Windows Secrets
Signed in: chuck1@chuckstr89134.com  |  Upgrade  |  Sign Out
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Downgrade Vista to XP in seven easy steps

Windows Secrets Newsletter • Issue 188 • 2009-03-12 • Circulation: over 400,000

Table of contents 
  • Top Story: Downgrade Vista to XP in seven easy steps
  • Insider Tricks: Microsoft flubs a way to disable AutoRun in XP
  • Known Issues: Readers dubious of suites, want to mix and match
  • Wacky Web Week: Hell hath no fury like a lunchbox scorned
  • LangaList Plus: Sorting out Windows setup-disc mixups
  • Windows Secrets: New rating service verifies sites in real time
  • Patch Watch: Service packs undo vital XP, Server 2003 patches
 
Top Story

Downgrade Vista to XP in seven easy steps

Scott dunn By Scott Dunn

Windows 7′s arrival is just a few months away, but many people aren’t waiting and just want to replace Vista’s newness — some say weirdness — for the familiarity of XP.

If you long for the good old days of XP and still have your install CD, this step-by-step guide will help you revert to Vista’s predecessor.

These days, you have to work to find a new computer that comes with XP installed. Many PC users who upgraded their XP systems to Vista are disappointed with the newer OS’s performance and other problems. In either case, as long as you have an XP installation CD, you can kiss Vista good-bye.

“Downgrading” from Vista to XP is not as difficult as you may think, but it does entail some time-consuming operations. Many online sources claim to offer techniques for reinstalling XP without having to reformat your hard disk. Based on my research, however, deleting the Vista partition and installing XP in its place is arguably the easiest approach. Moreover, this method ensures a clean install that is uncontaminated by Vista leftovers.

(Note: In certain cases, you may be able to undo an XP-to-Vista upgrade, even without an XP installation CD, by following the instructions in Microsoft article 933168. The article takes a command-line approach to the XP restoration, and also requires that you have a windows.old folder on your root drive.)

Make a pot of coffee and a new, clean XP machine

With your XP installation CD and your application discs in hand (and maybe a cup o’ Joe), you’re ready to begin:

Step 1. Back up your data. Unfortunately, you can’t restore in XP a backup that you created using Vista’s Backup and Restore Center. That means you have to either back up your data files manually or use a third-party backup tool that works in both XP and Vista. One such program is 2BrightSparks’ SyncBack (more info), which is available in free and paid versions.

Don’t bother backing up your applications; you’ll need to reinstall them from their installation CDs after XP is back in place.

Do back up the folders that your portable apps use to store their data. The portable apps themselves won’t need to be reinstalled, but you’ll have to restore their data files from the backup. Managing portable apps is discussed in the Oct. 18, 2007, Top Story, “Free software on USB enables portable computing.”

Step 2. If necessary, configure your BIOS to boot your computer from a CD, if one is present. Insert your XP installation disk and reboot.

Step 3. When XP setup loads, follow the on-screen prompts to accept the license agreement and continue installing XP. When you get to the screen prompting you for the partition on which to install XP, select the one containing Vista and press D to delete the partition. You’ll need to press Enter and then L to confirm that you want to delete all data and software on the partition.

Step 4. Once you’ve returned to the partitioning screen, select the unpartitioned space that used to be Vista. You may see that this space has been selected for you automatically. Next, press C to create a partition. Specify the desired partition size, or press Enter to accept the default allotment, which is the maximum possible partition. (Simply pressing Enter instead of C also creates a new partition of the default size.)

Step 5. If you’re still seeing the partition screen, make sure the desired partition is selected and press Enter. Choose the option that formats the disk as NTFS and press Enter again.

Step 6. Follow the prompts on-screen to continue the XP installation.

Step 7. Reinstall your applications and restore your data from your backup.

That’s all there is to it. If you ever change your mind, you can always insert your Vista DVD and upgrade from XP to Vista all over again.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.
 
Insider Tricks

Microsoft flubs a way to disable AutoRun in XP

Susan bradley By Susan Bradley

Microsoft’s instructions for disabling AutoRun in Windows XP, which I referred to last week, pointed to an incorrect Registry key.

It’s easy to find the correct key, however, and understanding this Registry tweak can give you fine-grained control over the kinds of external media that AutoRun is allowed to work on.

Last week’s Top Story covered Microsoft’s delay in releasing an AutoRun patch for Windows XP and Server 2003. Many people want to disable AutoRun entirely, because when it runs the autorun.inf file that’s often found on CDs, USB drives, and other removable media, your machine can silently become infected. Prior to the patch, Microsoft’s official method for disabling AutoRun could be circumvented by hackers.

Unfortunately, Microsoft’s Knowledge Base article about disabling AutoRun included some misinformation. The document specified a location in the Registry that can be used to disable AutoRun, but the location exists only in Vista. The key is in a different branch of the Registry in XP.

To clarify the process of configuring XP’s AutoRun settings, I’ve created a Web page with screenshots to help explain the steps once and for all.

Most security patches take effect as soon as you install them. The patches for AutoRun, by contrast, merely enable you to disable AutoRun in a way that hackers can’t get around. After installing the AutoRun update, you need to reset a Registry key to actually disable AutoRun. The setting you choose will be based on how much you trust the USB flash drives and other removable media you might use.

First off, unless you use Microsoft’s free TweakUI or a similar third-party utility, the Registry key that controls AutoRun in Vista is under HKEY_LOCAL_MACHINE; in XP it’s under HKEY_CURRENT_USER. In other words, the key in XP that you need to navigate to in the Registry Editor is as follows:

HKEY_CURRENT_USER  Software  Microsoft  Windows  CurrentVersion  Policies  Explorer

The instructions to disable AutoRun in last week’s article worked fine in Vista Home and Vista Business, where the Registry key is where Microsoft said. The instructions also worked in XP Professional, which includes the Group Policy Editor and automatically operates on the correct branch of the Registry.

The errant key location in the steps affected only users of XP Home, which doesn’t come with the Group Policy Editor. XP Home requires manual editing of the Registry key via the Regedit utility.

Disabling AutoRun, of course, means you won’t get automatic loading of content, such as camera-conversion software. You’ll need to remember (and teach others who use your PC) to use Windows Explorer or your favorite file manager to start any software that may exist on removable media. If every USB flash drives you touch is guaranteed to be free from viruses, you may decide not to disable AutoRun. But you probably can’t guarantee such a thing.

It’s likely that you’ll want to change this setting on the computers of friends and relatives. On these systems, the preferred AutoRun setting depends on which types of external media you want to block. You can block or allow some or all types of AutoRun functions. Instructions for doing so at the Annoyances.org site describe (in technical language) how you can configure AutoRun by adding up decimal values.

For example, let’s say you want to disable AutoRun for everything but CD-ROMs. To block the other media types, according to Microsoft’s cryptic documentation, you’d add 1 for unknown media, 4 for removable drives (such as USB drives), 8 for fixed drives, 16 for network drives, 64 for RAM drives, and 128 for other drives of unknown types. Add all of those decimal values together and enter the result — 221 — in the Decimal box of the NoDriveTypeAutorun Registry key.

To install the AutoRun patch, which is described in Microsoft Knowledge Base article 967715, without having to validate your computer via Windows Genuine Advantage, you can use the update described in KB article 953252 instead. This patch is exactly the same, except that you can install it without the WGA checkup.

Windows 7 won’t let you postpone updates

In a column on Feb. 5, WS contributing editor Woody Leonhard explained a crucial flaw in the forthcoming Windows 7′s User Account Control (UAC) function. Hacker code could defeat UAC in the beta of Win7, a fact amply demonstrated by blogger Long Zheng and many others besides Woody.

Microsoft initially refused to change the settings, forcing Long to make his concerns public. A few days later, Redmond changed course, announcing it would fix the problem, as Woody reported in a special news update on Feb. 11.

The situation with the weird shutdown logic of Windows 7 isn’t security-related, but is just an important to many of us. When an issue like this comes up, I wish every bug tester had the ability to muster public support the way Long did. I recall many times when Microsoft has shut down any discussion of bugs by simply labeling them “by design.”

Microsoft has already closed at least one bug ticket on the shutdown behavior in exactly this way: calling it “by design.” I disagree with Microsoft’s decision, and I think you will, too.

Here’s the problem: when you set Windows 7′s update settings to Download but do not install, the new OS behaves much differently than the same settings in XP and Vista. If I happen to be in a situation where I don’t have time to install patches, the shutdown buttons in XP and Vista currently let me turn the machine off without installing patches. (See Figure 1.)

Windows xp shutdown options
Figure 1. Windows XP lets you shut down without installing updates.

Even Windows Server 2008 allows you to shut down the computer and choose to patch at a later time. (See Figure 2.)

Windows server 2008 shutdown options
Figure 2. Windows Server 2008 gives you the same selective shutdown.

In build 7000 of the Windows 7 beta, however, there’s no option on the shutdown button to quit without installing the updates. You see only a button for the normal shutdown process, which applies the patches before the machine powers off. (See Figure 3.)

Windows 7 shutdown options
Figure 3. Windows 7′s shutdown options don’t include the no-update alternative.

I was caught off guard and found that patches were being installed as the system shut down. I had to turn the system back on to confirm that this is what had happened; it was caused by the lack of an “install patches later” choice.

Workaround for a no-update Windows 7 shutdown

Here’s the secret: the only way to shut down Win7 without installing patches is to press Ctrl+Alt+Del and then click the up-arrow by the red shutdown button. This allows the system to shut down without installing patches. (See Figure 4.)

