Scot’s Newsletter

Operating Systems. Broadband. Issues. Info You Can Use.

Please Recommend this Newsletter to a Friend.

August 2006 - Vol. 6, Issue No. 83

By Scot Finnie

In This Issue

  • The Latest on Vista, Plus Build 5472 and UAC
  • 60-Second Briefs
       - More on Revealing Vista's Hidden Administrator Account
       - Grabbing a ThinkPad T60
       - Mac Fanboy?
       - Ozzie Declares PC Dead, What Might Replace It?
  • WGA Notifications: What It Is and How to Remove It
  • The Right Antivirus, Part V | Best Antivirus of 2006!
  • Link of the Month: VMware Virtual Appliances
  • Newsletter Schedule
  • Subscribe, Unsubscribe, Change Address, Change Format
     Quick Links

     September 2006

     Aug.'06 Special Edition

     August 2006

     July 2006

     Read Back Issues

     Print This Issue

     Newsletter Home

     Subscription Manager

     The SNF Forums

     Donate via PayPal

     Donate via Letter Mail


    Email Newsletter Power Tools. Try Them Free Today!
    paid advertisement

    The Latest on Vista, Plus Build 5472 and UAC
       - Gearing up for Vista RC1
       - Build 5472 and User Account Control
       - Some Clarity on User Accounts
       - Insights on Vista Upgrade Paths

    Gearing up for Vista RC1
    No one knows right now when the Release Candidate 1 (RC1) build of Windows Vista will arrive, but sometime toward the end of August is still a good guess. Of course, no one would be surprised to see it slip into September either. All Microsoft has said on the record is that it will come out by September's end. Whenever it arrives, I will install it on half a dozen machines and test it exhaustively, and then I will write about it in detail in either Computerworld or Scot's Newsletter — or both.

    It's very likely there will be a second release candidate of Vista, probably four to five weeks after RC1 appears. Judging from past Windows development cycles, What you see in RC1 is pretty much what you get when the product ships. At least 90% of the changes incorporated after RC1 will likely be bug fixes. A third release candidate is possible. If Microsoft decides to slip its consumer release date to, say, March of next year, that would stretch out the development cycle, potentially into early January. The targeted November release date to volume-licensing enterprise customers is not that big a deal. Few enterprises are dying to get into Vista the first day it becomes available to them. Most are more concerned with the software giant getting the software right.

    But no matter how the schedule may change, RC1 will deliver a degree of fit and finish with Vista that we haven't seen before. It might not be as fast as 5472, but it will likely be refined in many ways. So stay tuned for my in-depth report on it.

    Build 5472 and User Account Control
    I was pleasantly surprised by the post-Beta 2 interim build of Windows Vista I tested a couple of weeks ago. Build 5472 improved markedly on system installation time and overall operational performance. Microsoft has significantly revised the Network Center — an area I've criticized in past — so that it's more intuitive, more useful, and reduces the number of separate networking-oriented Control Panels.

    Microsoft has also made some progress on reducing the number of User Account Control (UAC) confirmation pop-ups. This UAC issue is the aspect of Vista I've been most critical of in the past. Although I'm not ready to declare the problem solved, and I suspect that Microsoft will not in the end clean it up enough for me to be fully satisfied, the software giant is moving in the right direction on UAC.

    For more detail on the changes in interim Vista Build 5472, please see my Vista Build 5472 story on Computerworld.

    Some Clarity on User Accounts
    I don't think it's widely understood that there are three basic account types in Windows Vista: Administrator, the "split-token" user-created administrator account, and Standard User. The built-in Administrator is hidden by default, does not have UAC turned on by default, and if Microsoft could have its way, wouldn't even exist in Vista. It's not a fully protected account.

    At its core, the user-created administrator (such as the account Microsoft requires you to create when you clean install Vista), shares more in common with the Standard User than with the built-in Administrator account. At rest, user-created administrator account rights and permissions restrictions are very close to Standard User accounts. They are able to elevate to Administrator rights on-demand, in context, without having to enter a password. But as soon as that process ends, they go back to being very like Standard User accounts. This is what Microsoft means by the term "split token."

    User-created administrator accounts have UAC is turned on by default. And a human being must confirm any action that might leave the computer and its data vulnerable to tampering.

    Standard User accounts are a bit more locked down than user-created administrator accounts, plus they must authenticate to an administrator account with the administrator account's password on each and every UAC prompt.

    Increasingly, Microsoft is smartly reducing protections for user-created administrator accounts in order to cut down on the negative impact on the user experience caused frequent repetition of UAC prompts. For example, when you attempt to delete the desktop icon that was installed for all user accounts on the computer instead of just the logged in user, you receive a UAC prompt in Beta 2. In Vista Build 5472, you receive the UAC prompt if you're logged in to a Standard User account; but if you're logged in to a user-created administrator account, 5274 just deletes the icon.

    I still wonder about the Standard User experience. I'm trying to imagine how the Standard User account really works with inexperienced users and children. These people will likely see more UAC prompts over time, and will have less idea what they mean. They will, I think, quickly become numb to these confirmation boxes. Nothing bad seems to happen when they just click OK. Until something bad does happen. And then, all that clicking and interruption will be for naught.

    Insights on Vista Upgrade Paths
    I'll give you the bottom line at the top. If ever there was a time to clean install a version of Windows, this is it. Most of us who are making strong plans to move to Vista in 2007 should plan on buying a new PC to get there. While the CPU and memory requirements aren't a big deal, the video requirements are. There are many high-end video cards still being sold today that don't support DirectX 9, don't have 128MB of dedicated video RAM, and don't specifically support PixelShader 2. So there's a strong reason to at least consider new hardware.

    But that's not the only reason. Don't believe the critics, Vista is still an ambitious upgrade. There's a lot going on in this release of the operating system. There are many breaks with the past. While I have very little data that tells me there will be problems with Vista upgrade installations, past history tells me there will be more problems than usual. Vista's image-based installation/upgrade process is, actually, also different than the past upgrades. From the sound of it, those changes should vastly improve upgrade installs. But that's in a test tube. The real world is an altogether different place.

    If those two reasons weren't enough, Microsoft has limited the Windows Vista upgrade paths. Please check out this Windows Vista Editions chart (toward the bottom of the Web page).

    You can't upgrade from Windows XP Professional or Tablet PC Edition to Vista Home Premium. Your choices are Vista Business (which doesn't support many digital media features) or Vista Ultimate, which will probably be pricey. Windows XP Media Center machines can upgrade to Vista Home Premium or Ultimate, which makes sense.

    You also can't upgrade install at all from Windows 2000 or Windows XP x64. Windows XP Home is the only version of Windows that can upgrade to Vista Home Basic, Home Premium, Home Business, or Ultimate.

    So let me leave you with where I started. Whenever you move to Windows Vista, if you do, that would be a very good time to make a break from the past. Either upgrade your hardware as needed and clean-install Vista, or get new hardware with Vista on it.


    60-Second Briefs
       - More on Revealing Vista's Hidden Administrator Account
       - Grabbing a Lenovo ThinkPad T60
       - Mac Fanboy?
       - Gates on Vacation, Ray Ozzie Declares the PC Dead

    More on Revealing Vista's Hidden Administrator Account
    I republished last month's story about revealing the true Administrator account on Computerworld recently. After I wrote that piece, I had an in-depth interview with Microsoft about the hidden Administrator and many other aspects related to the new user account system in Vista. While the interview didn't change the essential facts that I relayed in the July story, it did change my thinking about some things, and it also added some lesser facts I wasn't aware of.

    So when I reprised the story on Computerworld, I updated it pretty significantly, both for clarity and with additional facts and insights. I strongly recommend that you refer to this new version of the story if you intend to follow the steps it lays out:

  • How to access the true Administrator account in Windows Vista

    Grabbing a ThinkPad T60
    The main PC in my life is a 2.0GHz Centrino Lenovo ThinkPad T43 with a ATA-100 5400-rpm hard drive and 64MB ATI Radeon Mobility X300 video. With my entire personal and professional lives on this thing, it's slower than molasses in January. Lotus Notes, a huge Eudora installation, Office 2003 Everything, seventeen forms of security, at least 50 Internet clients, another 50 utilities, and several high-end graphics and media packages. There comes a time when any Windows installation has just had it. Besides, the hardware was never fast to begin with.

    The T60 I'm picking up has some faster goodies: Intel Core Duo 2.0GHz, 2GB RAM, a 100GB SATA-150 7200-rpm drive, 128MB ATI Radeon X1400 video, and so forth. It's got my requisite 1400-by-1050 resolution 15" LCD. And, of course, the UltraNav pointing system I'm always slobbering over. In case you're interested, it's the ThinkPad T60 2613ELK. The 2613ELU is the 2.16GHz version, but it was almost $600 more — and not worth the performance delta.

    I've spent a lot more money than usual this year on new PCs. [Editor's Note: Tell me about it. Good thing I've taken a job that comes with a paycheck. --Cyndy][Great, so that means I can take early retirement, right? — Scot] I'm trying to eliminate all the desktops from SFNL Labs. Though pricey, these dual-core machines are noticeably faster than the machines they replace. It's the first time in a long while that I've noticed a significant boost in CPU/bus/chipset performance. After this ThinkPad, I'll be holding off on new Windows machines until next year, when I expect to pick up a Vista notebook with the mobile version of Intel's new Core 2 Duo, codenamed Merom.

    Mac Fanboy?
    Fair warning to all you dyed-in-the-wool Windows wonks: I'm having visions of jumping ship. I will never give up my Windows expertise, which I've spent years amassing. But I'm budgeting for my third Mac, a MacBook Pro 17 when OS X Leopard comes out next year. I'm in the midst of initiating a Linux Xandros 4 living-with-it experiment. It's long since time to start taking the alternatives seriously. It'd probably take just one more thing like User Account Control, Windows Genuine Advantage, or Windows Product Activation to get me seriously wondering what Microsoft is becoming. (No, Microsoft charging $1.50 for Office 2007 Beta 2 isn't enough, but it is in the same vein.) Lotus Notes isn't my favorite application, but Notes inventor Ray Ozzie can't get into serious power at Microsoft fast enough so far as I'm concerned. And I hope Gates takes Steve Ballmer with him when he goes. Microsoft is a company fighting entropy. It needs a major shake-up. It needs an identity transplant.

    On Slashdot, they were openly wondering whether I was a Mac fanboy when I wrote the "20 Things You Won't Like About Vista" story. Well, I wasn't. I do like OS X, and everyone who's followed this industry for any length of time has to see that Microsoft takes a lot of its lead on operating system design from Apple. But I've been a Windows guy for so long it's almost laughable to call me a Mac supporter.

    Maybe it's not a big joke any more, though. If it stops being fun using Windows (if it feels like the taxi meter is running all the time, for example), I might switch. Microsoft appears to be bound and determined to wipe the grins off our faces, to take away the joy of Free Computing. I swear, Microsoft is the new IBM circa 1983.

    There's a change coming. And I don't mean a possible change of my OS preference. I mean a nexus point, inflection point, paradigm shift (pick the decadent business buzzword you hate the least) in this industry. I don't think any of the pundits have it quite right. I don't think handhelds replace full-blown notebooks. I don't think Software-as-a-Service is the whole deal. It's not just consumer electronics convergence. It's not all of us running out of virtual machines. It's not just the result of the tech industry having trouble getting jumpstarted. But all or most of those things will shape what's coming. I'll let you know when my crystal ball stops reading "Try Again."

    Ozzie Declares PC Dead, What Might Replace It?
    While Bill Gates was vacationing in Africa, Microsoft's newly appointed Chief Software Architect, Ray Ozzie, wasted no time declaring the PC dead.

    From a business perspective, I agree that the desktop PC is past its prime. But there are 850 million Windows PCs running around the world, and, according to this the FT/MSNBC article, another 225 million will be sold next year. That doesn't sound like a dying market.

    I think this is a semantical debate. Smart devices that contain CPUs, RAM, and permanent storage, that run operating systems, and that allow you to install and run applications, are not going away any time soon. The issue is that companies like Dell, AMD, Intel, HP, Microsoft, and many others must rapidly rethink their businesses. Desktop PCs are not the growth area they once were. The tech industry isn't doing so well right now because it's an industry that for the first time in a long time is not innovating fast enough to keep up with the desires of both an increasingly mobile, 24x7 workforce and an increasingly computer savvy consumer marketplace. People are less and less willing to deal with the hassles that computing devices present. My belief is that people want more than to own a great mobile device, a great back-at-the-ranch device, and a great entertainment device. They don't want the hassles of managing three computers. They want everything at once, without having to manage everything.

    At the heart of that market demand is finding a way to create true data portability. But it's not just data we're talking about. For lack of a better term, it's desktop portability. We want the same "desktop" on our mobile devices that we find on our widescreen movie players and our work-optimized multitasking business desktops. The word desktop is the wrong word, because mobile devices are unlikely to ever use a desktop-based user interface to good effect. The point is, we want all our programs — whatever device we're using at the moment — to offer all of the things we've done before, including bookmarks, downloads, documents, music, video, etc. At the same time we want settings specific to each device — such as network settings, application settings, and OS settings related to hardware — to be stored uniquely for each device. So that, in the end, whatever I've done with a computer is there when I want it, and I don't have to think about network and Internet connectivity or hardware support.

    So, is this something that could be achieved in hardware? Although it's unlikely to be a good idea in practice, one can imagine the notebook device sporting "handheld bay" that lets you remove your handheld and reincorporate it as needed. Or should full user data and settings portability be achieved by a profound use of Internet-based storage and Web-based software-as-a-service solutions to integrate your operating system with a Web-based component? Or is there some new technology or idea (perhaps something like the USB U3 standard on steroids?) yet to be developed is what might some day deliver full-fledged data portability and device independence? What do you think?


    Windows Genuine Advantage: What It Is and How to Remove It
    Last Updated: August 12, 2006

       - Why WGA Is Distasteful
       - WGA the Software
       - Preparing to Ditch WGA Notifications
       - Removing WGA Notifications: Step by Step
       - Preventing Recurrences
       - Some WGA Resources

    Why WGA Is Distasteful
    Just when it looks like Microsoft might be coming around, at least somewhat, on the boondoggle that is User Account Control, the company loses all rationality and releases several consecutive betas of Windows Genuine Advantage Notification, or WGA Notifications, to millions of unsuspecting Windows XP users. Moreover, it has done so via its high-priority security Automatic Updates and Windows Update/Microsoft Update online-updating channels.

    WGA is an anti-piracy program initiated by Microsoft in an effort to keep it from losing money on stolen product keys and counterfeit copies of Windows and Office. In typical call-it-the-opposite-of-what-it-actually-is marketing style, Microsoft has named its latest anti-piracy push to sound as if there were something good about it for customers, when in fact, the only advantage is for Microsoft. For some small percentage of legitimate Windows customers, WGA is going to be a royal pain in the behind. Make no mistake, WGA has the potential to make some people very frustrated and angry with Microsoft. And for many other people already teetering on the fence about whether Microsoft is a good company to deal with, it may tip them over the other way. If you doubt that at all, go Google "WGA."

    Bloggers, newsletter authors, and computer publications have already reported a good deal about WGA. Unfortunately, the negative impact WGA may have on "man in the street" Windows users hasn't permeated into the mainstream press. It wouldn't be difficult for the New York Times, Washington Post, CNN, or Consumer Reports to find average people who've been faced with a message on their Windows XP or Office 2003 screen telling them they may have a "counterfeit copy" of their Microsoft software. Because that's what WGA does. It consists of two small bits of code. One watches your computer and tries to determine whether your copy of Windows is legit. When it decides Windows doesn't have the the proper credentials, the second component kicks in flashing warnings, and may offer you any of several pieces of advice or options, including paying up. In a way, WGA sets itself up as judge, jury, and cash register.

    Microsoft has offered only vague information so far, published in a blog, about the existence of false positives — those times when WGA makes mistakes and wrongly accuses Windows customers of having an illegitimate copy of Microsoft software. At least 80% of the pirated or counterfeit software WGA finds involves the use of stolen or repeat use of one-time product keys, where Microsoft has a genuine beef. Has Microsoft (or any software development company) ever written perfect code? Of course not. So of course there are false positives. We just don't know how many.

    What makes that doubly difficult to sort out — and this is the part that makes it hard for the press to report on WGA — is that not all of the apparent false positives are actually false positives. You may have paid for your copy of Windows, but it may actually be a counterfeit copy. You may have recently brought your PC in for repair, and the repair shop may have used its copy of Windows XP to reinstall Windows on your system as part of the repair process. You may have purchased a used PC sold with Windows XP or Office only to find that you weren't sold a legitimate license. In some cases, that may even happen with new PCs.

    All that brings me to the aspect of Microsoft's WGA that I feel is the largest mistake. Microsoft is going directly after its own customers — not the serious bad guys — with WGA. I'm sure the software giant believes it must do this in order to get the counterfeiters, the repair shops that use the same XP CD and product key over and over again, the system builders who sell the same license repeatedly, and the smaller enterprises that, while they have purchased machines that are properly licensed, are using a single Windows image and product key (not acquired through volume licensing) for all their new PCs. But there has to be some better way than alienating probably hundreds of thousands, perhaps millions, of users of Microsoft software who have no idea whatsoever that they're in some way going against Microsoft's product licensing rules. The potential is huge for bad publicity, ill will, and a feeling that using Windows is an open invitation to let Microsoft decide whether you need to pay a second time for Windows or Office. Microsoft is apparently more interested in squeezing every last penny out of its existing installed base than it is in preserving customer satisfaction or developing a better mousetrap.

    The actual numbers of false positives don't matter. It's about the perception. It's glaringly obvious that Microsoft cares not a whit about individual Windows users. Its only focus is larger volume-licensing customers and OEM PC makers. Since it's all about Microsoft recouping money, it's hard not to look at this as corporate greed at the expense of unsuspecting corporate customers and end users. I am personally disgusted by WGA. I'd be willing to be bet that at least half the people working at Microsoft feel the same way. They can't say it; I can.

    WGA the Software
    WGA software is installed into Windows XP via Microsoft's online update services. Windows Vista comes with its version of WGA already installed, apparently in no way optional. The Office version is called Office Genuine Advantage (OGA).

    There are two separate parts of Windows Genuine Advantage for Windows XP: WGA Validation and WGA Notifications.

    WGA Validation is the component that checks Windows to make sure it's a properly licensed copy of the software. It first appeared prior to the download of Microsoft AntiSpyware beta 1 (later renamed Windows Defender). Your system must be validated in order to receive some software (such as Internet Explorer 7, Windows Defender, and Windows Media Player 10) from Windows Update and Microsoft Update. WGA Validation has been required for access of these types of downloadble software from Microsoft since July 2005. WGA Validation is the heart of WGA. WGA Validation is not required to receive security patches from Automatic Updates. (See Microsoft's KnowlegeBase article, Description of Windows Genuine Advantage, for more information about WGA Validation.)

    WGA Notifications was designed to remind users who fail validation that their Windows software has been deemed by WGA Validation to be illegitimate. It directs people who experience this to resources to learn more about getting what Microsoft calls "genuine" software. WGA Notifications was rolled out this spring. WGA Notifications is delivered via Automatic Updates and it is technically optional. You can choose not to install it, but figuring out how to keep it from slipping in with high-priority security patches is not that easy (see later in this story for precise instructions on how to do that). According to Microsoft, there is no penalty for opting out of WGA Notifications. Opting out does not stop a user from receiving security updates via Automatic Updates. (See Microsoft's KnowledgeBase article, Description of Windows Genuine Advantage Notifications, for more information.)

    You already have WGA Validation on your Windows XP installation, unless you haven't received security patches since before July 2005. If you use the Automatic Updates feature of XP, WGA Notifications is also most likely already on your system. WGA Notifications has appeared in several beta versions, with slightly different behaviors. And Microsoft appears to be actively developing this tool. For many people, the fact that the software giant is delivering WGA Notifications, and also continues to deliver WGA Validation as needed — as high-priority security updates — is a strong note of insincerity on the part of the software giant. Microsoft may be kidding itself that WGA has some sort of security aspect, but most knowledgeable computer users aren't buying it.

    At press time, when WGA detects a problem, it lets you keep running Windows, periodically popping up WGA Notifications nag screens to make sure you know that your Microsoft software may be counterfeit. If this happens to you, you should pursue WGA Notifications process; it may provide you with information that will help you rectify the problem. WGA Notifications may be annoying, and it does directly contact Microsoft's servers on its own, but it is WGA Validation that actually makes the determination about whether you're in license compliance. WGA Notifications is primarily a messenger, and some of its messages may be helpful.

    For example, in my tests I was able to make the WGA "counterfeit" warning appear by changing the date of the system clock one month later. The Web-based WGA program was able to determine that was the problem and it suggested I reset the system date. When I did that, the WGA warnings disappeared. While most WGA detections don't resolve that easily, it can't hurt you to learn as much as you can about why WGA believes your copy Windows is illegitimate.

    So what could happen? I've received several detailed reports from readers about their experiences with WGA that involves purchases of full retail copies of Windows XP from reputable dealers like Fry's, Staples, and BestBuy. The worst part of this is that there is no external review of WGA Validation's determinations. And while it's true that many people may have no idea that their copy of Windows isn't "genunine," there's no way that WGA Validation could be perfect in its determinations. One story I've heard from several readers is that they bought a retail "upgrade" installation of Windows XP Pro (from a reputable source) to upgrade a PC that came with Windows XP Home, and got into trouble after installing it. There's no way that all these copies of Windows XP Pro are counterfeit. And these people have paid the normal price for the software. It should not be up to customers to determine whether software is valid at retail. Microsoft should be able to go after counterfeiters on its own, without getting retail buyers involved.

    Despite the possibility of scary messaging, WGA Notifications doesn't have much of an enforecment bite at present. But might that change in the future? Microsoft has said it won't "turn off" illegitimate copies of Windows. But could the software giant be interpreting that literally? The more likely preventive measure probably isn't turning off the computer. It's not hard to imagine that WGA might direct its predecessor, Windows Product Activation (WPA), to lock you out of your computer until such time that you can present a valid product key. When WPA kicks in, the computer boots to a login screen that doesn't let you use the computer until a valid activation code is entered. In Vista, this WPA screen links to an option that lets you buy a new copy of Windows, even extending use of Internet Explorer for that purpose, though you can't actually login to Windows prior to successful activation.

    Microsoft has more than once alluded to the fact that it's reserving the right to require the installation of WGA Notifications on all computers, possibly sometime early this fall. WGA Validation and Notifcation are built into Windows Vista, without any user option to remove them. It's simply not known yet how Vista's version of WGA will behave.

