Contents
INTRODUCTION: Next issue: November 29
TOP STORY: Simple tips save power and the environment
KNOWN ISSUES: Handle Registry editing with caution
WACKY WEB WEEK: Saving the world with dial-up
LANGALIST PLUS: Part eight: Regedit can fix Symantec problem
PC TUNE-UP: Use disposable e-mail addresses to minimize spam
PATCH WATCH: URI patch for IE 7 needs action now
YOUR SUBSCRIPTION: How to change your address or unsubscribe
For links to every topic in this issue, scroll down to the Index
ADS
INTRODUCTION
We're taking a break on Nov. 22, which is the Thanksgiving holiday in the United
States.
Our next regular newsletter will be published on Nov. 29, the 5th Thursday of the month.
We're ignoring our usual policy of skipping an issue on any 5th Thursday that occurs.
Publishing an issue will allow us to explain to you any problem that may come to light with the patches that
Microsoft released this week.
After that, you'll see regular issues on Dec. 6 and 13. We'll then take our traditional two-week break for
Christmas and New Year's, skipping two issues on Dec. 20 and 27.
As always, if something important comes up, we'll send you a short news update to keep you informed.
Please have a happy and healthy holiday season!
Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10
other books.
Contents Index
TOP STORY
But for little or no money, you can reduce the number of watts your system and
peripherals use, saving cash and limiting the environmental damage.
Without spending any money at all, you can reduce your power usage (saving on climate-changing CO2)
and lower your electrical bill at the same time. And, if you're willing to spend a little on a couple of useful
gadgets, you may be able to save even more. Here are a handful of ways to save money while you save
the earth.
You probably already know that Windows provides options for both modes via the Power Options control
panel. But Windows consults your BIOS to decide exactly what to do in suspend mode. Most modern
BIOSes follow the Advanced Configuration & Power Interface (ACPI), an open power-management
standard that was developed by HP, Intel, Microsoft, Phoenix, and Toshiba. (You can download a PDF
version of the ACPI spec from the ACPI.info Web site.)
Depending on your particular BIOS, you may be able to choose from any of the following states:
S1. In this state, the CPU stops processing but remains powered. RAM is also powered, but some devices
may be powered down.
S2. This option, omitted from many BIOSes, is like S1 but also shuts down power to the CPU.
S3. This state leaves RAM powered, but not much else. This "suspend-to-RAM" feature is what lets you
resume where you left off, since your computer's state is still in memory.
S4. This state powers down RAM, requiring your data to be written to the hard disk if it is to be preserved. It
provides only marginal power savings over S3, but is the safest mode for your data if power is cut off
entirely. This scheme corresponds to Windows hibernation mode, and is seldom found as a BIOS suspend
option.
To make sure you're getting the greatest power savings from Windows' suspend feature, follow the steps
below. Specifics are not possible for all steps, since setup screens vary from one BIOS to the next.
Step 2. Follow whatever prompts you see on your screen to enter Setup. Usually this involves pressing
Delete or a function key.
Step 3. In Setup, locate the page or screen associated with power settings. It may be labeled something
like Power or Power Management Setup.
Step 4. When you find the proper screen, highlight the setting related to suspend mode. It may have a label
like ACPI Standby State or Suspend Mode.
Step 5. Change this setting to S3. The option may be labeled "S3 only" or "S3/STR" (for Suspend To RAM).
Step 6. Follow the instructions on screen for saving your settings and restarting your computer.
Now make sure Windows is using suspend mode when you're not working.
Step 2. On the Power Schemes tab, click the System Standby drop-down list under Plugged in. Select how
long your system should be idle before starting suspend mode — for example, After 30 mins. Click OK.
Step 2. In the task list on the left, click Change when the computer sleeps.
Step 3. Click the Put the computer to sleep drop-down list under Plugged In. Choose the period of
inactivity after which suspend mode should start — for example, 30 minutes. Click Save changes.
Windows sometimes interprets background tasks (like network activity) incorrectly and remains awake
when it should go into suspend mode.
If you have that problem, a simple program called CO2 Saver may help. Once installed, it sits on your
desktop and shows how much CO2 you (and other users) have saved by using suspend mode.
Figure 1. Snap CO2 Saver puts Windows into sleep mode even when the operating system wrongly
believes there is activity.
