that broke a lot of things,” he said. “It would take hours to actually do the update, which was very disruptive, and it created some problems to solve with a bunch of software.”
The Anniversary Update also caused problems for many antivirus software platforms initially, but they have since been resolved.
It’s always a good idea to wait to install any software update because of situations like this, where the update causes problems with other software or has its own bugs, said Robby Hill, founder and CEO of HillSouth, an IT consultancy in Florence, S.C.
“It’s been a best practice in IT services for quite a while,” Hill said.
In early November, I blogged about Microsoft’s Unified Update Platform (UUP). In that post, I reported that Insider Build 14959 would include UUP features and functions starting with Mobile releases. Last Friday, Insider manager Dona Sarkar shared more news as UUP starts getting real. Here’s a quote from her Windows Insider Program post “Announcing Windows 10 Insider Preview build 14977 for Mobile”
We are getting ready to start releasing PC builds to Insiders using UUP. To prepare for this, we are going to pause all PC builds for both the Fast and Slow rings starting this evening (Friday 12/2). We will begin flighting the latest builds via UUP starting with our internal rings first then to Insiders based on each ring’s promotion criteria. We’re excited to be able to release builds for PC to Insiders using UUP! Mobile builds are not impacted by this.
The switch to UUP represents a nuts-n-bolts shift for Windows Update.
When UUP Starts Getting Real, What Can We Expect?
Under the hood, MS is changing how it structures updates. At present, MS releases cumulative updates monthly. That means such updates include roll-ups of all Windows 10 updates released since the last major release milestone. That way, users updating a newly installed OS need apply only the most recent cumulative update. In any given month, whatever other security, malware scanning, and other updates released since the cumulative roll-up also apply. And in fact, MS plans the same approach for future Windows 7, 8, and 8.1 updates.
How does UUP change things? Essentially, it checks the manifest of updates already applied in the requesting Windows image against its update database. Then, it transmits only missing items from its WU servers. Rightfully so, MS calls these items “differential downloads” or “delta updates.” (This draws on database and change management terminology.) Thus, MS predicts that UUP decreases download data volume as much as 35%. This in turn means faster downloads and less overall bandwidth consumption. Most computer trade reports on UUP view it positively. For example, PCWorld states “… it’s pretty obvious the experience of downloading and installing new updates from Windows should be vastly improved by its [UUP’s] adoption.”
But as with many new MS technologies that promise improvement, the jury’s still out. Let’s see if they can indeed deliver on those promises. Windows Update has been a major pain for many Windows 10 users recently. An actual improvement could help kill that pain. Here’s hoping it pans out! Once Insider Preview releases resume, the world will find out. Stay tuned for my follow-up reports.
The long tail is a concept popularized in the early 2000s by writer Chris Anderson, who first used the term in an eponymous Wired magazine story. Simply put, the long tail concentrates on the tail end of certain statistical distributions (such as the Zipf, power law, and Pareto distributions). This might sound a bit ivory tower. But it explains how large populations shake out into small clusters of elements at their tail ends. Companies grab this tail to expand their ability to sell more into a market. How Windows 10 PC’s organize themselves by the devices and chips they contain is similar. My growing belief is that for Microsoft, the long Win10 tail carries a nasty barb or two. In fact, it’s stinging them soundly right now.
The distribution of who’s using what kind of PC hardware also fits this curve, and things happening to users on the long tail are biting Microsoft these days.
Why See Barbs on the Long Win10 Tail Anyway?
I’ve been looking for a way to explain numbers of unhappy Windows 10 users who pop up on public forums such as answers.microsoft.com, and TenForums.com. Many of these users report out-and-out weird problems that many users will never experience for themselves. I’ve been following this traffic for six-plus-months now. I’ve seen credible reports of heart-wrenching, hair-pulling issues with Windows update, File Explorer, OS installation, and more. In digging into these issues and reported solutions, device drivers seem involved in at least half of them. As for the other half, “Windows registry oddities” account for many of those cases.
What does this mean? Windows 10 runs on 400 million-plus PCs, tablets, notebooks, and devices. Its long tail includes configurations with strange, peculiar, uncommon or outdated devices. I believe some unhappy and vocal users on this long tail are falling victim to gaps in a well-established and -oiled device support system . Indeed, it covers the vast majority, and covers it reasonably well. I’ve been mucking around with device drivers since the mid-to-late 1990s (about 20 years or so). Along the way, I’ve learned what hoops one must jump through, and the sources one must mine, to fix driver problems. I don’t think the same is true for many Windows 10 end users. What we’re seeing recently with complaints and decisions to roll back to Windows 7, 8, or 8.1 is this: that hardware works fine on older OSes, but not on Windows 10.
Taking the Sting Out of the Long Win10 Tail
Intractable driver problems are where barbs on the long Win10 tail start to sting. I’m not sure that it’s entirely Microsoft’s fault. Nor is it even the fault of the vendors who built the responsible devices and who typically write the drivers. It’s just that the whole distribution is big enough that certain parts of the long tail will have problems. And some of those problems will never be fixed. That’s because vendors don’t support Windows 10 on some device, or the driver has a bug when used with Windows 10 but not on older OSes.
Is this Microsoft’s fault? Probably not. But is it their cross to bear? Most assuredly! I’d urge them and the various communities that serve Windows 10 users to invest in more education to explain such things. They should also describe potential forms for relief. This is a rough patch on the PC landscape, but one that all need navigate. The long Win10 tail may never lose its barbs, but education may help them lose their sting.
Around the start of each month, I like to look at the numbers for Windows 10’s share of the desktop. This month, I’ll turn to NetMarketShare and analytics.usa.gov for my data. Their take on desktop share is depicted in the two following screen caps made December 2, 2016. Together, they help describe Windows 10 desktop share November 2016 end-of-month.
NetMarketShare shows Win7 finally starting to shrink, with Win10 at just under 50% of its portion of the pie.
Analytics.usa.gov shows Windows at 61% of Win7, and far fewer XP PCs active.
What’s New About Windows 10 Desktop Share November 2016?
I always like comparing these two sources of data. That’s because NetMarketShare (NMS) takes a more global look. OTOH, Usa.analytics.gov reflects (a lot) of visitors to US Government websites — 2.15 billion of them — over the past 90 days, for a more forward-looking and domestic American reflection of the relatively advanced population of users who visit them.
What do these numbers tell us? Windows 10’s overall share continues to grow, albeit more slowly than during the free upgrade period. Either source of data (or their average) shows that Windows 10 is closing in on the halfway mark for matching Windows 7’s massive share of the market (or has already passed it, as the 61% ratio of Win10 to Win7 on Usa.analytics.gov shows). The combined share of Windows 8 version currently stands at about 10% of the desktop space (or 5% of the total visitor space for Usa.analytics.gov, which includes both mobile and desktop OSes in its reporting).
What at least I find interesting — and I hope you do, too — is the disparity in XP share between the two sources. Windows XP registers at 2.01% of the desktop space for Usa.analytics.gov, but at 8.63% for NetMarketShare. I believe this shows quite correctly that first world users (in the USA, in particular) have pretty much entirely moved on from Windows XP, with just a few remaining diehard users. For the rest of the world, though, a relatively strong segment (almost one in ten users) is still running XP. I expect this divergence to continue, and perhaps to grow, as we track desktop share into 2017. The truly interesting question here is: how long can these diehards hang in there? We’ll just have to wait and see!