Reimage 'exceptional,' says RedmondMag RedmondMag.com, the "independent voice of Microsoft's IT community," has given Reimage's automated PC repair product an excellent review. Reimage is all about repairing an operating system without harming user data or application. The process is quick and reversible. Try out our free diagnostic scan of your PC. Start it now! Reimage

Speed up your PC by 70% (free scan) Speed up Windows XP by up to 70%. Fix PC errors instantly. Registry Booster will scan, analyze, verify, and repair all corrupt files, paths, and Registry keys so your PC functions just as when you first purchased it. Try our free online diagnostic download (takes 2 minutes). Your PC can run much faster! Registry Booster

Try Snagit for screen capture free If you see it, you can Snagit. Capture any size image your PC can handle in a snap, and share it just as fast. From something small to an entire page that scrolls, Snagit has you covered. Grab exactly what you want, when you want it, every time. Try it for free! Snagit

See your ad here

By Susan Bradley

When you apply a security update for one of the programs on your PC, beware of uninvited software that wants to come along for the ride.

Vendors are more and more often going over the line, piggy-backing unsolicited commercial products and services onto crucial security patches.

If you're like many people, you were tricked into installing Apple's Safari browser as part of an iTunes or QuickTime update — a marketing tactic the company has been employing for more than a year. (I reported in my March 27, 2008, Patch Watch column that Apple had quietly started installing its browser using a little-noticed check box.)

You may also have succumbed to Microsoft's incessant offer of Silverlight and Office Live as part of the Microsoft Update service. And you may have tired of saying "no!" to downloading Internet Explorer 8. (I don't feel IE 8 is a necessary upgrade, due to IE 7's relative security and IE 8's incompatibility with some sites, as I describe below.)

Now, the latest Sun Java update shows how cavalier some vendors have become in taking advantage of software updates, including vital security patches.

The latest Sun Java SE Update 16 (6u16), released on Aug. 11, includes seven security updates and fixes a few bugs. What the release notes don't document, however, is that this update comes with a surprise.

The download process starts out normally enough, with the usual coffee-cup update icon in the notification area of Windows' taskbar. (See Figure 1.)


Figure 1. Sun's Java icon — the coffee cup at the far left — indicates the availability of an update.

However, after you begin the update, a confusing offer to download and install a 30-day trial of Carbonite Inc.'s commercial backup software appears. A small check box is preselected for download and installation. (See Figure 2.)


Figure 2. The option to install a trial version of Sun's Carbonite backup software is prechecked in the Java updater.

Some Java patchers are not offered Carbonite but instead get Microsoft's Bing search toolbar, which is preselected on many systems. (See Figure 2.)


Figure 3. Sun's Java updater preselects the option to install Microsoft's Bing search toolbar for IE along with the Java update.

That's right, ladies and gentlemen. Not only may we have to uninstall random toolbars if we're not careful with our Java updates, now we have to remove trial versions of commercial software that vendors quietly attached to a security update.

Microsoft pushes IE 8 as 'critical' to your PC

Microsoft is one of the biggest offenders in promoting nonsecurity updates via its security mechanism.

First in 2006, and again in 2007, the Redmond company installed its intrusive Windows Genuine Advantage app as though it were a "critical security upgrade," as I described in a June 14, 2007, column.

In the latest such case, you'll find that Microsoft has prechecked Internet Explorer 8 when you use Automatic Updates and choose the option to view available updates.

The company argues that IE 8 is a critical update to your operating system. In reality, the program may conflict with other software on your PC.

I'm postponing deployment of IE 8 on my computers, because I continue to encounter compatibility problems in my testing. The glitches are slowly being resolved, but I'm still not ready to give a blanket recommendation to upgrade to IE 8, nor am I comfortable applying it to the production systems I manage. (I described the problems and some solutions in a column on May 28.)

As the person in charge of managing PCs in my company, I need to test the program before it's installed on production systems. By preselecting the IE 8 installation, Microsoft eliminates my ability to conduct responsible testing.