To make CO2 Saver encourage Windows' suspend mode, click the Options link at the right end of CO2
Saver. (If you don't see the Options link, click the right-arrow to expand the toolbar.) With the Power Saving
tab in front, choose Custom from the drop-down list. Then click the link below. In the Custom Power Saving
dialog box, check Initiate sleep mode if system doesn't sleep automatically. Click OK twice.
Make it manual
You can also put your system into suspend mode manually any time you want:
In XP, choose Start and then click Turn off Computer. Click the Stand By option.
In Vista, choose Start, click the arrow button in the menu's bottom-right corner, and choose Sleep.
In Vista, sleep mode may be the default, so simply clicking the power button in the Start menu puts the
computer to sleep.
Use a power strip. Plug peripherals (like printers, audio systems, monitors) into a power strip or UPS.
Then turn it off when you want all of your equipment to turn off.
Lose the brick. Once your laptop or notebook computer is fully charged, unplugging the recharger from the
wall will save some electricity. As long as the computer is in suspend mode or some other low- or no-power
mode, it won't need to be plugged in again for hours.
Lose the CRT. According to Sask Power, LCD monitors use 66% less electricity than the older CRT type.
Maybe this is the time to switch to that LCD screen you've been wanting. If you can't afford to change right
now, at least get in the habit of turning off the CRT's power switch every time you leave your desk for more
than a few minutes.
Check power saving options. See if your printer or external hard drives have power-saving modes. For
example, many of Western Digital's external "My Book" hard drives have a GreenPower feature.
Use a smart power strip. Some newer power strips use a motion sensor to decide if you're still at your
computer. If not, they shut down power to certain sockets (such as ones for peripherals) after a user-
designated time has elapsed. Other power strips shut off several sockets, based on whether you've
powered down a device plugged into the "control" socket. The Tree Hugger Web site discusses examples
of each.
You don't need to wait for new computer designs to make your computing a little more green friendly. By
tweaking a few settings and getting into a few good habits, you can make a difference for your pocketbook
and the planet.
Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for
sending tips we print. Send us your tips via the Windows Secrets contact page.
Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World
since 1992 and currently writes for the magazine's Here's How section.
Contents Index
KNOWN ISSUES
In a Nov. 8 article, I explained how to disable Windows' auto-run behavior to protect yourself from
inadvertently running malware that might exist on USB drives or other devices you insert into your
PC.
Be aware, however, that careless Registry editing can make your system malfunction or even keep you
from starting Windows.
To set a restore point, choose Start, All Programs, Accessories, System Restore. (In Vista, you'll also have
to click Open System Protection.) Follow the instructions on screen to create a restore point. If something
goes wrong, launch System Restore again and restore your computer using the latest restore point.
(Windows periodically creates its own restore points automatically.)
In addition, keep in mind that some Registry tips require you to restart your system (or at least log out and
log in again) before you see the effect of the change.
■ "I tried following your instruction to prevent auto-run access. But when I try to merge the suggested file, I
receive this error message: 'The specified file is not a Registry script. You can only import binary
Registry files from within Registry Editor.' "
Despite what the message says about "binary Registry files," this problem occurs if the .reg file you create
is in any format other than plain text. For this reason, I advised using Notepad or another text editor. Most
word processors, such as Microsoft Word, will save to their own formats by default.
If you must use a word processor, take care to save your .reg file as a "Text Document," "Text Only," or a
similar option.
Other readers had a different problem incorporating the NoAutoRun.reg file into the Registry. For example,
Robert E. Lee writes:
■ "I created the file by copying the text from the Windows Secrets newsletter into an MS Word file, and
saved it. I right-clicked the file in MS Explorer but did not see a 'Merge' option. Can you explain further
how to merge this into my Registry?"
Unfortunately, with many word processors (including Word), just typing a name like NoAutoRun.reg in the
Save As dialog box will not keep the program from adding its own extension after the .reg extension you
typed. Since Windows hides extensions by default, your file may look as if it's named NoAutoRun.reg
when it's really named NoAutoRun.reg.doc.
Without the .reg extension at the end, you won't see a Merge command on the file's context menu. This
problem doesn't occur if you use Notepad to create .reg files.
To prevent a word processor from adding an extension when you type an extension of your own, put the
entire file name in quotation marks in the Save As input box. For example, the following file name will not
receive an additional .doc on the end when saved in Word:
"NoAutoRun.reg"
To see the actual extensions on your file names, open Windows Explorer and choose Tools, Options. (In
Vista, first press Alt to see the menu bar.) Click the View tab and uncheck Hide extensions for known file
types. Click OK.
