Tip of the day: Create an instant System Restore point

Today’s tip is shamelessly stolen from Jerry Honeycutt, author of the definitive Microsoft Windows XP Registry Guide from Microsoft Press:

You can script System Restore to make taking snapshots quicker and easier. Wouldn’t you like to have a script sitting on your desktop that you can run before making changes to the registry? Here’s how to create a script that will create a restore point when you double-click it:

Using Notepad, type the following listing and save it with the file extension .vbs and make sure that you enclose the file name in quotation marks so Notepad doesn’t add the .txt file extension to the name.

Set SRP = GetObject( "winmgmts:\.\root\default:Systemrestore" )
CSRP = SRP.CreateRestorePoint( "Hacked the registry", 0, 100 )

Double-click the script file any time you want to make a snapshot, presumably before opening the Registry Editor to tweak the registry.

Update: If the word “hacked” bothers you, feel free to modify the script. Just change the text within quotes to something more generic, such as “Manually created restore point using script.”

Top ten Firefox browser annoyances

This list of top ten Firefox browser annoyances is ~~perhaps~~ the lamest thing I’ve read all year, even using the how-low-can-you-go bar that I assign to anything published in the Inquirer. No splash screen? No IM client? The Thunderbird e-mail client needs a new name? These are “some of the key problems … in Firefox”? It’s truly a shame that American English doesn’t have a word that’s equivalent to wanker. It would really come in handy here.

(Via Prof. Froomkin)

A Media Center newcomer with energy

Tim Coyle has jumped into the Media Center world with both feet, and his site, The F-Stop Blues (tagline: Getting your digital life in focus), is earning some nice buzz. It helps that the site is loaded with insightful, well-researched content and looks good, too. In a smart move, Tim reached out to some well-established members of the MCE community and conducted interviews via e-mail; this week he began publishing these interviews, which offer some insights that you might not otherwise see. The first two in the series are from Thomas Hawk and Chris Lanier. Don’t be surprised if another familiar name pops up there soon…

Keep it up, Tim!

Why I don’t use registry cleaners

Welcome, Digg visitors. Wow, twice in three days an old post of mine gets picked up and Dugg like crazy. Just to be clear: If you have a specific problem with removing a specific program, a registry cleaning utility might be able to identify keys that will help you solve that specific problem. But that’s a rare scenario. Most people I know use registry cleaners as part of their magic cleanup routine, and I see very little upside and a lot of potential downside in this sort of routine use. Specifically, as I write below, I have never seen any evidence that routine “cleaning” of the registry has any positive effect. I stand behind that statement.

Via Matt Goyer, John Hoole offers this cautionary tale:

just a note to say if you have Windows XP Media Center Edition 2005 (probably all versions actually) steer clear of registry clean programs such as Reg Mechanic they go through your registry and delete unnecessary keys….. sounds good but it didn’t count on Media Center I ran it a few days back and when I came to use Media Center it loaded then produced a crash report and died, took me ages to figure it out until I came to run Reg Mechanic again and realized This program deletes DLL files too so….. I restored the first backup and rebooted and media center worked fine so if you have that error on startup that’s your problem right there. Just restore the backup from Reg Mechanic. So you have been warned.

I’d go a step further: Don’t run registry cleaner programs, period. I won’t go so far as to call them snake oil, but what possible performance benefits can you get from “cleaning up” unneeded registry entries and eliminating a few stray DLL files? Even in the best-case scenario the impact should be trivial at best. Maybe a second or two here and there, maybe a few kilobytes of freed-up RAM, and I’m being generous. How can you balance those against the risk that the utility will “clean” (in other words, delete) something you really need, causing a program or feature to fail?

If anyone has done any serious performance testing on this class of software, I’d be interested in seeing it. In the absence of really rigorous testing and fail-safe design, I say: Stay far away from this sort of utility.

If you have a counter-argument to make, leave a comment. But simply saying, “I use Reg-o-matic Deluxe and my computer is way faster than ever!” isn’t good enough. Show me the data!

Update: I did a Google search for “registry cleaner” performance tests, and got more than 25,000 hits. In the first 15 pages, however, there wasn’t a single example of an actual performance test. Virtually all the results were from companies that make and sell this sort of utility, or from download sites that have affiliate agreements with these developers. I found one recent how-to article from Ed Tittel on TechWeb. Ed asserts that “Most Windows experts recommend a Registry clean-up on all systems at least once every six months.” He didn’t link to any of those experts, however.

Later in the same article, Ed advises: “I urge you to check comparative reviews, ratings, and rankings of Registry Clean-up Tools before you invest hard-earned dollars on these products.” Sadly, there are no links here either. I suspect that’s because detailed comparative reviews of this class of software don’t exist. Ironically, the article inadvertently documents the case against this sort of utility. Early on, it states: “The typical Windows system has literally hundreds of thousands of Registry entries.” The screen shot from the free utility he spotlights shows a grand total of 19 “errors,” most of which are simply pointers to CLSIDs that don’t exist. Is it really worth spending hours on this task? I don’t think so.

The best bit of reading I found in my search was this rant from a poster named Jabarnut on a thread at DSL Reports’ Software Forum:

The Registry is an enormous database and all this “Cleaning” really doesn’t amount to much…I’ve said this before, but I liken it to “sweeping out one parking space in a parking lot the size of Montana” … a registry “tweak” here and there is desirable or even necessary sometimes, but random “cleaning”, especially for the novice, is inviting disaster.

I also would like someone to show me any hard evidence that registry cleaning actually improves performance. (Unless there is a specific problem that has to be addressed by making changes to the registry).

Sorry to go on like this, but I feel there is way to much Registry “Cleaning” going on these days just for the sake of “cleaning”.

Amen.

Update 11-Sep: Several commenters have made a good case for a handful of utilities that include registry repair and cleaning options. They make the point that these are useful when used intelligently, not indiscriminately. My colleague George Ou from ZDNet passed along these comments:

I do like the free CCleaner. I’ve cleaned out 1 GB or more of junk on friends computers and it does make the system a little more responsive. You don’t get as many unexplained pauses. This is a problem with the lack of multithreading in Windows Explorer most of the time when it times out on dead resources like a detached network drive. I thought I remember reading something on the Vista features that fixes this by supporting multiple threads.

Other than that, I’ve made sure that I don’t have any dead links the system is trying to access on the desktop that are sure to cause a 30 second lockup even if I drag an icon across the dead link icon. Ccleaner also does a nice job removing a lot of that junk. The combination of MSCONFIG and Ccleaner works wonders.

OK, I’ll give it a try.

Tip of the day: Create instant e-mail messages

You probably find yourself creating email messages to a handful of people more than others. If so, why not create a shortcut that lets you automatically begin a new message, addressed to that person, with just one mouse click? Right-click any empty space on the desktop, and choose New, Shortcut from the menu. In the Command Line box, type mailto: (be sure to include the trailing colon), and then enter the recipient’s email address. The final result should look like this:

mailto:ed@example.com

Mailto: links were originally designed for use on Web pages, but you can also save them as shortcuts on the desktop, the Start menu, or the Quick Launch bar so they’re more readily available. When you double-click the shortcut, your default mail program opens, with your preset parameters already entered.

To enter multiple recipients in the To: field, separate e-mail addresses with a comma. To add optional fields, follow the final recipient’s name with a question mark and enter the name of the first optional field, followed by an equals sign and the value for that field. Preface each subsequent field with an ampersand (&). The following optional fields are allowed:

cc=name@example.com
bcc=name@example.com
subject=text
body=text

If any value contains a space, you’ll need to enclose the entire command in quotation marks. For instance, here’s how to create a shortcut that begins a daily status report addressed to two people, with the subject and body already filled in:

“mailto:ed@example.com,judy@example.com?subject=Status report&Body=No news today.”

After creating the basic message, you can customize it as needed and click Send.

Finally, a (partial) solution for “poisoned” Windows Media files!

Update: The original version of this post contained an error. According to my testing, the most recent version of Windows Media Player 10 does not include all of the fixes referred to in this article. The Windows Media FAQ offers this confusing explanation: “If you installed the latest update to Windows Media Player 10 (version 10.00.00.3802 or later), clearing [the Acquire Licenses Automatically] setting will potentially affect all protected files that you try to play, burn, or synchronize. If you have not installed the latest update to Windows Media Player 10, this setting will only affect certain types of protected files.” See the updated instructions below.

Microsoft has finally released an update that protects some users of Windows Media Player 9 Series from media files that try to install spyware/adware by exploiting a flaw in the license acquisition process. (For background on this issue, see How to fumble a security update.)

The procedure for fixing this issue varies depending on your Windows version and which version of Windows Media Player you’ve chosen to use. Microsoft has done a terrible job of getting out the word that an update is available, and as a result most Windows users are still unprotected. The full version of this post contains detailed instructions and is a must-read for any Windows user.

Continue reading “Finally, a (partial) solution for “poisoned” Windows Media files!” →

Tip of the day: Drop a file into an open window

One of the most efficient ways to open a file is to drag it directly from the desktop or an Explorer window and drop it in a program window that’s already open. By using this technique instead of double-clicking, you control exactly which program opens the file. But what do you do when the program you want to use is minimized or covered up by other windows? Use an expert technique called “drag and hover.”

Click the file you want to open and hold down the mouse button. Drag the file on top of the taskbar button for the program you want to use — but don’t let go of the mouse button yet, or you’ll get an error message! (If the button is grouped to represent multiple windows, wait until the list of available windows appears, and then move the pointer over the window you want to use.) After a brief pause, the program or folder window associated with the taskbar button appears on the screen, above all other windows. Now drag the file icon up to the window and drop it. In some cases you may find that you need to drop the file on the window’s title bar for it to open properly.

In Microsoft Word, for instance, dropping the icon for a Word document into an open document window inserts the content of the new file into the existing file; to open the file in a new window, aim the mouse pointer at the title bar before releasing the button. Likewise, if you drop the icon for a text file into a Word document window, the file is inserted as an embedded object; drop it on the title bar to open the text file for editing in Word.

More on Firefox Critical Updates

In the comments to my previous post, Ryan Walters notes that he’s running Firefox 1.0 and doesn’t see any update icon. That’s not good.

Here’s what the generic icon looks like:

Ff_update_icon

When you click the green icon, it checks for updates. After it completes the check it displays this dialog box:

Ff_update

The dialog box tells you there’s a Critical Update, and you should install it immediately. At that point it even turns the update icon red. But none of that information appears until you specifically click that oh-so-subtle icon.

So why didn’t Ryan see that icon? I don’t have a copy of Firefox 1.0 installed, so I can’t say. It’s possible that the Auto Update option isn’t enabled on his computer. (Click Tools, Options, click the Advanced icon, and select the Firefox check box under the Periodically check for updates heading.)

Update: As I was writing this, a pop-up notice (“Updates available”) appeared in the tray area at the lower right side of the screen. Windows developers call this sort of notice “toast.” Unfortunately, it went away almost immediately.

Like I said earlier, this isn’t an acceptable update mechanism for software that is intended for use by a broad-based, non-technical audience. If Firefox wants to preserve its reputation as the secure alternative to IE, it has to protect every single user from exploits that can install unwanted software.

Firefox exploits now in the wild

F-Secure reports:

Proof-of-concept exploits for the popular Mozilla and Firefox web browsers have been posted on public mailing lists. They target the following vulnerabilities:

– Code execution through favicons link
– Arbitrary code execution from Firefox sidebar panel

These exploits allow the attacker to run arbitrary commands on Firefox before version 1.0.3 and Mozilla before version 1.7.7.

We advice all Mozilla and Firefox users to immediately patch their browsers. Otherwise you might get nasty stuff happen on your computer just by surfing to the wrong site.

For those who know what this means, it’s blood-curdling news. A proof of concept is code that exploits a vulnerability. From that code, it’s a short step to actually creating a hostile exploit that installs a virus or Trojan horse on an unpatched computer. (Oh, and forgive the grammatical errors in the F-Secure announcement. They’re based in Finland and English is obviously a second language. Their expertise in combatting viruses is, however, second to none.)

There’s a little tiny icon in the upper right corner of the Firefox window, just below the Minimize / Maximize / Close buttons, that is supposed to alert you when an upgrade is available. The most current version is 1.0.3, and the little icon has been visible now for a couple of days, with no additional warning of any kind. In my opinion, the Firefox alert icon is way too subtle. How many people had Firefox 1.0 installed on their computer by a friend or family member over the holidays and don’t realize there have been three critical updates since then?

Curiously, the Mozilla Security Center includes no mention of the two most recent updates. As of today, the announcement at the top of the page reads:

Mozilla Foundation Announces Update to Firefox (February 24, 2005) All users should upgrade to Firefox 1.0.1, a security update to Firefox 1.0. …

And yet… The Mozilla Foundation Security Advisories page, which is linked from the Security Center, lists both Firefox 1.02 (released March 23), which fixes one critical security issue, and Firefox 1.03 (released April 15), which fixes three separate critical security issues, including the two that now have exploit code in the wild.

There’s no question that the Mozilla/Firefox team is taking their responsibility seriously, but the update mechanism is not working properly for a software program that is intended for use by the masses.

If you’re going to WinHEC…

If you’ll be at WinHEC in Seattle (April 24-27), leave a comment or send me a note. If there’s enough interest, maybe we can set up a dinner on Sunday night.

Unless, of course, Scoble and Frank Shaw have something else in mind. The S.F. blogger’s dinner was a good idea. Why not do something similar in Seattle?