If you’re running Windows 7 or Windows 8, you can expect a lot of security updates today, at least 10.

I’m also running Office 2013 Professional Plus. With that package in the mix you get so much more:

Yowza. That’s a lot of updates. Maybe even a record for me. (I should note this machine hadn’t been updated in a while, so it might have been getting two months’ worth of updates in one serving.)

On another machine with Windows 8 and Office 2010, I counted 16 updates.

It’s interesting to note that Office 365 Home Premium, which has almost exactly the same apps as Office 2013 Professional Plus, apparently hasn’t received this update yet. It updates itself through the Click-to-Run feature, whose options are set on the Office Account page. Currently, the version number for Office 365 Home Premium is 15.0.4454.1004, compared to 15.0.4454.1504 for the standalone version, which uses Microsoft Update.

I imagine that update will be coming along soon, and I’ll be curious to note just how the update process compares to this one.

Dear Microsoft,

These days, consumers buy PCs and tablets and other similar devices. They’re not familiar with binary calculations.

So when they see a device that claims to have a 64 GB drive and then they look in File Explorer and see that it’s only 59 GB, they feel cheated. And when they hear that their 128 GB drive only has 89 GB of free disk space, they wonder what you’re doing with all the space they thought they paid for.

You can explain the difference between binary and decimal calculations until you turn blue. Consumers won’t get it.

Apple bit the bullet and did this in 2009. If you buy a 1 terabyte external drive and plug it into a Mac, the OS X disk tools tell you it has 1 trillion bytes of storage, with 996 GB available after formatting.

Plug that exact same drive into a Windows machine and it tells you that you only have 931.51 GB available. (Don’t believe me? See for yourself.)

Which answer is easier for consumers to understand?

I understand it’s a hassle to convert your Windows tools (File Explorer, Disk Management, Resource Monitor, etc.) to show MB and GB in their decimal form. I know it will annoy techies who have been working with Base 2 since the 1990s or earlier.

But you really need to make this change, because otherwise this sort of thing happens. It is insane, from a marketing point of view, to publish a table disclosing storage space in binary terms when the device itself AND its packaging AND your advertising use decimal measurements.

Meanwhile, maybe you can whip up a little app and put it on the Windows 8 desktop, one that will conveniently display actual free and used storage in decimal terms.

If you open the Metro-style PC Settings today on a system running Windows 8 or Windows RT and tap General, you see this:

It can’t be too hard to tweak that text so it says something like this:

Your total system disk size is 128 billion bytes.
You have 110.5 billion bytes available.

Seriously, people.

Tomorrow, Microsoft puts its second Surface device on sale. Unlike the Surface RT, this is a full PC, with very muscular specs.

My full review is here: Is the brilliant, quirky, flawed Surface Pro right for you?

Microsoft’s Surface Pro page is here: Windows 8 Pro Home

I’ve also looked at the storage space controversy in what my friend Harry McCracken calls an “extreme, borderline obsessive-compulsive level of detail,” which I gladly cop to.

Here’s that post: Surface Pro versus MacBook Air: Who’s being dishonest with storage space?

So after all that, I want to know: Are you planning to buy a Surface Pro?

[poll id=”4″]

Here’s a link I found incredibly useful today, so I decided to share it.

A little background: My main work notebook came with a trial version of Office 2010 that I never uninstalled. I installed Office 2010 Pro Plus, and then later I installed the Preview version of Office 365 Small Business Premium.

Amazingly, everything seemed to work just fine. But today I wanted to clean up all the gunk in preparation for the coming release of the final versions of the Office 365 Small Business and Enterprise products.

To start, I did exactly what you probably would do: visit Control Panel, click Programs and Features, choose the various Office entries, and uninstall them one at a time. It all seemed to go well, but after restarting I discovered that Windows Update was prompting me to install the Office 2010 Service Pack and several updates for individual apps.

Hmmm, that doesn’t seem right.

Although Control Panel no longer had any Office-related entries, the prompts for updates wouldn’t go away.

So I visited this page:

How to uninstall or remove Microsoft Office 2010 suites

If you find yourself in a similar situation, one of the tools here is almost certain to help you. The second item on the list is a Fix It tool you can download and run. That one didn’t work for me. But the third option on the list, the Office 2010 Program and Uninstall Troubleshooter, did the trick. After running it, I went back to Windows Update, clicked Check For Updates, and watched with pleasure as the Office updates vanished from the list.

This shouldn’t be something you need to use often. My situation, with two released versions and a beta, is (I hope) unusual. But it’s good to know the option is there.

Note that this page includes links to similar uninstallers for Office 2007, Office 2003, Office for Mac 2011, and Office for Mac 2008. I’m sure the “How to uninstall Office 2013” article is just around the corner.

