Protect your media player from podcasts

INTRODUCTION — news about your newsletter

Next issue Sept. 15, no issue Aug. 25

We're taking a break! Since a lot of people go on vacation in the last half of August, we skip an issue then to give our contributors some time off. (The same is true at the end of December, too.)

Our next issue will be published on Sept. 15. That's two days after Microsoft's next Patch Tuesday, the date when fixes and advisories usually come out. We publish twice a month, so our second issue in September will appear on the 29th.

We're a little crazy for trying to get an entire newsletter to you only 48 hours after Redmond's flurry of announcements become available for us to analyze. But that's what we do.

Although I'll be traveling the rest of this month, I won't be in a cave. I'll be reading the rumor mill and chatting up my sources, just as I always do. If some important Windows tricks arise, I'll send you a short news update.

Thanks again for your support of Windows Secrets. —Brian Livingston, Editor

^

TOP STORY — info you need to make Windows work

SPECIAL REPORT:
Protect your media player from podcasts

By Brian Livingston

It should be fun and harmless to play podcasts — short radio and television programs that download automatically from the Internet. But dumb programming mistakes in popular media players can allow spyware to silently infect your PC while an apparently innocent multimedia file is playing.

In the first part of my special report on podcasts, published last issue, I explained that applications designed for media downloading — called "podcatchers" — can cheerfully save hacked media files or even troublesome executable files to your hard disk.

In the second part of my report, I'll explain today the steps you can take to protect yourself.

Infected executable files, in this case, aren't actually your most serious problem. Let's say a podcast you download happens to really be, for example, a dot-exe file. If your podcatching software downloaded the file earlier and you absent-mindedly try to play it, your media player will probably do nothing. It'll just sit there, waiting for you to load a file type it understands.

The real danger occurs if your media player allows a "poisoned" audio or video file to silently run commands or install other files.

You'd think media players would support nothing but audio, video, and still images. But, amazingly, these players have a history of letting multimedia files get away with murder.

The good news is that playing podcasts on a specialized MP3 player — such as an Apple iPod or a Creative Zen Micro — probably won't infect these little devices. They run simple operating systems and aren't full computers, so they're not attractive targets.

The bad news is that, if you watch video podcasts or listen to audio podcasts using Windows or a Pocket PC, any weaknesses in your Microsoft or third-party media player can expose you to infection.

If you have a broadband connection, in particular, your PC is a valuable resource for hackers who'd love to install their spyware. They can then show you pay-per-click pop-up ads, use your bandwidth to quietly send millions of pieces of spam, or launch denial-of-service attacks against Web sites.

The solution is to keep your media player updated with the latest vendor patches. This can be a simple and trouble-free task. Once your player is updated, you can relax and enjoy podcasts safely.

In the following sections, I'll tell you how to fix whichever media player you may use — Windows Media Player, iTunes, QuickTime, RealPlayer, or Winamp.

Windows Secrets Newsletter
Issue 59 — 2005.08.11

INTRODUCTION
• Next issue Sept. 15, no issue Aug. 25

TOP STORY
• Protect your media player from podcasts
• Update WMP to avoid surprises
• iTunes isn't safe just because it's Apple
• QuickTime can play more than videos
• Music and movies can hack RealPlayer
• Winamp falls victim to sneak MP3s

WINDOWS GIZMOS
• New battery technologies lengthen life
• Recharge phones, PDAs, cameras, etc.
• Double-strength batteries appear in U.S.
• Get USB, FireWire, video, speaker ports

INDEX OF REVIEWS
• External hard drives catch reviewers' eyes
• Seagate receives Ultimate Choice award
• PC World awards drives as Best Buys
• Sony impresses editors at PC Mag
• HP projector gets Ultimate Mobility nod
• PC Mag rates top inkjets for 2005
• New laser gets Editors' Choice
• PC World rates less-expensive SLRs
• Pen Computing names choice PDAs
• Garmin praised by Smart Computing
• Epson scanner excels in PC Pro tests
• PCE makes power-supply picks

SECURITY BASELINE
• ZoneAlarm 6.0 install problems

HOT TIPS
• Have a problem? I'll print something
• Support 16 VPNs with a single router
• Should Microsoft problems be publicied?
• Word of Cisco weaknesses travels fast

OVER THE HORIZON
• Windows holes from several sources
• Microsoft ActiveSync has security problems
• USB drivers could attack computers
• IE JPEG problems fixed by patch
• Severe hole in Windows 2000, 2003, XP
• Exploit code targets Veritas Backup Exec

