Fast Forward columnist Rob Pegoraro was online to talk about The Washington Post's special cybersecurity report and his latest column on Service Pack 2.
A transcript follows.
Want to know what upcoming topics are being covered? Sign up for Fast Forward e-letter -- get updated information on personal technology news and product demos. Read past editions of Rob's e-letter online here.
Editor's Note: Washingtonpost.com moderators retain editorial control over Live Online discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions.
Rob Pegoraro: I see that my typing fingers aren't going to get much of a rest today--lots of questions out there about Microsoft's Service Pack 2 for Windows XP, as well as other tech topics. Let's get rolling...
I'm wondering if SP2 could possibly be affecting the way Yahoo! mail works. I have noticed that ever since I installed SP2 the drop-down boxes will not function in Yahoo! mail. The boxes worked fine before I installed it. I have not noticed any other problems so far.
Rob Pegoraro: I logged in to my Yahoo account multiple times over the week, and I don't remember seeing any problem like that. While SP2 does update a lot of Internet Explorer's HTML-rendering code, the changes only effect attempted Web-page mischief (for instance, a Web site can no longer request that IE open a window bigger than the actual size of the screen, a common tactic of browser hijackers).
Do you think Microsoft will ever make a version of Windows XP for people with older computers? I would like to go to XP but I have an 600mhg system with Windows 98SE on it. I use Microsoft Office 200 but I can't upgrade because it will only work on XP.
In closing I just want to say that I thank it was a bad move on Microsoft's part to not develop an XP for order computers, just think of the people they lost. I would like to put this question to Bill Gates.
Rob Pegoraro: I hear what you're saying, but I don't think it's ever going to happen. Fundamentally, Microsoft would be happy to sell you a copy of XP--well, it would if it only could. But XP simply needs a lot more memory than Windows 98 did. It's one of those things that you can't easily write your way around.
In your review yesterday, you point users to the following site for SP2 downloads:
On this site, Microsoft identifies this download as being designated for IT professionals running multiple computers on a network. Is it still safe (or advisable) to download the update from this site for a personal home computer?
washingtonpost.com: 'SP2' a Must For XP Users
Rob Pegoraro: Yes. That's exactly how I began my test (the CD that Microsoft sent didn't show up until Tuesday). The installer you'll get off that page won't make any more or fewer changes to your system than the one you'll get through Windows Update in the coming days/weeks.
Turgi, Switzerland, Europe!:
I read your column often; now must admit that I (as a home user) am hopelessly confused about what to do about SP2... fairly paranoid by nature and very wary of the Net (only been online for 18 months or so...) my machine has been protected by firewall, anti-virus software (with every auto-update, including those provided by Microsoft for Windows) since it first took up residence on my desk, I run a virus scan faithfully once a week; after giving up on a couple of spam filters as too complicated, I now cosset Outlook's 'junk mail' wizard to good effect. Dare I say it? I have so far - touching wood, crossing fingers, even pressing thumbs (which is what they do around here) - I have thus far avoided viruses, worms and their ilk successfully!
I was a sad and reluctant migrant to Windows - having been an Apple person since the SE - but my beloved cx even with Radius accelerator was just too slow for the net and replacement was determined by price considerations. Sigh!!
I have given up moaning, groaning and whining about the differences and learned to - more-or-less - cope with this system.
My question about SP2 (please excuse the verbose preamble): none of what I have read so far is any help! Opinions vary from 'install this as soon as you can', to 'don't touch this with a bargepole right now - let others work out the wrinkles'; 'You can do it on a regular PC in half an hour' to 'it'll take days of work to sort out conflicts with the security software you already have in place'...
HELP! I'm sure that I'm not the only one out here with these concerns. I neither have an IT expert 'on tap' nor can I afford to hire one for what might be a long-drawn task...
Advice greatly appreciated
abi, anxious in Switzerland
Rob Pegoraro: First, thanks for taking care of your computer so well. These days, getting infected by a virus or a worm is no longer your problem alone--it's everybody's problem, since your infected computer is going to barrage us with new copies of whatever worm or virus got it.
Second, I would say, based on my own experience, that you would be well advised to install this update. You may find that some applications get tripped up by the firewall; in that case, simply unblock them and go on your way. A small number of applications have deeper conflicts, but almost all of them are business-use programs that home users wouldn't be running anyway.
FYI, Microsoft now has a list of programs that can have issues running in SP2.
Does SP- include changes made in SP1? Specifically, I want to add a 160 GB hard drive to my PC. I run XP which doesn't read drives over 137 GB. I did not install SP1 because of all the problems I read about. Does SP2 enable LBA 48 bit so I can access the entire 160 GB drive? Thanks for your help.
Rob Pegoraro: I'm pretty sure that SP2 includes every prior update (hence the size of the full installer--SP1's full-install download was "only" 100 megs or so).
The Kiss and Blog chat is moving at a snail's pace (are there technical difficulties?) so it's time to jump over here... come to think of it, did you read that article in the Post Magazine? Do you have any thoughts on it from a techno-sociological point of view?
Rob Pegoraro: Yes, I did--strictly out of interest in Web-publishing technology, of course! I don't see Ms. Cutler's unintended publicity as being a unique artifact of blogging; the same thing could have happened with a couple of Usenet posts or comments on Web forums. Or with a plain old-fashioned, non-blog home page.
Actually, there is one interesting wrinkle to her story--before she could get around to taking her blog offline, other people had already mirrored it on their own sites. Proof that the Web never forgets anything, even when you tell it to.
How did hackers crash my Firefox but not my IE6? Is the Microsoft product more safe than the Mozilla product and why?
Rob Pegoraro: Tell me more. How did Firefox crash? How do you know it was "hackers" and not a simple Web-page bug?
washingtonpost.com: Blog Interrupted (August 15, 2004)
You mention that SP2 automatically starts the internal firewall - even if you have another firewall running.
Have there been any reports of the firewalls interfering with each other?
Rob Pegoraro: I had two computers in that state, and I didn't see any real issues. It was occasionally confusing, but nothing stopped working. Microsoft says, BTW, that third-party firewalls can be updated to detect the presence of the Microsoft firewall and automatically disable it once they're running. (Hope that option doesn't open up a few security hole...)
Rob: I hope you or someone at the Post can write about the incredibly AWFUL high-definition coverage of the Olympics by NBC.
Yes, the picture is great (although at least with my over-the-air receiver, the audio is a good quarter-second delayed from the video, a problem I've seen with WETA's HD loop as well). But apparently to appease advertisers on the standard-definition coverage, they have chosen to delay the HD coverage of any events by AN ENTIRE DAY from when they broadcast it on the regular NBC channel. And, of course, that in turn is delayed to put the popular events on during prime-time. So the HD events can be almost two days old by the time we're seeing them.
They then choose to chop up the HD coverage with an annoying Sony commercial (same one, every time) and some Greek countryside footage (same footage, every time).
My HDTV is three years old. Had I just gone out, however, and bought a new setup just to watch the Olympics in high-definition, and then found out I get to watch two-day-old events and Tourism Board footage, I'd be pretty ticked off.
Rob Pegoraro: Thanks for the non-XP post. Interesting--I heard the same complaints four years ago, but now there are a lot more HDTV owners. And a ton of Comcast ads that say "watch the Olympics in HD!"
Admittedly I read the column very quickly. I have to leave the house almost at once, but I didn't see a suggestion I've seen in other reviews or commentaries, that is, to wait a month or so before installing the SP. Let the more venturesome find the bugs. Agree?
Rob Pegoraro: Disagree. The bugs have already been found--they're in the unpatched, pre-SP2 version of XP you're running right now!
Do Mac users need to have firewalls and virus utilities? If so, any recommendations?
Rob Pegoraro: Firewalls, yes. Fortunately, a pretty good one is included with OS X.
Anti-virus, I'd say no--if you are sufficiently disciplined about not running strange downloads. First, there aren't any OS X viruses at all, as far as I know. Second, I don't think you could spread them via e-mail if you wanted to, as programs that are sent as attachments have their executable permission switched off by OS X on arrival.
Falls Church, Va:
What a pleasure...a double hit of online chats. I had similar conflict with Norton Systemworks 2003 and their firewall product. I decided it was beyond me and ended up with Zone Alarm Pro 4. It works great. My question is about the SP2 feature that defaults the Windows Firewall as "on". I was advised to make sure this feature was off when I loaded Zone Alarm....will the same be true with SP2? Do you think of the Windows Firewall feature as minimal protection if a user has no other protection program? Can too many firewalls hinder performance or clog up the works?
Rob Pegoraro: For many users, I suspect that SP2's built-in firewall will be good enough. (Many of these people are also the ones who wouldn't get around to downloading and installing a third-party firewall anyway.)