Even while claiming that IE 8 is a critical update, Microsoft continues to support the hopeless old version 6 of IE, as stated on the company's IEBlog. IE 6 long ago stopped being a defensible browser and cannot now be considered secure by any stretch of the imagination.

If you're still running IE 6, you should upgrade to IE 7 immediately. If your company uses a line-of-business app that requires IE 6, isolate that machine from the Internet and use it only until that app is upgraded.

Installing IE 8, however, should be considered optional and should not be associated with security patches.

(In an unrelated move, IE 8 will no longer silently make itself a PC's default browser when users select the Express installation option. The change was revealed in a U.S. Department of Justice antitrust compliance report, as reporter Grant Gross explains in an IDG News Service article.)

Let's put a halt to any marketing in updates

I understand that the publishers of "free" software sometimes need to push other programs that generate revenue. Whenever a vendor is offering useful software at no cost, I'm willing to consider some software bundles at the time of original download.

To avoid tricky bundles, you should consult sites offering advice about specific problems. One of the best is the Calendar of Updates' Installers Hall of Shame, which lists uninvited programs that ride along with various apps.

It's a completely different matter to use security updates to sneak software onto our PCs — there's simply no other term for it. Corrupting a vendor's security channel to promote a marketing opportunity violates our fundamental right to control the programs installed on our systems.

When it comes to bug fixes and security patches, I need to be able to trust that the changes vendors are making to my system are intended only to protect me. I strongly object to attempts to install any nonessential software as part of the update process.

To me, the marketing tie-ins described above step way over the line. I hope you'll join me in urging software vendors to limit security updates to nothing but security updates.

Table of contents

Scan, repair, and optimize your system RegistryWizard's free scan automatically identifies Registry problems and provides a complete Registry report detailing harmful system conflicts and errors. RegistryWizard cleans your Registry, safely fixes PC errors, and optimizes your system for peak performance. Give us just 2 minutes and we guarantee that your PC will run better, faster, and error-free! RegistryWizard

Learn to use MS Office like a pro Frustrated by MS Word? Excel just doesn't seem to add up? Feel powerless using PowerPoint and MS Outlook? Carol will explain it all for your in a clear and concise manner. Visit Carol's Corner Office, home of the Word Bytes Newsletter, today and subscribe! As an added bonus, when you become a member, you receive deep discounts on her top selling books explaining the intricacies of MS Office. Carol's Word Bytes Newsletter

Get Windows and tech news daily Replenish your mind with tech excellence! Visit the Infopackets site right now and get your daily fix of Windows news, reviews, tech tips, plus freeware goodies daily. Bonus: join our mailing list today and you'll also receive our highly coveted Top 10 Tech Reports, including PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus Reviewed, MS Office Alternatives, and more. Infopackets Windows Newsletter

See your ad here

• "As a result of [reading] Becky Waring's article — which I have rated as superb, by the way — I went back to Scott Spanbauer's articles about the earlier Gmail flaws. [See Scott's April 23 story, "Gmail accounts hacked via unpatched hole," and his May 7 follow-up, "Google silently corrects Gmail CSRF hole."]
  
  "I help run a bulletin board that uses the commercial Invision Power IP.Board software. In recent months, we have been bombarded with spammers, mostly coming from Gmail accounts. So I can confirm that these exploits — both patched and unpatched — have been and are being used by the bad guys.
  
  "If you're a Gmail user and are concerned as to whether your account password has been compromised, there's a link at the bottom of the screen that shows when your account was used and from where.
  
  "At the bottom is a message Last account activity: xx minutes ago at IP xxx.xxx.xxx.xxx [or on this computer] and a link: Details. Click the Details link, and a pop-up window shows all sign-ins over the last couple of days, together with other useful info and a button to Sign out all other sessions."
  

Figure 1 shows the information presented in the Gmail account activity log when you click the Details link.


Figure 1. View recent activity on your Gmail account to determine whether someone other than you has signed in. (All IP addresses are obscured in this image.)

If you find unfamiliar IP addresses or activity recorded when you weren't using the account, reset your password immediately and notify Google of the breach.

Microsoft's ambiguous advice on strong passwords

When it comes to crafting strong passwords, it can be difficult to know whom to believe, especially when the same source offers conflicting advice. A reader who goes by the name of RockDoc was befuddled by contradictory information on Microsoft's site:

• "Waring discussed the usual caveats and solutions to designing better passwords and provided a link to [Microsoft's] Windows password checker, which also links to a document in which Microsoft discusses password design.
  
  "In that latter document, Microsoft properly notes that passwords with obvious substitutions are less safe than otherwise:
  
  Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in 'M1cr0$0ft' or 'P@ssw0rd.' But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
  
  "In a deliciously ironic (and most certainly inadvertent) piece of engineering, however, Microsoft's own password checker rates the poorly designed password M1cr0$0ft as strong! Gotta love 'em!"
  

• "Password Checker does not collect, store, or transmit information beyond the computer that you use to access Password Checker. The image works on your computer desktop until you navigate away from the page."
  

• "Although I agree with the article on strong passwords, there's one small-but-important thing left out. I had a friend who died recently of a brain tumour (he was 59) and, of course, he had many passwords that were not stored on the computer, only in his head.
  
  "As his memory went very rapidly, he forgot them, so his wife could not access some sites/programs easily, and others not at all.
  
  "So I would add to the article: Do write down your passwords and tell your next of kin where they are or how to access them."
  

Table of contents

Your old drivers are slowing down your PC Driver Detective provides the most up-to-date drivers specific to your computer, including all major-brand OEMs (Dell, HP, Compaq, Toshiba, etc.) and generic brands. We access a database of over 9.2 million device-associated drivers — the largest driver update database on the Internet. Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers. Driver Detective

Get your message seen by 400,000 readers Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. Take advantage of our all-new design interface, allowing larger images and longer text, and get updated stats in real time! Windows Secrets Newsletter

See your ad here

By Stephanie Small Remember when playing with squirt guns was the most fun a kid could have? The little streams of water kept you cool while also providing endless hours of fun. Then Super Soakers reinvented the water fight, blasting water at your foes in torrents! Now the water fight has been taken to a whole new level with the arrival of super-duper waterboards. Sustained, powerful jets of water pulverize your opponents and make them obey your every command, all while keeping you safe and protected behind a plastic shield. Give it a try this summer at the park, in the yard, or on the beach. Your friends won't know what hit them! Play the video

Table of contents

TOP STORY By Susan Bradley Sun, Apple, Microsoft install chaff with patches Microsoft pushes IE 8 as "critical" to your PC Let's put a halt to any marketing in updates KNOWN ISSUES By Dennis O'Reilly Gmail activity log helps you detect hijacking Microsoft's ambiguous advice on strong passwords Ensure passwords remain useful to your heirs WACKY WEB WEEK By Stephanie Small Water fights that will make you cry uncle

	LANGALIST PLUS By Fred Langa Free utilities make Windows smaller, faster Put your Windows installation on a diet Disk compression yields twice the space Why won't Media Player minimize properly? Floppy-based upgrades on floppyless PCs
	IN THE WILD By Robert Vamosi Laptop rootkit is widespread but likely harmless Black Hat bark may be worse than its bite New threat to XP, Windows Server 2003 systems Comcast redirects URL typos to ad pages
	PATCH WATCH By Susan Bradley Heavy patch week to block Web-based attacks A single weakness leads to multiple patches Heavy patch load means forced updates possible Opt out of enhanced authentication — for now Windows Media files in the crosshairs again Long-awaited patch for Office Web Components Remote Desktop can be attacked from Web sites Workstation Service exploit threatens networks Important WINS security updates for servers Apply XP patches for Windows 7's XP Mode

	There's no fixed fee! Contribute whatever it's worth to you Readers who make a financial contribution of any amount by Aug. 19, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.
	A portion of your support helps children in developing countries Each month, we send a full year of sponsorship to a different child. Your contributions in August are helping us to sponsor Maria, a 3-year-old girl from Ecuador. Children International channels development aid from donors to Maria and her community. We also sponsor kids through Plan USA and other respected agencies. More info

More info on how to upgrade

Table of contents

• Visit our Unsubscribe page.
  

Table of contents