WINDOWS PATCH WATCH
• Microsoft forgets to sign a few patches
• Microsoft update is acting up, too
• One new IE patch is medium priority
• Two patches are essential to stop worms
• Both antiworm patches require W2K SP4
• RDP vulnerability is like afterthought
• Two fixes for telephony and Kerberos
• Three re-releases for Viewer, 2003, and OE
• Genuine Advantage fixed... for now
• While at Microsoft Update, what to patch?
• Service pack issues and APC gotcha

UPDATE MANAGEMENT
• UR1 — not an update, not a service pack
• UR1 is not a service pack
• Certain disadvantages come with UR1
• How to handle rollup deployment

WACKY WEB WEEK
• "Jeb's Jobs" is tech support on steroids

USEFUL LINKS
• State e-mail taxes begin to bite
• How Utah, Michigan legislators got fooled
• Internet Explorer 7 Beta 1 Review

NEWSLETTER CONTROL PANEL

• Windows Secrets home page
• How to subscribe
• Change your delivery address
• Change your preferences
• Access past free issues
• Access past paid issues
• Upgrade to paid version
• Search for info (WinFind)
• Submit a Windows tip
• Get subscription help
• How to unsubscribe

CIRCULATION: over 147,000

Update Windows Media Player to avoid surprises

Late in 2004, computer experts noticed that a popular Windows Media Player video file was actually a silent delivery mechanism infecting millions of PC users with spyware.

On Jan. 3, 2005, security researcher Ben Edelman revealed what was happening to people who played this video file in WMP. After clicking the OK button on a single, legitimate-looking "browser update" dialog box, "My computer quickly became contaminated with the most spyware programs I had ever received in a single sitting," he said.

Edelman counted an amazing total of 31 programs that had silently been installed, without even displaying a license agreement. These included adware from 180solutions, CoolWebSearch, Ezula, ISTbar, and many other adware companies, he said. (By the way, I reported on July 14 that Microsoft's AntiSpyware beta program, to the dismay of spyware experts, has stopped recommending the removal of programs by 180solutions, Ezula, and some other adware companies.)

How the trick works: Media files that are played using recent versions of Windows Media Player, such as 9.0 and 10.0, can invoke Microsoft's Digital Rights Management system. This DRM scheme allows multimedia files, among other things, to open a Web page and display information to the user.

Allowing audio and video files to open new windows is not such a good idea in the first place. Even worse, however, is how DRM was implemented by Microsoft.

Left: Playing a video file in Windows Media Player can launch a dialog box that looks official but installs spyware. Enlarge image in context

DRM-protected multimedia files, when played in WMP, can make a dialog box appear, such as the one shown above that Edelman diagnosed. (This image is reproduced with Edelman's permission.) In this case, the dialog box tells the user to click the Install button to get what was supposedly a Required Media Player Version 10 Browser Update.

Most Windows users, of course, see dialog boxes like this all the time. For example, legitimate audio and video files commonly require the download of a particular compressor-decompressor, or codec. That perfectly ordinary situation displays a very similar codec-update dialog. (I discuss, below, a safe way to update codecs.)

In the case shown above, the message does say Security Warning, but so do many other alert boxes. It's very natural for Windows users to click OK on boxes such as this one, and huge numbers of people have done so. After all, the dialog box says the download is required! (For details, see Edelman's original report.)

Microsoft's response to the outcry over this unacceptable behavior was pathetic. For at least a week, the company initially said the misleading dialog boxes were using a "by-design feature" of WMP, which wouldn't be changed. The company then reversed course, telling eWeek in January that a patch would be available by mid-February.

Patches that allowed WMP 10 users to switch off the deceptive behavior were in fact released by then. But no patches were made available for WMP 9, which is used by more people, according to an April 14 eWeek article.

Microsoft finally released security advisory 892313 and the related Knowledge Base article 892313 on May 10. These articles described the problem and linked to an update for WMP 9 that had been posted a few days earlier.

Unfortunately, the WMP 9 patch is available only for users of Windows 2000 and 2003, not users of Windows 98 or Me. Worse, neither the advisory nor the KB article tells WMP 9 and 10 users that they must change a setting to turn the protection on after installing the upgrades. Finally, as far as I can determine, neither Windows Update nor the newer Microsoft Update bothers to inform users of the need for these upgrades.

What to do: Users of Windows XP with Service Pack 2 (SP2) who also have Windows Media Player 10 installed are not vulnerable to the problem. For everyone else, I've put together the following steps to make you immune.

WMP is "integrated" into Windows and you can't easily remove it. For this reason, I urge you to upgrade WMP's components to the latest version available for your OS, even if you never use it. Then apply patches as described in the steps below. WMP 10 will run only on Windows XP. WMP 9 will run on Windows 98 SE, Me, 2000, and 2003 as well as XP.