You can easily turn off Microsoft's firewall and use your own--but make sure the second one is active *before* you shut down the Windows firewall, OK? You can, as I wrote, leave both active, but it's only going to complicate any troubleshooting you might have to do.
How does one go about getting the CD version of SP2?
Rob Pegoraro: You'll be able to order it online in a few weeks, probably at the same address from where you can order the current bug-fix CD (which contains all the security patches through the end of last year): http://www.microsoft.com/protect/
Some advice for your colleague Kathleen Day: buy a Mac.
Seriously, why would anyone who had to put up with what she did stick with Windows? As a Mac user, I'm constantly surprised that Apple doesn't advertise the heck out of the fact that, compared to Windows, the Mac is basically foolproof and bulletproof. It seems like a no-brainer.
Rob Pegoraro: This is a very fair question. None of the uses that she mentioned are remotely platform-specific. But she--like millions of other customers--spent her money on a Windows-based computer anyway. Why do you think that's the case?
Rob, you rule:
There were only ELEVEN posts on the blog chat in an hour's time. You usually do that much in ten minutes.
washingtonpost.com: Discussion Transcript: Kiss and Blog
Rob Pegoraro: I can answer questions faster because I don't bother to fact-check my replies :)
Rob, I read part of the doc for IT professionals on SP2, and there was something about wireless connections in there. I think everyone's heard that this update patches security holes in IE and Windows (firewall, etc.), but what does it do to change wireless networking? I have a wireless LAN at home, but I didn't understand much of the explanation of SP2's impact on managing wireless connections.
Rob Pegoraro: IT makes WiFi much better. The old WiFi interface in XP was hideously stupid--any time you'd have multiple access points to choose from, you'd have to guess which one had the strongest signal, because XP would not tell you. Astounding!
Now you get a nice graphical display of all the available access points that shows the signal strength of each, along with which ones are WEP encrypted.
Do you know anything about X Chat? I'm not risking installing it until i know more about it and seen trustable neutral people tell me its OK to use. I know that it opens ports 6667, but i don't know what this port does.
Rob Pegoraro: X Chat--if you mean the program hosted at www.xchat.org--is an open-source Internet Relay Chat client. That means you can trust it to be a non-malicious program, but also that it's no good if you only use AOL, MSN or Yahoo for your instant messaging. Port 6667 is a legitimate IRC port.
I understand that a lot of folks have Blackberry PDA's on Capitol Hill. I just don't get it. Would you please enlighten me as to the actual advantages of these devices. Don't they generate at least as much work as they resolve?
Why would you recommend that someone get one? Are they more appropriate for particular industries?
Rob Pegoraro: I'm on record with our IT department that, if issued a Blackberry, I will not use it. These things are expensive to buy and expensive to use (minimum $30/month), suffer from one of the dumber interfaces around (the developers apparently read all the textbooks on basic interface design, then consciously choose to break all the rules established over decades of use) and woefully unsuited to use with a personal e-mail account (unless you check your mail off a Notes or Exchange server, mail deliver never actually stops to the device until you turn it off).
A Treo 600 or the T-Mobile Sidekick II I'm trying out now would make much more sense for on-the-go mail/Web access.
I'm diligent about keeping Windows XP up to date on my computer. Is there any similar value to updating the driver software for my video and sound cards, or even the BIOS software for my motherboard?
Rob Pegoraro: Be cautious about driver and BIOS updates (which almost never affect security and therefore, don't need to be rushed anyway). In *those* cases, I'd let other, more eager users be the guinea pigs.
Thanks for your report on SP2 on Sunday. How do we go about getting it on disc?
More importantly, I'm running out of room on my hard drive and have been getting prompts to run Cleanup Disk. In order to do this, Microsoft wants me to edit my registry -- something about Volume Caches. Is there a downside to this?
And will Cleanup Disk mess with my iTunes -- I worry that some of my songs will get compressed. Do I have to worry?
Rob Pegoraro: You will need to clear out a good chunk of space to install SP2--about a gigabyte and change.
Cleanup Disk shouldn't touch the Registry at all (I had to use this myself to get enough room on the laptop I first installed SP2 on). You could simple let it clean up the obvious suspects--temp files, browser caches--and omit the more extensive options.
It shouldn't do anything with your iTunes library; those songs are already compressed.
You can also free up a lot of space by looking through Add/Remove Programs and tossing anything that hasn't been used recently and has no obvious reason for keeping on the machine.
