February 6, 2008

Vista SP1 will contain undocumented fixes

February 5th, 2008

Posted by Adrian Kingsley-Hughes @ 9:33 am

Interesting email in today mailbag: “Will SP1 contain undisclosed or undocumented security fixes?

For some people, counting the number of security flaws that one OS has compared to another is important because it offers a metric upon which to determine which OS is the most secure (personally, I feel that it’s a bogus metric, but I’ll let it slide for now). However, many claim that Microsoft stacks the deck in its favor by not disclosing a full list of vulnerabilities that have been patched by omitting to include those discovered and patched in-house.

Well, for those of you who do count security flaws then SP1 is likely to annoy you because it will contain an unknown number of fixes that aren’t being disclosed. Microsoft makes this clear in the Notable changes in Windows Vista SP1 document available for download from their website. The relevant wording is under the Security Improvements (page 11):

SP1 includes Secure Development Lifecycle best generic viagra process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities.

Well folks, there you have it. We can’t tell how many code patterns have been eliminated or whether these code patterns would ahve given rise to vulnerabilities, but Microsoft has taken steps to remove them anyway.

Now I have no doubt that this will make Vista SP1 safer and more secure than Vista RTM, and that’s a good thing for users, but throwing in that kind of comment does throw some doubt over a report by Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, in which he claims that Vista had fewer vulnerabilities in the first year than Windows XP, Ubuntu 6.06 LTS, Red Hat rhel4ws and Mac OS X 10.4. I’ve asked Microsoft for comment on undisclosed vulnerabilities on several occasions and always had a “no comment” as a response.

But if you’re still interested in playing the “count the vulnerabilities” game, here’s something that you can do over the next 12 – 15 months – see how many vulnerabilities disclosed for Vista RTM don’t apply to Vista SP1. The results should give you an idea of whether Microsoft’s Secure Development Lifecycle process updates works or not.

I open the floor to discussion …

Permalink • Print • Comment

January 29, 2008

Microsoft updates Windows without users’ consent

Scott Dunn

By Scott Dunn

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

  • "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:

  • "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."

    where can i get cialis

Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

Permalink • Print • Comment

January 17, 2008

How do I… Install Windows Vista in a dual-boot configuration along with Windows XP?

Takeaway: Are you really excited about the prospect of experimenting with the new features in the Windows Vista operating system, but are not yet ready to give up your existing Windows XP installation? Greg Shultz walks you step by step through the entire dual boot configuration procedure.

This article is also available as a TechRepublic download. A TechRepublic gallery explaining how to create a dual boot configuration is available as well.

Are you really excited about the prospect of experimenting with the new features in the Windows Vista operating system, but are not yet ready to give up your existing Windows XP installation? For instance, you may be on the fence, because you're not 100 percent sure that all your existing hardware and software will work in Vista and you still need them to get your work done.

If so, then you may be the perfect candidate for a dual-boot configuration. With this type of configuration, you can easily experiment with Windows Vista and still use Windows XP. In other words, you get to have your cake and eat it too.

In this article, I'll discuss some of the options you'll need to consider as you begin thinking about and planning for adding Windows Vista to your existing system in a dual-boot configuration. I’ll then walk you step by step through the entire procedure.

The location options

In order to install Windows Vista in a dual-boot configuration along with Windows XP, you need to have either a second partition on your existing hard disk or a second hard disk in your system. To give yourself enough room to experiment, you should have at least 20 GB and preferably 40 GB of space available on either the second partition or on the second hard disk.

If you don't have enough available space on your existing hard disk for a second partition, then you'll need to connect a second hard disk to your system. If you do have enough available space on your exiting hard disk for a second partition, then you'll need to obtain a partitioning software package. I recommend, Symantec’s Norton PartitionMagic only because I’ve used PartitionMagic for years. However, there are other partitioning software packages that I’ve heard are just as good, such as Acronis Disk Director or VCOM Partition Commander Professional.

Of course, detailed instructions on connecting a second hard disk or partitioning your existing hard disk are beyond the scope of this article. However, in either case, the second hard disk or the second partition must be formatted with NTFS before you begin the installation operation. If you add a second partition to your existing hard disk via a partitioning software package, you will be able to format it as NTFS at the same time as you create the partition. If you're installing a second hard disk, the easiest way to format it as NTFS is from within Windows XP’s Disk Manager, which you can quickly access by pressing [Windows]+R to access the Run dialog box and typing diskmgmt.msc in the Open text box.

The installation options

You can approach the dual-boot installation operation in one of two ways — by cold booting from the Windows Vista DVD or by inserting the Windows Vista DVD while Windows XP is running. As you can imagine, you'll encounter slightly different liquid cialis introductory screens depending on which approach you use, but once you get stared the operation is essentially the same.

While both methods will produce the same result, I prefer the cold booting from the DVD method. The main reason is that you don't have to worry about any interference from antivirus/antispyware/firewall software on your existing Windows XP installation.

Performing the installation

Once you have your second partition or second hard disk operational, just insert your Windows Vista DVD, restart the system, and boot from the DVD. Once the system boots from the DVD, Windows Vista’s Setup will begin loading and will display the screen shown in Figure A.

Figure A:

Windows Vista’s Setup will take a few moments to load files before the installation actually commences.

In a few moments, you’ll see the screen that prompts you to choose the regional and language options, as shown in Figure B. As you can see, the default settings are for U.S. and English and if that’s you, you can just click Next to move on.

Figure B:

The default settings on the regional and language screen are for the U.S. and English.

On the next screen, you’ll be prompted to begin the installation procedure, as shown in Figure C. To begin, just click the Install Now button

Figure C:

To get started, click the Install Now button.

In the next screen, you’ll be prompted to type in your product key for activation, as shown in Figure D. By default, the Automatically Activate Windows When I’m online check box is selected; however, you’ll notice that I’ve cleared it. The main reason that I’ve done so here is that while writing this article, I’ve experimented over and over with this installation procedure and want to conserve on the number of times that I can legitimately activate this copy of Windows Vista before Microsoft locks it down and requires me to call in and manually request a new product key.

Figure D:

At this point in the installation, you’re prompted to type in your product key for activation.

Now, if you just want to temporarily install Vista in a dual-boot configuration while you experiment, but plan on installing it as your main operating system once you’re satisfied with the way that Vista behaves with your hardware and software, you too may want to disable the automatic activation routine. Even though you’ve disabled the automatic activation routine, you can still install Windows Vista and use it as you normally would for 30 days.

If you want to keep Vista in a dual-boot configuration, you can activate your license online anytime you want. If you decide to make Vista your main operating system, you can repartition your hard disk, reinstall Vista on the main partition and activate the new installation in the process.

If you decide to disable the automatic activation routine, you’ll see a confirmation dialog box, as shown in Figure E, which contains a harsh warning and prompts you to reconsider. You can just click No to continue.

Figure E:

Even though this dialog box contains a harsh warning, Microsoft wouldn’t have made automatic activation a choice if opting out was really dangerous.

Because, I didn’t enter in a product key, Setup doesn’t know what edition I’ve purchased and prompts me to select one of the seven editions on this disk, as shown in Figure F. Since, I'm working with the Ultimate edition, I selected that edition, checked the box, and clicked Next.

Figure F:

When you don’t enter a product key, Setup doesn’t know what edition you have a license for and so prompts you to select one of the seven editions

On the next page (Figure G), you’ll see the Microsoft Software License Terms and are prompted to read through them. However, unless you’re very curious you can just select the I Accept The License Terms check box and click Next.

Figure G:

Unless you’re very curious, you can just click through the license terms screen.

If you’re booting from the DVD, when you get to the Which Type Of Installation Do You Want page, the only option is Custom (advanced) as shown in Figure H. To move on, just click the Custom icon.

Figure H:

When you boot from the Windows Vista DVD, the only installation type that is available is the Custom (advanced).

When you arrive at the Where Do You Want To Install Windows? page, you’ll see your second partition or second drive. I created a second partition on which to install Windows Vista, so my page looked like the one in Figure I.

Figure I:

I created a second partition on a 160 GB hard disk on which to install Windows Vista.

Once the select a partition or disk and click Next, the rest of the installation will continue as it normally would. As such, I won’t follow the installation procedure any further in this article.

Windows Boot Manager

Once the installation is complete, you'll see the Windows Boot Manager screen, as shown in Figure K. As you can see, booting either Windows XP (listed as an Earlier Version of Windows) or Windows Vista is a simple menu choice. This menu will appear on the screen for 30 seconds before Windows Boot Manager launches the default operating system, which is Windows Vista.

Figure J:

The Windows Boot Manager allows you to select which operating system you want to boot.

The Activation countdown

Since I described installing Windows Vista without activating it for testing purposes, I wanted to point out that the Windows Vista will indeed keep track of your 30 day trial on the System screen, as shown in Figure K. In addition, it will regularly display

Figure K:

If you decide not to activate during your dual-boot installation, you can keep track of how many days you have until you must activate on the System page.

Configuring Windows Boot Manager

As I mentioned, the Windows Boot Manager menu will appear on the screen for 30 seconds before Windows Boot Manager launches the default operating system — Windows Vista. However, if you wish to adjust the countdown or change the default operating system, you can do so from within Windows Vista.

Once you've booted into Windows Vista, press [Windows]+[Break] to access the System page. Next, click the Advance System Setting link in the Tasks pane and confirm though the UAC prompt. When you see the System Properties dialog box, click Settings in the Startup and Recovery panel. You’ll then see the Startup and Recovery dialog box, as shown in Figure L.

Figure L:

You can use the controls in the Startup and Recovery dialog box change the default operating system and the number of seconds that the Windows Boot Manager menu will appear on the screen.

In the System Startup pane, you can change the Default Operating System setting from the drop down list as well as use the spin buttons to adjust, up or down, the number of seconds to display the menu before launching the default operating system.

Conclusion

Installing Windows Vista in a dual-boot configuration along side Windows XP is a great way to experiment with the new operating system until you get comfortable with it. In this article, I’ve shown you how to how to create a Windows Vista dual-boot configuration.

Permalink • Print • 1 Comment

January 2, 2008

Who’s choosing XP over Vista?

December 30th, 2007

Posted by Ed Bott @ 4:24 pm

One of the most accepted bits of conventional wisdom among pundits as 2007 draws to a close is that the marketplace has rejected Windows Vista in favor of Windows XP. The biggest piece of evidence is Dell’s decision in April 2007, based on a vocal response via its Dell IdeaStorm page, to continue offering Windows XP as an option on some consumer systems. It picked up steam with Microsoft’s announcement in September that it was going to allow its large OEM partners to preinstall Windows XP until June 30, 2008, a five-month extension over the original January 30 cutoff date. (A CNET News report from last April indicates that HP and Lenovo have adopted similar strategies, offering XP as an option on business-class machines but for consumer products.)

Both of those moves got a lot of press, but proof about how either decision has actually played out in the marketplace is, unfortunately, pretty thin. Microsoft doesn’t break out its mix of Windows shipments with this level of detail. OEM computer makers are tight-lipped as well. And if any third-party market research firms have done any studies on this subject, they have yet to publish the results.

But I stumbled on an unexpected source of data that has helped me get a much better picture on what the actual numbers might be like. As it turns out, Dell has published a large database of information about its current inventory for anyone to see, and I was able to sift through it to form some surprising conclusions about the current relationship between XP and Vista in the PC marketplace. The short version: Consumers have embraced Vista overwhelmingly, whereas small business is much more reluctant, preferring XP by a better than 2-to-1 margin.

My data source is Dell’s Outlet Center, where I have bought five desktop PCs in 2007. Dell maintains separate outlets for its Home and Home Office and Business and Education divisions. Products in the outlet are all current models, divided into three categories: refurbished products, which have been returned by a customer after purchase (typically within 15-30 days); products previously ordered new but not booted by a customer; and “scratch and dent” products, which have minor cosmetic flaws.

The secret of successful shopping at the Dell Outlet, I’ve learned, is to monitor the inventory carefully. In popular categories, such as high-end XPS desktops, new products arrive and are snagged within hours or even minutes if the deal is especially good.

The selection is especially wide and diverse, covering thousands of notebooks and desktops in all price ranges and configurations. If one assumes that the likelihood of a product being returned is more or less equal across the board, that makes the outlet’s inventory an excellent proxy for Dell’s larger daily cialis business.

And best of all, there’s a fully searchable database front end for the whole thing, which makes it easy to filter the entire inventory by model, processor, memory, video card, or – aha! – installed operating system. In about an hour, I was able to produce some detailed crosstabs and turn them into very informative graphs. Here are the results:

For the time period that I looked at, I examined the full, unfiltered inventory for both outlets. The small business segment included 1509 systems, consisting of low-end Vostro notebooks and desktops and high-end Latitude notebooks and Optiplex desktops. In most of these categories, Dell offers buyers a choice between XP and Vista via its online interface, and 70% of these small business buyers have opted for XP, with only 30% choosing Vista (interestingly, 2% chose the option to have XP Professional installed with a license to upgrade to Vista Business or Ultimate later).

XP versus Vista, small business division

In the consumer category, Dell offers low-end Inspiron desktops and notebooks and higher-end Dimension and XPS desktops and notebooks. Windows XP is available as an online option on a relatively small selection of models. As a result, only 7% of the inventory in the Home and Home Office Outlet is available with Windows XP preinstalled. A full 93% of the systems included Windows Vista.

XP versus Vista, consumer division

One apparent reason for the higher proportion of Vista machines in the consumer segment is the lack of online configuration options. To make the comparison with the business category more accurate, I narrowed the field to only those machines that explicitly offer XP and Vista as options in the online configurator. In the notebook category, this includes the Inspiron 1520, the XPS M1710, and the XPS M1730. In desktops, this includes the Inspiron 530 and 530s and XPS 210.

[Update 1-Jan-2008: Some commenters seem to have misunderstood this detail, so let me be more explicit about what the next section includes. On Dell’s Home website, you start by choosing desktops or notebooks. On the landing page for either one, there is a big graphic on the right side of the page that reads “Still looking for Windows XP?” Click that link and you go to this page (if you started out looking for desktops) or this page (for notebooks). Both pages display a huge graphic banner at the top with this label: “THE CHOICE IS YOURS. Windows Vista or Windows XP. You decide.” The following section restricts the results from the Outlet inventory to only machines originally offered via these two links.]

When I restricted the sample to only consumer machines where potential buyers were offered the explicit option to choose between XP and Vista, the proportion opting for XP increased by 5%. Out of a total of 388 desktop and notebook PCs, 49, or 12%, were configured with either XP Home or Pro, compared with 88% that selected Vista. That means that buyers, given the clear choice, are opting for Vista over XP by a ratio of more than 7 to 1.

Two other facts stood out when I looked more closely at the data.

  • One is that a staggering 27% of small business customers are opting for either Windows XP Home or Vista Home Basic, even though both are terrible OS choices for any networked business. The implication is that the $100+ difference between the Home and Pro/Business versions is significant for price-conscious business buyers. By contrast, only 13% of buyers in the consumer category are choosing the XP Home/Vista Home Basic option.
  • Finally, Vista Home Premium has been a huge hit for Microsoft. More than 72% of all consumer PCs, desktop and notebook, sold in the Dell Outlet system have Vista Home Premium installed. For all the hand-wringing over Microsoft’s decision to squeeze a few extra dollars out of the consumer channel by emphasizing this particular SKU. Looks like that strategy was successful. As for Vista Ultimate, it hasn’t been a runaway winner. In the consumer sample I looked at, it represented just under 5% of sales, and in the small business side it totaled just over 1% of sales.

The bottom line? If these samples represent Dell’s overall business, which in turn serves as a proxy for the PC market as a whole, Microsoft is on target in its mission to convert the consumer market to Vista through new PC sales. Business buyers, however, remain skeptical. I’ll look at these numbers again in early 2008, after SP1 has been officially released and integrated into Dell’s product lines, to see whether it makes a substantial difference in the marketplace.

Permalink • Print • Comment

December 25, 2007

Speed Up Those Drives

If you didn't know, Windows Vista operates external hard drives that are connected via USB differently than internal drives. Write caching is disabled so that you can safely remove the drive at almost any time. This is a great feature for USB flash drives that are frequently inserted and removed from your computer. But, if you have a large hard drive in an external enclosure that you never disconnect from your computer, write caching is also disabled, which can decrease performance. So, let's change that around a little, shall we?!

Today, I'm cialis usa going to show you a tweak that will increase the performance of your external hard drive by turning the write cache back on, as well as, activating an advanced performance. Let’s get started!

1.) First, in Vista, right click on the Computer icon on your desktop and select Manage.

2.) Click on Device Manager from the side menu.

3.) Next, expand the Disk Drives option and locate your external drive from the list.

4.) Once you've found it, right click on the drive and select Properties.

5.) Under the Policies tab, select Optimize for Performance.

6.) Next, checkmark both the options of "Enable write caching on the disk" and "Enable advanced performance," as shown below:

7.) Hit OK and then restart your computer.

That's all you have to do. Now, go on and enjoy your increased performance!

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and an easy to use WordPress theme • Sky Gold skin by Denis de Bernardy