If you take all these steps and still don't see a Merge command on your context menu when you right-click
your .reg file, you can add a .reg file to the Registry using the following steps:
■ "So if we experiment and run the following, how do we reverse the situation if we find that we do not like
it and are prepared to take risks like everyone else?"
To remove the information that NoAutoRun.reg adds to the Registry, do the following:
Step 4. If necessary, click the plus sign (+) next to IniFileMapping to see the icons nested beneath. Right-
click the AutoRun.inf icon and choose Delete.
Readers Ingle, Lee, and Edwards will each receive a gift certificate for a book, CD, or DVD of their choice
for sending tips we printed. Send us your tips via the Windows Secrets contact page.
Contents Index
EDITOR'S BOOKSHELF
About three minutes into the video, we're definitely reminded of a simpler time...
Windows 3.1! Play the video
Contents Index
LANGALIST PLUS
In this, my eighth and final column on my Housecalls across the continent, we see
how editing the Registry resolves a Symantec networking problem.
Symantec's Norton Antivirus requires a larger IRPStackSize than the default value in
order to handle data in a peer-to-peer network.
■ How to use some free, powerful tools to declutter a PC and speed boot times;
■ How to resolve an address conflict on a small network;
■ How to test the basic security of an Internet connection;
■ How to reduce the size of areas where enormous numbers of junk files can quietly accumulate;
■ How some very popular software can ruin the performance of some PCs;
■ How to reduce fan noise in a PC; and
■ How to get Scheduled Tasks to run properly if you don't have the normally-required login password.
If you missed the earlier installments, here are links to Parts One, Two, Three, Four, Five, Six, and Seven.
When we left off last week, we were trying to solve a strange error message I'd never seen before: "Not
enough server storage is available to process this command." Franz, the winner of one of my four
Housecalls, would see this message when trying to connect to his wife's PC via his peer-to-peer home
network. His network didn't have a central server, and Franz's machine (the closest thing to a server in the
network) had abundant RAM and disk space. What was going on?
The solution is in an obscure parameter known as IRPStackSize. IRP stands for Input/Output Request
Packet. This packet contains specially formatted data that device drivers use to communicate with each
other deep within Windows' core, or kernel. A "stack" in this context is a kind of scratchpad memory used by
the operating system. Thus IRPStackSize determines how much scratchpad memory is set aside to handle
IRPs.
Symantec tools seem to be the worst offenders for causing this error. Microsoft specifically fingers
Symantec's Norton Antivirus in Knowledge Base article 177078, which refers specifically to IRP stack space
running out. The Symantec site also contains an article covering the error. Both Microsoft and Symantec
focus on Norton Antivirus, but a general Web search reveals that many users also associate this error with
Symantec's Norton Ghost.
IRPs have been part of Windows since NT 3.5 came out in 1994, 13 years ago. You'd think the Symantec
folks would have gotten things straightened out by now. But this is another example of the problems that
can, and do, happen all too often with Symantec's offerings — just look at how often problems with
Symantec's software have come up in my eight-part series.
Fortunately, you can solve the problem with a little judicious Registry editing. (Note: all the standard
warnings apply. As always, make a backup before you make any significant changes to your operating
system.)
The odds are that IRPStackSize won't even appear in the right
pane. This means Windows is operating purely on its internal
default settings for IRPStackSize. In this case, point to Edit/
New, and then click DWord Value. Enter IRPStackSize as the new value in the right-hand pane. (The
name is case-sensitive; enter it exactly as shown.) Right-click on the entry you just created and select
Modify. Then select Decimal and, in the Value Data box, enter the number you want. (See below.) Close
the Registry and reboot. See if the problem is resolved.
What size should you specify? The default value is 15, but you can go as high as 49, if you need to.
(Technically, you can go all the way to 50, but Microsoft says using the maximum value may cause more
problems, so it's best to stay south of that maximum.) Raising the IRPStackSize to 25 solved the problem
on Franz's system.
If 25 doesn't work for you, a little trial and error may be necessary to get things right for your setup. Just
keep bumping the number up until you no longer see the error message.
With this fix, Franz's PCs were able to communicate across his network, and my final Housecall drew to a
close.
I'd like to thank our four winners, John, Gene, Dan, and Franz, for their hospitality during my Housecalls.
And I'd like to thank you, the Windows Secrets reader, for following along on this cross-country journey.
Figure 2. See you around! Hope you enjoyed riding along with
me!