And here it is: Uninstall Microsoft Office 2013 or Office 365

Security researcher Adam Gowdiak ([SE-2012-01] An issue with new Java SE 7 security features) notes recent claims by Oracle that it has substantially  improved Java security. Sadly, he points out, those improvements are only theoretical.

What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings described above. Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with “Very High” Java Control Panel security settings.

That said, recently made security “improvements” to Java SE 7 software don’t prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.

I’ve said it before and I’ll say it again: If you are concerned about the security of your PC and network you should seriously consider uninstalling Java from all PCs under your control.

If you use web-based apps that require Java, you should conduct an active search for alternatives. If you cannot find alternatives, you should consider running Java only in highly managed virtual environments.

The fact that Java uses deceptive techniques to distribute unwanted software with its security updates just adds insult to its serious potential for injury.

Several important deadlines for Windows 8 early adopters are looming next week.

Most importantly, the opportunity to order upgrades to Windows 8 Pro for $39.99 ($69.99 if you want a physical disk) will end on January 31. Beginning February 1, the price of that upgrade goes up to $199.99.

Likewise, the opportunity to qualify for a $14.99 Windows 8 Pro upgrade for any new PC you buy with Windows 7 preinstalled ends on January 31, 2013. You have until February 28, 2013 to redeem that offer. But remember, this only applies to a new PC preinstalled with Windows 7 Home Basic, Home Premium, Professional, or Ultimate and purchased from June 2, 2012 through January 31, 2013.

Finally, if you are running Windows 8 Pro, either as an upgrade or purchased on a new PC, you qualify for a free Windows 8 Media Center Pack. Installing this upgrade unlocks the Windows 8 Media Center component and the codecs required to play back DVDs in Windows 8. This offer ends on January 31, 2013 as well, after which the price for that add-on goes up to $9.99.

You can find the details of the no-charge Media Center Pack upgrade on this promotional page at Windows.com. The page contains installation instructions and notes that the offer is “valid from October 26, 2012, until January 31, 2013, and is limited to one product key per email address.”

If you ordered multiple free product keys via this offer, you might have seen this wording in the terms and conditions:

Your product key must be activated no later than January 31, 2013. Microsoft will only contact you at the email address you provide to send you your product key and to remind you when the activation period for your product key is ending.

And if you haven’t yet gotten around to using one of those keys, you’ll likely receive a message like this one, which reiterates those terms:

Does that warning mean your Media Center Pack key will no longer work beginning February 1?

I checked with a Microsoft spokesperson and was told that the keys will continue to work after the deadline passes, and that they will work later if you need to reinstall Windows. The e-mail messages are mostly a reminder to upgrade, I was told.

Update: A Microsoft spokesperson contacted me with additional information on this issue. Yes, you must activate those copies of the Media Center Pack by January 31. It’s possible (even likely) that the activation servers will continue to honor those keys for some period of time after January 31, but at some point in the near future an unactivated Media Center Pack key that was issued as part of this promotion will not be honored. (They will be usable for reinstallations, however.) Keys that are paid for, either before or after the deadline, will not expire.

My guess is that this legal requirement had to do with Microsoft’s payments to Dolby Corporation and others for licensing rights to the codecs that are included with the Media Center Pack. Each Media Center Pack key that is activated triggers a payment to those rights holders (my guess is the amount is somewhere between $7 and $10), and for accounting reasons Microsoft would really like to clear as many of them off its books as possible before the deadline passes. (If you’re curious about the background, I covered it in this post.)

There are a few cautions to keep in mind before you do this otherwise simple upgrade.

First, the new license key replaces your existing Windows 8 Pro license key. Make sure you keep a record of the existing license key so that you can use it if you need to reinstall Windows 8 Pro. You’ll find that key in the e-mail you received if you ordered the upgrade from Microsoft. If you can’t find that e-mail, use a tool like the free KeyFinder (get the version “without toolbar offers”) to locate and save it.

Second, some people have reported activation hassles after installing the Media Center Pack. The symptom is an error code 0xC004C4AA, which blocks online activation. I encountered this error on one of five test systems here and had to use a manual activation code from Microsoft Support to return my system to a properly activated state. If this happens to you, check out the Microsoft Community support forums.

For what it’s worth, I am continuing to use the Windows 7 version of Media Center with my CableCard-equipped tuners here. There’s nothing new in the Windows 8 Media Center, and it breaks support for some features, including compatibility with extender devices other than the Xbox 360.

If you’re still using Windows XP, please stop. Seriously, figure out how to migrate to Windows 7 or Windows 8. Or to an modern alternative platform if you don’t trust Microsoft.

