|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION Brian named Entrepreneur of the Year 
By Vickie StevensWe must be doing something right. Our editor, Brian Livingston, was named 2006 Entrepreneur of the Year at the Internet Content Summit this week in New York City. The conference — sponsored by MarketingSherpa.com, a research firm for the marketing industry — made the award because of our newsletter's advocacy of what we call "the contribution model." 
Anne Holland, moderator of the Internet Content Summit, presents the Entrepreneur of
the Year award. (Click to enlarge.) Photo by Peter Serling.
We allow anyone to upgrade from the free newsletter to the paid version by making a contribution of any amount the reader feels it's worth. This allows affluent readers, who contribute higher amounts to support our Windows research, to subsidize less-fortunate readers who can't contribute as much. As the award winner, Brian gave a keynote address on the first day of the conference (photo). Other speakers at the summit included representatives of NYTimes.com, Reuters.com, ConsumerReports.org, and similar large subscription sites. This recognition makes us even more committed to letting anyone get our paid newsletter by making any contribution they wish. We want as many people as possible to have the secrets we dig out and publish in every issue. How to upgrade For more photos and info on the Entrepreneur of the Year award, visit our Internet Content Summit page. Good-bye gizmos, hello ad links With this issue, we're discontinuing our Windows Gizmos and Index of Reviews sections. Since January 2005, these sections have summarized the reviews of new products by respected computer testers. These columns no longer seem necessary. Two years ago, a search such as lcd monitor reviews at Google led you mainly to sites that were merely selling LCDs. Today, including the word reviews in a Google search, or using a specialized engine like Shopping SuperPages, actually displays several objective tests in the top 10 listings. |
Windows Secrets NewsletterIssue 75 2006-05-11 Contents (Scroll down to Index) INTRODUCTION Brian named Entrepreneur of the Year TOP STORY When Automatic Updates can be harmful SECURITY BASELINE The Security Baseline as it stands OVER THE HORIZON Patch one and find two more PATCH WATCH Flash causes headaches for home patchers PERIMETER SCAN Some excellent reasons to update Firefox USEFUL LINKS How good is Goodmail, really? WACKY WEB WEEK Warning: 4-second games may be addicting YOUR PREFERENCES About your subscription Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to unsubscribe Circulation: over 140,000 |
|
Something that bothered us was that many readers thought our Windows Gizmos and
Index of Reviews columns were paid advertising. They weren't — they were always
our own editorial commentary — but perception is important. So, although our
test summaries are
being retained on our Reviews pages, they're being removed from the newsletter. (If you'd like
to continue these features by moving them to your own site or newsletter, let us know
via our contact page.) By spending less of our time writing reviews of consumer electronics, we can focus even more on the secrets of Windows. To stay abreast of new products, we are now allowing readers to place actual ads. We will always prominently label these as "Advertising," similar to the way Google identifies its ads as "Sponsored Links." Starting with our May 25 issue, if your company comes out with a new Blu-Ray DVD drive or whatever, you can place a notice here to let our 140,000 subscribers know. If you have any feedback about our ads, please let us know using our contact page. To place an ad, please visit our advertising page. Thanks. —Vickie Stevens, Research Director |
|
ADVERTISEMENT
|
|
TOP STORY When Automatic Updates can be harmful 
[Editor's Note: While I'm in New York City attending the Internet Content
Summit — see above — Woody has contributed the following incendiary article
for our top story. Let us know what you think! —Brian Livingston]By Woody Leonhard For years I've been advising Windows consumers to disable Automatic Updates: Keep Microsoft's mitts off your machine until you're darn sure the proffered patches do more good than harm. I've taken a lot of flak for that heretical stance, vilified for intimating that Microsoft's patching process leaves consumers in the lurch. Bah. Recent events have proved my point conclusively: Windows auto-update is for chumps. The auto-update process Take a second right now to check your auto update settings. Click Start, Control Panel, Security Center. Don't click the Automatic Updates bar at the top — Microsoft has the dialog box rigged to turn on auto-updating if you click around indiscriminately. Instead, click the "Automatic Updates" line at the bottom of the Security Center. Windows shows you an official-looking dialog box — "Help Protect Your PC," it says — with a cheerful good green shield at the top and a naughty bad red shield at the bottom. If you're setting up Windows for your Great-Aunt Millicent who frets that