Users of Windows XP: First, if you don't have SP2 installed, I recommend that you install it now, using the XP SP2 page or the new Microsoft Update (requires Internet Explorer). While you're at it, use Microsoft Update to get the latest security patches for XP. Then, if you don't have WMP 10, get it from Microsoft's download center. Once WMP 10 is installed, read security advisory 892313 and install the update for WMP 10 using the link in KB article 892313. Finally, read section 9.4 of Microsoft's WMP FAQ. Follow the instructions in bullet point 4 to turn off auto-acquisition. To do this in WMP, right-click the title bar, then click Tools, Options, Privacy, then turn off Acquire licenses automatically for protected content.

Users of Windows 2000 or 2003: First, use the new Microsoft Update (requires IE) to get the latest security patches for your OS. Then, upgrade to the latest version of WMP 9 using Microsoft's download center. Once the updated WMP 9 is installed, read security advisory 892313 and install the update for WMP 9 using the link in KB article 892313. Finally, read section 9.4 of Microsoft's WMP FAQ. Follow the instructions in bullet point 4 to turn off auto-acquisition. To do this in WMP, right-click the title bar, then click Tools, Options, Privacy, then turn off Acquire licenses automatically for protected content.

Users of Windows 98 SE and Me: WMP 9 will run on these OS versions, but 98 SE and Me are so old that Microsoft no longer supports them and I don't recommend them. There's no patch for WMP 9 on these operating systems. If you have a PC that's running 98 SE or Me, check whether it meets the hardware requirements for XP using Microsoft's upgrade center. If so, I urge you to upgrade to XP SP2 and WMP 10, even if you have to pay money for a retail copy of XP.

All users: Upgrading to the latest Windows security patches, which I recommend above as step one, eliminates other security holes that affect WMP. For example, being current with all patches stops WMP 9 from being infected by poisoned PNG images, as described in MS05-009. Also, Windows Update may already have installed patch 828026, which dates back to September 2003. Administrators should use the three Registry values described in the related KB article 828026 to stop WMP 9 from responding to URL script commands.

Note that even taking the steps above may allow some media files to display dialog boxes, which you must take care to answer correctly. As far as I'm concerned, no video is important enought to answer Yes to any dialog box a strange file opens, if WMP is the media player. (If you need an updated codec, download it separately from a legitimate source, such as the ones recommended by Microsoft in "How do I find a codec?")

If you're running XP SP1 or higher or 2000 SP3 or higher, you can restrict access to WMP, although you can't easily remove it. You do this using Windows' Set Program and Access Defaults feature. Follow the instructions in section 2.4 of the WMP FAQ.

By the way, don't bother using KB 190990, entitled "How to determine the version of Windows Media Player," to determine your version of WMP. Despite being revised as recently as Mar. 24, 2005, the article shows the wrong current version numbers for WMP 9 and 10.

After you've upgraded and patched WMP, you may also wish to install one of the third-party media players mentioned later in this article. Let the new player associate multimedia file extensions with itself so WMP never runs. That's the best you can do to keep audio and video files from automatically launching WMP. When security holes are discovered in the future, my guess is that other vendors will fix their problems quicker than Microsoft will.

iTunes isn't safe just because it's Apple

Apple software doesn't suffer from security flaws as often as Microsoft's does, but problems aren't unheard of. You need to stay abreast of Apple updates, especially for its popular iTunes media program, just as you do with Windows apps.

A flaw in iTunes was announced by Apple as recently as May 9, 2005. The problem allows a hacked MPEG4 file (.mp4) to silently install a Trojan horse on a computer. This wouldn't affect an iPod or other specialized MP3 player. Nor would it likely affect Apple's OS X operating system, which protects users from installing software unknowingly. But it would be a big problem in Windows, which by default runs with administrator privileges all the time, allowing viruses to quietly install themselves.

Fortunately, Apple released an upgrade, iTunes version 4.8, on May 9 to correct the problem on Windows 2000 and XP and OS X 10.2.8 or higher. Even better, Apple released iTunes version 4.9 on June 28, which is the first version that supports podcasting. You should upgrade iTunes to 4.9 immediately.

What to do: First, read the description of the MPEG4 problem provided by SANS and Apple. Then, upgrade to iTunes 4.9 using Apple's download page.

QuickTime can play more than videos

QuickTime is another Apple program, this one primarily used to display short videos. The application runs on both Windows and Mac and often comes preinstalled on PCs. It's also widely downloaded by people who want to view movie trailers provided by Hollywood studios and other content.

QuickTime was found in September 2004 to be hackable if it was used to display, of all things, a still-image bitmap file (.bmp). If you happened to load a poisoned bitmap, it could silently take over your PC while the image was being displayed as though nothing was wrong.

Apple released QuickTime 6.5.2 on Oct. 27, 2004, to correct the problem. Since that date, it's released QuickTime 7.0. But that version was found to allow media files to send data from your computer back to a hacker's Web server. The company released QuickTime 7.0.1 on May 31, 2005, to patch this.

What to do: Read Apple's descriptions of the problems corrected by QuickTime 6.5.2 and 7.0.1. Then upgrade to QuickTime 7.0.1 using Apple's download page.

Music and movies can hack RealPlayer

RealPlayer is one of the most popular media players on the market, with hundreds of millions of downloads of its free player and more than 2 million paying subscribers, according to a company statement.

But RealPlayer and other products made by RealNetworks have had a troubled history with security holes and privacy issues. The company lists on its security page more than a dozen patches that have been required for its media products, including RealPlayer and RealOne Player, in the past 2-1/2 years.

In addition, RealNetworks' software raises security issues for both companies and individuals. RealPlayer and RealOne Player are configured by default with Internet-access features that allow RealNetworks and its partners, such as NASCAR and CNN, to install additional software, according to WatchGuard Technologies.

Most recently, RealNetworks released patches for its software — including RealPlayer, realOne Player, RealPlayer Enterprise, and Rhapsody — on June 23, 2005. These programs, if unpatched, can let hackers access a PC if the user plays a hacked MP3 audio file or AVI video file, or even visits a Web site that plays multimedia content.

What to do: Read the descriptions of the latest security hole provided by eEye Digital Security and RealNetworks. Then review any patches that may apply to you on RealNetworks' security page.

Finally, upgrade any RealNetworks software you may have to the latest version that's safe. For example, RealNetworks' June 23 bulletin says these versions are not at risk: RealPlayer 10.5 (build 6.0.12.1212) and Rhapsody 3 (build 0.1141).

Winamp falls victim to sneaky MP3s

Winamp is such a widely used media player that it's listed as the 32nd most popular file at CNET's Download.com. Unfortunately, like the other player apps, Winamp, too, has had its share of programming blunders that exposed users to danger.

In the latest case, merely playing an MP3 file in Winamp can cause hacker code to silently run. This can potentially plant a Trojan horse on a computer, according to a July 14 analysis by a security research group in Croatia named LSS (Laboratorij za Sustave i Signale).

Winamp released a new version on July 19 that fixes the flaw.

What to do: Read the analysis by LSS, then upgrade to Winamp 5.094 using Winamp's download page.

C'mon, get it together, developers

Of all of the Windows applications we use, media players that simply play audio or video clips should be risk-free. It isn't asking too much for developers of these programs to subject them to thorough security audits and neutralize any possible threats.

Enjoying podcasts should be a simple matter that doesn't expose users to serious risks. We're not there yet, so — until that day comes — you need to give your media player periodic patches in order to use podcasts safely.

You might think that a podcaster would never risk losing audience share by including a virus in a regularly scheduled show. But a podcaster's PC might inadvertently get infected, adding a hidden virus to a file without anyone noticing until it had gone out to thousands of people.

In addition, viruses these days don't seek to erase a PC's hard drive. Instead, they aim to quietly take over the PC's bandwidth, and big dollars are at stake. Podcasters have already received financial offers to distribute adware within podcatching software, according to a public warning by Nick Bradbury, the developer of FeedDemon. We all have to keep our guard up against this threat.

To send us more information about podcasting, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.

^

FORWARDING INSTRUCTIONS — news gains value when it's shared

Please share this information with your friends
You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/050811.

^

WINDOWS GIZMOS — our product reviews of new stuff

New battery technologies lengthen life

By Brian Livingston

Advances in battery products may not make you live longer. But when one of my gizmos dies halfway through a flight, it kills me.

You may have a better survival rate — and your portable devices will, too — if you get the new high-capacity storage that's just come on the market. This week, I've found a multi-charger, some super-duper disposable batteries, and (unrelated to battery life) a USB hub that's packed with loads of ports.

		Recharge phones, PDAs, cameras, almost anything I've been looking for something that can keep all of my various gewgaws charged, and it looks like it's the Socket Mobile Power Pack (list $149). This slim device weighs only 11 oz. (312g) but packs 7,200 milliampere hours (mAh). That's good for about 10 Pocket PC recharges or 15 cell-phone recharges. The power pack comes with multiple cables plus AC adapters that fit U.S., U.K., Europe, and Australia wall outlets. It can also run MP3 players, cameras, and any 5-volt device that charges off a USB port. Socket Mobile Power Pack
		Double-strength batteries appear in U.S. We in the West have been waiting almost a year for Panasonic Oxyride Extreme Power batteries. They've already captured 10% of the market in Japan, but are just now appearing on U.S. shelves. In tests, PC World found the Oxyrides deliver more than twice the number of digicam pictures as Duracell Ultra Alkalines for the same price. They're not rechargeable, but they're 1/4 the price of NiMH batteries. That makes Oxyride AA and AAA disposables great when you just want your gadgets to keep going, and going, and... Panasonic Oxyride Extreme Power Batteries
		Get USB, FireWire, video, and speaker ports If your PC's ports are on the back — or even if they're on the front — you may find it a lot more convenient to have every conceivable port right next to you on your desk. The Nyko Multi Hub (about $55) comes with four USB ports, two FireWire ports (a 6-pin and a 4-pin for those little cameras), an S-Video connection to a TV, two PS/2 mouse and keyboard ports, and line-in/line-out. A power adapter is provided, too, which you'll only need if you really load this baby up. Nyko Desktop Multi Hub —————— For non-U.S. sources of information on a product reviewed above, enter the model name into a search box at one of the following links: Canada / U.K. / Elsewhere Windows Gizmos reviews only recently released products that create new market categories. Once enough competing products have emerged for comparative tests to be conducted, the results are summarized below in the Index of Reviews.

INDEX OF REVIEWS — our directory of product shootouts

External hard drives catch reviewers' eyes

By Vickie Stevens

We have hard drive reviews this week to help you store, backup, and transport important data. Ultimate Mobility Magazine tests portable hard drives, while PC World rates hard drives used for home and office backups.

We also have a variety of new reviews of LCDs, printers, scanners, GPS devices, and PDAs.

		PORTABLE HARD DRIVES Seagate receives Ultimate Choice award Ultimate Mobility magazine tests external hard drives small enough to fit into a pocket, but capable of holding a couple of month's worth of data. Of the five tested, its award goes to the Seagate 100GB drive. Seagate 100GB Portable Hard Drive (Ultimate Choice) Link to all ratings and full review
		BACKUP HARD DRIVES PC World awards drives as Best Buys PC World evaluates 16 external hard drives, divided into three categories based on connectivity and backup capacity. Two products stand out among those tested and are awarded Best Buy in their respective categories. Western Digital Dual-option Media Center (Single-PC backup, Best Buy, Score: 4.0/5.0) Maxtor Shared Storage Drive (External network backup, Best Buy, 3.5/5.0) Link to all ratings and full review
		17-INCH LCDs Sony impresses editors at PC Mag PC Magazine reviews four 17-inch LCD monitors with analog and digital interfaces, similar native resolutions, and prices under $650. The Sony's MFM-HT75W do-it-all display (it's both a monitor and a TV) gets the high score. Sony MFM-HT75W (Editors' Choice, Score: 4.0/5.0) Link to all ratings and full review
		PORTABLE PROJECTORS HP projector gets Ultimate Mobility nod Ultimate Mobility magazine helps make choosing an affordable, transportable projector easier with its their picks for 2005. Of the five favorites, only one is named Ultimate Choice by the magazine's editors. HP mp3220 (Ultimate Choice) Link to all ratings and full review
		INKJET PRINTERS PC Mag rates top inkjets for 2005 PC Magazine divides top-rated inkjets into three categories, based on print type and function. Canon i9900 Photo Printer (Photo printers, Editors' Choice, Score: 5.0/5.0) Epson PictureMate Deluxe Viewer (Photo printers, Editors' Choice, 4.5) Canon Pixma iP8500 Photo Printer (Photo printers, Editors' Choice, 4.0) Canon Pixma iP4000 (All-purpose inkjet, Editors' Choice, 4.0) Brother MFC-8840DN (All-in-one printers, Editors' Choice, 4.0) Canon Pixma MP760 Photo All-in-One (All-in-one printers, Editors' Choice, 4.0) Canon Pixma MP780 Photo All-in-One (All-in-one printers, Editors' Choice, 4.0) Link to all ratings and full review
		LASER PRINTERS New laser gets Editors' Choice In the laser printer category, two new models from HP and Ricoh (photo, left) are introduced into PC Magazine's list, both as Editors' Choices. Ricoh Aficio AP410 (Editors' Choice, 4.0) HP Color LaserJet 2600n (Editors' Choice, 4.0) Xerox Phaser 5500DN (Editors' Choice, 4.5) Samsung ML-2250 (Editors' Choice, 4.0) Link to all ratings and full review
		SLR DIGITAL CAMERAS PC World rates less-expensive SLRs PC World puts seven modestly-priced digital SLRs through an expanded battery of tests. Canon's Rebel XT is highly rated, and gets the Best Buy award. Canon EOS Digital Rebel XT (Best Buy, Score: 4.5/5.0) Link to all ratings and full review
		PDAs Pen Computing names nine Editors' Choice PDAs Pen Computing magazine reviews 40 PDAs to find the best one for each need. It finds offerings from Garmin, Dell, HP, palmOne, Tapwave, and AlphaSmart all excel. Garmin iQue M5 (Best GPS PDA, Editor's Choice) Dell Axim X30 (Best low-cost Pocket PC, Editor's Choice) Hewlett Packard iPAQ rx3715 (Best consumer Pocket PC, Editor's Choice) Hewlett Packard iPAQ hx4700 (Best professional Pocket PC, Editor's Choice) palmOne Treo 650 (Best Palm-based PDA Phone, Editor's Choice) palmOne Zire 31 (Best low-cost Palm, Editor's Choice) palmOne Zire 72 (Best consumer Palm, Editor's Choice) palmOne Tungsten LifeDrive (Best professional Palm, Editor's Choice) Tapwave Zodiac 2 (Discontinued, best gaming PDA, Editor's Choice) AlphaSmart Dana Wireless (Best student Palm, Editor's Choice) Link to all ratings and full review
		HANDHELD GPS DEVICES Garmin receives Smart Computing's highest rating The most recent Smart Computing tests include 12 GPS options ranging from standalone devices to units that work with work equipment you already have, such as a PDA or laptop. Garmin StreetPilot 2620 (Standalone) (Score: 5.0/5.0) Link to all ratings and full review
		SCANNERS Epson scaner excels in PC Pro tests PC Pro Magazine tests 10 scanners that are capable of scanning documents, photos, and slides. Only the Epson receives the magazine's Labs Winner award. Epson Perfection 2580 Photo (PC Pro Labs Winner, Score: 6.0/6.0) Canon LiDE 500F (Recommended, 5.0) Link to all ratings and full review
		POWER SUPPLIES PCE power-supply picks exceed benchmarks PC Enthusiast Magazine puts nine power supplies head to head. It finds that four models work beyond expectations, earning these models the PCE Power Pick award. PC Power & Cooling Turbo-Cool 510 SLI (PCE Power Pick, "stood above the rest") Thermaltake Silent PurePower (PCE Power Pick) Silverstone Zeus ST65ZF (PCE Power Pick) Emermax Noisetaker AX 2.0 (PCE Power Pick) Link to all ratings and full review —————— For non-U.S. sources of information on a product reviewed above, enter the model name into a search box at one of the following links: Canada / U.K. / Elsewhere The Index of Reviews summarizes only head-to-head comparative tests by respected industry reviewers, not individual ratings of single products. Vickie Stevens is research director of WindowsSecrets.com.

THE SECURITY BASELINE — the minimum you need for safe computing

ZoneAlarm 6.0 apps encounter install problems

By Brian Livingston

The latest version of ZoneAlarm products is beset with reports of incompatibilities and other problems.

I reported on July 28 that version 6.0 of the ZoneAlarm Security Suite was released. This version, for the first time, integrated antispyware functions with the product's existing firewall, antivirus, and antispam features. I also reported that the suite had already received a PC Magazine Editors' Choice award. Zone Labs, the product line's publisher, subsequently released its new standalone firewall product, ZoneAlarm 6.0, on Aug. 5.

Zone Labs' user forum has been humming with complaints from users that version 6 of the company's software has disabled other applications, interferes with POP3 e-mail downloads, and has other issues.

At the top of its user forum page, Zone Labs acknowledges that there are problems. "The cause appears to be related to the upgrade process, not the application itself," the company says. "Therefore, we recommend users experiencing difficulties uninstall any prior version of ZoneAlarm (v.2.x - v.5.x) residing on their computer system and do a clean installation of their new ZoneAlarm 6.0 product."

Uninstalling ZoneAlarm 6 can be tricky, so if you're having the above problems, please read Zone Labs' uninstall instructions page.

I'm grateful to the many readers who've passed their comments about ZoneAlarm 6 problems along to me. Particularly provocative were these remarks (edited for length) by Lorin Ricker:

"Please be aware that a major installation disaster has been unleashed on the ZoneAlarm Pro user community by Zone Labs' recent (Friday 8/5) release of ZAPro v6.0. For details, please see Zone Labs' User Forums under the topic 'Installation, Uninstallation and Upgrade.'

"This is a classic and major instance of a company shooting itself in the foot, as they've caused major time-and-effort loss, technical and practical headaches, and compromises of security for countless loyal product users.

"Although I certainly understand the degree of complexity in designing and implementing a kernel-mode security product like a personal firewall, for the life of me I cannot understand why upgrade installation processes should be so damn complicated and full of technical and operational pitfalls for the ordinary PC user. This is another example of technical engineering and product management doing a simply slipshod job of product delivery. Makes one suspect that Zone Labs has been infiltrated by Microsoft technical management! ...

"Given ZoneAlarm's tenure on the Windows Secrets Newsletter's Security Baseline and its prior position as a 2004 PC Magazine World's Best rated product, it's probably time to ask Brian and Paul the following question:

"In light of this recent ZA v6 release/installation disaster, what is the best personal/PC firewall (only, not a "suite") which could replace a ZoneAlarm Pro installation?

"Background: I believe that there are a great number of PC users who, for any number of reasons, do not think that the world revolves around Micro$oft, and who therefore do not use 'mainline' MS products like Outlook/Express, Internet Explorer, etc. This position naturally leads us to a 'security baseline' of products which do play well with alternative applications such as Firefox (anti-spyware such as CounterSpy), Thunderbird (antispam such as G-Lock SpamCombat), Panda Titanium antivirus, etc.

"Thus, in spite of the convenience to the nontechnical users out there who probably appreciate an all-in-one security suite product (whether it's individual components actually work well or not), many of us feel forced to use — or best off if we can use — individual, best-of-breed products to form our own security baseline.

"I hope this whole issue gets sufficient coverage in the next issue of the newsletter! Thanks!"

Which software is the best standalone personal firewall? I don't have a testing lab and I don't ordinarily test products. Instead, I scrutinize the ratings that are issued by respected reviewers who do have testing labs. These ratings are then summarized by me in the newsletter.

Prior to the release of Zone Labs' 6.0 version of its products, testers had overwhelmingly rated ZoneAlarm 5.5 as the best standalone software firewall. Since that version is still available and supported, people who are uncomfortable with the new "point-oh" release should stick with 5.5 (or revert back to 5.5). You can download free or trial versions of version 5.5.094 at the following locations: ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm Security Suite, ZoneAlarm Antivirus.

However, I think it's too soon to give up on ZoneAlarm Security Suite 6.0. Zone Labs will surely find and correct the incompatibilities soon. Not everyone who installs a 6.0 version of Zone Labs products is having problems. Those who do have problems seem to have installed 6.0 over a previous install. That should work fine, but in this case it apparently does not.

While many computer users are savvy enough to put together their own security suite from unrelated products, many other users are not. Most PC novices would benefit from having a single package that met all their needs for antivirus, antispam, antispyware, and firewall protection.

I invite my readers (who have test machines) to uninstall previous ZoneAlarm products and clean-install the new 6.0. As readers report their results — and as professional testing labs turn out new ratings — Zone Labs may continue to rise to the top of all security suites, or there may be a new winner. I'll let you know in future issues.

The Security Baseline as it stands

Based on the latest published tests, the four products a PC needs for comprehensive protection against hackers are (1) a Linksys hardware firewall, (2) ZoneAlarm Security Suite 6.0 (new info: but uninstall previous versions first, see above), (3) CounterSpy antispyware, and (4) an update-management tool of your choice. See details below.

		1. Hardware firewall. For small-office Wi-Fi networking, the most affordable secure firewall is the Linksys Wireless-G WRT54G router (left, about $55 USD street). To cover more than a few adjacent rooms, consider the Linksys WRT54GX ($160), which doubles the usual "g" range. Be sure to enable WPA or WPA2, either of which provide strong Wi-Fi security. (The older WEP is worthless.) For SOHO wired networking, a top-rated model is the 4-port Linksys BEFSX41 router ($65). All of these devices are PC Magazine Editors' Choice winners and support stateful packet inspection (SPI), an essential security feature.
		2. Security suite. The new ZoneAlarm Security Suite 6.0 (left, $69.95) has just received a refreshed PC Magazine's Editors' Choice as the best all-in-one software firewall, antivirus program, and antispam filter — now with antispyware scanning. (New info: Uninstall previous versions first, see above article.) PC World also listed the security suite in its "100 Best Products of 2005" awards. With ZoneAlarm Security Suite, there's no longer any reason to purchase separate antivirus, antispam, and software-firewall applications.
		3. Antispyware program. Sunbelt Software CounterSpy 1.0 (left, $20) is the most effective remover of spyware for individual PC users, according to reviews in Laptop Magazine and multiple rounds of tests by PC World. When used with the free HijackThis program, PC World says the two apps caught 100% of the unwanted malware. (HijackThis is an advanced program that's supported by free technical forums.) For small to medium businesses, Sunbelt's CounterSpy Enterprise ($255 for 10 machines) is top-rated by both eWeek and Windows IT Pro as a centrally managed program.
		4. Update management. For small to medium networks, Microsoft provides the free WSUS (Windows Server Update Services), which automates the downloading of critical patches for Windows, Office, and Exchange. For larger businesses, GFI LANguard Network Security Scanner (left, $375 for 25 users) is a broader product, top-rated by WindowSecurity.com and MCSE World. The latter site also publishes a helpful tutorial on LANguard NSS and Shavlik's HFNetChkPro ($900 for 25 users). Individual users should opt into the new, free Microsoft Update (which supercedes Windows Update) and also turn on the auto-download features of any installed apps they may have. —————— For non-U.S. sources of information on a product reviewed above, enter the model name into a search box at one of the following links: Canada / U.K / Elsewhere The Security Baseline section, which appears in every issue, summarizes the top ratings by trusted reviewers in four categories of products that every PC needs for protection against hacker attacks.

HERE'S A TIP — you'll get a better newsletter if you choose the paid version

You're reading the free version of the Windows Secrets Newsletter
Subscribers to the paid version receive additional information in each issue. Some of the extras this week are:

	Brian Livingston / Hot Tips. The best information available on making Windows work the way you want it to: • Have a problem? I'll print something about it • Support 16 VPNs with a single router • Should Microsoft coding problems be publicized? • Word of Cisco weaknesses travels fast
	Chris Mosby / Over the Horizon. The steps you need to take NOW to protect yourself, because patches aren't yet available for some known threats: • Windows vulnerabilities from several sources • Microsoft ActiveSync has security problems • USB drivers could attack computers • Severe hole in Windows 2000, 2003, XP SP1
	Susan Bradley / Windows Patch Watch. We tell you which official patches have problems and, more importantly, how you can work around them: • Microsoft forgets to sign a few patches • Microsoft Update is acting up, too • Two of this month's patches are essential to stop worms • Three patches re-released for Word Viewer, 2003, and OE
	Mark Burnett / Update Management. How you can use free or commercial software to automate patching and upgrading, whether you're responsible for 5 PCs or 50,000: • UR1 — not an update, not a service pack • When a rollup is not a service pack • Certain disadvantages come with UR1 • How to handle rollup deployment

Paid subscribers can access all old and new paid newsletter content
Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter.

To upgrade, simply make a contribution of any amount you choose
If you do this by Sept. 14, 2005, you'll instantly be sent the full, paid version of today's newsletter.

To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance.

^

WACKY WEB WEEK — playing for you the Internet's greatest bits

"Jeb's Jobs" is tech support on steroids
In a totally hilarious computer animation, tech support minion Jeb answers call after call from clueless PC users who won't let him catch a break. He finallly loses it in a most spectacular way!

The 2-minute video clip is the latest production by Nick Forshaw of Weakend Productions. It's completely work safe, especially if you work in the nutso kind of place depicted in this movie short. Jeb's Jobs

USEFUL LINKS — more stuff that's good to know

State e-mail taxes begin to bite (2 of 4)
The two states that have imposed an e-mail tax start to collect the tax this month. These laws will certainly have no effect on spam, but will affect only legitimate senders of e-mail. (By Brian Livingston, Datamation) More info

How Utah, Michigan legislators got fooled (3 of 4)
Residents of Utah and Michigan are likely to get less legitimate e-mail, but receive more spam, under new state laws. (By Brian Livingston, Datamation) More info

Internet Explorer 7 Beta 1 Review
Discover all the new features in Internet Explorer 7.0 Beta 1 — both the standalone version and the version that ships in Windows Vista Beta 1 — in my latest review. (By Paul Thurrott, SuperSite for Windows) More info

^

ABOUT YOUR SUBSCRIPTION — we're here to serve you

The Windows Secrets Newsletter (formerly Woody's Windows Watch and Brian's Buzz on Windows) is published twice a month, except for breaks in August and December. The newsletter is published on the Thursday after Microsoft Patch Tuesday (the 2nd Tuesday of each month) and two Thursdays after that. A short "newsletter update" is sometimes published between regular newsletters, if breaking news occurs.

Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor: Brian Livingston is the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. Associate Editor: Paul Thurrott is the author of Windows XP Home Networking and Great Digital Media with Windows XP and the author or coauthor of several other books. Contributing Editors: Susan Bradley, Mark Burnett, Chris Mosby. Research Director: Vickie Stevens. Program Director: Brent Scheffler.

Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Briefing Session, Windows Patch Watch, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/info.

Our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All unsubscribe requests are always honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit WindowsSecrets.com/unsubscribe.