I haven’t bought a new machine in years. Well, actually I have bought new machines but I’ve never kept the OS intact on one. It’s more accurate to say I haven’t bought a machine that’s been used to run Windows. Ergo, I wasn’t aware of the amount of sheer garbage being shipped on new Windows PCs.

That changed recently, when my wife picked up a new Dell. The amount of extra software shipped on it was truly astonishing — everything from come-on deals for various antivirus packages to useless “trial” versions of image editing software and scanning packages. We spent a bit of time in the Add and Remove Programs Control Panel, running uninstall programs, and otherwise eliminating all the garbage infesting the machine.

Why does all this junk end up on new machines? Because manufacturers are paid to put it there, that’s why. Software companies see new machines as fertile advertising turf, and hope they can convince consumers to use their applications (”hey, it’s installed already so I’ll just register it”). Some of the software, like certain antivirus or anti-spyware packages, might actually be useful. The rest is just taking up space on your hard drive and promising the world if you just pony up $29.95.

But hey, you paid for that disk. So the manner in which all that valuable space is used is up to you. Personally, I think PC and software vendors should pay consumers for the privilege placing advertising material on someone else’s machine. Then again, I also refuse to allow car dealers to put advertising stickers or plates on my new car.

Happily, there’s a way to get all that space back without wasting time waiting through a dozen uninstall programs. Some guys have written an application called the PC Decrapifier, which automatically removes many of the “craplets” (as they call them) installed by various vendors.

So if you have a new Windows PC filled with junk you don’t want, a quick download may help you clean it up. Fire up the application, grab a cup of coffee, and watch your free disk space grow.

A few weeks ago I mentioned my primary Windows PC was randomly slowing down for no apparent reason. I went through numerous diagnostics, including removal of various bits of software (BitTorrent DNA was apparently part of the problem) but the issue persisted. To recap: on random occasions I’d try to open an application, file, or folder and suddenly the disk I/O light would come on solidly for up to 5 minutes. Logging into the system after a reboot took up to 15 minutes.

For a while, I thought I’d been hit by malware of some type. But I’m very paranoid about what makes it onto my system and have run Zone Alarm for several years with no incidents. I finally isolated the problem today, and the steps taken might be useful for others with an intractable issue like this.

The first step was to open Task Manager. Then I worked as usual until the disk I/O light came on and the system hung. At that time I checked active tasks, and clicked on the CPU column twice to re-order the applications. I wanted the highest CPU using processes at the top so I could see what was happening. This didn’t show anything unusual, but I did notice that vsmon.exe (the Zone Alarms scanning process) was taking a steady 2-5% of CPU time when the system was hung. So, on a hunch, I added disk-related columns (disk read and write) to Task Manager’s output using its View->Select Columns option.

This showed that the vsmon.exe process was performing huge numbers of read operations while the system was otherwise hung. Now I was onto something, but I needed to know which file it was accessing. That’s easy. The nice guys at Sysinternals have a utility called FileMon (very much like the lsof utility on UNIX) that shows, in real time, which files each process is accessing.

Running this utility, it turns out vsmon.exe was constantly re-reading a game patch I downloaded a month or so ago. This file is 1.3GB in size. When I rebooted, scanning this file could take 10 minutes (rendering the system unusable during that time). Periodically, vsmon.exe apparently decided it needed to re-scan the same file again to see if anything had changed. I have no idea why, but suspect Zone Alarm somehow flagged the file as suspicious.

The fix was simple. I deleted the game patch, which I’d already installed anyway and no longer needed. The problem is now totally gone…applications open like lightning, and there’s no more disk thrashing. Why was the file flagged, and why is vsmon.exe so paranoid about it? Your guess is as good as mine.

Sometimes events just seem to end up occurring in a rapid-fire manner after a long period of relative calm. Now it turns out Microsoft apparently has some major releases coming out of the development pipe within the next year. Redmond will be a busy place, what with Windows 7, Windows Server 2008, and Exchange 2010 (what?!) hitting at more or less the same time.

This will cause a lot of work for Support personnel who have to deal with the inevitable deluge of bugs and enhancement requests. At the same time, IT people at large client sites will need to strategize about deployment timetables and rollout methodologies. Most companies don’t allow employees to install new software on their own these days, you see. Instead they have a few early adopters (maybe sales and consulting) who need the latest and greatest on their desks at all times. IT staff also test major new releases in isolated environments to ensure no major compatibility problems exist with other in-house software or websites.

And right after all this hits, Office 2010 hits the stage. I’m not sure how many people will care, since Office 2007 was a major resource hog It offered nothing new, aside from a fancy new menu system no one understands and a new document format that shreds compatibility with other platforms. Here’s hoping 2010 provides an option to revert to the 2003-style menus.

Also interesting is that a whole raft of code-named projects are due to hit the streets fairly soon. According to the buzz, these include a “new Application Server technology for Internet Information Server (Dublin); a client console for Forefront security software (Stirling); a distributed cache system for clustering technology (Velocity); and a componentized version of Windows Embedded for devices (Quebec).”

Some of these technologies will be used only in a few rarefied environments, like high-end server farms and development shops. Others, like the Application Server, will be hidden behind websites as middleware. Redmond is going to be a busy place. Hope they haven’t laid off or “reassigned” all the Support staff.

Yesterday I blogged about a performance problem on my XP box that was proving difficult to track down. The last stage in the game involved cleaning up Zone Alarm’s list of permitted applications. My hunch was that it might have grown too large as the result of repeated instances of adding and removing programs over the years.

Sadly I have no way to confirm this scientifically through repetition, but cleaning out the list of permitted apps seems to have made a massive difference in performance. I simply opened Zone Alarms’ list of applications and started deleting entries I knew were outdated or no longer installed on the system. I also knew that the firewall would ask again for permission if I happened to delete an entry that was still active, so I wasn’t too worried about making things worse.

It’s now been 24 hours, and the “30 second delay” problem has not reappeared. I can switch among active applications with no delay whatsoever. The system appears much quicker overall, even when starting new applications.

What’s the explanation? I suspect Zone Alarm allocates a certain amount of RAM as cache space for the permitted application list, and loads as many entries as possible into memory when it starts up. This makes sense, since it would improve performance by eliminating the need to read a new entry from disk every time an event occurred.

However, if there’s a limit to the amount of allocated memory, what may have happened is that Zone Alarm had to go back and reload the cache periodically. Depending on how the process is designed, such activity could cause a fairly significant delay when switching applications. I’m not sure this is the actual explanation, but the Zone Alarm vsmon.exe process was definitely consuming CPU (2-4% on average) during the delay period. Now it almost never shows up as anything but 0% on Task Manager.

Keep this incident in mind if you’re running the Zone Alarm suite and experience delays on your PC. A bit of housekeeping might correct the problem. You could also try shutting down the firewall temporarily to see if it changes anything. If it does, and if the performance problem shows up again when you restart the firewall, you’re probably on to something.

When troubleshooting a system (or, for that matter, a car or any other device), the ability to toggle a behavior at will is a good sign you’re close to the source of the problem. It’s the scientific method at its best.

Recently my XP machine started misbehaving itself, and I have yet to track down the problem. The diagnostic path has been interesting though, and it shows how misleading some behaviors can be.

The problem first manifested itself a week or so ago, about the time I was installing the BitTorrent client, as noted in an earlier article. Part of the performance problem, which showed up at boot time in the form of a massive delay in system startup, was traced to the BitTorrent DNA application. The system has been booting normally since I removed this troublesome piece of code. The problem now is that, in many cases, switching among active programs has become appallingly slow. Also, in some cases it takes far longer than normal to start some applications. But there’s no discernible pattern.

For instance, usually I have both Firefox and Thunderbird active, with the email client in the foreground. If I click on the Firefox window to bring it to the front, the disk activity light can come on solidly for up to 30 seconds before the applications switch occurs. During this period, Thunderbird is still accessible (I can switch back to it just fine). But Firefox appears hung, until suddenly its window again becomes active. The same happens with other program combinations, so it’s not isolated to a specific application.

One problem was disk fragmentation. Several months ago I’d installed Diskeeper 2009, and all 3 local disks were set to automatic (background) defragmentation. I opened the Diskeeper manager, only to find that this setting had somehow — I suspect a Windows update — been changed. The C drive was a mess, but has been cleaned up. The application switching delay persists. Zone Alarm shows no viruses or other malware.

On a hunch, I opened Zone Alarm’s Program Control center and removed literally hundreds of old entries from it. Every setup program, installer, and other temporary application leaves an entry behind in the “permitted application” list, and it had grown significantly over time. We will see if pruning it has a positive effect on performance.

Diagnosing performance issues often isn’t easy. And system slowness isn’t always caused by viruses or other malware.

For years, Microsoft has taken a lot of heat about its browser. Internet Explorer passed dear old Netscape way back around the turn of the millennium in terms of browser market share, largely because Netscape became a bloated mess and IE was shipping on every copy of Windows. Basically, IE took over the market for several years.

However, there were problems. IE, in true Microsoft style, totally failed to conform to accepted and emerging W3 standards. Redmond insisted on tweaking things (as usual) in order to force developers and users down the path of a Microsoft-only solution. The result: developers who had to create slick Javascript browser testing scripts, then route their users down one code path for IE and another for every other browser on the market.

Many (very bad) sites were created that worked only with IE. Use any other browser, and half the controls wouldn’t work. It was classic, “we’re the big boys and can do what we want” thinking.

A few years ago, that started to change. Firefox started taking market share, and leaped ahead of the pack with lots of new features. Developers and standards groups began demanding that Microsoft comply with accepted practice. Users started becoming annoyed that IE6 (the de facto leader at that time) was clunky and outdated. IE7 improved things somewhat, but was still far behind the curve and never really took off. I know many sites and individuals who simply never upgraded.

Now, however, IE8 is out. With this release, Microsoft is back in the browser game with what seems to be a really good release. It has better security, is faster, is less tightly coupled with Windows, and (hallelujah) conforms much more closely with W3 standards than any previous IE release.

According to one review, “IE8 now passes the Acid 2 test completely, although it still fails Acid 3 miserably. Microsoft is brushing that aside for now though, touting that out of the 7,200 CSS 2.1 tests that are on the w3.org, IE8 passes more of them than any other browser.”

I’m in the process of downloading IE8 now. I know it’ll never replace Firefox as my primary browser, largely because I like Open Source and adore all the handy add-ons available for Firefox. But if IE8 means the end of clunky browser-detection requirements for developers, I’m all for it.

I know I’ve been harping on security and viruses this week, but there’s good reason for doing so. In fact, Microsoft just released a whole raft of critical patches that should be applied immediately, if not sooner. The most recent Patch Tuesday release was filled with patches for known zero-day exploits, in fact.

The biggest problem is that hackers are exploiting known defects much more quickly these days. In the past, it often took time for evildoers to make use of such exploits. Not anymore. Now, they’re used within days, if not hours, after being announced. “That window where you had the luxury of not patching, that is shrinking fast,” says Wolfgang Kandek, CTO of Qualys. “Here the window is zero for some of these vulnerabilities, and where the exploit code is public it will not take hackers long to get code out there.”

This is no joke, since “six of the 23 vulnerabilities spread among the eight patches [in the current patch set] are already being threatened by exploit code in the wild” according to researchers. The longer you wait, the more likely it is that your machine will be breached by someone using these exploits.

Individuals generally don’t have much of a problem, as long as they’re using a legitimate version of Windows and have automatic updates enabled. Corporations and schools have a bigger problem, since many big organizations push out OS patches on their own schedule, and only after testing them to make sure they don’t break anything. The increased lag time increases their potential vulnerability.

The situation will only get worse, because hacking has now become big business. “As hacking becomes more professional these intrusions or exploits will become more silent, they will not call too much attention to themselves so they can steal identities, send out some spam or launch a [denail [sic] of service] attack.” Hackers today don’t want to call attention to their activities. They want stealth and secrecy, because that translates into a bigger payout over time with less effort involved.

Patch your machines.

It was inevitable that something might happen following the vast and unwarranted media hullabaloo around the dreaded Conficker virus on 4/1. I guess it’s just human nature to pick “magical” dates when bad things will happen — witness all the paranoia over 1/1/2000, not to mention occasional outbreaks of Triskaidekaphobia when a particular month contains the allegedly magical “Friday the 13th.” Generally, very few out-of-the-ordinary events happen on such dates. We just think they will.

This aside, Conficker is definitely alive but has not destroyed the Internet as some feared it might. Security researchers say the worm’s operators recently sent out a set of new instructions using an encrypted file that was delivered to each infected machine in the network. The new update “reactivates the worm’s ability to spread using a flaw in Microsoft Windows and redirects most communications through the program’s peer-to-peer network.” So far, nothing new.

The new and interesting aspect of the update is that it seems to imply some sort of relationship between Conficker and the infamous Storm Worm. According to one of the security researchers, the update instructed infected machines to visit a domain known to host “a malicious program known as Waledac. The addition of peer-to-peer networking — a characteristic feature of Waledac and its cousin, the Storm Worm — suggests that the programs share the same creator or that the creators have some sort of relationship.”

The question, of course, is what they’ll do next. Will they really “attack” the Internet as a whole and try to shut down whole domains? I suspect they won’t, since they probably won’t make money (the primary motive behind most worms) by doing so. Are they looking for “customers” who want to use the worm’s capabilities? Or are they just experimenting to see what really is possible?

Right now, probably only Conficker’s developers know the answer. But I suggest that everyone update their copy of Windows to make sure all patches are installed and current. These things spread through known vulnerabilities. It’s easier to avoid infection than it is to fix the problem later on.

Anyone who’s a long-time PC user knows that DOS (Disk Operating System — catchy, eh?) was the predecessor to Windows. Back in the day, I used to laugh when clueless media authors referred to Windows as an operating system. It wasn’t. It was simply a windowing environment that rode atop DOS.

In fact, it took years for Microsoft to remove the 16-bit DOS underpinnings from beneath non-NT versions of Windows. Versions like 95 and 98 really just integrated DOS and Windows together and provided a few new services. The original Windows NT was a real 32-bit OS kernel and didn’t really use DOS under the covers.

All this said, you can still get to a version of the command-line DOS prompt in even the most recent versions of Windows. You can open a “command window” from the Accessories menu, or use the Run option and type in cmd to open what most users know today as a “DOS box.” From there, the traditional set of command-line utilities can be accessed. If you’ve never tried it, open a DOS box and type the HELP command to see a set of these commands.

One thing I’ve noticed on a few machines I’ve managed is what’s called “command line completion” from within the DOS environment. This was hijacked (okay, “adopted”) from UNIX, where shells like tcsh and bash provide identical functionality. I finally decided to look around a few days ago, and found an article from Microsoft’s Knowledgebase that describes the process for turning it on. You can find the article here.

The process is pretty easy, especially if you’re familiar with the Registry Editor (regedit). I had things working in about 2 minutes and it’s a very handy trick. If you’re a UNIX/Linux user and used to having TAB as your path or command completion key, just set the CompletionChar and PathCompletionChar values to 9 (hex) and exit regedit. Open a new DOS box, and it should just work. Start typing the first few characters of a path or command, hit TAB, and it should complete the word for you (even if it contains spaces!).

If you use the DOS box to any extent, as I do, I also recommend right-clicking on the DOS window header and entering the Properties menu. From there, you can enable QuickEdit and Insert modes, which allow for easier cut and paste operations. I also make the box “bigger” by changing the layout to 60 lines in length with a font that fits my screen.

Experiment with this if you’re interested in command-line activity. Sometimes an old dog like DOS can make certain operations a whole lot easier.

A source divulged today that Microsoft has decided to break itself into multiple business units, starting immediately. The company apparently arrived at the decision that breaking into smaller, more agile entities it’s currently calling RMOCs (Regional Microsoft Operating Companies) just made sense in the current economic environment.

And who can blame them. Both Linux and Firefox are on the upswing in terms of market share, and Open Office is luring away MS Office customers in leaps and bounds. MySQL is twice the database that SQL Server will ever be — and you can get it for free. IIS has never been able to hold a candle to Apache (also free) and has only had the advantage of being bundled with the OS.

Then there’s Outlook, one of the worst corporate email systems on the planet in terms of usability and scalability. SMTP still owns a great deal of the Internet mailing volume (spam notwithstanding) and Outlook just hasn’t made an impact outside corporate firewalls. And they’re not buying these days, since most companies are too busy selling off their office furniture in order to survive until next month.

Now, with its flagship encyclopedia product Encarta discontinued (see yesterday’s blog) and the WII hacking away at the Xbox’s market share, Redmond decided it had nowhere to go but down. So in the grand tradition of some being sacrificed so that others can survive, it’s breaking up. This is truly the end of an era.

I expect the Windows division will survive for several years, at least until the much-anticipated “Windows Lite” release hits the streets. This is the version we’ve all been waiting for — just an OS, with all those annoying “media” features removed and a disk footprint that doesn’t reach into the multi-gigabyte range. One “edition,” $49.95 retail. Now that’s an OS I can live with.

As for the other divisions, only time will tell. SQL Server is really just a tricked-up copy of Sybase under the covers. Active Directory is Kerberos + LDAP (Lightweight Directory Access Protocol) with some admittedly handy management enhancements. Maybe a few of the RMOCs will start offering add-on features for other existing products, since that’s really what they do best.

I guess the most astounding piece of news is that Bill himself has decided to go to work in the Windows division as a developer. He’ll be working on a new product called Distributed Operating Subsystem (DOS), which shows much promise as a Grid application. I guess he heard the acronym, and just couldn’t resist. Hope he still remembers his Assembler code.