Windows Secrets logo

 

 

   
       
   
Windows Secrets Newsletter • Issue 125 • 2007-10-04 • Circulation: over 270,000

Fred Langa's Wallpaper of the Journey
Get Fred Langa's wallpaper for your desktop
Our editor-at-large, Fred Langa, is back from a 5-month motorcycle tour of the U.S. and Canada. Through Oct. 24, all paid subscribers are eligible for a bonus download, Wallpaper of the Journey — 25 high-quality images by Fred that you can use as desktop wallpaper. Free subscribers can get the bonus by upgrading to the paid version. And anyone can purchase the entire set of images for U.S. $9.95. Get it today! —Brian Livingston, editorial director

Paid readers: download the bonus
Free readers: upgrade to get the bonus
For everyone: purchase the download
   
     
Contents
 TOP STORY: Get free patching without Windows Update
KNOWN ISSUES: A flustered Microsoft posts Windows Update trick
WACKY WEB WEEK: How Halo 3 makes the world a better place
LANGALIST PLUS: Part two: finishing the first Housecall
WOODY'S WINDOWS: Excel 2007 bug generates wrong numbers
PERIMETER SCAN: Three more rootkit scanners to consider
YOUR SUBSCRIPTION: How to change your address or unsubscribe

    
   

For links to every topic in this issue, scroll down to the Index

    
   
ADS
Free recommended PC performance scan   Free recommended PC performance scan
 PC Pitstop's Free Optimize Scan will automatically diagnose problems with your PC and give you a custom report detailing issues that are hurting your PC's performance. Scan your PC for free today!
 www.pcpitstop.com

Be more productive in Microsoft Outlook   Be more productive in Microsoft Outlook
 Save time in Outlook with these powerful utilities: Attachment Save — automatically save attachments when e-mail arrives, Schedule Recurring E-mail — send regularly occurring e-mails, and more. See our entire list of 36 powerful add-ins on our Web site.
 www.SperrySoftware.com

Backup your data with ZipBackup   Backup your data with ZipBackup
 Finally, a backup program that is easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off.
 www.zipbackup.com

See your ad here

    
   
TOP STORY

Get free patching without Windows Update

Scott Dunn By Scott Dunn

My Sept. 20 and Sept. 27 articles about silent and flawed upgrades involving Windows Update have made many people wonder whether they should really trust Microsoft's installer.

Fortunately, there are alternatives to Windows Update that will keep your system fully patched without costing you a dime.

It's easy to replace Windows Update's functions

In my previous columns, I reported that Windows Update has been periodically installing at least a few small executable files without notice to users, even when those users have selected a do-not-install option in the Automatic Updates control panel. This stealthy behavior upsets many people, but they don't want to completely do without a method of installing new security patches from Microsoft.

Windows Update (WU) does three things when it scans a PC: it determines which upgrades are needed, downloads the relevant files, and ultimately installs them. Fortunately, you can replace each of these tasks without spending any money.

In doing so, you give up some of the ease of automation offered by WU and Microsoft Update, WU's big brother, which also upgrades Microsoft Office applications. But the good news is that using alternatives makes it easier to update software from all major vendors, not just Microsoft.

In two previous articles, I explained how to determine which security upgrades a system needs. The best free scanner to diagnose your patching needs is currently Secunia.com's Online Software Inspector. My Sept. 9 article explains how to use the service with Internet Explorer. A Sept. 13 article explains the steps using Firefox.

I'll show you today how to add to your monthly Software Inspector routine an alternative to Windows Update.

Not many completely free alternatives exist, but there are a few that are worth examining:

• The Software Patch
• Windows Updates Downloader
• Microsoft Download Center
• AutoPatcher
• WindizUpdate

The Software Patch is my number-one pick

The best updating tool I've found is a service called The Software Patch (SP). This Web site provides not only Microsoft security updates but also a great deal more. The site includes necessary hardware drivers and updates, Microsoft Office and WordPerfect service packs, patches for Adobe and Corel products, updates for games, and more.
Pros of using SP. The Software Patch has many positive attributes:
  • The site is well organized, grouping its downloads hierarchically by product type (hardware or software), then by subcomponent, and finally by whether an update is "essential" or "optional."

  • The service links to the vendors' own sites (Microsoft, Adobe, etc.) to download updates, so you don't have to worry that the patches were somehow altered by a third party. Since SP doesn't store patches on its own server, the service is unlikely to run into legal tangles with Microsoft.

  • I was able to download and install a handful of Windows patches from Software Patch on a test machine. Windows Update had failed to install these same patches due to the bug I reported in the Sept. 27 issue.
Cons of using SP. No site is perfect, of course. Among the downsides to using the Software Patch are the following:
  • The site is supported by advertising, including pop-up ads, some of which manage to evade pop-up blockers.

  • The site has no downloads for Windows 2000 or earlier versions of the OS.

  • Navigating to Microsoft.com via SP doesn't mean you'll necessarily avoid being checked by Redmond's servers for Windows Genuine Advantage (WGA) compliance. For example, if you download Microsoft's Windows Defender, a WGA check is built into the program's installer. (But also note that Microsoft.com doesn't currently require WGA compliance to obtain most of its security patches rated "critical.")

  • Software Patch lacks some useful tools found at Microsoft's Download Center — for example, MBSA (Microsoft Baseline Security Analyzer). In cases like this, you can usually find an alternative source for the program. For example, FileHippo.com offers a download of MBSA, both the current version 2.0.1 and the beta version 2.1.
  
 The Software Patch
Figure 1. The Software Patch site provides ways to upgrade a wide variety of products.
Other system-updating possibilities fall short

In addition to Software Patch, other solutions have may have value for some users.

The Windows Updates Downloader is Microsoft-only. If you find yourself downloading a large number of Microsoft updates every month, you may like a free utility called Windows Updates Downloader (WUD).

Created by Jean-Sebastien Carle, a frequent contributor to MSFN (Microsoft Software Forum Network), WUD makes it easy to select which patches you need and then download them all with a single click. Although WUD was designed to slipstream updates into new installs of Windows, it can also be used for downloading patches for existing installations.

Unfortunately, the tool is designed to download Microsoft patches only; it provides no options for getting updates for non-Microsoft products. In addition, keeping up to date requires you to download new Update Lists from the WUD site each month. And because the product automates downloading only, you still have to launch each update's installer one by one.

Microsoft Download Center is disorganized. Another option that avoids using MU or WU is to use the Securities & Updates section of Microsoft's own Download Center, where you can obtain patches, documentation, and other tools.

Unfortunately for the average user, the listings at this Microsoft site are not well organized, with important patches mixed in with optional utilities, technical seminars, and other content. Moreover, it offers no patches for non-Microsoft products.

AutoPatcher is out of commission. Until recently, one popular source of patches for Windows and other products was AutoPatcher. Unfortunately for the service's fans, however, Microsoft requested that the site suspend its offerings in August. The software giant cited security concerns, because patches were being stored on AutoPatcher's server instead of being downloaded directly from Microsoft.

Despite that setback, project leader Antonis Kaladis hopes to launch a comparable replacement service, perhaps as soon as this month, according to a post on the AutoPatcher site. Until then, users must content themselves with other sources for patches.

WindizUpdate isn't up to snuff. Another patch-download site is WindizUpdate, owned by Phil Young of Auckland, New Zealand. Unfortunately, the site requires an unsigned plug-in for your browser, frequently asks to scan your Registry, and lacks updates for non-Microsoft applications. Editorial director Brian Livingston gave the service a tepid review in the Windows Secrets Newsletter on June 29, 2006.

Keeping your system up to date requires that you analyze, download, and install patches on a regular basis. Secunia's Online Software Inspector does a great job of system analysis. In addition, The Software Patch gives you one-stop upgrades for a variety of platforms and applications.

The Software Patch is the clear winner for patch downloading. In combination with Secunia's service, The Software Patch is a welcome solution. If you need to keep Windows 2000 patched, however, the Windows Updates Downloader can be a useful assistant as well.

Readers David Todd and Leland G. Whitlock will each receive a gift certificate for a book, CD, or DVD of their choice for their help in researching this topic. Have a tip to share? Send us your comments via the Windows Secrets contact page.

 Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine's Here's How section.

Contents  Index

   
   
ADS
Get your product seen by 270,000 readers   Get your product seen by 270,000 readers
 Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 270,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
 www.WindowsSecrets.com

See your ad here

    
   
KNOWN ISSUES

A flustered Microsoft posts Windows Update trick

Virginia Culler By Virginia Culler

Our Sept. 27 story on problems caused by Windows Update's stealth installs was widely circulated by other news sites.

In the wake of the media coverage and user complaints, Microsoft quickly cobbled together a response that confirms the problem and provides a manual fix.

Microsoft scrambles to respond to negative press

Associate editor Scott Dunn's lead story last week broke the news that executable files recently installed silently by Windows Update actually prevent further updates from working in some cases. Windows XP users who run the "repair" option from a CD-ROM of the operating system find that all security patches subsequently fail to install.

Many blogs and computer industry publications picked up on the trail. Several sources conducted their own tests and verified Scott's findings. ZDNet confirmed that Windows Update does not repair itself in this problematic scenario, apparently no matter how long it's left alone. Computerworld also released an article confirming the story.

In response to the flurry of comments, complaints, and criticisms, Microsoft jumped into action. Windows Update program manager Nate Clinton assembled a blog post, which went live at 2:11 a.m. Pacific Time the day after our newsletter went out. His report confirmed the problem, outlined a solution, and promised that a Knowledge Base (KB) article would be posted soon.

That article, KB 943144, appeared later that day. In addition to repeating the repair steps from Clinton's blog, the piece discusses the source of the problem, indirectly admitting that the stealth update was at fault:
  • "The latest version of Windows Update includes a file that was not available in the release version of Windows XP. This file is named Wups2.dll. ... Because the registry files that correspond to the Wups2.dll file are missing, update installations are unsuccessful."
Redmond identifies one DLL as the source of the problem

Last week, Scott listed seven separate DLLs that needed to be manually registered to enable a "repair" install of XP to receive patches. Microsoft researched the code and found that only one of these files is the hang-up: wups2.dll.

Microsoft's official fix for the problem requires that you enter only three commands in a command window to register that one DLL. The other six DLLs don't require this.

For 32-bit Windows, open a command prompt and enter the following lines:

net stop wuauserv
regsvr32 %windir%\system32\wups2.dll
net start wuauserv

For 64-bit Windows, the second line differs due to the location of the DLL file:

net stop wuauserv
regsvr32 %windir%\syswow64\wups2.dll
net start wuauserv

In each case, the first and last commands stop and then restart the Windows Update service. This is a precaution to keep the service from becoming unstable. In our tests on a 32-bit system, however, a single short command — regsvr32 wups2.dll — solved the problem without confusing the WU/AU service.

Side-stepping the primary issue

Although the KB article alludes to the stealth updates, Microsoft did not address the core issue or take responsibility for causing the problem in the first place. Basic pieces of the puzzle are still missing.

Users should be able to read a KB article discussing the executables that Windows Update silently installed and manually download the .381 version of the installed files (a procedure that's typically available for other patches). It would also be nice for Microsoft to stop writing files silently to disk when users configure Windows not to install downloads without warning.

Until Microsoft steps up and addresses these issues, many customers will remain suspicious of Microsoft in general and Windows Update in particular.

Dial-A-Fix solves multiple update problems

When she has trouble with Microsoft Updates, reader Gabrielle Accatino relies on the free Dial-A-Fix utility from DjLizard.net. This software helped a number of users who ran XP's repair option and then could not install security patches, as we described in the Sept. 27 newsletter.

Dial-A-Fix corrects a number of problems with Windows Update, Microsoft Installer (.msi) files, and more. However, the developer offers only limited support for the tool. The site strongly recommends that novice users seek experienced help before using this utility. Beta version 0.60.0.24, which is now available, is recommended over version 0.57.7.

Reader Accatino will receive a gift certificate for a book, CD, or DVD of her choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

 The Known Issues column brings you comments on our recent articles. Virginia Culler is managing editor of WindowsSecrets.com.

Contents  Index

   
   
TELL A FRIEND

How you can share this information

 We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/071004

 		   
   
EDITOR'S BOOKSHELF

Windows Vista Secrets Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed. Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

    
   

Contents  Index

   
   
WACKY WEB WEEK

 How Halo 3 makes the world a better place

Halo 3 saves the world  A video's catchy tune offers a humorously cynical — and not politically correct — summary of the world's ills that will be cured after the overhyped release of Halo 3.

For those of us who wonder what it is that video games really contribute to humanity, the jokester called SarcasticGamer strikes again in this tongue-in-cheek presentation of the concerns of today's society. Play the video

Contents  Index

   
   
INDEX

The following topics appear in the free version

TOP STORY   Get free patching without Windows Update
  It's easy to replace Windows Update's functions
  The Software Patch is my number-one pick
  Other system-updating possibilities fall short
   
KNOWN ISSUES   A flustered Microsoft posts Windows Update trick
  Microsoft scrambles to respond to negative press
  Dial-A-Fix solves multiple update problems
   
WACKY WEB WEEK   How Halo 3 makes the world a better place
   
You get all of the following in the paid version

LANGALIST PLUS   Part two: finishing the first Housecall
  Reducing start-up software shortens boot time
  Sleeping PCs need static IP addresses
  Vista default firewall protects tablet PC
  Traveling west through the Rocky Mountains
   
WOODY'S WINDOWS   Excel 2007 bug generates wrong numbers
  Excel 2007's problems with 65,535
  How to dissect the real Excel bug
  There's actually a big bug farm
  Excel 2007 sometimes stores the wrong number
  What to do while waiting for a fix
   
PERIMETER SCAN   Three more rootkit scanners to consider
  The difference between anomalies and signatures
  AVG Anti-Rootkit finds known malware only
  Panda Anti-Rootkit gets good rating
  Use both types of rootkit detectors
   
Paid subscribers can access all old and new paid newsletter content
Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter.

To upgrade, simply make a contribution of any amount you choose.
If you do this by Oct. 10, 2007, you'll instantly be sent the full, paid version of today's newsletter.

To upgrade to the paid version of the Windows Secrets Newsletter, please visit our upgrade page. Thanks in advance.

   
   

Contents  Index

   
   
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Managing Editor: Virginia Culler. Editorial Assistant: Diane Korngiebel.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
 Copyright © 2007 by WindowsSecrets.com LLC. All rights reserved.

Contents  Index