Don’t take my word for it. Listen to Justin Schuh, an Information Security Engineer at Google, who wrote this interesting post recently on Hacker News:

I’m one of the lead devs on the Chrome Windows sandbox, and I can assure you that what we do with Vista+ on the security front is leaps and bounds ahead of what we’re stuck with on XP. DEP is unreliable and pretty worthless anyway without ASLR. You also don’t have things like SEHOP or other memory mitigations that are the first line of defense between your system and the average stale pointer exploit against WebKit.

As for the sandbox itself, we run as “Untrusted” integrity level under Vista+, which buys a solid layer of defense on top the SID, rights, and job based sandboxing we do on XP. Our GPU process sandbox in particular (used for accelerated graphics) relies heavily on Vista+ integrity levels due to deficiencies in the Windows XP driver and graphics model. Then there’s the fact that XP is lacking hundreds of security fixes that Microsoft has chosen not to backport.

Seriously, I’ve spent many weeks trying to wring every last bit of security I can out of XP, and I really do think that Chrome does the best anyone possibly could on that front. But in the end XP is just an OS that’s far past its security expiration date, and running it at all means taking a big risk.

Read that last sentence again and tell me why you’re not planning an update?

[Hat tip to Troy Hunt]

You know that $39.99 upgrade to Windows 8 Pro from any previous edition?

It’s about to go away.

As of January 31, 2013, the price of a Windows upgrade goes up dramatically. Here’s the official U.S. MSRP list (online and at retail) from Microsoft:

• Windows 8 Pro upgrade $199.99
• Windows 8 upgrade $119.99
• Windows 8 Pro Pack (upgrade from Windows 8 on a new PC, currently $69.99) $99.99
• Windows 8 Media Center Pack (add Media Center and DVD playback to Windows 8 Pro) $9.99

So if you’re thinking of upgrading, this might be a good time to stop thinking and start clicking.

Note that you’re allowed to purchase a total of five Windows 8 Pro upgrades at the $39.99 price. That total price tag is the same as a single upgrade will cost once the promotional offer ends.

And don’t expect Microsoft to relent and extend the promotional pricing. There were similar discounts available for Windows 7 in its early days that were never offered again.

Consider this a reward for being an early adopter.

Questions? I’ve got answers here:

Your top 10 Windows 8 questions of 2012, answered

And to answer the very first question in the comments, there are no changes to OEM pricing. The current promotions are for upgrades only. OEM prices were not discounted so there’s no “normal” price for them to return to.

[via The Windows Blog]

Copyright law is weird:

The [Bob Dylan] compilation, 50th Anniversary Collection, is a limited-edition, four-CD set that was only released in Europe. … The collection is a scrapbook of recordings from the first years of Bob Dylan’s career: unreleased home tapes, live performances from Greenwich Village folk clubs and outtakes from the sessions for his second studio album, The Freewheelin’ Bob Dylan. The packaging of the 50th Anniversary Collection is minimal — just four discs, a brown paper cover and a cursory list of the 86 tracks.

And only 100 copies.

Why the low-key release?

Dylan’s record label declined requests to talk about the collection or its unconventional release strategy.

But the subtitle, The Copyright Extension Collection, Volume 1, speaks for itself.

“Even record executives occasionally stray into honesty,” says James Boyle, a law professor at Duke University. “This is, in fact, a copyright extension collection. That’s what it is.”

Can’t blame them, but still… Copyright laws have become ridiculous.

Via Kaspersky and a bunch of other sources:

Nasty New Java Zero Day Found; Exploit Kits Already Have It

Security experts are urging users to disable Java immediately after the discovery of another zero-day exploit that has been incorporated into the Blackhole, Redkit, Cool and Nuclear Pack exploit kits.

If you don’t recognize those names, they’re crimeware kits that allow bad guys to booby-trap web sites, which they then lure unsuspecting victims to visit using e-mail messages or poisoned seaarch results. As soon as you load the site in your browser, the exploit runs and you are compromised.

At the moment, there’s no fix for the specific exploit, although up-to-date antivirus software will usually block the exploit from the sites.

Instructions on how to disable the Java plugin are here. And yes, this can affect Macs as well as Windows PCs, so don’t assume you’re immune because you have a Mac.

If you have specific sites that require a Java-based plugin, consider using Chrome’s ability to block the Java plugin globally while selectively enabling Java for specific sites. Details here.

Other possible strategies:

• Disable Java in your default browser but enable it in a secondary browser. When you need to use Java, fire up the alternate browser and navigate to the Java-based app manually.
• Install Java in a virtual machine and install Java in that sandboxed installation. Although it sounds inconvenient, cleaning up a malware infection is worse.

Additional reading: How big a security risk is Java? Can you really quit using it?