How to fix problems Software Inspector finds

By Scott Dunn

In the Aug. 16 issue, I pointed out that the Secunia Software Inspector may find multiple versions of unpatched products on your system.

Older programs and Web sites may need the older versions of run-time software. But the old run-time code represents a security risk. For the greatest safety, uninstall the older files and then install updated software.

Removing outdated versions of risky applications

A number of readers seemed flummoxed by this situation. Chris Vetter gives us his take:
  • “Scott Dunn’s article brought attention to the outdated versions of Java, Flash Player, QuickTime, and Adobe Reader existing on many people’s computers. He failed to point out this is not necessarily because people fail to update, rather because applying the latest update does not remove the older versions. This helps explain why so many computers tested positive.

    Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    PC Drive Maintenance (Excerpt)

    Subscribe and get our monthly bonuses - free!

    Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



    “A step-by-step instruction is needed for the often-required manual removal of the artifacts of Registry entries and old folders.”
In many cases, outdated versions can be eliminated by using the Add or Remove Programs applet in the Control Panel. Because you may need the older version, however, make a backup before continuing, as I advised in the last issue.

When you’re ready to remove the software, open the Control Panel and double-click Add or Remove Programs. In the case of Java, an entry for each version normally appears in the Add or Remove Programs list. Select the version you don’t want, click Remove, and follow any other prompts you see on screen. Repeat for each outdated version.

Note that not all versions have the same name. For example, the name of some entries for Java begin with “Java,” some begin with “J2SE,” and so on. So scan the list carefully to find the version you want to remove.

If the software you want to remove does not appear in the Add or Remove Programs list, you can always delete the outdated file or files listed in the Secunia report. This may not completely uninstall the product (for example, any Registry entries will be unaffected), but at least you will have removed the files that hackers need to cause harm.

For help on removing older versions of Flash Player, see the next section.

Ferreting out old versions of Flash Player

Many readers of the Aug. 16 story on Secunia Software Inspector had the same question as Gordon Pinkham:
  • “When I tell Software Inspector to browse in non-default locations for old media players, it comes up with quite a few, most particularly Macromedia Flash players. Unfortunately, they do not appear in the Control Panel, so they can’t be deleted that way.

    “I have used Adobe’s routine for uninstalling old Flash ActiveX controls. But that apparently doesn’t work on old Macromedia players.

    “Can you tell me how to get rid of old Macromedia players?”
Fortunately for us all, reader Roger Hart sent in a link to an Adobe Web page where you can download an uninstaller that appears to remove a number of versions of Flash Player. (I tested it with versions 5, 7, and 8.) Thanks, Roger!

If that doesn’t work for you, Adobe’s support team has published a TechNote explaining how to manually remove Flash Players version 6 and earlier from your computer. Just follow the steps at the link.

Update Checker points to newest versions

Reader Tom Kustner points out another tool that checks your software for updates:
  • “I have also used the FileHippo.com Update Checker, which will look at your system and determine which packages need updating, including the ones you mentioned (Flash, Java, RealPlayer, WMP, etc). It gives you one-stop shopping for downloads.”
Thanks, Tom. Unlike Secunia.com, Update Checker requires a downloaded utility rather than running from a Web site. In my quick test, Update Checker failed to find an older version of Java that I had on my system. On the other hand, it also found several nonupdated applications and drivers that Secunia did not report. This may be attributable to the fact that Update Checker looks for the latest version of products, while Secunia focuses solely on products that need critical security updates.

As Tom points out, the results page for Update Checker includes a download button for each. But a newer version is not always desirable in these cases — for example, when a product changes from freeware in one version to shareware in another. If you use Update Checker, look into the tradeoffs before you upgrade.

NetChk expiration forces a shift in tactics

In the July 13, 2006, issue, editorial director Brian Livingston recommended Shavlik Technologies’ NetChk Protect. He described it as a way for experienced Windows users to avoid installing Microsoft’s WGA (Windows Genuine Advantage) utility.

As reader Jon Bondy reminds us, NetChk Protect was free for users on up to 10 PCs for one year:
  • “I used Shavlik for most of a year, but it now says my trial version has expired. Many of your other readers are about to encounter the same situation. What do you recommend that we do?”
As Brian announced in a Nov. 30, 2006, article, Shavlik ended the 1-year trial offer and has been withdrawing from the consumer market.

For now, we recommend novices use Microsoft Update, which is an improvement over the built-in Windows Update. Change its setting to Notify me but don’t automatically download or install them. Then keep reading Windows Secrets to learn which updates it may be inadvisable to install.

Advanced users who want a separate patch management system can check out the options listed on the Security Baseline page of the Windows Secrets Web site.

Don’t lose those Office shortcuts

In the Aug. 16 issue, I explained how to create shortcuts to Microsoft Office applications with the PsExec utility. Office’s default Start menu shortcuts do not have editable command lines. But reader Robin Penny points out an advantage of these installer-created shortcuts:
  • “These ‘nonstandard’ shortcuts not only launch the program but also initiate a self-repair process if key files or Registry keys are missing. I would advise users who create a PsExec shortcut for these to also retain a copy of the old shortcut in order to maintain an entry point to this self-repair mechanism.”
Thanks for pointing this out, Robin. According to Microsoft Knowledge Base article 229396, these shortcuts also enable Office’s “installed on first use” feature (for programs that are designated as such during installation). For more information on the repair feature, see KB article 822238. And keep those old shortcuts handy!

Readers Vetter, Pinkham, Hart, Kustner, Bondy, and Penny will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.
= Paid content

All Windows Secrets articles posted on 2007-09-06: