Andy Ziegler, a Program Manager on the IE8 team, just published an interesting post on the IE Blog going into some technical details about how Internet Explorer keeps tabs separate from one another. The subject of tab isolation is fascinating, in a geeky way, and extremely relevant even to non-geeks, for two reasons. First, tab isolation is a reliability feature; if one tab crashes, you don’t want to lose all your other tabs. And second, it’s also a security feature, one that browser developers have been wrestling with for years in the form of cross-site scripting and other attacks.

Microsoft takes a lot of heat for being a follower in browser development, but as Ziegler notes, they’ve been ahead of the curve on this one:

On March 5, 2008, Microsoft released the first IE8 beta with Loosely-Coupled IE (or LCIE for short). This was the first mainstream implementation of tab isolation. On September 2, 2008, Google Chrome’s first beta released with “process isolation.” Mozilla Firefox has recently discussed an “Out of Process Plugins” (OOPP) or Electrolysis project aimed at isolating Firefox plug-ins, such as Flash, from the rest of the browser.

You can see the IE8 design at work if you open up a single tab and then check the Processes list in Task Manager. With one tab open, you’ll see two instances of Iexplore.exe. Why two?

IE8 isolates the frame process (title bar, back button, address bar, etc.) from the tabs processes (that show web pages). If anything causes a site to crash (an extension like Flash, or the rendering or scripting engine, etc.), the frame and other tab processes will not crash. IE isolates the whole tab – all of its code, data, and extensions – to keep IE resilient to webpages with issues.

One interesting thing I’ve noticed over the past year or so while working with IE8 is that there isn’t a predictable correlation between the number of tabs and the number of processes. For instance, right now I have 16 IE8 tabs open, but Task Manager shows only nine processes running:

I’ve heard some theories about how IE8 combines tabs into a single process while still maintaining the ability to recover in the event of a crash, but I haven’t seen any official documentation on the subject. Andy, if you’re looking for new blog topics, that’s a good one for you.

Update: I decided to explore a little more intently and found a great blog post from the IE support team that explains how IE manages the number of new tab processes. Geeky but interesting.

Ziegler’s post also contains a terse but interesting competitive analysis of the differences between the sandboxing approaches taken by IE and Google Chrome. Not surprisingly, he argues that Microsoft’s approach is fundamentally more secure. I’ll let you read and decide.

Finally, if your eyes bulged out a bit when you saw the memory in use by each one of those Iexplore.exe processes in the Task Manager shot above, you’re not alone. I watched that phenomenon for several months until I finally got a handle on what’s going on. The first time I saw a single process shoot up over 500 MB, it was fairly alarming, but it’s worth noting that this system has 10GB of RAM and isn’t close to running out of memory. As I’ve noted earlier, Windows believes in the philosophy that empty RAM is wasted RAM.

If I were to open this same assortment of tabs on a machine with, say 2 GB of memory, I’d see a very different memory usage pattern, with each process quickly surrendering memory when another process needs it.

And here’s what’s most interesting of all, and a testament to IE’s ability to recover. From Task Manager, I just forcibly ended the three processes that were consuming most memory on that list. As I killed each process, I saw the tab (or tabs) associated with that process reload in the browser. When I was all done, I hadn’t lost a single tab and Task Manager looked very different:

That’s 12 processes, totaling roughly 598MB of memory. Compare that with the previous load, which involved nine processes using 1,051 MB of memory. For those keeping score, that’s a 43% drop in memory usage. I don’t recommend randomly killing Iexplore.exe processes this way, but it’s comforting to know you can do so with no adverse consequences.

Remember last month when some Windows customers complained that their systems were crashing after installing a round of patches from Windows Update? It turned out the problem wasn’t the MS10-015 update after all. Instead, the systems were infected with a nasty piece of malware that was actually the root cause of the crashes.

Now, roughly three weeks after the initial reports first appeared, the problem has been resolved and Microsoft has re-released the update:

[W]e have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit. If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error.

Microsoft has also released a standalone scanning tool that you can use to check any system for the presence of malware that will cause this specific problem. I ran the FixIt utility on a test system here and got a clean bill of health:

If you previously hid this update because you were concerned that it might affect your system, you can consider this an all-clear.

Ever wonder how Windows 7 pirates work? So did I.

So I did some research and tried a couple of interesting tools commonly used in the hacking community.

The results were eye-opening.

Details in my new post at ZDNet:

Confessions of a Windows 7 pirate

Questions? Comments? Feel free to leave them here if you don’t want to endure the free-for-all in the Talkback section there.

This week, Microsoft’s latest update to its Windows Activation technologies started appearing on Windows 7 machines via Windows Update. I’ve written about it at ZDNet:

Does that new Windows Activation update really ‘phone home’?

I completely understand why people don’t like activation. It can be a nuisance, although in practice it is a non-issue for most people. If your system is flagged as "non-genuine" and you have to go through the hassle of reactivating it over the phone, that’s 5-10 minutes of your life you’ll never get back. It happens to me occasionally when I restore a backup to a system after performing a major hardware upgrade. And I have never, ever had an issue with reactivating a Windows system over the phone.

In fact, my research shows that the incidence of false positives associated with Windows activation and validation has dropped dramatically in the four years since Windows Genuine Advantage was introduced. The rate of false positives used to be unacceptably high, now it’s barely noticeable and usually explainable (malware and pirated software is the most common explanation). If you have a different story to tell, please let me know in the comments, but be aware I will need full details to (via e-mail) to follow up properly.

Anyway, the story with the latest update is that there’s really nothing new to see. The KB971033 update doesn’t check your system to see whether you’re a pirate; it checks the integrity of the Windows system files to ensure that they haven’t been tampered with. It’s looking for known activation exploits, which can be used by rogue system builders to foist pirated software on unsuspecting customers. Microsoft released similar updates in February 2008 and February 2009 for Windows Vista. The only thing that’s different here is that this one downloads revised signatures every 90 days.

This just showed up overnight via Windows Update:

February 2010 Windows Media Center Cumulative Update for Windows 7

Microsoft has released the February 2010 Cumulative Update for Windows Media Center for Windows 7. This update rollup is intended for computers that are running Windows Media Center on Microsoft Windows 7.

Issues that this cumulative update package fixes

The February 2010 Cumulative Update for Windows Media Center for Windows 7 resolves the following issues:

• Improves the overall experience for systems that are configured by using digital cable card tuners.
• Resolves backward compatibility issues for some legacy Windows Media Center extensibility applications.
• Resolves an issue with how recorded TV shows are managed when switching to a user locale that is based on the Hijri calendar.
• Improves the overall experience when you use Integrated Services Digital Broadcasting (ISDB) tuners. ISDB is a Japanese standard for digital television and digital radio.

The first bullet is probably the most important one. I’ve noticed very few issues on the two CableCARD systems I have running here, but with the opening up of CableCARD tuners to hobbyists and the launch of Ceton’s new tuners imminent, there should be an influx of new digital cable tuners this year.

If anyone spots any issues after this update, be sure to leave a comment.

Microsoft has been evolving Windows Search for a long time, starting with an MSN-based add-on to Windows XP about five years ago. The version in Windows 7 has a whole bunch of surprising (in a good way) and useful stuff under the hood (like a GREP search engine that is able to handle some types of searches that were difficult in Windows Vista). We spend two full chapters in Windows 7 Inside Out on Windows Explorer and Windows Search. It was an eye-opener for me to research and write those chapters, and I recommend them to everyone who buys the book.

This week I got a request from a reader that initially stumped me. Here’s the question:

I want to be able to search for all jpg files in a particular folder where the filename starts with an S.

It would be the equivalent of dir s*.jpg.  These files have several descriptive words in them, however, and if I type s or s* in the search box I get every file that has an s somewhere in it or that has a word embedded in it that starts with S.  I have a hard time believing that Windows 7 search isn’t up to the task!  What am I missing?

The answer, it turns out, is Advanced Query Syntax. Here’s how we introduce it in the book:

You might not consider yourself a search ninja, but if you’ve typed a keyword or two in the search box and built a point-and-click search filter, you’ve taken the first steps on that path. To become a search ninja, you must master Advanced Query Syntax (AQS), which is the official name for the set of rules that Windows Search follows when interpreting what you type in the search box. (You’ll find detailed documentation of AQS at http://w7io.com/0903.)

I use AQS all the time, especially to find e-mail. If I click Start and type from:carl sent:this week in the Search box, I find every message anyone named Carl sent me this week. And if I enter type:doc name:ch* I get every Word document, PDF, or text file, that contains a word beginning with ch anywhere in its name, whether it’s saved on my hard disk or as an attachment in Outlook. So I can find Chapter 1.docx as well as an e-mail whose subject contains the word check and that contains a text attachment.

So how do I get the results my questioner was asking for? As he correctly observes, the asterisk wildcard doesn’t work. The first problem is that the index includes all text in every indexed file and its properties. Thus, typing s*.jpg finds every file that has the .jpg extension and includes any word beginning with s.