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was editor of Byte Magazine (1987 to 1991)
and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others. He edited the
LangaList e-mail newsletter from 1997 to 2006, when it merged with Windows Secrets.
Contents Index
PC TUNE-UP
This week, I tell you where you can get free, disposable e-mail addresses and how to
automate the creation of those addresses.
There are several services on the Net that let you create temporary or disposable e-mail addresses. Two of
the services I recommend are TemporaryInbox.com and Mailinator.
Both services let you make up any inbox name you want on the fly. The sites automatically accept e-mail for
your new address on a temporary basis. No sign-up is required and no configuration is needed.
When using either of these sites, be aware that anyone can read the mail inside your inbox if they guess
your inbox name. That means you should pick a fairly complex name.
Also note that TemporaryInbox.com allows you to forward mail from your temporary inbox to your real
inbox, which might be useful. Mailinator doesn't currently offer that feature.
If you use the Firefox browser, you can download an add-on called Temporary Inbox (for use with
TemporaryInbox.com). The extension will generate a random inbox name with the simple click of a button.
You can then cut and paste the complete e-mail address into a Web form quickly, and click another button
to go directly to TemporaryInbox.com home page to check for e-mail.
Firefox's problem is that someone can include documents in .jar files and use those documents to launch
cross-site scripting attacks. In such an exploit, an untrustworthy site would be able discover information
from another site you visit, such as the password you use to access an online banking site. Compounding
the problem further is the possibility that bad guys might use .jar files to infect your system with malware.
The Mozilla Foundation is aware of this problem, but there's no official fix yet. There is a way, however, to
protect your system. Get a copy of the latest development version of the NoScript plugin for Firefox. It's
recently been updated to defend against this particular avenue of attack.
Keep in mind that, since NoScript v1.1.8.1 is still in development, it could have bugs. But, even if it does, at
least your systems will be protected against these particular .jar attacks.
You can find the latest version at the PHP Group's download page.
Your exposure is somewhat limited, since a bad guy would need to guess the name of one of your MySQL
user accounts that has CREATE_DATABASE privileges in order to take advantage of the flaws.
Nevertheless, it's better to be safe than sorry. Get version 2.11.2.1 at the phpMyAdmin Web page at
SourceForge.
Microsoft originally added the prompt because loading certain types of content without first prompting a user
is covered by the so-called Eolas patent. After a patent lawsuit, Microsoft has licensed parts of Eolas
technology, so the prompt can now be removed.
If you've become accustomed to using that prompt as a reminder of potential security risks, be aware that
the reminder will soon disapppear. You can read details on this at PC World.
Dave Perry recently wrote to tell me about Notepad Plus, another fantastic replacement — especially for
developers. It supports syntax highlighting for many common programming languages, including HTML,
XML, Javascript, PHP, Pascal, C++, and many others.
Ron Bujok recommends the free Notetab Lite, which I've used in the past. While the Lite version is pretty
good, it isn't as full-featured as the Standard and Pro versions, which cost U.S. $19.95 and $29.95.
Nevertheless, the Lite edition is still a good tool with lots of bells and whistles.
Finally, Doug Rizzo wrote to tell me about PSPad, which is another good Notepad replacement, with its own
advantages for developers. Like Notepad Plus, PSPad features syntax highlighting, but also supports
macros, templating capabilities, a built-in FTP client, a hex editor, and much more.
Thanks, guys, for sharing awareness of these great tools with all of us! Readers Perry, Bujok, and Rizzo will
each receive a gift certificate for a book, CD, or DVD of their choice for sending tips that I printed. Send tips
via the Windows Secrets contact page.
Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its
Security Matters blog. He's a network engineer, freelance writer, and the author of Internet Security with
Windows NT.
Contents Index
PATCH WATCH
Administrators of WSUS (Windows Server Update Services) also got yet another
surprise this week — a poorly punctuated category name caused problems with the
patching interface.
MS07-061 (943460)
Internet Explorer 7 gets long-awaited fix
This Patch Tuesday, we received a much-anticipated patch to Internet Explorer 7. This fixes a hole that
malware has exploited to infect computers, using Adobe Acrobat files and other files as the infection vehicle.
You should install MS07-061 (943460) as soon as possible to close this threat, which has been brewing for
several weeks. The hole involves a malformed URI (Uniform Resource Indicator). In plain English, this
means if someone crafts a Web link or some other Internet resource and places it into an e-mail or on a
Web page, clicking the invalid link could give someone complete control of your system.
While this hole affects only IE 7, as a precautionary security measure it will also be offered to systems that
use IE 6. This definitely is a patch you should put on the fast track for installation. At this time, I'm not
seeing any issues or negative side-effects.
For those who are running Vista Media Center, you'll see KB941229, which fixes issues with XBox when
used as a Media Center extender.
Figure 1. This month's Patch Tuesday offers a relatively small number of new fixes.
Microsoft is also distributing a new Junk E-Mail Filter, 905866, and Malicious Software Removal Tool,
890830. But this month was a fairly quiet month for patches.
As product manager Bobbie Harder discussed on the WSUS blog, the quotes in the name of the category
were soon removed. If you had a WSUS 3 server, and you did not have automatic synchronization selected,
all you needed to do to correct the problem was to manually resync your server. For those running WSUS 2
who had their server set to manually synchronize, but happened to get bonked by the misnamed category,
Harder provides instructions to manually remove the quote marks from the database.
I was hit with this issue myself. I woke up to the impact when my SBS 2003 R2 server's daily e-mail failed to
report the status of the server.
The SBS blog posting on the issue showcases the symptoms we were seeing. By the afternoon, those who
were affected were able to resync the servers, or simply wait until the 10 p.m. normal resync time for the
issue to clear up.
Here's hoping that Microsoft can get WSUS back to the dependable patch tool that we need it to be for
server administration.
MS07-062 (941762)
Domain name servers need spoofing prevention
For those of you who run servers that provide domain-name services, a different update should be installed
quickly as well.
MS07-062 (941762) closes a problem that allows DNS servers to be "spoofed." A spoofed server has been
tricked into responding to servers higher up in the food chain that they shouldn't be responding to.
For most end users, the DNS servers that your computer uses to "talk" to the rest of the Internet are
maintained by your ISP (Internet Service Provider). Those of you who are running any kind of network,
however — even those who use only Small Business Server 2003 — need to install this patch.
In addition, I did a little editing of an "Easter Egg" that the Macintosh developers left in the released code of
Leopard. As the Engadget blog reported, the coders left behind a Blue Screen of Death in the icon used to
signify Windows and other non-Apple machines on a network.
The unofficial Apple weblog recommends that you may want to wait on installing this upgrade. This would
be true if you have a lot of customizations of your Tiger platform, your Mac interacts with Windows
networks, and you are dependent on your system working.
Upgrading is not a task to be taken lightly for mission-critical systems, even if they are Macs. It's always
wise to ensure you have a backup.
944938
Zune firmware upgrade may have Flash conflict
For those who own a Zune music player from Microsoft, version 2.1 of the software is now being offered up
to owners of the platform. The Zune interface will inform you that an update is available, but you can also
download the upgrade from Knowledge Base article 944938 and install it from there.
If you have problems with the upgrade, you can call Zune support at 1-877-GET-Zune to get help with the
upgrade, or check Zune's contact page.
You can also get some guidance with patching issues on the Zune-Online.com forums, including an
interesting thread on software error 0x80070643, which prevents the installation of version 2.1.
A commenter near the end of that thread reports that the Zune upgrade could not be installed until the old
Zune software was removed with a tool called UnZoone from Remove-It.org. That did the trick for me, too. I
had to rip out the old Zune files before I could install the new stuff.
The music-player upgrade isn't a security patch, so I found it interesting that Microsoft's support hours for
Zune are 6 a.m. to 10 p.m. The last time I checked, that's one hour more telephone support than is provided
for Windows XP.
So far, I've seen an issue with Macromedia Flash not unregistering, thereby causing a problem with the
update. If you see this happen, contact me via the Windows Secrets contact page.
Connect iPhone to iTunes to avoid iOwnYou hacks
For those who own the "other company's" cellphone and music player, better known as the iPhone and the
iPod Touch, the latest updates for those platforms will be offered up by iTunes. Apple details the updates in
an article.
If you have one of these devices, ensure that you connect to the iTunes interface to install the necessary
updates as soon as possible. There have already been proof-of-concept postings about security flaws. I'm
sure someone would love to have bragging rights for the first exploit of an iPhone in the wild.
The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan
Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the
areas of Small Business Server and network security. She's also a partner in a California CPA firm.
Contents Index
INDEX
Contents Index
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus
occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving
and the last two weeks of August and December.
Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323
USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).
Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing
Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens.
Program Director: Brent Scheffler.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets
series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com,
LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo
Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and
service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their
respective owners.