AutoRun patch a long time coming for XP users

Home

Newsletter

Search

Reviews

Polls

Contact

This issue

Library

Upgrade

Preferences

Unsubscribe

Windows Secrets Newsletter • Issue 187 • 2009-03-05 • Circulation: over 400,000

Free download — update all your drivers
DriverCure will automatically and instantly update all of your out-of-date drivers and software. This will result in a fully optimized PC that runs fast and error-free. DriverCure was developed by a talented team of over 100 professionals with an end goal of creating an application that is user-friendly and accomplishes the very crucial task of keeping your system up-to-date. Download DriverCure now and update your entire PC in under 2 minutes!
ParetoLogic

Table of contents
INTRODUCTION: Articles lead to scintillating conversations
TOP STORY: AutoRun patch a long time coming for XP users
KNOWN ISSUES: Norton security suite's top rating questioned
WACKY WEB WEEK: New laptop does away with extraneous features!
LANGALIST PLUS: For backups, RAID mirroring is not the answer
BEST SOFTWARE: New Firefox extension beats McAfee SiteAdvisor
WOODY'S WINDOWS: Save on PCs by using Win7's Experience Index

ADS

Optimize your PC by updating your BIOS
Are you looking to improve the performance of your PC? BIOSAgentPlus is a free utility that scans your PC and matches the correct Phoenix or AMI BIOS update and finds the exact driver updates for your desktop or laptop. Scan today for a free report.
BIOSAgentPlus

Why is your PC so slow?
In just minutes, find out why your PC is so slow. Run the free PC Pitstop Optimize 2.0 scan and receive a free custom report detailing common issues that might be keeping your PC from running at top speed. Over 100 million scans run. Scan for free now!
PC Pitstop

Do you shoot videos with your camera?
Quickly learn techniques to make amazing videos without purchasing expensive software. This printable home-study guide shows you how to make better-looking movies from your AVCHD, HDV, or portable camcorder. Download "Mastering Movie Maker" now!
Mastering Movie Maker

See your ad here

INTRODUCTION

Articles lead to scintillating conversations

By Brian Livingston

What I like about bringing you a mass of information every week is knowing that we'll never get everyone to agree.

Our recent articles on McAfee's SiteAdvisor service and an updated version of the WS Security Baseline have proved this principle yet again.

I started the Security Baseline in an article back on June 3, 2004. Almost five years later, the most recent version of the feature was reported last week by contributing editor Ryan Russell.

The idea has always been that PC users need a simple explanation of their minimum required defenses. Computer experts can add further layers to this baseline if they wish to gain extra protection. If you're a less-advanced Windows user, you can use the list yourself — or show it to your parents, your small-business manager, or whomever — to explain why a store-bought PC can't just be plugged into the Internet and stay secure.

Because Windows Secrets doesn't have its own test lab, we've always collected findings from published sources and given you our analysis of the products that currently hold the most top ratings.

I feel we could do a better job by scrutinizing more test results and bringing you a wider summary of the latest data. Dennis O'Reilly, our technical editor, brings you suggestions from our readers on this subject in his Known Issues column today. I encourage you to give us any feedback you can share.

Another article that made waves recently was contributing editor Mark Edwards's lead story on Feb. 12 about the timeliness of Web security ratings by SiteAdvisor, a service of McAfee Inc. I assisted Mark in researching that story. In a follow-up column I published on Feb. 19, McAfee released for the first time its internal schedule for responding to complaints of false positives.

In my follow-up, I promised that Windows Secrets would soon review more site-security rating alternatives. WS senior editor Gizmo Richards has answered this call in his Best Software column today. He's found a promising add-on that combines the best of nine different testing platforms. Version 1.0.1 of the app was released as recently as Mar. 1, which makes it a new bright spot in PC security.

If you're a free subscriber to Windows Secrets, you aren't receiving Gizmo's columns in our e-mails — but don't worry, it's easy to get them. There's no fixed fee. We accept any financial contribution of any amount, whatever you feel our research is worth to you. We want as many people as possible to have this information. How to get our paid content

We'll keep bringing you everything we can find. Together, we'll keep each other as safe as possible, so you can enjoy Windows and not have to watch your back so much. Thanks for your support.

All readers can get the secrets of mental feats

Every month, Windows Secrets licenses new content and gives it away to our subscribers. Today, an excerpt from Brain Rules by John Medina is our bonus for you.

The author describes a young man who can't tie his own shoelaces but can multiply the number 8,388,628 x 2 in his head 24 times within a matter of seconds. Can we all learn to unlock the powers of our minds in this way? This book tells you how.

The paperback edition won't be available until Mar. 31, but all Windows Secrets subscribers can get an exclusive 45-page excerpt, including two full chapters and a summary of the others, now through Apr. 1. Use the link below to update your preferences page, after which you'll see a download button to get your free bonus.

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.

Table of contents

ADS

Save up to 76% on quality inkjet ink
We offer the sharpest prices on the Web for quality ink and laser toner. Bonus: save an extra 10% by using coupon code JJ997H. Free shipping to contiguous U.S. locations for all orders over $50. Offer expires 2/28/2009 and excludes OEM items.
4InkJets

Are your computer's drivers up-to-date?
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

See your ad here

TOP STORY

AutoRun patch a long time coming for XP users

By Susan Bradley

Nearly 18 months after it was discovered, Microsoft has finally fixed a hole in the AutoRun function of older Windows versions that allowed viruses to spread via external storage devices.

While it's good to know Microsoft is finally listening to the complaints of the Windows community, the company's delay in applying important patches put our systems at risk unnecessarily.

The old saying about the squeaky wheel getting the grease applies to the manner in which Microsoft prioritizes its product fixes. The more noise customers make, the more likely the problems will be rectified. Most recently, the Conficker worm has been spreading across networks, often entering systems via USB flash drives and other removable media. Shamefully, Microsoft could have — and should have — prevented this massive infection from happening in the first place.

In October 2007, Nick Brown documented in his blog how viruses and worms were entering his network via USB memory sticks. The next month, WS associate editor Scott Dunn explained in a Top Story on Nov. 8, 2007, the fact that Microsoft's suggested settings to disable AutoRun weren't effective. He described the so-called @SYS trick, which allows you to truly disable AutoRun, preventing infected devices from launching their attacks.

Fast-forward to one year ago. Will Dormann and US-CERT (the United States Computer Emergency Readiness Team) published information on Mar. 20, 2008, confirming that Microsoft's AutoRun advice didn't block threats. The same @SYS workaround that Scott documented was supported by US-CERT in its alert.

In July 2008, Microsoft released security bulletin MS08-038. The patch in this bulletin made it possible for users to control AutoRun properly, but only on Windows Vista and Server 2008.

XP, Win 2K, Server 2003 users left in the lurch

So what happened to the equivalent patch for Windows 2000, XP, and Server 2003? In May 2008, Microsoft had in fact released a patch for these systems, which is described in Knowledge Base article 953252. However, as described in a Jan. 22, 2009, Computerworld article, US-CERT found that the fix for XP/2000/2003 had to be applied manually. Furthermore, Microsoft was not making the patch available automatically via any Windows Update service.

It wasn't until Feb. 24 of this year that Microsoft distributed this patch via Windows Update to XP, 2000, and 2003. This is described in the company's security advisory 967940.

Many home and business PC users rarely deploy patches that aren't available through Windows Update, Microsoft Update, or WSUS (Windows Software Update Services). Add to this the confusing and conflicting information about the AutoRun patch, and it's no wonder the Conficker worm, which exploits AutoRun functionality, made the inroads that it did.

You may be wondering why it took Microsoft so long to distribute for XP/2000/2003 users the fix that permits AutoRun to be properly disabled. One clue may be found in the file versions listed in KB article 967715. The Windows Server 2003 files are dated Feb. 10, 2009. Typically, Microsoft doesn't release a fix for one platform if it's still developing a fix for another platform. This is done to avoid putting one set of customers at risk while protecting others.

That's usually a valid reason to wait before distributing patches. But when you open up the files described in the earlier KB article 953252, you find that all the files in that hotfix date back to mid-2008.

Why did it take an admonition from CERT to convince Microsoft to add this vital fix to Automatic Updates for those versions of Windows? To make things even more confusing, the way Microsoft released the XP/2000/2003 fix at the end of February caused many people to think it was an out-of-cycle security patch.

If this patch had been pushed to all Windows users sooner, much of Conficker's pain might have been avoided.

Microsoft's Feb. 6 TechNet alert makes the problem clear. Among other things, the Conficker worm uses the AutoPlay feature (which is related to but separate from AutoRun) to infect PCs via USB drives and other portable storage devices. This vulnerability occurs even if the systems have installed the update described in Microsoft security bulletin MS08-067. Therefore, the TechNet article recommends disabling AutoRun, saying:

"Disable the AutoPlay feature through the Registry or using Group Policies, as discussed in Microsoft Knowledge Base article 953252. Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base article 953252 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft security bulletin MS08-038 to be able to successfully disable the AutoRun feature."

(What's the difference between AutoRun and AutoPlay? AutoPlay associates multimedia file types with specific applications, while AutoRun executes autorun.inf files found on various drives. For more on the distinctions between AutoRun and AutoPlay, see Microsoft's help article on the subject.)

For home users, I'm not yet ready to pull the fire alarm and tell everyone to disable AutoRun. But I do urge you to be very leery of plugging USB flash drives into your system if you're unsure whether they've been used on other computers. Large organizations, however, should consider disabling AutoRun on their networked PCs, considering how hard it's been to stomp out the Conficker worm and others.

How to apply the patches and control AutoRun

If you followed the instructions in Scott's 2007 article to block AutoRun by adding a Registry key, you should remove the key before applying the Microsoft AutoRun patch to prevent any possible interaction. Take the following steps for complete protection:

Step 1. Remove the @SYS line from the Registry, if you added it. In Windows XP, click Start, Run. (In Vista, click Start.) Type regedit and press Enter. In the left pane, navigate to and select the following key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ IniFileMapping \ Autorun.inf

Press the Del key to remove the key. Close the Registry Editor.
Step 2. Install the patch described in KB article 953252 (for Vista and Windows Server 2008) or 967715 (for XP, 2000, and Server 2003).
Step 3. For security reasons, it's strongly recommended you disable AutoRun for all devices. In non-Home versions of XP and Vista, use the Group Policy Editor. In XP, click Start, Run. (In Vista, click Start.) Type gpedit.msc and press Enter. In the left pane, under Computer Configuration, expand Administrative Templates.

In XP Professional, select System in the right pane under Administrative Templates, right-click Turn off Autoplay in the right pane, and choose Properties. Click Enabled, select All drives in the "Turn off Autoplay" box, click OK, and close the Group Policy Editor.

In Vista Business and higher, expand Windows Components and select AutoPlay Policies. In the right pane, double-click Turn off Autoplay, click Enabled, choose All drives in the drop-down menu next to "Turn off Autoplay on," click OK, and close the Group Policy Editor.

To disable AutoRun in the Home versions of XP and Vista — which don't have the Group Policy Editor — use the Registry Editor. In XP, click Start, Run. (In Vista, click Start.) Type regedit and press Enter. Navigate to and select the following key:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

In the right pane, double-click NoDriveTypeAutoRun, enter 0xFF in the "Value data" field, make sure Hexadecimal is selected under Base, click OK, and exit the Registry Editor.
Step 4. If you ever need to re-enable AutoRun for a certain system, open the Group Policy Editor (on non-Home versions of Windows) or the Registry Editor (Home versions). Then follow the instructions in KB article 967715 (for XP, 2000, and Server 2003) or 953252 (for Vista and Windows Server 2008) to return AutoRun to its default state or customize its settings. AutoRun can be configured, for instance, to work differently for CD-ROMs than for other media.

Once you've disabled AutoRun, you'll have to use Windows Explorer to access data files on the USB memory devices and optical media you insert in your PC. If you load a disc that contains audio or video, you may want to open your favorite media player to run the content. However, this is a small price to pay for the security edge you gain by disabling AutoRun.

Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.

Table of contents

KNOWN ISSUES

Norton security suite's top rating questioned

By Dennis O'Reilly

Readers beg to differ with the reviews of top tech magazines that recently named Norton Internet Security 2009 the best security suite.

Whether the security apps are from Symantec, McAfee, or some lesser-known vendor, our readers point fingers at them as the source of many performance and connectivity problems.

Ryan Russell's Feb. 26 Top Story updated the WS Security Baseline by reporting that Symantec's Norton Internet Security 2009 was the top choice of three prominent technology publishers: PC World, PCMag.com, and Maximum PC. A reader by the name of Manny is less impressed with this product — much less impressed:

"Having been a Norton customer for many years now, I was delighted at the smooth installation of the new version NIS 2009. This was on a Windows XP SP3 four-user peer-to-peer network that had been running NIS 2008 very positively for a year. One day was left on the subscription, so based on the rave reviews, we decided to upgrade to NIS 2009. What a mistake.

"Much to my disappointment, my customer started to have major problems with his network. All of a sudden, whenever someone would click a mapped drive, the system would lock, forcing a reboot. It would work for a few minutes until a file was needed from another PC, then it would lock again. Sometimes a strange message would pop up that the network is not available, etc. (The one PC in this mix that was using ZoneAlarm had no problem.)

"When we called Symantec and spent hours on the phone with their support people, they were in complete denial of the problem. 'It's a Microsoft problem' was all they could tell me. When I searched the Web for this problem — 'NAV 2009 blocks access to hard disk' — I found a 14-page user forum on this 'unsolved' problem. Yet [the Symantec reps] had the nerve to say to me, 'It's a Microsoft problem.' To prove them wrong, we uninstalled NIS 2009 and reinstalled NIS 2008 and it works perfectly.

"This is the first time I'm writing you, and I must say your newsletter is the best of the best. Keep up the great work."

Among the readers sharing Manny's opinion about Norton Internet Security 2009 is Dennis Edelbrock, who also suggests an alternative:

"I read and use your information constantly — thank you. However, parroting the leading PC magazines on their findings does your readers a disservice. I have been in the computer repair business for 21 years and I certainly don't have all the answers, but about 70% of my business these days is cleaning up infected computers.

"In my book, Symantec hasn't put out a decent product since they bought out Peter Norton. I don't care about the claims, in my opinion Norton doesn't do a good job of protecting people. In the last wave of the UPS/CNN/Virtumonde infection, many people with Norton, McAfee, AVG, and Trend got hammered.

"The only decent antivirus on the market today is NOD32 by ESET [more info]. It stops virtually everything. When it comes to spyware, only two products are worth looking at: Spy Sweeper by Webroot [more info] and Spyware Doctor by PC Tools [more info].

"It seems that every reviewer is looking only at suites when in fact, if you want the best protection, select individual products that offer far better protection. You can be pennywise and pound foolish — in the end, you'll end up paying people like me to fix your problems."

The debate continues between advocates of best-of-breed security products, such as NOD32 and Spyware Doctor, and supporters of all-in-one security suites. If you have an opinion on the matter you'd like to share, or a favorite security product — whether specialty app or suite — drop us a line via the Windows Secrets contact page.

A vote for Microsoft's file-sync service

The five sync services reviewed by Scott Dunn in the Feb. 26 Best Software column (paid content) offered something for everyone. However, that didn't stop Mark Vozzo from writing in to tell us of his favorite sync tool, which happens to be from a company you may have heard of before:

"I really enjoyed your article on the sync services. But I was surprised that you didn't mention Microsoft's latest sync application that is in beta, called Live Mesh. It's awesome and works fine with my work and home firewalls. I wasn't sure if you've used or know about it."

Unfortunately, Microsoft's sync service debuted after Scott began working on his review. We'll be sure to include Live Mesh in our next look at such services, however.

Readers Manny, Dennis, and Mark will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers' comments on our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com.

Table of contents

WACKY WEB WEEK

New laptop does away with extraneous features!

By Katy Abby

At a time when technology only seems to be getting more complicated, it's refreshing to see a company that's looking to simplify its products. Slimmer profiles and abridged features are catching the eyes of savvy consumers. Out of fashion are the frills and embellishments that have hindered users' productivity for years.

Take a look at the way Apple is "reinventing the wheel" in this hilarious mock commercial from the fine folks at The Onion. Play the video

Table of contents

ADS

Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here

PERMALINKS

Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam," and corporate filters start blocking our e-mails.)

The following link includes all articles this week: http://WindowsSecrets.com/comp/090305

Free content posted on Mar. 5, 2009:

INTRODUCTION
By Brian Livingston
Articles lead to scintillating conversations
All readers can get the secrets of mental feats

TOP STORY
By Susan Bradley
AutoRun patch a long time coming for XP users
XP, Win 2K, Server 2003 users left in the lurch
How to apply the patches and control AutoRun

KNOWN ISSUES
By Dennis O'Reilly
Norton security suite's top rating questioned
A vote for Microsoft's file-sync service

WACKY WEB WEEK
By Katy Abby
New laptop does away with extraneous features!

You get all of the following in our paid content:

	LANGALIST PLUS By Fred Langa For backups, RAID mirroring is not the answer Mirroring copies the errors along with the data A quick command restores a missing imm32.dll Stealth mode thwarts server port-probe attacks USB devices unrecognized due to bad cables
	BEST SOFTWARE By Ian "Gizmo" Richards New Firefox extension beats McAfee SiteAdvisor An aggregation of site-rating services Deciphering the toolbar's site ratings Improve the safety of your Web searches Four reservations and a head-to-head comparison
	WOODY'S WINDOWS By Woody Leonhard Save on PCs by using Win7's Experience Index Anatomy of the Windows Experience Index Experience Index changes in Windows 7 Where Microsoft screwed up the benchmark How to save big bucks on a new Win7 screamer

Get our paid content by making any contribution

There's no fixed fee! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount by Mar. 11, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.

A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. Your contributions in March are helping us to sponsor Joan Emanuel, a 9-year-old boy from the Dominican Republic. Joan is a talented singer who also likes to play baseball. He lives in a village with his parents and one sibling. Children International channels development aid from donors to Joan and his community. We also sponsor kids through Plan USA, Save the Children, and other respected agencies. More info

Use the link below to learn more about the benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support!

Table of contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Mark Joseph Edwards, Stuart J. Johnston, Woody Leonhard, Ryan Russell, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Table of contents