For his request, we whip out AQS and use the name: operator to restrict our request to just file names, ignoring file properties and contents. And we add the obscure .. operator. That’s two dots, used between two values to indicate a range. To find JPEG files that begin with the letter s, use this syntax in the Start menu Search box or in the Search box in the upper right corner of a library in Windows Explorer:

type:JPEG name:s..t

Ta-da! That does the trick by finding any file in the JPEG format (whether it uses the .jpg or .jpeg extension) and it restricts the list to files whose names are in a range that starts with the letter s and ends with t. (If you want to be a purist, you could make the range s..szzzz and eliminate the change of accidentally including a file named t.jpg in your results.)

If you have Windows 7 Inside Out, take a look at Chapters 8 and 9 for much more on how you can become a search Ninja. The AQS stuff begins on page 325.

I’m looking for people who have purchased Windows (or Office or PhotoShop or other high-ticket software packages) online or in a swap meet or retail store and later discovered that the copy they were sold was counterfeit.

If that’s you, leave a comment below. Be sure to include a real e-mail address on the form (it won’t appear on the published comment) so I can get in touch with you.

Anonymity guaranteed, I just want to get some details of what the experience was like.

Did I forget to mention I would be on vacation for the past two weeks? Oops, sorry about that.

Our annual mid-winter trip out of the snow and into the warm tropics was pretty perfectly timed this year, achieving the desired re-energizing. Well, except for the bleariness after a redeye back from Honolulu with a two-hour layover at 5AM in an ice-cold LAX. The United agent at gate 80 inside the terminal was wearing a parka and thick gloves that he kept on even while collecting boarding passes.

Anyway, I’m back in my office, diving into a backlog of work including the long but ultimately satisfying slog of digging deep into Office 2010 and producing chapters for Microsoft Office 2010 Inside Out. (Coming to a bookseller near you later this year.)

So if I’m still a little quieter than usual, that’s the reason. Of course, you could follow me on Twitter, where I post frequent updates, tips, and links to interesting stuff.

I’ve got some interesting little Windows 7 tips to post here as well, starting later today. And I might try some short Windows 7 Q&A posts here. Got a Windows 7 question? Leave it in the comments.

Microsoft’s Channel 9 at MSDN is airing a pilot episode of a new show called Help Desk this week. It’s a live show with a call-in format. The host is Chris Pirillo, and he’s backed up by a "brain trust" of support superstars from Microsoft–two Senior Windows 7 Test Engineers and a Senior App Compat Engineer. The panel’s challenge is to troubleshoot viewers’ problems and solve them live, on the air.

Questions can come in via Twitter (@ch9live), or you can e-mail them to ch9live [at] microsoft [dot] com.

Put it on your calendar:

• Address: http://live.ch9.ms/
• Date: Wednesday January 27th 2010
• Time: 2PM (Pacific Standard Time)

Good luck, Chris!

I guess today’s my day to write about Adobe. Over at ZDNet, I’ve posted detailed instructions on how to completely remove and reinstall Adobe’s Flash Player to stop crashes and fix slow performance in IE8.

Here, I want to circle back to a topic I bring up every few months, and that’s Adobe’s broken PDF Preview add-in for Windows Explorer Outlook. If you run 64-bit Windows 7, Adobe’s default installer configures itself incorrectly, which means you get an error message if you try to preview a PDF file in the Preview pane of Windows Explorer or in the Reading pane in Outlook 2007 or 2010. On a 32-bit system, both types of preview work perfectly, but both are broken on 64-bit systems.

Back in September, I pointed to a page that Leo Davidson had put together documenting the cause of the problem and providing a fix for Explorer previews. This week Leo asked me to test a fix that someone had passed along to him. I tried it on 64-bit Outlook 2010 running Windows 7 x64 and it worked perfectly.

It is really baffling to me how Adobe has allowed this behavior to persist for so long. I first wrote about it in May 2008, for heaven’s sake. Do they just not know? Can anyone at Adobe please help me understand what the problem is here?

At any rate, it’s nice to finally  have a simple (and free) fix for this annoyance. I recommend you read Leo’s backgrounder first (Adobe PDF preview handler 64-bit fix), paying special attention to the section about the Automatic fix tool. If you’re comfortable with it, then run the x64 fixer utility and click the Apply Fix button. Boom! Done. You can rerun the utility anytime to confirm that the settings are still correct (you will probably need to run it again after each update of Reader or Acrobat). Here’s what the settings look like on my working system:

And if you’ve been interested enough to read this far, then be sure to read Leo’s rant. Money quote: "I wish I could bill Adobe for my time fixing their mess."

Oh, and the community here should take a bow too. Leo says he unearthed some useful information and incorporated feedback from the comments on my last post back in September into the latest release of the fix tool. If you have any comments or suggestions for Leo, leave them here. I know he’s reading.

Seriously, Adobe, what’s up?