    At this writing, it is possible to both remove WGA Notifications and also to prevent it from attempting to reinstall after you have removed it.

    Preparing to Ditch WGA Notifications
    There are many sites on the Internet that purport to help you remove WGA Notifications from your system. Microsoft has recently changed some things about this software, and many of those instructions could be out of date. I have yet to see a definitive work on this subject, and I don't consider this one to be either. Since WGA is still in beta, and Microsoft is still developing it, I suspect that the best set of instructions is yet to come.

    A large portion of my instructions are based on Microsoft's How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications KnowledgeBase article, which showed a July 12, 2006, revision date at the time that I prepared this article. It should be noted that many of the simplistic methods of halting WGA Notifications, such as blocking it with your firewall or renaming the WgaLogon.dll file, are a lot less comprehensive than the instructions that Microsoft offered or that appear in this document. They are effective right now. If Microsoft renames its files, those protections would break.

    The reality is, WGA Notifications isn't the guts of WGA. It's the part that "phones home." But I have to be honest with you; that aspect of WGA has never concerned me all that much. It was certainly preposterous for WGA Notifications to reach out to Microsoft's servers every day. The part of WGA that concerns me most is the virtual certainty that WGA Validation will falsely identify even a small percentage of Windows installations as being "counterfeit" when in fact they are not. OK, let's get on with removing WGA Notifications.

    Important: These instructions require editing the registry. You may want to start by taking a System Restore point so that you can revert to it in the event that something goes wrong. Also, I attempt to go beyond Microsoft's instructions for uninstalling WGA Notifications to uninstalling other WGA Notifications leave-behinds. Bottom line: I can't 100% promise that you won't run into trouble, but I've tested in on enough machines and received enough reader feedback that I don't think you will.

    Update: I've revised these instructions to work around any possible removal of WGA Validation, which is required to download both security patches and optional programs from Windows Update and Microsoft Update. (WGA Validation is not a prerequisite for downloading security patches from Automatic Updates.) If you do remove WGA Validation — which consists primarily of the LegitCheckControl.dll file in the \Windows\system32 directory — Windows Update and Microsoft Update will both attempt to reinstall the WGA Validation component the next time you try to use them.

    To make a System Restore point, open the Start menu, choose Run, copy and paste this line into the Run field, and press Enter:


    If you prefer not to mess around with the System Registry yourself, there's a very simple, free utility called RemoveWGA available for download on the Internet from Firewall Leak Tester. I've tested RemoveWGA 1.2 and I recommend it as an alternative.

    Removing WGA Notifications: Step by Step
    1. In the Add or Remove Programs Control Panel, turn on the "Show Updates" check box at the top.

    2. Open the Folder Options Control Panel. Click the View tab. Remove the check, if any, beside "Hide extensions for known file types." While you're at it, click the radio button beside "Show hidden files and folders" and uncheck the box beside "Hide protected operating system files." Click OK. (Note: If children or computer novices use your computer, you'll want to reverse these steps later.)

    3. The next step is to search your entire system boot drive for any file containing the letters "wga". To do that, open the Start menu and Choose Search. You will need to configure Search so that it searches system folders, searches hidden files and folders, and searches subfolders. Initiate your search for Drive C or Drive D, or whatever drive Windows is installed on.

    4. If WGA is installed on your computer, the search should return the filenames WgaLogon.dll and WgaTray.exe in your \Windows\System32 folder. You'll also find WGA's LegitCheckControl.dll in the same folder (but it won't be in your search results). You may well have several other search results, and we'll come back to those later.

    5. In the search results window, rename the following two files as shown:

    WgaLogon.dll => WgaLogon.old
    WgaTray.exe => WgaTray.old

    Note: You can delete these files after a subsequent reboot if you prefer. At this point, WGA Notifications is disabled. You could stop here if you'd rather not go all the way down this path.

    6. Open the Start menu, choose Run, type "regedit" without the quotation marks, and press Enter. This opens the Registry Editor.

    7. Locate and delete the last subkeys (folders) in these locations in the Registry. (Note: HKLM stands for HKEY_Local_Machine.)



    Note: Just to be clear, for that first line, you would navigate through the Registry beginning with HKEY_Local_Machine area, tunneling in by opening each folder named in the Registry path until you see the WgaLogon folder on the left side of the Registry Editor. Then just delete that folder. Repeat for the other Registry subkey, WgaNotify.

    8. That ends Microsoft's initial instructions. On my computers, I reboot my computer and remove the following subkeys as well. You should not attempt to remove every instance of WGA in the Registry.


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WgaNotify

    9. The next step is to delete other WGA Notifications files returned in your search. It's not absolutely essential for you to remove every last trace of WGA Notifications, especially when that attempt could very likely get you into trouble. For example, wgaapi.dll isn't part of Microsoft WGA, it's part of a wireless networking driver. You can safely delete any file you find with "wganotify" in its name.

    On several of my computers I didn't find WGA installed, but I did find an installer for it that seemed poised to run the installation. Presumably that's because those computers were using the Automatic Updates setting that automatically downloads but does not install updates without your permission. They're usually located in a folder with a name consisting of gobbledy-gook (hash of alphanumeric characters) found the \Windows\softwaredistribution\download folder. It's possible to delete these folders, but remember that WGA Validation and WGA Notifications are different things, and you need WGA Validation to get security patches. Folders that contain WgaTray.exe and/or WgaLogon.dll are for WGA Notifications. When in doubt, leave them as is.

    You may find that the operating system blocks you from deleting these folders. If so, you can either reset the file object permissions (assumes you have Windows XP Pro with the NTFS file system and you're running with Simple File Sharing turned off) or you can boot into Safe Mode and try deleting them there. If you're not sure how to do these things, it is truly not worth bothering with. Leave well enough alone.

    Preventing Recurrences
    You're not quite done yet. If you don't follow this next set of steps, you may find that WGA Notifications has reinstalled a couple of days or hours from now. I've written these steps specifically for Automatic Updates, but there's a corresponding, almost identical set of set of steps in Windows/Microsoft Update. It's faster, in fact, to use Windows or Microsoft Update since you don't have to wait for Automatic Updates to discover that WGA Notifications is missing from your PC.

    1. Change the Automatic Updates Control Panel setting to "Notify me but don't automatically download or install them." From now on, you will need to closely monitor every update that Microsoft wants to install on your computer.

    2. Wait for the yellow shield icon to appear in your system tray that signifies that updates are available. This can take as much as two days, but it's usually only a couple of hours.

    3. Click the yellow icon and, if prompted, choose the "Custom Install" option, which will bring up the "Choose updates to download" dialog.

    4. Remove the check mark beside any entry that contains the words "Windows Genuine Advantage" and click Close. (If there are other security updates waiting to install too, leave their check marks in place and they will continue to be available later.)

    5. Yet another box will open labeled Hide Update. Add a check mark beside "Don't notify me about these updates again."

    Some WGA Resources
    These additional sources of information are required reading about WGA:

  • Truth and Distortion About Microsoft's WGA - Computerworld Blog
  • Ed Bott's Microsoft Report - ZDNet
  • Windows Genuine Advantage FAQ
  • Windows Genuine Advantage Talkback Forums - Microsoft

    Finally, drop me email if you have learned something about WGA I should know or would like to suggest something that would help with WGA removal or installation prevention. Thanks.


    Looking for the Right Antivirus, Part V | Best Antivirus of 2006!
    The series has reached the end of the road. I've made my decision about the Best Antivirus Product of 2006.

    For those of you coming late to this party, over the last six months or so the newsletter has pursued an ongoing series on alternative antivirus packages. Back in December 2005 I wrote that I'd given up on Norton Antivirus and had been testing alternative antivirus utilities since the summer of 2005.

    During the last year of testing, I've examined a wide range of antivirus product, and I've explored the features and options of many others. Products tested during this period include Avast 4.6 free and 4.7 Pro, AVG 7.1 Pro and Network Editions, BitDefender 9 Standard and 10 RC1, CA EZ Antivirus and eTrust Antivirus r8, F-Secure Anti-Virus 2006 and Internet Security 2006, Kaspersky 5 and 6, Nod32 2.5, Panda Titanium 2006 and Platinum 2006, and ZoneAlarm Antivirus. I've considered the features and specs of at least a dozen other products and rejected them because something didn't meet my ideal antivirus criteria.

    These are the stories that comprise the "Looking for the Right Antivirus" series:

  • Looking for the Right Antivirus, Part IV
  • Looking for the Right Antivirus, Part III
  • Looking for the Right Antivirus, Part II
  • Testing BitDefender 9 Standard Antivirus
  • Growing Weary of Symantec Desktop Security Products

    That's the backdrop. Now let me peel back the layers and tell you why I've picked the product I have.

    Goodbye to Kaspersky and BitDefender
    Since the last issue of the newsletter, I've eliminated Kaspersky 6 and BitDefender 10 RC1 from contention.

    Kaspersky 6 offers superb antivirus-vanquishing technology. But that's the only thing good I have to say about it.

    The Kaspersky Anti-Virus 6.0 package is buggy, has a tendency to conflict with other software, and in particular, its Proactive Defense creates more problems than it solves. With Kaspersky running, some Web pages wouldn't load properly in Firefox. Despite the heavily revamped interface, which looks much more modern than the previous generation, I found things tucked away and not well labeled. There's no context-sensitive help. Many of the more complex functions buried in settings dialogs aren't understandable. I also experienced very long scan times. The first few times it took over 5 hours to scan 35GBs worth of OS, programs, and data, and thereafter it took 4.5 hours.

    Of all the antivirus products I've tested over the last year, it was the one I couldn't wait to remove from my computers. It was completely the opposite of my expectation.

    When I relayed my experiences to Kaspersky, the company's U.S. representatives insisted on a telephone interview that I retest the product. They were sure it was an anomaly, and they wanted me to send them notes about the specific problems I encountered. I did that, sending a list of seven or eight specific problems I encountered the second time. Kaspersky wasn't able to solve any of them, and basically, they blew off all my issues and suggestions. As a reviewer, let me tell you, that's infuriating because I wasted several additional days re-testing a product, and it was a waste of time.

    It's a pity, too. Kaspersky 5.x might have been my final choice in this evaluation. But it's no longer available from Kaspersky. Cross a big one off the list.

    If you've read previous installments in this series, you'll recall that I discovered a bug in BitDefender 9 with Eudora email scans. The Softwin folks attributed it to my use of SMTP Authentication and SSL to both send and receive mail on some of my accounts — a feature offered by one of my mail ISPs. On the advice of some readers, I decided to test BitDefender 10 Release Candidate 1 with my Eudora environment. The problem is still there, although it turns out that it's not a problem with SMTP-Auth and SSL. The problem appears to be BitDefender's slow scanning performance.

    Every 5 minutes, my Eudora installation scans 18 separate email accounts served by five email ISPs. Apparently, BitDefender just can't handle the load. I normally allow Eudora to run five separate mail connections simultaneously, but there's a setting that lets me turn that down to three concurrent connections. Even so, BitDefender's email scans apparently bog down the email connections to the point that they occasionally disconnect before they finish. Norton AntiVirus 2001 had the same problem, and it was fixed in subsequent versions of that product.

    To make sure the problem had nothing to do with the secure mail connections, I reconfigured the secure mail accounts to be standard SMTP/POP3 connections. It didn't help. The tip off to the problem is that it's never the same two or three of the 18 accounts that abruptly disconnect before they finish the send/receive process. And none of my five email ISPs is immune.

    For what it's worth I submitted a detailed bug report to BitDefender's makers about this problem. BitDefender has a lot going for it, and if Softwin can fix this problem, the product might be my first choice. But until it does so, my BitDefender testing is done.

    AVG, F-Secure, and Nod32
    With that, the field should be down to two, AVG and F-Secure. It's laughable, but a product I crossed off the list and nevertheless keep talking about — Eset's Nod32 — has managed to worm its way back into the mix too.

    For part of the day on July 12, the antivirus and anti-spyware products on my PC and on the computers of several hundred denizens of the Scot's Newsletter Forums got an inadvertent real-world test. The forum uses bulletin board software called Invision Power Board, or IPB for short. IPB has been under heavy attack around the world by a series of bots that attempt to join as forum members and then, through means that haven't been fully discovered, inject code that inserts an IFrame link on every page of the forums. The hyperlink called a site that pushed out a package containing a long list of nasties.

    Even though Scot's Newsletter Forums is fully up to date on security patches, we were vulnerable in a way we weren't aware of. Some 48 hours later, a patch arrived from IPB's makers that would probably have prevented the threat. But it was too late for us. The good news was that, once I was aware of the problem, I was able to locate and delete the offending code in only about 30 minutes. And, thankfully, the minor damage to the forums software was relatively easy to fix too. The big downside was the inundation of malware some SNF members were forced to cope with. And that was bad enough.

    My personal experience, and especially the experiences that forum members related about what happened to them, brought several things into focus for me. Firefox users, for example, were virtually immune to the malware. My computer was running F-Secure Anti-Virus 2006, which has an anti-spyware module, and Windows Defender beta 2. Windows Defender never went off. F-Secure met every threat that came down the pipe at me. There were some leave-behinds that I cleaned up later, but I ran several scans from a wide variety of security products after the event, and F-Secure had kept me safe.

    Many Scot's Newsletter Forums members were protected by Nod32 2.5, and those people universally reported that Nod32 protected them 100%. Most AVG users said the same thing, although one reported a problem, and a few were forced to clean up things after the fact. One of the things that crystallized in my mind from the attack on Scot's Newsletter Forums is that your antivirus product should either trap spyware as well as viruses and worms, or it should co-exist with the best utilities that do. In my final round of testing, I added Spy Sweeper 4.5 co-existence as an additional test. (Note: All the products tested also co-exist with Windows Defender Beta 2.)

    So which is the best antivirus program? Read these mini-reviews of the three contenders to find out.

    AVG 7.1: Simplicity at Work
    AVG has an outdated interface, and according to many of the independent tests, its protection isn't up to the level of F-Secure or Nod32. And yet AVG users swear by this product. And it's one of the most popular antivirus products around. Scot's Newsletter readers recommend AVG by a landslide over the entire rest of the field. AVG recommendations came in from numerous reviewers, IT managers, and security experts. It's true that the cool security crowd on the Internet is using Nod32 these days, but it's clear that AVG is at the least the alternative AV leader, and it's fast on its way to becoming a mainstream product.

    AVG has a very small system-resources footprint. It's also highly compatible with other security products. Although the user interface looks more like last decade than this one, it's mostly easy to understand and configure. It operates silently. It does everything that I want in an AV product.

    A Grisoft employee contacted me to argue the case that the published independent tests, including and, use old viruses for their tests, and so aren't representative of the real world. And yet, some test reports I've read omitted or didn't test AVG. The latest Checkmark Anti-Virus Level 2 certification doesn't include AVG. Other reviews of the product set it toward the back of the pack on protection. The big caveat here is that I haven't exhaustively and objectively tested AVG or any of these products — we're talking about the core of what an antivirus product does. And any doubt is too much doubt when it comes to security.

    I don't like to put too much stock in any test measurement. AV makers clearly build their products to pass tests like Virus Bulletin, which requires 100% pass or the certification isn't award. AVG passed that test. All of the contenders did. My focus is on the collective results of all the tests, my extensive research, my personal experience, and the results of real-world usage of people I trust. In the end, if I were to select only one antivirus product to run on my system, the data tell me AVG is a very good choice, but it's not as protective as the two other contenders. For that reason, AVG comes in third in this evaluation.

    The version tested was AVG Network Edition 7.1, which Grisoft provided based on my evaluation criteria. It costs $75 for two licenses for two years. The Professional Single Edition 7.1 sells with one license for two years at $38.95. AVG offers a free version.

    Nod32 2.5: Function over Form
    Read the Nod32 section of the June 2006 installment of this series to learn about my issues with the product. The short form is that it only performs outbound email scanning with Outlook, it doesn't scan Eudora mailbox files, and as a result its inbound scan didn't find some things in my mailbox that others did. It's also got a horrendous user interface. But if the folks at Eset made Eudora support a priority, Nod32 would have been the winning product in this evaluation.

    That's because the Nod32 is the anti-bloatware antivirus product. It's fast, uses few system resources, can be configured to operate silently, and it updates regularly. It coexists superbly with anti-spyware products (tested with Windows Defender and Spy Sweeper 4.5). And it also traps spyware on its own. In short, you can set it and forget it. It doesn't have problems. It doesn't get in your way. And it offers rapid, reliable protection.

    If you use Microsoft Outlook (not Outlook Express), or you don't run email on the PC you want to protect, I unequivocally recommend Nod32. There's nothing better for those environments. Because so many people use Outlook, and because of its superb protection, Nod32 is the runner-up in this competition.

    If you use Eudora, take a pass on Nod32. Eset claims it's impossible to scan Eudora mailbox files; bull, lots of other AV products do it.

    If you use Outlook Express, Thunderbird/Netscape/Mozilla, PocoMail, Pegasus, The Bat!, or any of the scores of other alternative emailers out there, the choice is up to you. You will survive without outbound email scanning. It's not unsafe. I just happen to think that Eset and other companies shouldn't get away with offering full support to only Microsoft Outlook. It's the principle of the thing for me; but you have to make your own decision.

    Nod32 2.5's single-user license costs $39 for one year and $58.50 for two years. A one-year renewal costs $27.30, and two years is $40.95. The tested version was 2.51.26. Eset offers a 30-day trial version.

    F-Secure Anti-Virus 2006 Does It All Well
    | Best Antivirus Product of 2006!
    F-Secure Anti-Virus 2006 is the Scot's Newsletter Top Product! and Best Antivirus Product of 2006. F-Secure includes a robust anti-spyware module, so while it doesn't coexist that well with other anti-spyware products, it doesn't need to. (It forces you to uninstall Spy Sweeper during installation, and it will run the uninstall gracefully.) So long as I'm protected, though, this isn't a big problem for me. And I've been in the line of fire with F-Secure, and came through unscathed.

    The F-Secure Anti-Virus 2006 user interface is excellent, the best of any that I've tried. It's logically laid out and very easy to understand. Eset and Kaspersky could take lessons from F-Secure on this front.

    Although it's not quite as low in the system overhead department as Nod32 or AVG, F-Secure Anti-Virus 2006 comes close — and it operates reliably. I've had no system instability issues. F-Secure loads a lot more separate services in memory than most other antivirus products, but each of those services uses very little memory. You could make the case that this more modular structure is both better designed and potentially more secure.

    The big brother to this product, F-Secure Internet Security 2006, has more of a bloatware feel. It packs in a firewall, parental controls, and a bunch of other stuff. Give it a miss.

    There's no question that F-Secure's security levels are in the top tier, rubbing elbows with Kaspersky, Nod32, and BitDefender. If you believe as I do that Kaspersky is the top dog at antivirus protection, you might also debate whether F-Secure or Nod32 is next in line. The reality is that the differences between the protection levels among this elite AV group are negligible. They're all good.

    F-Secure's scan speed is about average. Faster than Kaspersky, certainly; not as fast as Nod32. Some of the browser security features, which are optional, target Internet Explorer only.

    Bottom line: This is the one running on my main PC. F-Secure Anti-Virus 2006 offers the best mix of solid protection, usability, full e-mail support, performance, small memory footprint, and reliable operation.

    F-Secure Anti-Virus 2006 costs $39.95 for a one-year license; one-year renewals cost $28. The company also offers a fully-functional trial version.

    Important note: Before trying F-Secure, even the trial version, please be aware that this product is especially intolerant of other antivirus products being installed on your system. You must remove them first. Please see this Important Addendum About F-Secure Anti-Virus 2006.


    Have You Considered Advertising in Scot's Newsletter?
    It's a great way to support the newsletter, while getting something back in return.
    Please Review the Rate Card for more information.
    Or send us an inquiry by email.

    paid advertisement

    Link of the Month: VMware Virtual Appliances
    VMware has never been a company to name something as sexy as its technology actually is. But the company's Virtual Appliances site really does offer something cool.

    Especially if you're a Linux geek, or want to try out Linux distros in a new way, VMware's free Player tool and the free Virtual Appliances library can make it easy for anyone with a fast Internet connection to try pre-configured Linux distros. Many of these appliances perform a specific function. For example, Web browse in a protected area by using the Browser appliance, which loads a Ubuntu virtual machine with Firefox preinstalled. Or test out the Voice Mail RSS Feed Generator, which lets voice mail create a podcast feed. Check out the Foresight Linux distribution, which showcases the latest ideas from GNOME. Or how about a virtual machine running the PostgreSQL Server with phpPgAdmin?

    OK, so it's a bit techie, but VMware's Virtual Appliances are free, don't require you to purchase VMware at all, and it's definitely a great idea. Check it out.

    Have you discovered a relatively unknown, technology-prelated website that's a little amazing? Please send me the URL so I can check it out and let everyone know about it.


    Newsletter Schedule
    Scot's Newsletter is a monthly e-zine delivered by email. My aim is to send each issue near the first of each month.

    I've been threatening for several months to take an issue off, as I usually do in the summertime. It's still up in the air as to whether or when I might do that.

    You can always find out when the next issue of Scot's Newsletter is expected to appear by visiting the Scot's Newsletter home page.


    The Fine Print
    If you like this newsletter, I need your help spreading the word. Please tell your friends and co-workers, and encourage them to sign up! It's free.

    While you're at it, visit the new Scot's Newsletter Forums.

    Subscribe, Unsubscribe, Change Email Address or Message Format
    You can unsubscribe at any time; I don't believe in captive audiences. The website subscription center is the easiest way to manage your Scot’s Newsletter subscription. Changes take only a minute or two. You must select your message format — Text or HTML — even for address changes or unsubscribes. All subscription changes are now handled on the same page with a database-look-up feature that ensures greater accuracy:

    The Scot’s Newsletter Subscription Center:

    To help with the cost of creating and distributing the newsletter, I accept contributions via PayPal and Letter Mail. For more information on donations:

  • Sign-up for PayPal (if you don't already have it)
  • Option #1: Donate via PayPal
  • Option #2: Donate via Letter Mail

    Send comments, suggestions, or questions about this newsletter. Don't be bashful about telling me what you like or don't like. Send emails related to editorial content (only) to scot[@]

    Please address advertising inquires (only) to: sales[@]

    Sign-up for PayPal.

    Support this Newsletter by Donating Today.
    Or donate via Letter Mail.

    How to Link to Scot’s Newsletter

    Copyright © 2001-2007 Scot Finnie. All Rights Reserved.
    Ten Myths About Copyright Explained.