Windows 7 ctrl-alt-delete shutdown options
Figure 4. The only way to shut down Windows 7 without applying patches is via Ctrl+Alt+Delete.

I’m aware that build 7000 is only a beta of Win7 and not a release candidate. I honestly don’t know whether this behavior will be included in the final version. If it is, though, I consider it to be a bad design decision that will give many Windows 7 users an unsatisfactory patching experience.

I’m not the only Win7 beta tester with concerns about the way Microsoft is passing over bugs in its zeal to get the product out the door. Don’t get me wrong: I like Windows 7 and think you’ll like it as well, once you see it in action. However, I’m concerned that a squeaky wheel is what it takes these days to goad Microsoft into making some required alterations. I hope I’m wrong and that Win7′s lack of this important shutdown option will get fixed.

Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
 
Known Issues

Readers dubious of suites, want to mix and match

Dennis o'reilly By Dennis O’Reilly

The tremendous response to our request for your opinion on the best approach to securing your PC gives us much to ponder as we prepare the next Security Baseline update.

Many readers feel that security suites stink, and best-of-breed is the only way to go — but, unfortunately, what’s “best” for one PC can be disastrous for another.

Last week’s Known Issues column presented responses to Ryan Russell’s Feb. 26 Top Story on the WS Security Baseline. We asked you to chime in on your security-software preferences. Your opinions on the subject could easily fill an entire newsletter — in fact, multiple newsletters.

The responses were many and varied, but most people agreed on two points:

The first is that individual antivirus, anti-spyware, firewall, and other specialty apps are preferable to such all-in-one security suites as Symantec’s Norton Internet Security 2009. (Ryan’s article had pointed out that NIS 2009 is the top choice of PC World, PCMag.com, Maximum Software, and other reviewers. But not everyone concurs.)

The second is that a security solution that works great on one PC or network may flop miserably on another.

Reader Mary Smith-Markell puts it this way:
  • “OK, I’m going to take you up on your offer to share my thoughts. I’m tired of people giving their opinions about which security product, operating system, word processing software, hamburger, pizza, automobile, etc., is ‘the best.’ Opinions are like assholes … we all have one.

    “NIS 2009 might work just great on my computer because of the way my machine is configured and the specific software I have installed. NIS 2009 might totally suck on my neighbor’s machine because it’s not set up the same as mine. Does that mean NIS 2009 is a defective product, or is it an unreasonable expectation that Norton (or McAfee, AVG, Avast, Trend Micro, et al.) be all things to all people? With so many user variables — not to mention machine variables — it’s a wonder that most software actually works most of the time.

    “A few months ago, a friend bought a 2009 Cadillac Escalade — a fairly pricey and supposedly well-built vehicle. It’s been in the shop more than it’s been on the road, and the dealership is taking action under the Lemon Law to replace it. Stuff happens.

    “To all the readers who have a favorite security product they swear by, I’m happy for you. Really, I am. But to those who tried a product and found it didn’t work, quitcherbitchin’ and use a different product. Having some kind of security product is better than no security product at all.”

If experience counts for anything, you’d be nuts to buy any security suite, regardless of how highly the professional software reviewers rate it. Tim Marsh echoes Dennis Edelbrock’s sentiments regarding best-of-breed vs. all-in-one security programs:
  • “Like Dennis Edelbrock, I too have been building/repairing computers for 20 years. I must agree that Peter Norton was a genius and had the best products, bar none. It’s not surprising that his products were wanted by a larger company. Unfortunately, it didn’t take long before Symantec completely ruined Peter’s great name. It’s a shame, really.

    “If you ask any repair technician who’s been doing this for years, they’ll all tell you that standalone products far outperform their suite counterparts. There is simply no debate on this matter. I agree that for a large number of people, suites are easier to install/maintain and are therefore a good choice, as compared to not running anything or not enough.

    “You must also realize that magazines/Web sites are in business to make money. It makes me wonder how any reputable company could ever say that the Symantec suite is best of class. I guess if by ‘class’ you mean ‘suites,’ then it’s possible to make this claim. However, if the intent is to configure one’s computers to ensure maximum protection, then standalone products simply can’t be beat. And the funny thing is, in my opinion, many free products outperform most commercial products.

    “I urge your readers to keep reading this newsletter, as it always shows both sides to every story. Also, keep in mind that any commercial-based company may not have the end user’s best interest in mind when they’re advertising-based. I would rather take the advice of someone like Dennis Edelbrock any day before a magazine or commercial Web site.”
In defense of computer magazines, I know that the one I worked for until late 2007, PC World, went to great lengths to ensure the impartiality of its hardware and software reviews. I truly believe that most professional tech journalists are not influenced by the vendors. Their bosses, on the other hand, may be a different matter.

