Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Svchost.exe gets worse before it's fixed

Windows Secrets Newsletter • Issue 112 • 2007-06-21 • Circulation: over 400,000

Table of contents 
  • Top Story: Svchost.exe gets worse before it’s fixed
  • Known Issues: Free sub extension for ZoneAlarm customers
  • Wacky Web Week: Don McMillan explains how not to use PowerPoint
  • Insider Tricks: Laptop protection while surfing made easier
  • Woody's Windows: Vista time-saver #8 — tweaking the interface
  • Perimeter Scan: Browsers: the difference between ‘safe’ and ‘secure’
 
Top Story

Svchost.exe gets worse before it’s fixed

Scott dunn By Scott Dunn

Problems with an important Windows component, svchost.exe, can consume up to 100% of CPU time.

Now, a beta release of Windows Live Messenger threatens to spread the problem to even more users, unless their systems are patched soon.

The svchost.exe saga has persisted for months

Readers of the paid version of Windows Secrets are familiar with this story by now. Editorial director Brian Livingston first reported the issue nearly a year ago, on July 27, 2006. Contributing editor Susan Bradley has documented Microsoft’s attempts to solve it in the Jan. 18, Apr. 19, May 10, and May 24 issues this year. The problem has risen to a such a degree that we feel all Windows users should be aware of it.

Microsoft has long known of issues with svchost.exe — the process that runs services of DLLs (dynamic link libraries). There are many symptoms associated with the problem. Among the most common is a drastic slowdown of computer performance as svchost.exe consumes memory and CPU cycles.

The cause of the issue turned out to be the service that provides Automatic Updates. In response, many users began disabling Microsoft Update, an enhanced version of the more-limited Windows Update.

Recently, users who installed the beta 8.5 version of Microsoft’s Windows Live Messenger found that Microsoft Update is automatically turned on, with no choice for opting out. If you don’t read the initial installer dialog carefully, you might not even notice what has happened. The practice potentially exposes an even wider number of users to the svchost.exe bug. (For more information, see a posting by a blogger named Pharod.)

Windows live beta
Figure 1. The Windows Live Beta installer turns on auto-updates and switches to Microsoft Update from Windows Update.

Diagnosing the problem on your own system

How do you know if you have this problem? If your system is experiencing a dramatic slowdown, try launching Windows Task Manager to see. To do this, right-click the Task Bar, the area to the right of the Start button, (or press Ctrl+Shift+Esc) and choose Task Manager. Make sure the Processes tab is active, and click Image Name to sort the list. You’ll see one or more instances of svchost.exe. If the CPU column shows 100%, or the memory usage seems extraordinarily high, you may be experiencing this bug.

Microsoft has detailed other symptoms in Knowledge Base article 927891. These include an access violation error in svchost.exe and unresponsive systems during update scans by Windows Update or Microsoft Update.

Some users respond by selecting the memory-hogging svchost.exe in Task Manager’s Processes tab and clicking End Process. Unfortunately, doing so can kill other services your system needs, such as audio. And, it won’t prevent the problem from returning later.

The bug affects users of XP (all versions, including XP Media Center), Windows Server 2003, and Windows 2000.

What to do if you’re affected

To solve this problem, Microsoft is offering a two-part fix. The first part has been offered to those who use Automatic Updates since May 22, according to a source at Microsoft who asked not to be named. Microsoft has been rolling out the second patch to users gradually, beginning in early May, and expects to complete delivery by the end of June, according to my source. Those who don’t use Automatic Updates — or who haven’t received both fixes and want them sooner — can follow the steps below:

Step 1. Patch msi.dll. Users need to replace the msi.dll file (the Microsoft Installer DLL) that svchost.exe controls. To do this, download and install the patch from Knowledge Base article 927891.

Step 2. Update Windows Update. Users also need to get the latest Windows Update client, which is version 3.0. Links to the 32- and 64-bit versions can be found at the Windows Server Update Services (WSUS) Product Team blog.

Although previous Microsoft fixes to svchost.exe — nearly a half-dozen in the last 10 months — addressed specific issues for some users (such as patching memory leaks or eliminating svchost.exe crashes, according to my source), none have solved all the problems once and for all. Even the patches Microsoft currently offers will not stop svchost.exe from registering 100% CPU usage in Task Manager’s Processes tab at times. But, the company claims, your system should still be responsive and svchost.exe will share CPU cycles with other processes after both patches have been installed.