To the poster above who said they couldn't upgrade to XP because they had a 600mhz system running 98se . . . I upgraded to XP on a late 2000 purchase of a 700mhz system with 256 MB (running Me), and I'm very happy. Much more stable, blah, blah, blah. It'd be a lot better with 512MB, but I'm probably getting a new system this year.
Rob Pegoraro: Microsoft may yet get a sale here...
Suppose I don't set my XP computer for automatic updates, but I visit the Windows Update site regularly. Will SP2 be made available there eventually?
Rob Pegoraro: Yup--around the end of the month.
Does the System Control Panel display indicate that SP2 has been installed? I enabled Automatic Updates and installs as Microsoft recommends, but there is no indication that anything has happened, even though there has been very substantial system activity at times, and UPDATE.EXE has been using a lot of cpu at those times.
Rob Pegoraro: The System control panel itself should now say you're running a Service Pack 2 edition of XP. You'd also know because the computer would have gone through an hour-long update process that required a reboot--which couldn't have happened in your case, as SP2 hasn't been pushed down through Windows Update yet.
Prince Frederick, Md.:
Re: your FF article on SP2 yesterday. Because my two home PC's are connected by broadband, each is set up for automatic updates in XP. You mentioned we will receive the SP2 in a few weeks but that it will be a more limited version. Are you perhaps suggesting we might want the full version by calling MS for the CD. Beyond the obvious security reasons we want to install SP2 as early as possible. Here's our situation. After 3 techs trained in networking tried to determine problems with our WiFi using a Linksys router, we finally narrowed problems to possibly a bad router or cable signal problems. Simple solution: replace 802.11 B with 802.11 G router and moved it to wire directly to first PC after re-routing cable to ensure full signal tested strength. Although still using compatible "B" card in second machine, problems continued. After more troubleshooting and many hours going through Linksys good on-line tech support site, I found there is a conflict between Linksys and XP software. MS knowledge base describes and says hot fix is available to solve until patch in SP2 will fix. Okay, but the hot fix is not available from MS for those running an OEM version of XP. On to listing of PC manufacturers who can provide, our small producer is not on list, of course, after hours getting this far. I can sympathize with Kathleen Day's frustrations in yesterday's companion article in Post. My concern is if I permit automatic download of SP2, might I miss this important to me small patch? Or should I go for the CD version?
Rob Pegoraro: IF you've got broadband, downloading the installer linked to in my column should be feasible--you can then burn that to CD and use that to install it on the second computer.
Thanks for the informative review of SP2 yesterday.
Microsoft is recommending that users turn on the "automatic update" feature. The plan here seems to be to lessen the stress on their servers as well as making it so that users don't time out while downloading the huge file. I noticed that you didn't take an active position on whether users should follow this advice, just mentioning it in passing.
What is your view? Do you think that this is a good idea for Windows users to turn it on or are they opening up the next potential backdoor (or even just giving Microsoft too much control)?
Rob Pegoraro: Yes, you should have automatic updates enabled for Microsoft's "critical" bug fixes--at the very least, to have them downloaded automatically, if not installed automatically. The same goes for Mac OS X users, who should have the Software Update set to get Apple's critical updates automatically.
As for the "giving Microsoft too much control" question, I think I said it all in my "Microsoft Windows: Insecure By Design" column last year:
If you don't trust this company, why did you give it your money?
I have downloaded Mozilla Firefox 0.9 and love it. However, I want my graphic files to default to Microsoft Photo Editor. Is there any way I can make Firefox my default browser yet keep Microsoft Photo Editor my default program for graphic files? Presently I'm running Win 98 SE. Thanks, Ron
Rob Pegoraro: That should be doable--select Options from the Tools menu, then click the Downloads icon, then add entries for those downloads. You should also get a dialog box to change this setting whenever you download a JPEG or GIF from a Web site.
I bought a Linux distribution, and I'm ready to give installation a try. I backed up my hard drive.
My question: Should I trust the Linux distribution (Suse) to partition my hard drive, or is it safer for me to buy a separate partition utility?
Rob Pegoraro: You should always back up your important data before doing any major upgrade, and especially one that involves a disk partitioning. However, I would in general trust the SuSE partition utility as much as I'd trust anybody else's--but make sure you defrag the disk and run chkdsk first. (There are apparently instances in which SuSE's partitioning can lose sight of the Windows side of the drive: http://mlf.linux.rulez.org/mlf/ezaz/ntfsresize.html#troubleshoot)
South Fairlington, Va.:
Hi, Rob. Re. the Windows XP SP2, is it a must-install for me? I have a Dell Inspiron 5100 laptop that does run XP, however I already use McAfee firewall and anti-virus software and - more importantly - I do NOT use Internet Explorer. Mozilla Firefox has proven to be an infinitely superior browser, except for Flash-heavy sites. Thanks.
Rob Pegoraro: By not using IE, you've eliminated one major source of vulnerabilities--but not all of 'em. I'd still install SP2. (If your laptop has WiFi, the better wireless interface on SP2 should be reason enough)
I would encourage college students in particular to install SP2 before going back to school. Let me tell a little story:
Last August, Microsoft released a patch through Windows Update for Windows XP that fixed an RPC vulnerability. Many people, for a variety of reasons, did not download and install the patch.
Fast forward two weeks: Move-in Day at the University of Virginia. Hundreds of students plug their computers into the school network and are infected with the Blaster worm within minutes. UVa's IT department decides to block infected computers from network access until they are cleaned.
Moral of the story: don't delay too long and let a new worm or virus take you by surprise.
Rob Pegoraro: And here's one reason why one shouldn't wait too long...
Re automatic download of updates. I do not have this turned on (just the notification) because MS Update insists I need a critical driver for NVIDIA, one I don't want (I got a more up to date one from NVIDIA directly). Does this mean I won't get SP2 until the end of the month? Is there any way to get it to stop bugging me about this "critical" driver update I don't need?
Rob Pegoraro: Driver updates shouldn't be in the "critical" category at all; if you set Windows Update to only grab that set of patches, you should be able to have your SP2 and eat it too.
I use Zonealarm Pro running on Windows XP Pro. If I install XP SP2, will the Windows firewall automatically activate and shut down ZA? If so, can I shut off Windows FW and turn ZA back on? Is ZA 5.1 compatible with SP2?
Thanks in advance for you advice,
Rob Pegoraro: Nope, the Windows Firewall will run alongside ZA. You can then shut if off and continue using your existing firewall.
In your last chat I asked about converting aac (i-tunes) purchased files into mp3s and you referred me to hymn-project.org. On that site under "download" , there are 5 choices, all are named with techie jargon, I'm not sure which one to use. I run windows xp.
Also, at the risk of sounding stupid, think you could expound on firewalls? I believe that most virus's worms, etc, come from e-mailed attachments, and that a firewall wouldn't stop that avenue. Am I wrong? Also the articles in Sunday's Post suggested that you might be better off with zone alarm vs xp's built in firewall. Last, if you are just on a dial-up connection, no network, are you in danger of being attacked/infected?
washingtonpost.com: August 9 Discussion
Rob Pegoraro: 1) You'd want the "Windows Binary" download (unfortunately, this is a command-line application that can only be run from a DOS prompt).
2) A firewall only stops those forms of malware--worms--that can spread across the Internet under their own power. It won't stop viruses, which have to be sent along by e-mail or IM clients.
In general, a third-party firewall, ZA's in particular, will offer a finer degree of control and some other protective options than the one in SP2. Question is, how much control do you need? The point of SP2 is to ensure that *everybody* has a minimum level of protection, which was clearly not the end result of earlier versions of XP.
How do you know whether your Windows XP needs an update? I bought my computer in July - can I assume it was up to date. If I get the CD with all the bug-fixes that came before this latest big one and try to load the fixes, will it message me that they are not needed if they are not needed?
Rob Pegoraro: No, a computer bought in July is not up to date. Get yourself to windowsupdate.microsoft.com soonest!
No question really, just want to say thanks for the articles on cyber security.
Computer Naivete Costs A Bundle
Digital Doctor Treats Contamination
Take Care to Guard Your Windows
Skepticism Is the Message for E-Mail
Users Need a Good Backup Plan
Rob Pegoraro: You're welcome (although I can only take credit, or blame, for the ones with my name on 'em)
Re: monster cables
Don't bother. Unless your house is an interference nightmare, you're throwing money away if you're not buying the "no name" cables.
The improvements you'll see/hear by stepping up to component or S-video and digital audio far outweigh any potential improvements by buying overpriced monster cables. monster cable is the equivalent of buying the extended warranty on a toaster.
Rob Pegoraro: Thanks for the comment (this in reference to the second question I addressed in my new Help File column yesterday).
washingtonpost.com: HELP FILE (August 15, 2004)
Do I understand you to say that ecards will not work under SP2?
Rob Pegoraro: Greeting cards that are sent through e-mail as .exe attachments won't work in SP2. That's as it should be--I would never run a program that showed up e-mail like that.
I have a BIG problem and any suggestions would be appreciated.
I can't upgrade my WindowsXT Home Edition on my Dell laptop. Whenever I log onto Windows Update, it apparently checks my system and sends me the following message:
"Your current security settings prohibit running ActiveX controls on this page. As a result the page may not display correctly."
I have removed McAfee security and set Windows security to low, but I still get the message.
I am the only user and administrator, and an attempt to upgrade as Administrator gives the same result.
I've tried to search my system for ActiveX without results.
Rob Pegoraro: That's the beautiful irony of Windows Update: To get Microsoft's security updates, you need to turn on the least secure part of IE, its ActiveX support. Actually, though, I'm surprised that you'd have that result after resetting your security settings in IE. My advice would be to turn on Automatic Updates, so you don't need to bother visiting the Windows Update site at all. Open the System control panel and click the Automatic Updates tab, then select the "download automatically, prompt me to install" option.
The only good thing about the HD coverage of the Olympics is that it's free of Costas & Couric -- NBC has a completely different set of commentators for HD.
Why NBC is doing this is inexplicable. They won't even tell us which repeats are on when.
Rob Pegoraro: More on NBC's HDTV coverage...
IT's now 3, but I'm cleared to stick around until 3:30. Keep those questions coming!
Does this mean that I cannot open attachments in my email after installing SP2?
Rob Pegoraro: You can--just not attachments that consist of actual program files. Pictures should open as they always do, while other non-executable attachments--PDF and Word files, MP3s and so on--will bring up a dialog box asking you really want to open them. (You can click a button to have Outlook Express let you open them directly every time.)
You can still use a third-party mail program to get around this if you want.
It's clear that with more and more people getting broadband and failing to use firewalls, there will be a marked increase in hijacking. But where should the blame be placed? Some are quick to heap insults on the ignorant users who fail to secure their computers, but I don't think that's fair, considering not everyone has the time to obtain all the knowledge they need about computer security.
I place a lot of blame with the broadband ISPs, who often take the attitude of "here's your connection, have fun!" They do not take adequate steps to protect customers who are, for the most part, clueless about firewalls and good security practices. Comcast had (and continues to have) a huge number of hijacked customers' computers acting as spam "zombies" controlled by spammers. The ISPs need better software packages, better information, and better network monitoring to do their part in this situation.
Rob Pegoraro: Agreed.
A question about another operating system and its updates ... I use a Mac running OS X 10.3.5. For the past two weeks I have experienced frequent crashes of Safari. The beginning of this problem seems to be when I updated to the latest version of iTunes ... have you heard anything to suggest this could have affected Safari? Any other thoughts on why Safari, which seemed a model of stability until a few weeks ago, might suddenly be crashing several times a day?
Rob Pegoraro: You've got me. I haven't gotten around to installing the 10.3.5 update to OS X myself (I hate wrecking my uptime with a restart :), but my Safari seems to be working fine. You might want to try trashing its cache, which, as I wrote yesterday, fixes a lot of browser problems for no apparent reason.
I can't believe you say "the bugs have been worked out" on SP2.
Just go to www.dslreports.com and peruse the forums, especially the Microsoft Help forum and you will see the real time problems!
Just because your version is working doesn't mean the rest of the world will.
Shame on you!
Rob Pegoraro: I'm sorry, but the people on DSLReports.com are not exactly representative of the general home-user population. I gave this update every chance to screw things up--I didn't even shut off the antivirus software on the four test PCs, one of which had been further clogged up with a host of P2P file-sharing applications--and it worked fine every time.
Not to kick off a platform flame war, but people buy PCs because:
1. They're cheaper.
2. That's what they use at work.
3. They're cheaper.
4. Everyone else uses them.
5. They're cheaper.
6. They don't want to learn a new operating system.
7. They're cheaper.
Rob Pegoraro: One of a few responses to an earlier rhetorical question. More coming up in a second...
There's not enough time in this chat to list the reasons why people buy Windows machines, but I think it basically boils down to advertising. Turn on the TV and it's all Dell, Gateway, HP/Compaq, and IBM. Apple barely advertises, and when they do it's in little bursts, nothing sustained. Their attempts at getting Macs into the big-box electronics stores have always been kind of half-hearted. The Apple retail stores are nice, but it's probably too little, too late. I think Steve Jobs is content with being a niche item in the computer market, and that's too bad.
Rob Pegoraro: Here's another...
Enjoy your columns. Your recent "'SP2' a must for XP Users" column touched on 2 points with which I strongly agree: the elimination of ActiveX and Outlook Express disabling the ability to run programs through email. Both points well made in your article. My question is: considering what Microsoft changed in SP2 (firewall, auto update, etc.) was due to 'pressure' from users, what can we 'users' do to pressure them to eliminate Active X and programs in email for SP3? Is it even possible (non-technically) to make providers aware of the growing dangers of these items in the current terms and potential future of the Internet?
Rob Pegoraro: Well, you can't run programs sent through e-mail in SP2, so that much is done. As for axing ActiveX, the more productive lobbying might be directed towards those Web sites foolish enough to require the use of ActiveX. The people at SideStep.com, for instance, have apparently been listening--a few months ago, they introduced an ActiveX-free version of their hotel-search service, with an equivalent promised for their airline-search page.
What about e-mail with an attachment that is a compressed zip file containing an executable? Will I be able to open that?
Rob Pegoraro: Nope. SP2 Windows will keep track of that attachment and, when you decompress the .zip file, deny you permission to open it.
Ann Arbor, Mich.:
A recent poster brought up Mozilla Firefox; I love it too, and here's another question. Is there a way to import all the 'favorites' from my former browser, into Firefox's 'Bookmarks' section? It has kept me always hopping between the two browsers, and I'd like to just be able to default to Firefox entirely. Perhaps you can direct me to a source of clear instructions for a technically-challenged computer user. Thanks!
Rob Pegoraro: The latest versions (since .9) should import your IE bookmarks automatically. You can also do this "manually"; from the Bookmarks menu, select Manage Bookmarks, then go to the File menu of the bookmarks-management window and choose "import"
I hated my Blackberry:
Once I bought a Treo 600 and installed Snappermail, I gave my Blackberry back to my boss. They were paying some ungodly corporate rate for the Blackberry, so we agreed he would pay that amount toward my Sprint bill. The Blackberry's interface is so awful, I don't know how you could compare it to the Treo - these two devices aren't even in the same league as far as I'm concerned.
Rob Pegoraro: One reader's thoughts on Blackberry vs. Treo...
Silver Spring, Md.:
Yesterday you recommended quite strongly that people using XP install the service pack immediately. I subscribe to a publication call the Langalist--an excellent advice sheet for PC users. Fred Langa suggests waiting, given Microsoft's propensity to have a lot of bugs in initial releases. Any comment?
Rob Pegoraro: Well, what I said before: The copy of Windows XP you're using today already has a lot of bugs. SP2 will fix them; from my experience, it will do so without causing problems in the rest of your system. I can't guarantee that it won't conflict with *your* system--just as I can't guarantee that your unpatched computer won't be infected by a virus or worm that exploits a vulnerability fixed in SP2.
For Baltimore - check out www.macintouch.com. They've been covering problems with the most recent version of iTunes and crashing applications.
Rob Pegoraro: Thanks. MacInTouch is an excellent Mac news/troubleshooting site.
Please help me, I need a new PDA and I get paralysis by analysis. I want to spend no more than about $175. Tell me what to get. Mostly I need calendar and address book.
Rob Pegoraro: I'd get one of Palm's Zire models, the 21 (if you don't need a color screen) or the 31 (if you do and want MP3 playback to boot). If you need a high-res screen--to view maps or read Word documents or whatnot--the Tungsten E's your handheld.
I have a windows 2000 computer that has a serious browser hijack problem. I can't seem to get rid of it after trying several programs such as Adaware and Search and Destroy. Any suggestions would be appreciated.
Rob Pegoraro: Visit www.spywareinfo.com/~merijn and download the two apps listed there--HijackThis and CWShredder. Then think hard about switching to Firefox or some other non-IE browser, because SP2's bug fixes aren't available for your system.
Note: the spywareinfo.com site seems to be *really* bogged down today...
I saw the Zone Alarm question above and read your SP2 review, but I still haven't seen a yes/no answer to the following question: If already running Zone Alarm (the free version, rather than the professional version), should I leave Zone Alarm running and turn off the MS firewall, or should I do the reverse?
Rob Pegoraro: If you're used to ZA by now, leave it running and switch off the Microsoft firewall. ZoneLabs' firewall has some extra features, and this way you'll spare yourself the trouble of learning a new program's workings.
I run XP on a Dell 5100 laptop and Norton/Symantec anti-virus/firewall/anti-spam is automatically updated, as well as defragging with Exec Diskeeper. (The internet connection is Starpower cable at about 10 Mbps.)
Norton has caught Beagle.X on 6/10/04 and Netsky.P on 8/10/04--both were email attachments.
Unfortunately, on 4/13/04 emails were sent to 2 unknown and distant banks under my name that contained the Netsky.P.worm.
All of this appears to be contained, but my computer has run intermittently oddly and poorly since then.
Can there be something left on my computer?
Rob Pegoraro: Probably not--the odds are that those e-mails were sent from somebody else's computer. This other person had your name in their address book or stored messages; when the virus hit, it "stole" your name to use as its own return address.
Very annoying in practice--I hate seeing my name dragged into the mud this way. (It's muddy enough already!)
When running the firewalled XP SP2 version, what do you advise for installing new software? Do I need to disable the firewall? I used to always disable Norton antivirus when installing. What's your recommendation?
Rob Pegoraro: You shouldn't need to turn off a firewall to install any software at all. I never do that--not in Windows, Mac OS X or Linux. At most, you might get a "can this program talk to the Internet?" question from your firewall; you can click "yes" and get on with the install.
On the Cleanup Disk question -- the reason Microsoft wants me to edit my registry is that Cleanup Disk hangs up and won't complete. By changing this VolumeCaches tag, it allows the program to complete itself.
I did some extensive googling on it and it seems like it's a fairly common problem, but I'm just wondering what this VolumeCaches setting is and what does it affect?
(Oh and a follow-up to my question last time about the microphone input on my Dell laptop being stereo or mono -- yep, it turns out that most Dell's have a mono mic input. Grrrrr...)
Rob Pegoraro: I don't know what VolumeCaches is either. This does, however, bring up one of my long-running complaints about Windows--the whole idea of the Registry. When you have every single system setting stored in one big database, you create a massive point of potential failure--when the Registry catches a cold, your computer comes down with TB.
Hi, this is a two-parter:
1. Can you mix Apple and PC networking equipment in a small home office environment?
For example, the new Apple Airport Express and the Linksys Wireless router provided they are both B and G compatible?
2. Is the built-in firewall protection incorporated in network routers enough protection or is additional software based firewalls necessary?
Will having a hardware based and software based firewall be too difficult to setup?
Rob Pegoraro: 1. Yes.
2. Yes, although it would be a good idea to run firewall software on any machines that ever leave the house--otherwise, they can get infected away from home, then spread the worm to every other PC once they rejoin your network.
If Microsoft wants people to keep automatic updates on, maybe they should make sure it works. There is a Windows Media Player update (I don't have the update number with me) that creates a loop -- you install it, and are immediately notified that you need to install it, and on and on and on. I googled the update number and found that I was not the only one with this problem. I followed one of the solutions I found online, which involved editing the registry (an activity I'd rather avoid), and it worked ... for a while. The problem recently re-presented itself (with the same update) and this time the fix did not work. I finally had to tell update to ignore it. And this is considered a critical update.
Rob Pegoraro: Chicago has a point--Windows Update itself has had problems. Now that it's making an automatic-update system the default setting, more or less, Microsoft had better make sure that it works All. The. Time.
How about a quick briefing on security for Macs? I don't have any antivirus software or a firewall other than the native OS X firewall. Should I be overly concerned?
Rob Pegoraro: No, you shouldn't. Just take care to download Apple's security updates, don't run any more file-sharing options than necessary (check the Sharing preference panel) and be wary of strange downloads that ask for your administrator password during their install.
Is it just me or is it getting hard to find cell phones without cameras included. I don't mind having the camera in the phone, but some office buildings make you check your phone at the front desk because of the camera and I don't really want to deal with that hassle regularly. Is this a new trend and I should learn to deal with it or am I just nitpicking the situation.
Thanks as always!
Rob Pegoraro: I think the rest of the world is going to have to get accustomed to the idea that everybody is potentially carrying a camera in their pocket. I don't own a cameraphone now, but I expect that my next phone will include a camera, and I think I'll enjoy having that option, for shopping purposes if nothing else ("honey, call me back and tell me if this sofa looks alright to you?"). It's going to be unrealistic for places of business to demand that people leave their cell phones at the door--they'll have to decide if they want to turn away a huge chunk of their customer base or live with the potential of unauthorized photography.
Rob Pegoraro: And that, dear friends, is all for today! I need to ice my wrists now... thanks for all the questions. I'll be back here in a couple of weeks to talk about digital TV.