Remember last month when some Windows customers complained that their systems were crashing after installing a round of patches from Windows Update? It turned out the problem wasn’t the MS10-015 update after all. Instead, the systems were infected with a nasty piece of malware that was actually the root cause of the crashes.

Now, roughly three weeks after the initial reports first appeared, the problem has been resolved and Microsoft has re-released the update:

[W]e have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit. If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error.

Microsoft has also released a standalone scanning tool that you can use to check any system for the presence of malware that will cause this specific problem. I ran the FixIt utility on a test system here and got a clean bill of health:

If you previously hid this update because you were concerned that it might affect your system, you can consider this an all-clear.

Ever wonder how Windows 7 pirates work? So did I.

So I did some research and tried a couple of interesting tools commonly used in the hacking community.

The results were eye-opening.

Details in my new post at ZDNet:

Confessions of a Windows 7 pirate

Questions? Comments? Feel free to leave them here if you don’t want to endure the free-for-all in the Talkback section there.

This week, Microsoft’s latest update to its Windows Activation technologies started appearing on Windows 7 machines via Windows Update. I’ve written about it at ZDNet:

Does that new Windows Activation update really ‘phone home’?

I completely understand why people don’t like activation. It can be a nuisance, although in practice it is a non-issue for most people. If your system is flagged as "non-genuine" and you have to go through the hassle of reactivating it over the phone, that’s 5-10 minutes of your life you’ll never get back. It happens to me occasionally when I restore a backup to a system after performing a major hardware upgrade. And I have never, ever had an issue with reactivating a Windows system over the phone.

In fact, my research shows that the incidence of false positives associated with Windows activation and validation has dropped dramatically in the four years since Windows Genuine Advantage was introduced. The rate of false positives used to be unacceptably high, now it’s barely noticeable and usually explainable (malware and pirated software is the most common explanation). If you have a different story to tell, please let me know in the comments, but be aware I will need full details to (via e-mail) to follow up properly.

Anyway, the story with the latest update is that there’s really nothing new to see. The KB971033 update doesn’t check your system to see whether you’re a pirate; it checks the integrity of the Windows system files to ensure that they haven’t been tampered with. It’s looking for known activation exploits, which can be used by rogue system builders to foist pirated software on unsuspecting customers. Microsoft released similar updates in February 2008 and February 2009 for Windows Vista. The only thing that’s different here is that this one downloads revised signatures every 90 days.

This just showed up overnight via Windows Update:

February 2010 Windows Media Center Cumulative Update for Windows 7

Microsoft has released the February 2010 Cumulative Update for Windows Media Center for Windows 7. This update rollup is intended for computers that are running Windows Media Center on Microsoft Windows 7.

Issues that this cumulative update package fixes

The February 2010 Cumulative Update for Windows Media Center for Windows 7 resolves the following issues:

• Improves the overall experience for systems that are configured by using digital cable card tuners.
• Resolves backward compatibility issues for some legacy Windows Media Center extensibility applications.
• Resolves an issue with how recorded TV shows are managed when switching to a user locale that is based on the Hijri calendar.
• Improves the overall experience when you use Integrated Services Digital Broadcasting (ISDB) tuners. ISDB is a Japanese standard for digital television and digital radio.

The first bullet is probably the most important one. I’ve noticed very few issues on the two CableCARD systems I have running here, but with the opening up of CableCARD tuners to hobbyists and the launch of Ceton’s new tuners imminent, there should be an influx of new digital cable tuners this year.

If anyone spots any issues after this update, be sure to leave a comment.

Microsoft has been evolving Windows Search for a long time, starting with an MSN-based add-on to Windows XP about five years ago. The version in Windows 7 has a whole bunch of surprising (in a good way) and useful stuff under the hood (like a GREP search engine that is able to handle some types of searches that were difficult in Windows Vista). We spend two full chapters in Windows 7 Inside Out on Windows Explorer and Windows Search. It was an eye-opener for me to research and write those chapters, and I recommend them to everyone who buys the book.

This week I got a request from a reader that initially stumped me. Here’s the question:

I want to be able to search for all jpg files in a particular folder where the filename starts with an S.

It would be the equivalent of dir s*.jpg.  These files have several descriptive words in them, however, and if I type s or s* in the search box I get every file that has an s somewhere in it or that has a word embedded in it that starts with S.  I have a hard time believing that Windows 7 search isn’t up to the task!  What am I missing?

The answer, it turns out, is Advanced Query Syntax. Here’s how we introduce it in the book:

You might not consider yourself a search ninja, but if you’ve typed a keyword or two in the search box and built a point-and-click search filter, you’ve taken the first steps on that path. To become a search ninja, you must master Advanced Query Syntax (AQS), which is the official name for the set of rules that Windows Search follows when interpreting what you type in the search box. (You’ll find detailed documentation of AQS at http://w7io.com/0903.)

I use AQS all the time, especially to find e-mail. If I click Start and type from:carl sent:this week in the Search box, I find every message anyone named Carl sent me this week. And if I enter type:doc name:ch* I get every Word document, PDF, or text file, that contains a word beginning with ch anywhere in its name, whether it’s saved on my hard disk or as an attachment in Outlook. So I can find Chapter 1.docx as well as an e-mail whose subject contains the word check and that contains a text attachment.

So how do I get the results my questioner was asking for? As he correctly observes, the asterisk wildcard doesn’t work. The first problem is that the index includes all text in every indexed file and its properties. Thus, typing s*.jpg finds every file that has the .jpg extension and includes any word beginning with s.

For his request, we whip out AQS and use the name: operator to restrict our request to just file names, ignoring file properties and contents. And we add the obscure .. operator. That’s two dots, used between two values to indicate a range. To find JPEG files that begin with the letter s, use this syntax in the Start menu Search box or in the Search box in the upper right corner of a library in Windows Explorer:

type:JPEG name:s..t

Ta-da! That does the trick by finding any file in the JPEG format (whether it uses the .jpg or .jpeg extension) and it restricts the list to files whose names are in a range that starts with the letter s and ends with t. (If you want to be a purist, you could make the range s..szzzz and eliminate the change of accidentally including a file named t.jpg in your results.)

If you have Windows 7 Inside Out, take a look at Chapters 8 and 9 for much more on how you can become a search Ninja. The AQS stuff begins on page 325.

I’m looking for people who have purchased Windows (or Office or PhotoShop or other high-ticket software packages) online or in a swap meet or retail store and later discovered that the copy they were sold was counterfeit.

If that’s you, leave a comment below. Be sure to include a real e-mail address on the form (it won’t appear on the published comment) so I can get in touch with you.

Anonymity guaranteed, I just want to get some details of what the experience was like.

Did I forget to mention I would be on vacation for the past two weeks? Oops, sorry about that.

Our annual mid-winter trip out of the snow and into the warm tropics was pretty perfectly timed this year, achieving the desired re-energizing. Well, except for the bleariness after a redeye back from Honolulu with a two-hour layover at 5AM in an ice-cold LAX. The United agent at gate 80 inside the terminal was wearing a parka and thick gloves that he kept on even while collecting boarding passes.

Anyway, I’m back in my office, diving into a backlog of work including the long but ultimately satisfying slog of digging deep into Office 2010 and producing chapters for Microsoft Office 2010 Inside Out. (Coming to a bookseller near you later this year.)

So if I’m still a little quieter than usual, that’s the reason. Of course, you could follow me on Twitter, where I post frequent updates, tips, and links to interesting stuff.

I’ve got some interesting little Windows 7 tips to post here as well, starting later today. And I might try some short Windows 7 Q&A posts here. Got a Windows 7 question? Leave it in the comments.

Microsoft’s Channel 9 at MSDN is airing a pilot episode of a new show called Help Desk this week. It’s a live show with a call-in format. The host is Chris Pirillo, and he’s backed up by a "brain trust" of support superstars from Microsoft–two Senior Windows 7 Test Engineers and a Senior App Compat Engineer. The panel’s challenge is to troubleshoot viewers’ problems and solve them live, on the air.

Questions can come in via Twitter (@ch9live), or you can e-mail them to ch9live [at] microsoft [dot] com.

Put it on your calendar:

• Address: http://live.ch9.ms/
• Date: Wednesday January 27th 2010
• Time: 2PM (Pacific Standard Time)

Good luck, Chris!

I guess today’s my day to write about Adobe. Over at ZDNet, I’ve posted detailed instructions on how to completely remove and reinstall Adobe’s Flash Player to stop crashes and fix slow performance in IE8.

Here, I want to circle back to a topic I bring up every few months, and that’s Adobe’s broken PDF Preview add-in for Windows Explorer Outlook. If you run 64-bit Windows 7, Adobe’s default installer configures itself incorrectly, which means you get an error message if you try to preview a PDF file in the Preview pane of Windows Explorer or in the Reading pane in Outlook 2007 or 2010. On a 32-bit system, both types of preview work perfectly, but both are broken on 64-bit systems.

Back in September, I pointed to a page that Leo Davidson had put together documenting the cause of the problem and providing a fix for Explorer previews. This week Leo asked me to test a fix that someone had passed along to him. I tried it on 64-bit Outlook 2010 running Windows 7 x64 and it worked perfectly.

It is really baffling to me how Adobe has allowed this behavior to persist for so long. I first wrote about it in May 2008, for heaven’s sake. Do they just not know? Can anyone at Adobe please help me understand what the problem is here?

At any rate, it’s nice to finally  have a simple (and free) fix for this annoyance. I recommend you read Leo’s backgrounder first (Adobe PDF preview handler 64-bit fix), paying special attention to the section about the Automatic fix tool. If you’re comfortable with it, then run the x64 fixer utility and click the Apply Fix button. Boom! Done. You can rerun the utility anytime to confirm that the settings are still correct (you will probably need to run it again after each update of Reader or Acrobat). Here’s what the settings look like on my working system:

And if you’ve been interested enough to read this far, then be sure to read Leo’s rant. Money quote: "I wish I could bill Adobe for my time fixing their mess."

Oh, and the community here should take a bow too. Leo says he unearthed some useful information and incorporated feedback from the comments on my last post back in September into the latest release of the fix tool. If you have any comments or suggestions for Leo, leave them here. I know he’s reading.

Seriously, Adobe, what’s up?

Because of a recent widely publicized exploit, Microsoft has broken with its normal update schedule to release a cumulative update to Internet Explorer for all Windows versions. It’s being delivered through Windows Update and through Windows Software Update Services (the managed corporate version of Windows Update). For details, read Microsoft Security Bulletin MS10-002.

If you check Windows Update manually you’ll find it categorized as Important, with details specific to your Internet Explorer and Windows versions.

If you do nothing, the update will be delivered automatically, sometime in the next 24 hours.

Should you update immediately? There’s no harm in doing so, but there’s also no urgency for the average Windows user running a modern browser on a modern Windows version. At this point there are no reports of successful attacks against Internet Explorer 7 or 8 using this exploit code, and both Windows Vista and Windows 7 include important mitigations that seriously limit the effectiveness of any attempts to exploit it. In short, there’s little harm in waiting for the automatic update.

If you are using Internet Explorer 6, you should update to a later browser version as soon as possible, preferably IE8. If you must continue using IE6, then make sure this patch gets installed as soon as possible.