Unfortunately, Microsoft did not wait for these patches to be delivered to everyone before issuing a Windows Live Messenger beta that switches users from Windows Update to Microsoft Update. This introduced the problem to some users who had not experienced it before.

Microsoft is confident that it has developed an effective solution to this problem. Hopefully, this time the company’s right.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.
 
Known Issues

Free sub extension for ZoneAlarm customers

By Scott Dunn

For months, ZoneAlarm Internet Security Suite has claimed on its box to be “Vista ready,” but users found otherwise.

Fortunately, the company has now released a Vista version of the suite and promises to make it up to customers.

Free sub extension for ZoneAlarm customers

In the June 7 issue, I responded to reader complaints that the ZoneAlarm Internet Security Suite (which I’d discussed in the May 24 issue) did not support Windows Vista, despite its product labeling saying so. Soon thereafter, I received a phone call from Allison Wagda, director of public relations at Check Point, the maker of ZoneAlarm products. She announced that Vista versions of the suite and its products would be available immediately, and apologized to customers who were affected by the delay in getting the products out.

“We are offering anyone who purchased the suite a six-month extension on their subscription to make up for the loss,” Wagda told me. Check Point is also offering a refund to customers who would rather return the product. To take advantage of these offers, customers in the U.S. should call 1-877-966-5221. Those outside the U.S. should call +49 1805 104777 in Germany.

More on EULAs and transparency

Referring to my conversation with Ed Foster on the subject of End User License Agreements (EULAs) in the June 7 issue, reader Rich Painter has this comment:
  • “It was my understanding that the EULA was part of a contract between the buyer and the seller, and as such, if the buyer does not want to or cannot comply with the EULA during the installation then the buyer has the right to a full refund. Several years ago, I disagreed with a EULA during the installation. I packed it back up and took it back to the place I bought it from. I told them I did not agree to the EULA and demanded my refund. They complied.”

I’m glad that worked for you, Rich. But think how annoying it is to have to buy a product, open the package, and run the installer before you know the terms of the contract. Software developers need to make this information simpler to understand, and make it available to customers before they make their purchase.

Recalling EasyFlow’s clear EULA language

Reader Walter Black enjoyed our mention of the 1980s product EasyFlow and its plainly worded license agreement in our June 14 issue. He offers these words of praise for the product:
  • “I have been an enthusiastic EasyFlow user since the early 1980s, because the program does exactly what it claims to do, is unpretentious to a fault, and the entire user manual is written with the style and substance of the license agreement. The manual could (or maybe should) be used in the curriculum of any technical writing course.”
Walter also provides a quote from the manual:
  • “Fools Rush In: This section is for those of you who want to jump into the business of using EasyFlow to produce charts with a minimum of reading the manual. If you are in too big a hurry to read even these few pages, then we recommend our product ‘HardFlow’ (a charting template and a pencil); HardFlow has a lot of faults, but having to spend time reading the manual isn’t one of them.”
Walter adds:
  • “The section continues with a two-page whirlwind overview and then over 100 pages of concise and detailed description of program features.

    “Many thanks for the article, and for the fond memories that it recalled of my participation in software development of that time.”
Thank you, Walter, for the chance to discuss a piece of software history.

Readers Painter and Black will receive gift certificates for a book, CD, or DVD of their choice for sending us comments that we printed.

 
Wacky Web Week

Don McMillan explains how not to use PowerPoint

Don mcmillan We’ve all seen PowerPoint presentations run amok. The melange of fonts, the garish colors, the bullet lists that go on forever.

These mishaps are not lost on comedian Don McMillan. In this short clip, he provides some quick pointers for keeping your PowerPoint presentation from becoming a multimedia nightmare. Watch the video
 
Insider Tricks

Laptop protection while surfing made easier

Jody braverman By Jody Braverman

Last week’s Top Story described ways to protect your system when surfing the Web using unknown Wi-Fi hotspots.

One reader adds to the pot with a handy trick for turning on and off file and printer sharing.

Disable wireless file sharing globally

Reader Jess Merto points out that it’s not only inconvenient to “unshare” every shared folder when you need to protect your laptop, but sometimes it’s not even possible.

For example, Jess writes:

  • “Some folders cannot be unshared, such as the administrative share (C$), or some users may be using a borrowed office laptop that has another user’s profile on it with a shared folder enabled and may not even know the shared folder exists.”
Jess provides an easy solution that lets XP users turn file and printer sharing on and off globally. Here’s what to do:

Step 1. Go to Control Panel and open Network Connnections.

Step 2. Right-click your wireless connection and choose Properties.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Woody's Windows

Vista time-saver #8 — tweaking the interface

Many of you responded to my last column, in which I speculated about why we have no PowerToys seven months after Vista’s release.

TweakUI rated high on readers’ lists of most-missed PowerToys. This week, I’ll tell you how to hack the Registry and tweak some parts of Vista’s UI all by yourself.

What’s a TweakUI?

 As I explained in my last column, Microsoft has released a semi-official collection of Windows utilities and add-ons, called PowerToys, for every version since Windows 95. Except for Vista. Seven months after Vista went gold, we still don’t have any PowerToys — and I, for one, really miss them.

Windows XP customers can avail themselves of a great "Swiss Army Knife" PowerToy called TweakUI, which includes more than a hundred different ways to modify and customize the Windows interface. Back in the days of Windows 98, ME, and 2000, legions of Windows fans spent untold hours fiddling with bits and pieces underneath Windows’ hood — primarily in the Registry — to make Windows run faster and better. With the advent of TweakUI in Windows XP, most of the modifications folks wanted to make were only a click or two away — no Registry editor required.

Many of you are tired of waiting for the Vista version of TweakUI. So, for the bit-flipper in all of us, I’ve decided to show you a handful of my favorite Vista Registry hacks. Maybe someday Microsoft will give us a new TweakUI that makes it easy to perform these hacks. Then again, maybe not.

Here’s my standard Registry disclaimer

All of these hacks require you to dive into the Registry and make a few small changes.

No doubt you’ve heard that the Registry is a dark and scary place, where one simple mis-flipped bit can lock your computer tighter than a kryptonite axial pin tumbler. In fact, the Registry is a dark and scary place, where one mis-flipped bit can… well, you get the idea.

Be careful when you change settings in Vista’s Registry. There’s no need to be overly paranoid, but don’t go changing things willy-nilly, just to see what breaks. If you follow my instructions closely, you shouldn’t have any problems at all.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Perimeter Scan

Browsers: the difference between ‘safe’ and ‘secure’

Ryan russell By Ryan Russell

Two events — an e-mail from a reader asking why I wasn’t recommending Opera, and the release by Apple of a public beta of Safari for Windows — have forced me to think about browsers this week.

Most people consider a browser’s features, performance, and looks, but I immediately wonder how secure it is.

Making a browser safe versus secure

 In my June 7 column, I mentioned in passing that we here at Windows Secrets recommend for security reasons that readers run Firefox as their main browser. I said this while noting that Firefox is becoming more of a target. You’re more secure if you’re less of a target, but if simply targeting you means that you get hacked, you weren’t secure in the first place.

The difficulty here is terminology. I admit that I glossed over this point in the interest of space, so let me clarify. If hackers don’t target your browser, you are not more secure, you are safer. There is a difference. As an analogy, you’re more secure because you’re wearing a bulletproof vest, but you’re safer because you live in a nice neighborhood. However, muggers can still come to the nice neighborhood, too.

Let me also freely admit that I cannot tell you which Web browser has the fewest vulnerabilities. No one can. If we knew, we would fix them, and there would be zero. There are many more than zero. Then why do we recommend Firefox over IE? Because we know for sure that hackers hit IE harder. That means that Firefox users are a little safer, in aggregate, on average. For now. That’s why I keep an eye on what’s going on with Firefox, so I know when to tell you the neighborhood has gotten worse. Apologies for when I slip and call that "more secure" when I mean "safer."

Opera could be safer, too

 A reader who gets it wants to know, if Firefox is safer because it’s not IE, why don’t I recommend Opera? Excellent question. I don’t know why. I tried to think of reasons I preferred Firefox. Well, it’s free. It’s very important to me to have free software available, so I can leave it installed on friends’ and relatives’ computers. Opera is free now, too. It isn’t open source like Firefox, but that’s not always super-important to Windows users.

About the only other measure of current security that we have to go on is past performance. While Opera has not been bug-free over the years, I do not see huge numbers of published vulnerabilities for it.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb