All posts by Ed Tittel

Full-time freelance writer, researcher and occasional expert witness, I specialize in Windows operating systems, information security, markup languages, and Web development tools and environments. I blog for numerous Websites, still write (or revise) the occasional book, and write lots of articles, white papers, tech briefs, and so forth.

Letters from the Ed, Tips, Tricks and Tweaks, Windows OS Musings

Goodbye Gadgets, Goodbye!

July 12, 2012 Ed Tittel 1 Comment

Since the introduction of Windows Vista in 2006, Windows Gadgets have made colorful and useful additions to Windows desktops everywhere. At this moment, Windows Gadgets work on Windows 8 as well as on Windows 7 and Windows Vista. But a planned discussion of profound security vulnerabilities in the Gadget architecture at the upcoming Black Hat DEFCON Conference(July 21-26, Caesars Palace) appears to spell doom for these desktop denizens.

Gadgets from a Windows 8 Release Preview desktop — Win8 Gadgets

What you see in the screen capture to the left comes from one of my Windows 8 test machines running the Release Preview: my Lenovo X220 Tablet with touchscreen. I’ve found the CPU Usage and Network Meter gadgets from AddGadgets.com to be particularly useful over the years. I also use the analog clock that’s built into the Windows base gadget set, and a handy little gadget called Shutdown as well. That last item is useful because I tend to remote into my test (and other family member) PCs over the network, and it gives me the ability to shut down or restart those machines quickly and easily through a remote desktop session.

But as security researchers Mickey Shkatov and Toby Kohlenberg have discovered (as reported by Ryan Naraine “Security flaws signal early death of Windows Gadgets,” ZDNet), the gadget interface is rife with points of vulnerability that could lead to attack. Hackers could, in fact, take over a system through a malicious gadget foisted on unsuspecting users, or by direct attack on gadgets already running on a Windows desktop. From there, a successful exploit could lead to the attacker obtaining the same level of system privileges and access that attaches to the current logged-in user account. Because so many users routinely log in with system admin privileges, this effectively transfers complete system control to the attacker.

The details aren’t completely clear yet — I guess we’ll have to wait for the presentation and demonstration at DEFCON — but Microsoft has already issued a security advisory (Vulnerabilities in Gadgets could allow remote code execution). This web page includes two “Fix It” tools numbered 50906 and 50907. Because MS fails to describe what these tools do, I learned by experimentation that 50906 disables gadgets (and the Windows Sidebar in Vista), while 50907 turns them back on again.

It might be simpler for users with admin privileges who manage their own systems to simply remove all gadgets from their desktops, and not to add any new ones. I’m not sure it’s necessary to disable underlying support for gadgets if none are running. Apocalyptic warnings aside, I’m going to leave my gadgets up and running until more information emerges from the upcoming DEFCON conference. I need to better my understanding of the nature of the vulnerabilities that already-installed gadgets can pose before I do anything more. Frankly, I’m not sure that a gadget I’ve been using for years actually poses a security risk on my heavily firewalled home network, so I’m willing to wait and learn more about the potential risks of ongoing exposure before I wipe my desktops clean of these helpful bits of software.

It is interesting to understand that Microsoft will do away with the gadget interface, rather than attempting to repair its security issues. The company had already indicated it was deprecating gadgets in Windows 8 (though I discovered to my relief that they still worked on the Developer Preview release late last year, and have continued to use them anyway). However, it now seems likely that they will disable the Gadget interface in the upcoming RTM and GA releases for Windows 8. Thus, production versions of the new OS cannot fall prey to whatever security vulnerabilities gadgets might pose. It should be interesting to mull over what these researchers have learned, and what they’ll reveal, to decide if even trusted gadgets must go on Windows Vista and 7.

I am sorry to see this happen to gadgets. If it turns out they must be removed from my desktops, I’ll also be sorry to see them go. I’ll report back again later this month after the word on gadget vulnerabilities comes out in more detail.

[Note added on 11/18/2013: Thanks to an article I read recently by Deb Shinder, as recounted in a recent post to my Windows Enterprise Desktop blog entitled “Say! You CAN user Gadgets in Windows 8…” I’m very pleased to report that, thanks to 8GadgetPack, you can restore and use Gadgets in the Windows 8 and 8.1 environments. Whoopee! You may do this at your pleasure; I am doing it on several of my Windows 8 and 8.1 machines already.]

Letters from the Ed, Tips, Tricks and Tweaks

Use SP Cleanup Tool to Pare Down Winsxs folder, Reduce Windows Footprint

July 10, 2012 Ed Tittel Leave a comment

If your Windows 7 install has been around long enough, it will pick up various bits and pieces of leftover install information. The Windows Deployment Image Servicing and Management (DISM) tool includes a plethora of command line options that work on a running operating system (in addition to its more common use in setting up images for automated Windows deployments). For use on an active OS, however, your best reference is to start up cmd.exe using “Run as administrator” then type dism /online /? at the command line for a complete listing of commands and options.

In particular the command DISM /online /cleanup-image /spsuperseded is a handy one to know, because it gets rid of superseded install packages left in the wake of a service pack or other major update. It was designed as a post-SP-install cleanup tool, but I’ve run it on several systems that were built from the Windows SP1 slipstream install media, and it still found elements to remove from the installed image, as shown in this screen capture:

DISM removed two packages from my post-SP1 slipstreamed Windows 7 Ultimate installation

This recovered about 3 GB of disk space on my primary production machine — a welcome capability on the 120 GB SSD drive that I’m watching carefully to make sure it maintains at least 25% free disk space, to give the OS and applications room to breathe. On the other hand, if you run it on some systems, you’re more likely to see a result like this one, when DISM finds nothing to clean up on your behalf:

Nothing to clean up on my Lenovo T520 running Win7

Still, it’s a useful post-SP-install trick to keep up your sleeve. Another SP for Windows 7 is pretty likely to appear around the same time that Microsoft ships Windows 8 (late October is when that should happen, say most pundits). If this doesn’t do your system any good now, it will surely come in handy after you install the next SP!

Letters from the Ed

Veeeery Interesting! Meet the MYSOD

July 9, 2012 Ed Tittel Leave a comment

In this case, MYSOD stands for “Mustard-yellow screen of death” and it just hit me this morning on a new-ish production machine on which I’m having video driver problems. It’s got an Nvidia GeForce GTX 460 graphics card in an Asus P6X58D-E socket 1366 motherboard with 24 GB of RAM, an OCZ Vertex 2 SSD, and various other odd’n’ends. The driver version is the latest WHQL (301.42, aka 8.17.13.142) and there are a dazzling number of potential causes for my recent but not so-very-welcome experience. My only other tangible symptom is from Event Viewer, which reports Error code 4101 “Display driver nvlddmkm stopped and has successfully recovered.” This turns out to be a distressingly long-standing and popular problem for Vista and Windows 7, with a long and distressingly ominous list of potential causes and fixes.

Event viewer details for the 4101 video driver error

My searches for enlightenment have turned up some incredibly humorous stuff, however. Thus for example, I found the unwittingly hilarious “Screen of death” page on Wikipedia. It lists many colors of the rainbow for this symptom of hard and irremediable system crash, not all of which are for Windows, but when taken altogether create a lovely rainbow of hues for failure and distress. In addition to the Blue Screen of Death (BSOD) and the Black Screen of Death, both of which I’ve experienced in my days mangling and messing with Windows, I also found a Green Screen of Death (Xbox), Red Screen of Death (Game consoles and early Vista versions), the Purple Screen of Death (signals a fatal kernel error in the VMware ESX server). There’s even a white screen of death (Apple iPhones and iPads, among other systems) and — wait for it — a yellow screen of death that “… occurs when an ASP.NET web application encounters a problems and crashes.” I was surfing the Web, with a boatload of open IE Windows when the MYSOD hit me this morning, so maybe it’s involved. But I don’t really think so…

It was clearly something with my graphics driver. My researches so far have turned up the following possible causes, which in turn suggest various fixes:

Bad graphics drivers: but alas, this problem has plagued me for the past four WHQL updates to the Nvidia drivers, and I’m not sure if I want to roll back into 2010 to fix a problem that fixes itself (it does recover automatically, except for my MYSOD today).
Bad memory module: I’ve run memtest86 and gotten a clean bill of health on all six of my brand-new G.Skill 4 GB modules, and the system will run Prime95 with all cores maxed indefinitely at reasonable temps (under 70°C). I know memory controllers sometimes freak when all slots are occupied, and I’ve maxed memory on this motherboard to be sure, but I don’t see a lot of traffic about memory issues for this motherboard, so I’m going to leave the RAM in for the time being.
I’ve tinkered with the Registry, and added a long time-out (10 seconds) to the Timeout Detection and Recovery (TDR) issue that is often associated with the 4101 error code in combination with the nvlddmkm.sys fail and recover error message (see this great discussion on SevenForums “Help me configure registry correctly to solve TDR issue” for more info). Hasn’t made a lick of difference in my case, though…

I’ve asked the TweakTown guys for any insight they might care to contribute, and continue noodling around with my system as I have time and energy for such things. This is one of the things about Windows that truly drives me bananas, but that also helps to keep me busy and to guarantee full employment to legions of Windows support staff and technicians. Go Microsoft!

Software Reviews, Tips, Tricks and Tweaks, Win7View

Disk2VHD Is Just What the Doctor Ordered for Machine Upgrades and Migrations

May 17, 2012 Ed Tittel Leave a comment

Anybody who’s followed my Windows experiences and commentary already knows I think the Sysinternals guys (Mark Russinovich and Bryce Cogswell, primarily, but also a host of others over the years) hung the moon when it comes to great tools and utilities. I was recently pondering how to get over the “What did I forget?” hump in finally upgrading my primary desktop from 4 to 12 GB of RAM, and thus also from Windows 7 Ultimate 32-bit to its 64-bit counterpart, when my research led me to their free tool named Disk2VHD.

Continue reading Disk2VHD Is Just What the Doctor Ordered for Machine Upgrades and Migrations →

Hardware Reviews, Letters from the Ed, Tips, Tricks and Tweaks, Win7View

Great Product for Recycling 2.5″ Notebook Drives

January 5, 2012 Ed Tittel 1 Comment

In the past quarter, I’ve replaced the boot drives on my three primary notebook PCs with el-cheapo ($149) OCZ-3 Agility 120 GB SSD drives. In turn, that has left me with three 500 GB 2.5″ drives that I can still use, but no longer want for primary notebook HDs. That left me casting about for a solution to put these babies back to work at minimal expense with maximum results. Here’s what I found to meet my needs: a 5.25″ drive bay that accommodates four 2.5″ drives in the standard form factor, and supports both SAS (Serial-Attached SCSI) and SATA drives in a single, heavy-duty brushed aluminum enclosure. It’s available on Newegg for a modest $55, and on Amazon for $60. Here’s an introductory photo of the device, straight from the manufacturer’s Website:

Each of the drive sleds holds a standard 11mm 2.5" HD, or larger if you remove the sled top

Continue reading Great Product for Recycling 2.5″ Notebook Drives →

Hardware Reviews, Letters from the Ed, Tips, Tricks and Tweaks, Win7View

A Tale of Three Notebook SSD Upgrades

October 25, 2011 Ed Tittel 1 Comment

OK, so I finally got my three production notebooks upgraded from conventional spinning hard disks to SSDs. All three of the source drives were 7,200 RPM SATA II drives: two from Seagate (one a Momentus plain-vanilla, the other a Momentus XT), along with a Hitachi 7K500 model. Of the three, the Momentus XT was far and away the fastest, but it couldn’t begin to match the OCZ Agility 3 SATA III 120GB drive that replaced it. I took advantage of a special sale to pick mine up for about $150 each on Newegg. Right now they’re priced at $155 with a $30 rebate to bring the price down to $125.

It took me a while to whittle these machines’ drives down to an acceptable level of disk space for the transfer. I recount this exercise in a couple of upcoming articles (one for InformIT.com, the other for InputCreatesOutput.com; no links yet but I’ll plug them in as they become available). Here’s a quick before-and-after snapshot:

Table 1: Notebook System Disk Holdings (Before & After)
Laptop	Before Clean-up	After Clean-up
HP dv6t	72.9 GB	52.8 GB
Dell M11X	48.2 GB	33.1 GB
Dell D620	35.4 GB	27.7 GB

I used the “Clone Disk” tool in Acronis True Image Home 2012 to transfer the contents of each conventional HD to its SSD replacement. Although the HP dv6t has the faster processor, the Dell M11X supports SATA 3 and outperforms the HP on I/O. All in all, the real proof for the value of the exercise comes from some before and after system timings, as shown in Table 2.

Table 2: Notebook System Timings (Before & After)
Timing Point	Dell D620 (Before/After)	Dell M11X (Before/After)	HP dv6t (Before/After)
BIOS alert	00:03 / 00:03	00:03 / 00:03	00:08 / 00:07
Windows 7 Starting	00:11 / 00:07	00:32 / 00:19	00:12 / 00:09
Login Prompt	00:53 / 00:23	01:07 / 00:32	00:40 / 00:12
Desktop appears	01:20 / 00:35	01:44 / 00:42	01:13 / 00:19
Soluto value	01:49 / 00:42	02:26 / 00:42	02:22 / 01:02
Shutdown	00:20 / 00:07	00:18 / 00:06	00:22 / 00:10

Here’s what I take away from this recent adventure. First and foremost, you get the biggest win in performance after Windows starts loading and the systems start banging their drives for all they’re worth. Second, there’s a clear correlation between the I/O interface hardware and overall disk subsystem performance: the Dell D620 which has the oldest SATA controller, saw a jump from 5.9 to 6.9 in the Windows Experience value for the disk data transfer rate. The HP dv6t has a faster SATA II controller and leaped from 5.9 to 7.4, but the MX11 with its SATA III support surged from 5.9 to 7.9 (which is as high as Windows Experience values currently go). Third, some of the best benefits from SSD use come after the OS has booted: applications open and close much more quickly, and shutdown takes no more than half as long as it once did. I like it!

Hardware Reviews, Letters from the Ed, Win7View

LensPen LapTop Pro Ultra Cleaning Kit

September 28, 2011 Ed Tittel Leave a comment

Every now and then I’ll get a request from a vendor to take a look at their products and report on my experiences. Over three weeks ago, a package from Canada showed up at my door, including the LensPen LapTop Pro Ultra Notebook Cleaning Kit. As the following photo from Amazon (where you can pick this item up for $9.95 plus S&H) shows, it includes a microfiber cleaning cloth, 10 moist wipes for cleaning an LCD screen, a big multi-brush and screen cleaner holder, and an itty-bitty screen cleaner for cellphones (lower right in photo).

Continue reading LensPen LapTop Pro Ultra Cleaning Kit →

Software Reviews, Tips, Tricks and Tweaks, Win7View

Another Nice System Drive Cleanup Maneuver: DriverStoreExplorer

September 19, 2011 Ed Tittel 11 Comments

In my continuing quest to find more and better ways to slim Windows 7 down on disk, so as to make the most of smaller, more affordable SSDs, I’ve come across another footprint reducing technique. Exploring space consumption with my favorite visual tool, WinDirStat, I observed that the Windows FileRepository directory (C:WindowsSystem32DriverStoreFileRepository) consumes a fair amount of space (2.2 GB after my initial assay, just under 1 GB after the clean-up I’m about to describe).

Continue reading Another Nice System Drive Cleanup Maneuver: DriverStoreExplorer →

Tips, Tricks and Tweaks, Win7View

Be Prepared for Windows 8 Hyper-V Gotcha

September 19, 2011 Ed Tittel 1 Comment

I stumbled into an interesting potential “gotcha” as regards Windows 8 and its much-ballyhooed support for Hyper-V (see Steven Sinofsky’s Building Windows 8 blog entitled “Bringing Hyper-V to ‘Windows 8’” for more information) while researching an article on this topic for SearchWindowsEnterpriseDesktop.com this weekend. Although Microsoft has claimed in the past that Windows 8 will run on any PC that can run Windows 7, the same is most definitely NOT TRUE for Hyper-V support.

To run Hyper-V, a PC must not only run the 64-bit version of Windows 8, its CPU must also support a virtualization technology called Second Level Address Translation (aka SLAT) which, as Sinofsky’s blog states, “…is present in the current generation of 64-bit processors by Intel and AMD,” along with at least 4GB of RAM. Given the memory requirements for VMs, the 4 GB requirement is neither terribly surprising nor onerous. As it turns out, only the ix Intel processors (i3, i5, and i7) and Barcelona-model or later AMD processors (K10 or higher Opteron and Phenom CPUs) support SLAT.

You can check the status of your CPUs by downloading the latest version of Mark Russinovich’s coreinfo.exe utility from the Microsoft Sysinternals Web pages, then launching the utility from a command line launched with administrative privileges. If your CPU will run Windows 8 Hyper-V, you’ll see a display like this one:

Coreinfo -v produces virtualization info

The key entries in this display are the EPT (Extended Page Tables) for Intel processors, as shown in the preceding screenshot, and a value in the AMD processor output that may appear as NPT (Nested Page Tables) or RVI (Rapid Virtualization Indexing). Simply put, one of these values must be enabled for Windows 8 Hyper-V to work. What this also means is that even though I have some older quad-core systems that run Windows 7 just fine, with 12-16 GB of memory (and thus plenty able to host multiple VMs except for the SLAT requirement), I won’t be able to use those machines to host Hyper-V VMs when I start digging into Windows 8 later this month. All I can say is “Rats!”

Tips, Tricks and Tweaks, Win7View

More Noodling on System Drive Space-Saving: Move those VHDs!

August 31, 2011 Ed Tittel 1 Comment

On my continuing quest to save space on the C:/System/Boot drive on my Windows PCs — mostly so I can maximize the value and utility of my desire for SSD speed without forking over $500-600 for a sizable enough drive (256 GB or larger) so I don’t have to worry about saving space — I’ve kept on looking for small changes with big payoffs to keep drive space consumption down. Today, I came across a big one on my i7 test machine. It’s got Windows XP Mode installed, and by default Windows XP mode stores the file named Windows XP Mode.vhd in the C:Users<username>AppDataLocalMicrosoftWindows Virtual PC directory.

On my i7 test machine that vhd consumes 6.8 GB of disk space on a 120 GB Corsair Vertex 2 SSD. On that same machine, I’ve got two internal conventional drives: a 1.0 TB Samsung SpinPoint and a 1.5 TB Samsung SpinPoint, both with over 800 GB of disk space available. So I asked myself this question: “Why not move the VHD?” Sure, it’ll run slower than on an SSD, but I don’t use Windows XP mode frequently enough to justify 5% of its available disk space going to a single VHD file.

That raised the question: “How do I relocate the VHD file?” A quick Google search turned up a nice and very helpful post on social.technet.microsoft.com which provided the following instructions:

Start up the VHD, then use the CTRL-ALT-DEL button to elect the “Shut down” option.
Copy the file named Windows XP Mode.vhd from the C:Users… location to another hard disk
Right-click the Windows XP Mode entry in Windows Virtual PC (or Server) and select the Settings option
Use the Browse button association with Hard Disk 1 to point the program at the new location for the file (in my case that was F:VMsWindows XP Mode.vhd)
Fire up Windows XP Mode to make sure everything is still working OK (worked for me, so hopefully it will also do likewise for you)

Bingo! 6.8 GB gone from the C: drive, and about 6% more free drive space for other uses on my SSD. I love it when little actions bring big wins!

Rashmi U R’s posting on how to move the Windows XP VHD file (Click to Enlarge)

Author, Editor, Expert Witness