playing Solitaire will lock up her PC, go ahead and click "Automatic (recommended)" and resign yourself to your technical co-dependent relationship. But if you're even moderately conversant with Windows — certainly if you're reading this newsletter — check one of the other buttons. I recommend "Notify me but don't automatically download or install them." That way I have two chances to catch myself before installing everything Microsoft pushes out the Patch Tuesday door. With auto updates disabled, the next time Microsoft has a "critical" patch that it wants to push onto your machine, a balloon will pop up out of a yellow shield in the system tray, next to the clock at the bottom of the screen. The balloon will ask your permission to download and/or install whatever software Microsoft has on offer. Your job is to refrain from giving that permission until millions of clueless Windows users have an, uh, opportunity to beta test Microsoft's latest missives. What happened last month, Part I Permit me to summarize the Windows Automatic Updates Out-of-Box Experience of the past month, from a consumer's perspective. On April 11, 2006 — a Patch Tuesday that will live in infamy — Microsoft released four collections of patches. Two were relatively innocuous, at least for Windows consumers. One of the patch collections, MS06-016 (917288), "patched" Outlook Express on some PCs so well that OE couldn't open its address book. Many people who had Windows set for automatic updating got up one morning, sat down at their PCs, downloaded their mail, and suddenly discovered that they couldn't reply to messages. Every time they tried to get into their address books, Windows just sat there. Without their knowledge, Microsoft had simply reached into their PCs and broken Outlook Express. No warning. No thank you very much. No nuthin'. The other patch collection, MS06-015 (911562) contained a new, inadequately tested Mr. Hyde version of a program called verclsid.exe that wreaked all sorts of havoc on some machines: • Windows Explorer would freeze when attempting to get into My Documents or My Pictures. • Word and Excel would freeze when trying to open or save a doc in My Documents. • Internet Explorer would freeze unless you typed http:// in front of a Web address. And so on. Microsoft's lengthy error list is at KB 918165. That article currently sits at version 4.2, having undergone three major revisions and then some — a sure sign that the error list itself had numerous errors. Although the MS06-015 patch was officially released on Tuesday, Apr. 11, it wasn't pushed out the Automatic Update chute in the U.S. until that Saturday or Sunday. Lots of people trying to finish their income taxes over that last-minute April 15 "tax weekend" ran scrambling for alternatives when they discovered they couldn't use Excel or Internet Explorer. What happened last month, Part II Last month's auto-update debacle doesn't stop there. For the first time in history, Microsoft released a passel of three more patches, out of cycle, two weeks after Patch Tuesday. Except, er, uh, two of the three "critical patches" weren't really critical patches at all. The first patch patched the MS06-015 patch by jiggering a couple of Registry settings. Microsoft gave fair warning — the fix was widely anticipated and appears to stop the insanity generated by the original patch. Victimized Windows consumers who left automatic updates on suddenly discovered, almost two weeks after the original botch job, that Word and Excel and Windows Explorer and Internet Explorer started working properly again. Magic. The second mid-month out-of-sequence patch still leaves me scratching my head. Microsoft pushed an obscure five-month-old patch through the automatic update system, with no forewarning, no explanation, and no reason that I can discern. That patch (900845) replaces a program called aec.sys, which is an acoustic error-canceling driver, of all things. My guess — and it's only a guess — is that Microsoft somehow accidentally released this patch into the Automatic Updates food chain. Kinda makes me shudder. The third mid-month "critical update" patch — which also got shoved onto all PCs with automatic update activated — isn't a patch at all, critical or otherwise. It's the new version of Windows Genuine Nagware, er, Windows Genuine Advantage. With this little gem installed (905474), if Microsoft's computers can't verify your copy of Windows, your desktop gets plastered with all sorts of irritating, incessant nags. As far as I can tell there was little, if any, advance warning that this "critical update" (yeah, sure) was going to get rammed down U.S. users' throats in an out-of-cycle mid-month automatic update. I could find nothing but this press release, dated the same day Windows Genuine Nagware spewed down the Automatic Updates chute. From where I stand, Microsoft has shown that it'll use Automatic Updates to shove any software change onto any system that it darn well pleases, any time it likes. This isn't a conspiracy theory. Microsoft isn't a monolith. There's no Big Brother or master plan behind it all, no Mini-Me lurking in the shadows. Instead, what we're seeing is a bunch of stupid decisions, propagated to a hundred million PCs, by people who have demonstrated, repeatedly, that they can't be trusted with the task. There is a better way Keeping your PC working well is a tough job. You know that. Big companies employ network admins who get to wrangle with Microsoft's offal before updating company computers. It's a tough, thankless job. But what of us lowly individual Windows consumers? We're left holding the bag. Cannon fodder. We're the folks who get hit with the bugs — the unwitting beta testers for Microsoft's frequently ill-prepared patches and funny little nagware programs, too. I say it's time for Windows consumers to take their patching destinies into their own hands. Turn off Automatic Updates. Sit and watch and listen, and judge for yourself when it's time to patch or not to patch. Keep your eyes on this newsletter, on my Microsoft Patch Reliability Ratings page, watch the newsgroups, and any other places you can find that have an independent point of view. Listen to people you know and trust before letting Microsoft monkey around with your PC. My critics will have you believe that failing to patch Windows at the very moment Microsoft pushes a patch down the automatic update chute will leave you poor, helpless, befuddled and (worst of all!) vulnerable. Poppycock. Microsoft itself waits to see if its newly released patches cause problems before sending them through auto-update. The major problem: they don't wait long enough! Very, very few people get hit with exploits based on newly announced security holes shortly after Microsoft's patches appear. Yes, you need to patch your system. No, you don't need to do it right away, particularly if you keep the rest of your security arsenal updated and working properly. Take your time. The machine you save may be your own. Woody's Leonhard writes books about Windows and Office. His most recent works are Windows XP All-In-One Desk Reference For Dummies, Windows XP Timesaving Techniques For Dummies, Windows XP Hacks & Mods For Dummies, Office 2003 Timesaving Techniques For Dummies, and Special Edition Using Office 2003 (with Ed Bott). |
|
ADVERTISEMENT
|
|
FORWARDING INSTRUCTIONS Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/060511. |
|
THE SECURITY BASELINE The Security Baseline as it stands  By Brian LivingstonBased on the latest published tests, the best four products to give your PC comprehensive protection against hackers are (1) a Linksys hardware firewall, (2) ZoneAlarm Security Suite 6 (or Panda Platinum Internet Security 2005, which recently received a high rating in PC World tests), (3) Webroot Spy Sweeper for antispyware protection, and (4) an update-management tool of your choice. See details below.
|
|
HERE'S A TIP You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are: 
Chris Mosby / Over the Horizon.
The steps you need to take NOW to protect yourself, because patches aren't yet available for some known threats:• Patch one and find two more • IE 'object' tags cause memory corruption • IE redirection flaw can disclose information • Firefox may show local resources 
Susan Bradley / Patch Watch. We tell you which official patches have problems and,
more importantly, how you can work around them:• Flash causes headaches for home patchers • Exchange patch haunts Blackberry admins • Running a beta is not the answer • Antispyware being replaced by Defender 
Ryan Russell / Perimeter Scan.
How you can use free or commercial software to automate patching and upgrading,
whether you're responsible for 5 PCs or 50,000:• Some excellent reasons to update Firefox • Firefox exploits are in the wild • Older versions are the ones affected • Upgrade to Firefox 1.5.0.3 Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose If you do this by May 24, 2006, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. |
|
ELECTRONIC BOOKSHELF — new e-books from the editors 
Spam-Proof Your E-Mail Address, 2nd Ed.This 32-page e-book by Brian Livingston gives you step-by-step instructions that can eliminate 97% of the spam that would otherwise clog your e-mail account. You could call it "Livingston's Spam Secrets." The PDF-format e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can actually reduce your volume of spam to practically nothing, not just battle an unstoppable and ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info |
|
USEFUL LINKS How good is Goodmail, really? A grand experiment in "pay-to-play" e-mail will begin in the next few days. The results will influence how we communicate for years to come. (By Brian Livingston, Datamation) More info Sender ID, DomainKeys are hammering spam Two authentication technologies are making it easier to separate genuine e-mails from unwanted junk. All serious senders of mass e-mail will have to adopt both techniques soon. (By Brian Livingston, Datamation) More info |
|
WACKY WEB WEEK
|
|
ADVERTISEMENT
|
|
ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Security Baseline, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/info.
|
