Scott Hanselman has a great suggestion. This holiday weekend (assuming you’re in the U.S., that is), take a few minutes to clean up PCs that belong to your friends and relatives. (With their permission, of course!) His checklist is a good start:

This holiday weekend, when you (computer person) visit your cousin/dad/aunt/grandma, give them a gift:

• install anti-spyware software and configure it to run automatically on startup. I use SpyBot Search and Destroy.
• enable their existing Windows Xp firewall, just turn it on
• give them anti-Virus software (or install the free version of AVG)
• run diskcleanup and defrag
• lower the size of the IE cache
• turn the security in IE up (for ActiveX controls) or install FireFox.

Great idea! I would add:

• Get the latest patches from Windows Update and turn on Automatic Updates.

The whole process shouldn’t take more than 30 minutes, especially if you download Service Packs and anti-virus/spyware tools to your computer first and burn them to a CD.

Phillip Torrone of Engadget gets two things wrong in a post this morning, and because Boing Boing picked up his post, the misinformation is going to get amplified mightily. How-To Tuesday: Disable AutoRun on Windows! He says:

Yes, this is a bit of a report from our post Monday, but we feel disabling Autorun is extremely important. By default Windows will automatically look for a file called Autorun.inf on any CD you pop in to your system, we’ve always known this is a big security issue as there are a lot of spyware and viruses distributed on CDs, you read about this every week. In fact, Microsoft is even disabling this in their next security focused service pack.

This is then followed by detailed instructions on how to edit the Registry to disable AutoRun.

Where to begin…?

First, name a single virus in the past five years that has been distributed via CD. I vaguely recall some Microsoft CDs issued to the press in 1997-98 that contained Word documents that had been infected with Melissa or some such. Nothing at all since that time, and I pay close attention to that stuff. So the idea that we should all be petrified over the prospect of a CD transmitting a virus is … let’s call it silly. And as for spyware — typically it gets installed when you visit a Web site or when you install a program. If you voluntarily install a program that you receive on CD, it could install spyware. Disabling AutoRun won’t stop that in any way.

Second, AutoRun on CD hasn’t been disabled in the latest security pack. You do get a security dialog box, but that’s it.

Ah, if you read further into the article you see what this is about. Not viruses or Trojan horses, but copy protection. Seems that a new RCA CD is using a copy-protection scheme called MediaMax, which relies on Windows AutoRun. As Phillip points out in his story, however, you can disable AutoRun on any CD, any time you want, by just holding down the Shift key as you insert it.

Finally, he says, “Please, tell everyone to disable autorun, use our email option, IM your pals, whatever it takes.”

Please don’t.

I’ve been meaning to write about this for a while. Several times over the past year, I’ve worked on computers belonging to friends who are concerned that a file whose name is ~ (that’s a plain ol’ tilde) appears on the desktop. Is it a virus? Is it spyware? Nope. It’s an Outlook Express bug.

KB article 830921 explains the symptoms: “When you edit a contact in the Outlook Express Windows Address Book (WAB), a file named ‘~’ may appear on the desktop or at another location on the hard disk such as C:\Program Files\Outlook Express.” The solution? Move the file to another location. (Don’t just delete it.)

According to the KB article, this bug is due to be fixed in an upcoming service pack.

This question appeared on a bulletin board recently:

Someone suggested deleting the contents of the Prefetch directory in Windows XP on a weekly basis, to speed up the boot process. Is that good advice?

The Internet has a way of taking questionable facts and giving them a life of their own. Even bad advice about Windows has a way of spreading, just like urban legends. This is one of those “tips” that doesn’t survive even a cursory analysis.

The Prefetch directory serves a valuable purpose by analyzing files that you use at startup and when you run programs. Contrary to what some well-meaning but technically inaccurate articles suggest, this does not copy the files themselves. It creates an index to the location of those files on the hard disk, including the order in which they’re loaded. This allows Windows and Windows programs to start very quickly after the first time you use them.

The Prefetch directory has one additional salutary function when used in conjunction with the built-in defragmenting tool. Every three days, during idle times, this utility rearranges program code, moving it to the outside of the disk to make it more efficient when loading (to force Windows to perform this optimization without having to do a full defragmentation, use the Defrag.exe command with the -b switch. For instance: defrag c: -b).

Carl Siechert, Craig Stinson, and I actually devoted several pages of Windows XP Inside Out to this topic. That was almost two years ago, though, and I’m willing to keep an open mind that we might have missed a great tip. So, just for grins, I got out my stopwatch and clocked my system boot time. Then I cleared out the Prefetch directory and did it again. My system has been running nonstop for 7 months and I have never touched the Prefetch directory. If this “tweak” were going to do any good, surely it would have maximum effect on my computer, right? The results were illuminating.

I timed from power up, starting with the first beep (POST code) to the point where the hourglass cursor disappeared.

With a full Prefetch directory:
… 0:50 to login screen
… 1:08 to desktop

After emptying Prefetch directory:
… 0:58 to login screen
… 1:57 to desktop

In other words, it took me nearly a minute longer to boot after using this “speedup” tip!

When I Googled for this topic, I found tons of examples of people who had simply copied this advice to their list of “tips” without any explanation of why it would be valuable or whether it actually affects performance. Mark Russinovitch and David Solomon, for instance, wrote an excellent article called Windows XP Kernel Improvements Create a More Robust, Powerful, and Scalable OS in the December 2001 issue of MSDN Magazine. Their technical credentials are impeccable, and they speak very highly of this feature.

The few people who did discuss it in those terms were unanimous in recommending that you leave Prefetching on.

Furthermore, why worry about boot times anyway? I recommend that most people avoid restarting their computer except when it’s absolutely required. Windows XP is so stable you can leave it running for weeks at a time and only restart on those rare occasions when you have to do so. If you need to shut down the computer, use the Hibernate option instead, which allows you to resume in seconds, with all your programs loaded just the way they were when you shut down.

If you really want to improve performance, forget bogus tweaks like this one and do the following: increase the amount of RAM in your computer (at least 256MB), get a good defragmenter (Diskeeper is the best), and remove programs you don’t use (or at least configure them so they don’t start automatically).

Update, March 2005: This “tip” just won’t die. It still appears all over the Internet, including at some places that should know better. We revisited the topic for the second edition of Windows XP Inside Out and found that cleaning out the Prefetch folder still does nothing positive for performance. If you think otherwise, get a stopwatch and run your own tests.

Update, May 2005: Microsoft’s Ryan Myers has an excellent blog post on the subject, entitled “Misinformation and the Prefetch Flag.” Here’s the money quote: “[I]t is a bad idea to periodically clean out that folder as some tech sites suggest. For one thing, XP will just re-create that data anyways; secondly, it trims the files anyways if there’s ever more than 128 of them so that it doesn’t needlessly consume space. So not only is deleting the directory totally unnecessary, but you’re also putting a temporary dent in your PC’s performance.”

Be sure to read these follow-up articles as well: Don’t clean out the Prefetch folder, Debunking yet another bogus Windows tip, and One more time: do not clean out your Prefetch folder!

A few weeks ago, I posted an article on this site, entitled Stop those pop-ups (part 2), describing how to get rid of those nasty, obnoxious, annoying pop-up windows that seem to be afflicting just about everyone with a computer running Windows XP.

After checking in with some newsgroups, I’m now convinced that this is the #1 complaint of Windows XP users. These things seem to come out of nowhere, because the Messenger service (again, not to be confused with the Windows Messenger instant messaging program!) wasn’t a part of Windows 95/98/Me. Most people assume that they’re related to the pop-ups spawned by Web browsers. They’re not. They’re direct PC-to-PC messages from a sleazy spammer to you.

In fact, you should consider these pop-ups a great test of your PC’s security. If you’re getting these messages, your computer is dangerously exposed to hackers, crackers, and other attackers. You can shut down the Messenger service, as I outline in the article above, but that only solves the immediate symptom. To protect yourself from other, similar vulnerabilities, I highly recommend that you install a hardware router with port-blocking capabilities, or a software firewall, or both.

In the last few weeks, I’ve received an increasing number of messages from people asking about how they can stop annoying pop-up ads that appear on their PCs without any warning. These ads aren’t like regular Web pop-ups. Instead, they look like dialog boxes, with the words “Windows Messenger” in the title bar.

Here’s what’s going on. The Messenger service (no relation to the instant-messaging utilities used by MSN, AOL, and Yahoo) was originally designed for network administrators and programs to send messages over a corporate network. A printer could pop up a window telling you you’re out of paper, or your IT guy could alert you that he’s about to shut down a file server for emergency maintenance.

Although this capability has been in Windows NT and Windows 2000 for years, sleaze merchants only recently discovered this service. The same clowns who sell bulk-mailing software now sell software that can tap directly into your Internet connection and use the Messenger service (a component of Windows, not be confused with the Windows Messenger instant messaging program) to spam you with these ads.

Because these messages look like legitimate Windows dialog boxes, they have the potential to fool users who haven’t heard about this trick. It’s a gross invasion of your privacy, and it ought to be illegal. Utilities designed to stop pop-ups spawned by Web sites will have no effect on these messages. Fortunately, you can block these jokers with any of the following strategies:

Use a hardware router or a software firewall. These messages typically arrive on ports 135, 137, or 139. By default, a good firewall will block unsolicited requests on any of these ports.

Turn off the Messenger service. Using Windows 2000 or Windows XP, open Control Panel and find the Services icon. (It’s in the Administratifve Tools folder, under the Performance and Maintenance category.) Find the entry for Messenger, double-click, and click Stop. Then change the startup type to Disable.

You can read more about this topic and download a free utility that will automate the process of disabling this service at the
Stop Messenger Spam site.

Is there ANYONE out there who actually has a positive thought about pop-up ads? I detest them, and I make a special point to avoid advertisers who use them. Thanks to my longtime pal Woody Leonhard, I can now recommend a great pop-up blocker for anyone who uses Internet Explorer. EndPopups.com Popup Manager is free, and it works better than any similar utility I’ve ever seen.

I don’t know what sort of magic the developers of this software use, but they’ve managed to catch just about every conceivable form of pop-up spawned by a Web page. The program itself is unobtrusive, adding a small red bar in the lower left corner of the browser window to indicate that it had blocked a pop-up. If the pop-up window is one you actually want to see (as is the case with some sites that use pop-ups for login prompts), you can click the big E icon to make the window appear.

Highly recommended.

I’ve been updating and rearranging my Windows Tips collection lately. These originally appeared on my About.com site in 2000 and 2001, and much of the information was outdated. They were also unnecessarily difficult to navigate, with each tip on its own page. I’m still updating the content, but hopefully the navigation will be a little bit easier now. If you see a mistake in any of the tips, please post a comment here and I’ll try to get it fixed asap.