Readers Mary and Tim will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Hell hath no fury like a lunchbox scorned

Mom By Katy Abby

Celebrity chef Gordon Ramsay (of the popular televised competition “Hell’s Kitchen”) is notorious for his foul mouth and short fuse. Few and far between are the episodes that don’t culminate in crying contestants, as Gordon summarily rips apart their culinary slogs with a fiery enthusiasm. But where did he acquire such a dramatic and pigheaded disposition?

Take a gander at this hilarious supposition about where the devilish cook got his start, and maybe things will make a little more sense. I pity the next person who serves the tiny tyrant overcooked chicken fingers or generic mac ‘n’ cheese! Play the video
 
LangaList Plus

Sorting out Windows setup-disc mixups

Fred langa By Fred Langa

If you’re one of the many Windows Secrets readers who’s charged with managing multiple PCs — and I bet you are — you may be juggling a half dozen or more Windows installation CDs and DVDs.

Here’s how to stay sane while making sense of the different setup discs that shipped with the systems.

Which setup CD goes with which PC?

Have you ever ended up with a fistful of setup CDs without a clue as to which discs came with which PC? I sure have, and so has Geoff Nicholls:
  • “Your [Feb. 12] column, “Retrieve a lost product key for Windows XP,” was very useful and partly solves my problem, having found the key for each PC.

    “But, like many of your subscribers, I look after multiple PCs and have stored all of the discs in the same place over different generations. Is there a way to find which disc relates to which PC? XP Pro vs. Home is easily sorted, but does a key apply to a certain service-pack level as well?”

Here’s some good news: product keys aren’t that restrictive, and sorting out your setup discs may be easier than you think. In fact, you may not even need most of them!

First — just to be clear — a Windows product key is generally supposed to stay with the PC it was originally installed on. The key doesn’t change with normal updates and service packs. It remains in force for the life of the OS on a given machine.

Now consider that all PCs running the same version of XP — or any version of Windows, for that matter — draw from the same pool of original code and updates. With one exception that I’ll mention in a moment, your installations of XP Pro, for example, are essentially the same as mine and all others everywhere in the world. We have different licenses and keys, but the core OS code is more or less interchangeable.

This article is part of our paid content. Upgrade your account to see the rest of this article!

 
Windows Secrets

New rating service verifies sites in real time

Mark edwards By Mark Joseph Edwards

Version 3 of Symantec’s Norton 360 security software includes a new “Safe Web” feature that competes directly with McAfee’s SiteAdvisor.

But are Safe Web’s real-time checks of the sites you’re visiting any more effective than SiteAdvisor’s database approach?

Security application improves its usability

In the Feb. 26 Top Story, Ryan Russell wrote about Symantec’s Norton Internet Security 2009, which several leading tech publications currently rate as the best overall security suite. At the same time, Ryan noted the pain that a lot of users have experienced when installing, using, and uninstalling Symantec’s security software.

I’ve also heard many complaints about the product. Most relate to its software bloat, resource hogging, and disk-space requirements. Apparently, Symantec has been listening. Last week, the company released Norton 360 version 3, which brings several improvements, according to a tour at Symantec’s site.

When I spoke recently with Symantec representatives about the product, I learned that version 3 can be installed in less than one minute and uses less than 10MB of RAM when the software is idle. The new release also requires only about 110MB of hard-disk space. These are all improvements over the previous release.

Among the program’s new features are the ability to block botnets and a tool that helps you disable startup programs. Norton 360 v3 boots and runs faster, updates signatures more frequently (every 5 to 15 minutes), and uses fewer CPU cycles when idle.

This article is part of our paid content. Upgrade your account to see the rest of this article!

 
Patch Watch

Service packs undo vital XP, Server 2003 patches

Susan bradley By Susan Bradley

If you installed XP Service Pack 3 or Windows Server SP2 after September 2008, you need to reapply an important security update.

In addition, if Windows Update offers your XP or Server 2003 system Microsoft’s security bulletin MS08-067 patch, you should install it — even if you’ve previously done so.

MS08-067 (954593)
XP SP3 and Server 2003 SP2 may need repatching

You may be wondering why my lead topic today is MS08-067, a patch from 2008. Well, I’m wondering, too.

You may find this week that your Windows XP SP3 and Windows 2003 SP2 machines are offered MS08-067 (954593). If so, you probably installed SP3 on XP or SP2 on Windows 2003 some time after September 2008.

People who installed MS08-067 when it first came out last summer — and then installed either the XP SP3 or 2003 SP2 service pack — may not know that systems were reverted back to a vulnerable version of gdiplus.dll.

Service packs aren’t supposed to do that. They’re supposed to be smart enough to retain the patched versions of all system files.

This article is part of our paid content. Upgrade your account to see the rest of this article!

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb