Windows Secrets logo

 

 

   
       
   
Windows Secrets Newsletter • Issue 155 • 2008-06-05 • Circulation: over 275,000

On the Way book excerpt
Get the secret history of the Internet

We've obtained for our readers a 47-page excerpt from a forthcoming book that has phenomenal inside info on the early days of the Net. On the Way to the Web: The Secret History of the Internet and Its Founders (photo, left) won't be available in stores for weeks. But Windows Secrets readers can get the best chapters now.

All paying subscribers — and all free subscribers who upgrade to paid — can get our bonus download at no extra charge until July 2.

Paid subscribers: Download your bonus
Free subscribers: Upgrade to get the bonus
Info on the printed book: United States / Canada / Elsewhere
   
     
Table of contents
 INTRODUCTION: Hong Kong readers: meet with me on June 15
TOP STORY: Outlook Web Access corrupts HTML attachments
WACKY WEB WEEK: You want me to spell what?
PATCH WATCH: XP Service Pack 3: not yet ready for prime time
BEST SOFTWARE: Transfer mammoth files reliably for free
WOODY'S WINDOWS: The hardware way to boost your productivity
PERIMETER SCAN: Take the mystery out of network-traffic analysis
PERMALINKS: Send these links to your friends and co-workers
YOUR SUBSCRIPTION: How to change your address or unsubscribe

    
   

You're receiving only our free content. Use the following link to get all of our paid content immediately:

How to get our paid content

    
   
ADS
Over 100 million scans run at PC Pitstop   Over 100 million scans run at PC Pitstop
 Since 1999, over 100 million PC performance scans have been run at PC Pitstop. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now and in just minutes receive a custom report showing you how to keep your PC running at peak performance.
 PC Pitstop

Awesome new computer-training DVD set   Awesome new computer-training DVD set
 Over 50 hours of computer-training videos on these two DVDs. You'll get a professional walk-through of all these subjects: Windows XP, Access, Word, Excel, Power Point, Dreamweaver MX, Flash MX, Photoshop 7.0, Photoshop CS, Visual Basic, and eBay.
 Software Tutoring DVD

So lifelike, you'll swear they're real   So lifelike, you'll swear they're real
 Amazing fish, turtles, sharks, and jellyfish — so vibrant, so lifelike, you'll swear they're real! No complicated setup or cleanup required. Just pick your tank and as many fish as you want. Download AquaZone, your virtual aquarium for Windows.
 Aquazone Desktop Garden

See your ad here

    
   
INTRODUCTION

Hong Kong readers: meet with me on June 15

Brian Livingston By Brian Livingston

For many moons, I've wanted to hold a series of free seminars for Windows Secrets readers in various cities of the world.

I don't really have an entire series worked out yet, but I'm doing kind of a trial run by offering a meeting with newsletter subscribers on June 15 in a single city: Hong Kong.

As you may remember, we gave four lucky readers in 2007 a Fred Langa Housecall — a one-on-one free seminar with our former editor, who wanted to discover the breadth of North America on his motorcycle before retiring from computer writing. We used the locale (country and postal code) that our subscribers had entered on their Windows Secrets preferences page to help decide where on his U.S. and Canada tour Fred would stop.

This year, if I held a free seminar in, say, Manhattan, I don't know whether 10 or 10,000 readers would show up. So I've decided to start small in Hong Kong, a place where we have only about 200 subscribers.

Hong Kong skylineMeeting with Brian Livingston
Sunday, June 15, 2008, 2:00–3:30 p.m.
Excelsior Hotel
281 Gloucester Road (near Causeway Bay metro station)
Hong Kong, PRC
Business Center, 33rd Floor, room number to be announced
(photo courtesy of the Excelsior)

If this little beta test works out, I hope to arrange meetings in future months in California, New York, London, Toronto, Sydney, and elsewhere. Let's see how this first one goes.

As a seminar, my June 15 meeting is more like a "listening tour." There won't be any PowerPoint slides and I'm not selling any products or services. My goal is to learn from Windows Secrets subscribers how they use Microsoft's operating system and how we can give you better information. It'll just be me and a few readers, talking.

Considering that Hong Kong can be an expensive place, the Excelsior has offered us a private meeting room at a nominal rate. To guarantee an accurate count, Windows Secrets is collecting for pre-registration just $9 U.S. (about 70 Hong Kong dollars) per person, which is our cost for the tables, chairs, etc.

Yes, I'm sure if I actually knew a soul on the island, I could probably find something cheaper. If I can make future seminars truly free, I will.

Space is limited, and only Windows Secrets Newsletter subscribers may register. (Of course, anyone may subscribe for free to become eligible.) To let me know you're coming, use the following link by 5 p.m. June 10 Pacific Time/8 a.m. June 11 Hong Kong Time:

Use this link to pre-register

Would you like Windows Secrets to hold a free seminar near you one of these days? Be sure your country and ZIP/postal code are correct in your WS preferences, so we can make plans. Visit your preferences page

Thanks for your support!

Meet Becky Waring, our newest columnist

This week's newsletter marks the arrival of a new columnist with more than 20 years of experience as a tech writer and editor. Becky Waring will alternate with Scott Spanbauer in writing the Best Software column in our paid content.

Becky has been a frequent contributor to PC World, CNET, USAToday.com, Macworld Magazine, and many other tech publications and Web sites. From 2003 until just a couple of months ago, Becky was executive editor of JiWire.com, a leading Wi-Fi directory service. She also served as editor of New Media magazine.

In the Best Software column, Becky will put new freeware, shareware, and Web services to the test. This week, she tackles file-transfer services and identifies two that are a cut above the competition. As you'll soon learn from reading her reviews, Becky has a real knack for finding a program's best and worst features. I know you'll enjoy her work.

 Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Table of contents

    
   
ADS
Instantly fix driver problems   Instantly fix driver problems
 Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
 Drivers HeadQuarters

Recover Windows passwords   Recover Windows passwords
 Did you forget your Windows administrator/user password? Want to find your PC's BIOS/CMOS password? Recover e-mail, MSN, IE, and Google Talk passwords with ease. Locate any software product key on your PC. Solve password problems with Password Genius.
 Spotmau Password Genius

See your ad here

    
   
TOP STORY

Outlook Web Access corrupts HTML attachments

Scott Dunn By Scott Dunn

The "Safe HTML" filter in Microsoft's Outlook Web Access for Exchange Server deletes code from HTML attachments without warning.

Microsoft claims the filtering protects users by removing malicious elements, but the deletions can ruin a collaborative project and the "feature" isn't present in any other Microsoft mail products.

Microsoft Exchange stealth-edits your e-mail

If you use Microsoft's Outlook Web Access (OWA) to send someone an HTML file, don't expect them to see any of the file's comments or scripts. The file you receive may look completely normal, but Microsoft has edited the comments from the file along with other material the company considers dangerous.

It gets worse. According to Microsoft Knowledge Base article 899394, OWA may corrupt the structure of the message, remove some advanced functions, and eliminate other harmless content in the message itself or any attachments.

"Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access," the article states bluntly.

You needn't even view the attachments to have them modified by the service. Merely right-clicking an attachment and saving it to your computer causes the file's code to be stripped. Microsoft calls this feature of OWA "Safe HTML" filtering.

OWA is a component of Microsoft Exchange Server that provides a browser-accessible version of Microsoft Outlook for anyone who needs to access mail, calendar, and contact info remotely.

The filtering is intended to eliminate malicious scripts and "all potentially unsafe content" from the e-mail messages OWA receives, according to the Knowledge Base. However, as the KB article concedes, some "non-malicious content" may be removed in the process.

The feature was introduced with Exchange Server 2003, but remarks on a forum at MSExchange.org indicate that the filtering is still part of Exchange Server 2007. In one post, a user complains that OWA 2007 is removing JavaScript embedded in his HTML attachments.

It's annoying enough to have the JavaScript edited out of your HTML files, but it's difficult to comprehend how HTML comments, which are not executable, could contain malicious content.

HTML comments start with "<!--" and end with "-->". They cannot contain the characters "--" or ">". The comments are not visible in a browser unless you view the page source. They can also be seen if you open the file in a word processor or other text or HTML editor.

Such comments allow Web developers to insert instructions, feedback, and other information that may be useful to clients or co-workers. For example, a page's visual designer could use comments to give coding instructions or feedback to the page's HTML coder.

If the intended recipient of a comment receives the file via OWA, the page will look normal in a browser, but its HTML code will have no JavaScript or comments at all. OWA provides no warning of the deletion, so the recipient has no idea that the file ever contained any comments.

At least you'd know something is wrong with the file if the e-mail program blocked or deleted the attachment, popped up a warning, or added its own warning comments to the attachment. Simply editing the attachment without warning can be completely misleading to anyone who isn't aware of this "feature."

Outlook and other e-mail clients automatically block attachments with certain extensions, such as .js for JavaScript. But in these cases, a warning appears in the mail explaining that the attachment has been blocked.

Safe HTML filtering is found only in OWA. Neither the desktop version of Outlook nor Microsoft's other mail products (Windows Live Hotmail online and the downloadable Windows Live Mail) edit the content of messages or their attachments. Consequently, users of OWA have no precedent to prepare them for or warn them about this behavior.

Stealth security does customers a disservice

Why would Microsoft create one version of Outlook that differs so significantly from the others? For that matter, why include this feature in only one of the company's many mail products?

The Microsoft Knowledge Base article states:
  • "The filtering in Outlook Web Access for Exchange Server 2003 is more rigorous than the filtering in Microsoft Office Outlook 2003. The reason is that the Outlook Web Access browser interface has more security requirements than the Outlook 2003 interface."
Unfortunately, the article does not explain why the OWA security requirements need to be stricter than those for Outlook itself. If the browser-based version of Outlook is inherently riskier than the desktop version, why isn't Safe HTML filtering used in Microsoft's other Web mail products?

No easy way to preserve your HTML files in OWA

The only workaround offered by the KB article is to post files that you don't want corrupted to a shared network resource and then send the recipient a link to that location via e-mail.

An alternative is to compress your HTML files into a .zip file prior to sending them as e-mail attachments; OWA does not edit the contents of compressed files.

Of course, people expect the files they send via e-mail to be delivered in the same condition in which the files were sent. If a file can't be sent for any reason, customers have every right to expect a warning or explanation.

OWA does neither. The service silently edits perfectly safe comments while giving the impression that your e-mail and attachments have arrived in the same state they were sent in.

It's time for Microsoft to provide clear warnings of this behavior as well as an option for turning the "feature" off.
Readers receive gift certificates for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

 Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine.

Table of contents

    
   
ADS
Learn and play with the best   Learn and play with the best
 Bridge Baron is a five-time world computer bridge champion. Practice over 40 skill levels. Choose from 500 deals and 5 tournaments. Use 95 optional bidding conventions. Learn 7 bidding systems. Master bridge with ACBL's only top-ranked program.
 Bridge Baron

Get your product seen by 275,000 readers   Get your product seen by 275,000 readers
 Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 275,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
 Windows Secrets Newsletter

See your ad here

    
   
TELL A FRIEND

How you can share this information

 We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/080605

 		   
   
EDITOR'S BOOKSHELF

Windows Vista Secrets Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed. Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

    
   

Table of contents

   
   
PATCH WATCH

XP Service Pack 3: not yet ready for prime time

Susan Bradley By Susan Bradley

The growing list of XP SP3-related glitches being encountered by users should give pause to anyone thinking of downloading and installing the update.

If you've kept XP patched from week to week, there's presently no clear advantage to implementing the OS's latest service pack, though you'll want to do so eventually.

When should you install XP Service Pack 3?

Since its initial release a little over a month ago — as I reported in last week's special news update — XP Service Pack 3 has been plagued with reports of problems among early adopters. Considering that the service pack's most important enhancements relate to computers on corporate networks, you may be wondering whether you need XP SP3 at all.

It comes down to a question of support: Microsoft supports each service pack for two years following the release of its successor. Thus in the spring of 2010, XP SP3 will be the only XP service pack that Microsoft will support. In addition, Microsoft has stated it will offer free support for those facing XP SP3 installation issues through April 2009.

If you have already installed XP SP3 and haven't experienced any problems related to AMD processors, Norton AntiVirus's SystemProtect, or any other service-pack glitch, you don't need to remove SP3. However, if you haven't yet installed XP SP3, hold off.

Instead, scroll down the Windows Update page each Patch Watch Tuesday and choose to install updates that do not include XP SP3. I'm starting to hear more reports of SP3-related driver problems. For example, Microsoft's Knowledge Base article 951822 describes a free hotfix for a problem encountered when using certain models of Citizen or Alps printers after XP SP3 is installed.

Bottom line: if you've installed XP SP3 and your PC is working fine, leave it alone. However, if you suspect SP3 has caused your system to act up, remove it via XP's Add or Remove Programs applet. Finally, if you haven't installed SP3, it's perfectly okay to wait until all the wrinkles are ironed out.

A fix for constant XP reboots

If your Windows XP machine keeps rebooting after you install SP3 and it's not due to the problem with AMD-based systems I reported on earlier, you have a couple of options.

Press F8 just as the system starts and check "Disable automatic restart on System Failure." If this option isn't available, reboot, press F8 again, and select the Safe mode option, which loads Windows without certain drivers.

Once Windows opens in Safe Mode, go to the Add or Remove Programs applet in Control Panel and remove XP Service Pack 3. If that stops the reboots, you know your issue is SP3 related and you need to contact Microsoft about it via the links I list below.

If you have one of the offending AMD machines and you're unable to enter Safe Mode, return to the startup menu by pressing F8 as the system starts and choose the Recovery Console option. Detailed instructions can be found here. When the Recovery Console opens, enter the commands as listed in Jesper Johansson's blog post on XP SP3.

To get help from Microsoft for problems related to XP SP3, follow one of these links:
 Once you're on one of the above pages, click Select a Product, choose Windows XP, and click one of the options for Windows XP Service Pack 3.

Just remember, there's no rush to deploy this service pack.

Readers report their own XP SP3-related problems

Following last week's special edition of the newsletter, Windows Secrets technical editor Dennis O'Reilly heard from many readers who have experienced their own XP SP3 headaches. R. Fraile's problems were related to his antivirus program:
  • "Threatfire caused problems for me. Crashed during the update, but I was able to uninstall it. Tried again without Threatfire and [XP SP3] installed fine. However, when I reinstalled Threatfire, Explorer and Firefox would crash after working for a few minutes, taking the system down and requiring physically pulling the power cord."
Reader John E. Mrochek wasn't as lucky in tracking down the source of his XP SP3 woes:
  • "I attempted to install SP3 on a Dell Inspiron E1705 laptop with XP Media Center. Four install [attempts] failed on a fully updated XP SP2. No new software was installed previous to the update, disabled AVG antivirus and Zone Alarm."
Finally, Connie Smith wrote to tell us about the problems she experienced using Microsoft Office 2000 and Internet Explorer 7 after installing XP SP3:
  • "At home, Word would only open part way and no documents could be retrieved. I fought it for a week and finally bought Office 2003, which I had planned to do some time this summer anyway. [I] removed Office 2000, installed Office 2003, and all works fine.

    "At work, IE 7 won't close and locks everything up. The only way around it is to minimize [the program] and close down. Task Manager has been no help, as it shows IE is not running when the screen shows a partial image or full page but [is] locked up. I haven't found an answer for that yet."
Old Flash versions may be vulnerable to attack

When you click this link, if it says anything other than "9.0.124.0" under "Version Information," go to this page and download the latest version of Adobe's Flash player.

Be sure to uncheck the option to download the Google Toolbar, which is prechecked for your "convenience" whether you want this toolbar in your browser or not.

There was a lot of discussion earlier this week about whether people using an earlier version of the Flash player were vulnerable to a possible "zero day" attack, as reported initially by Symantec. Later it was determined that as long as you have the latest version, you are safe.

Older versions of the player risk getting hit by malicious advertisements. To check whether you have a version of Flash that is vulnerable, visit Adobe's test page to ensure that yours is version 9.0.124.

Note that Windows XP SP3 will reinstall an older version of the Flash player, as stated in this Incidents.org diary entry blog. However, if you have installed the latest version 9.0.124 beforehand, SP3 will not make the older version of the player the default on your system.

It's a bit confusing right now trying to determine whether a specific PC is or isn't vulnerable to a malware attack, but the tests above should ensure that the system has the patched Flash version.

Vista's application compatibility improves

Vista Service Pack 1 was released several months ago, but the monthly application compatibility patches for Vista continue. In fact, one patch that was released last month helped me out at the office.

Knowledge Base article 894199 lists all the Vista patches released as of the end of May. The fix that caught my eye was the Application Compatibility Update for Vista and Windows Server 2008, KB 947562, which blocks older versions of Web Spy Sweeper and enhances compatibility with the RealVNC Server remote-control software.

I use RealVNC Server to control my Macintosh computer remotely from my Windows Vista PC, so I was glad to see that update.

None of the patches that were released at the end of May caused any major headaches or hiccups that I'm aware of. Unfortunately, we can't say the same about XP SP3.
Readers R. Fraile, John Mrochek, and Connie Smith will each receive a gift certificate for a book, CD, or DVD of their choice for sending letters we printed. Send us your tips and comments via the Windows Secrets contact page.

 The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.

Table of contents

    
   
WACKY WEB WEEK

 You want me to spell what?

spelling error  As exciting television goes, spelling bees aren't more than a notch or two above watching Congressional debates on CSPAN. They may lack the grimaces of mixed-martial-arts contestants, but in recent years the pre-teen contestants of the Scripps National Spelling Bee have supplied some high-level drama — and hilarious bloopers.

This year, the 13-year-old champion Sameer Mishra shows just how important it is to ask the word's language of origin. "Can you use that in sentence please?" Play the video

Table of contents

    
   
PERMALINKS

The following topics appear in our free content

INTRODUCTION   Hong Kong readers: meet with me on June 15
  Meet Becky Waring, our newest columnist
   
TOP STORY   Outlook Web Access corrupts HTML attachments
  Microsoft Exchange stealth-edits your e-mail
  Stealth security does customers a disservice
  No easy way to preserve your HTML files in OWA
   
PATCH WATCH   XP Service Pack 3: not yet ready for prime time
  When should you install XP Service Pack 3?
  A fix for constant XP reboots
  Readers report their own XP SP3-related problems
  Old Flash versions may be vulnerable to attack
  Vista's application compatibility improves
   
WACKY WEB WEEK   You want me to spell what?
   
You get all of the following in our paid content

BEST SOFTWARE   Transfer mammoth files reliably for free
  The challenge: transfer a 2GB video file
  The pros and cons of the top two services
  The also-rans can't accommodate monster files
   
WOODY'S WINDOWS   The hardware way to boost your productivity
  The saga of the perfect keyboard
  Building a better keyboard, one key at a time
  The best alternative to the long-gone OmniKey
   
PERIMETER SCAN   Take the mystery out of network-traffic analysis
  Identify the apps that are reaching out
  Link a program to its network connection
  The program's network-monitoring blind spots
   
It's easy to get all our paid content! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we just want as many people as possible to have this information.

 Ricardo A portion of your support helps children in developing countries
In the month of June 2008, a portion of your contributions help Windows Secrets sponsor 7-year-old Santos (photo, left) and his community in San Salvador, Nicaragua. The second poorest country in Latin America, Nicaragua has struggled to support its growing population.

Our sponsorship of Santos through the Save the Children Foundation will benefit early childhood development programs in San Salvador, which provide educational and nutritional assistance. Each month, we send a full year of sponsorship to a different child. More info

 To upgrade, simply make a contribution of any amount you choose
If you do this by June 11, 2008, you'll instantly be sent the full, paid version of today's newsletter — and enjoy 12 months of new, paid content.

Use the link below to learn more benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support.
   
   

Table of contents

   
   
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Associate Editor: Scott Dunn. Technical Editor: Dennis O'Reilly. Research Director: Vickie Stevens. Program Director: Tony Johnston. Editorial Assistant: Raef Harrison. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
 Copyright © 2008 by WindowsSecrets.com LLC. All rights reserved.

Table of contents