Sign in with
Sign up | Sign in
Your question

KB891711 cause Windows ME crash during startup

Last response: in Windows 95/98/ME
Share
Anonymous
April 3, 2005 9:31:22 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Since installed the Microsoft recommended critical patch KB891711 (via
automatic windows update), my windows ME keep getting blue screen
during startup.

I've tried to remove it from control panel, then it work, but
automatic update keep asking me to install it all the time. As there
is no way I can set windows update to ignore it, I have to install it
(so it's detected by automatic update) then remove it ffrom the
registry under run once service. I know this is not the ideal way, but
work. Anyone got better suggestuion on handling this?

Based on what I've read from the net, this patch is for XP, NOT for
Windows ME. Seems like Microsoft may a "critical" mistake here, and I
believe many others are also experience the same. Can Microsoft remve
it from their update site? Anyother reason to move away from Microsoft
Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
the box to hard even for our office's application to work).


Bosco

--
Due to heavy spamming, I was forced to use an invalid reply address.
Do NOT reply to this posting via email directly.
April 4, 2005 12:59:32 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

As far as I know I am not having problems with this patch but would like to know
if it's supposed to show as a running program in CNTRL ALT DEL close program
dialog. I don't know if something went wrong with the installation or if this is
a MS stand-alone program??? Also curious about its use of resources. (WinME)


YesBalala wrote:
> Since installed the Microsoft recommended critical patch KB891711 (via
> automatic windows update), my windows ME keep getting blue screen
> during startup.
>
> I've tried to remove it from control panel, then it work, but
> automatic update keep asking me to install it all the time. As there
> is no way I can set windows update to ignore it, I have to install it
> (so it's detected by automatic update) then remove it ffrom the
> registry under run once service. I know this is not the ideal way, but
> work. Anyone got better suggestuion on handling this?
>
> Based on what I've read from the net, this patch is for XP, NOT for
> Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> believe many others are also experience the same. Can Microsoft remve
> it from their update site? Anyother reason to move away from Microsoft
> Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> the box to hard even for our office's application to work).
>
>
> Bosco
Anonymous
April 4, 2005 2:49:47 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Bosco
This patch is intended for Win ME - but unfortunately some people are having
the problems you are experiencing.
The best method of dealing with it at present is to use MSCONFIG and uncheck
the patch in the Startup listing.
MS is actively looking for a fix to this patch.

In the meantime, we (MVP's) are trying to establish what may be causing the
problem.

To reproduce a post that I made in this group a week or so ago.......
What I'd like is for everyone (and anyone!) affected by this problem to
email me (my addy here is valid) with a copy of their Everest Home Edition
(or AIDA32) report.

To do this, please read the following carefully

Download and install Everest Home Edition from www.lavalys.hu and install
it.

Run the program, and once it's up and running, click on

Report
Quick report - All Pages
(here you can pick your choice - I'd prefer HTML, but if you're worried
about your privacy, then Text is a better option)

When the report is complete (please don't click on anything until it is
complete!) Save it!!!

Remove any information that you may consider sensitive - but please put
something in its place! (I suggest <removed>) so that I know that something
is missing


Save the (amended) file as "Report <your email>"

then email it to me as an attachment at
noeldpspamless@btopenworld.com



--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"YesBalala" <root@10.0.0.1> wrote in message
news:hln051p08a63nuam9hdj1hrbe5ae8rroul@4ax.com...
> Since installed the Microsoft recommended critical patch KB891711 (via
> automatic windows update), my windows ME keep getting blue screen
> during startup.
>
> I've tried to remove it from control panel, then it work, but
> automatic update keep asking me to install it all the time. As there
> is no way I can set windows update to ignore it, I have to install it
> (so it's detected by automatic update) then remove it ffrom the
> registry under run once service. I know this is not the ideal way, but
> work. Anyone got better suggestuion on handling this?
>
> Based on what I've read from the net, this patch is for XP, NOT for
> Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> believe many others are also experience the same. Can Microsoft remve
> it from their update site? Anyother reason to move away from Microsoft
> Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> the box to hard even for our office's application to work).
>
>
> Bosco
>
> --
> Due to heavy spamming, I was forced to use an invalid reply address.
> Do NOT reply to this posting via email directly.
Related resources
Anonymous
April 4, 2005 4:34:49 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

I too have noticed this patch running in the Close Program dialog and am
wondering about resource usage also.

I went to a lot of trouble recently to have a new computer built that I
could use with Windows Millennium. I've installed all the critical Me
updates--this is one I didn't have before--but have not had this new
patch crash me. Along with noticing the patch running in the CP dialog,
I've also found the "working in the background" cursor appearing perpetually
at least once a minute. Through elimination I've discovered the cause of
the cursor action to be KB891711.exe. Without ending this task I doubt if
I'll ever be able to get through a defrag unless I use Safe Mode.

Other observations:
--I had a wonderful little free program called "Volumouse"--a mouse-wheel
volume control that's activated when the cursor is over a specified part of
the screen (I have it set to run when my cursor is over the
taskbar)--installed on my old Windows Me computer and it always worked
perfectly. I've reinstalled it on this new computer but it's not working
right at all--it'll be available after a fresh boot but unresponsive later.
--"Desktop Architect," a desktop theme application I've used for years, an
option of which is to create transparent backgrounds for icon text and
outline that text with contrasting color, is working intermittantly in both
those respects on this new machine.

Since I've read these threads, visited the links, and learned this patch was
intended to solve cursor and icon issues, I'm thinking it's probably the
reason for both programs' problems. I will disable the patch and continue
observing to see if all returns to normal.

carol


"DanR" <dan@my-olddeja.com> wrote in message
news:uFQjMoLOFHA.3560@TK2MSFTNGP14.phx.gbl...
> As far as I know I am not having problems with this patch but would like
to know
> if it's supposed to show as a running program in CNTRL ALT DEL close
program
> dialog. I don't know if something went wrong with the installation or if
this is
> a MS stand-alone program??? Also curious about its use of resources.
(WinME)
>
>
> YesBalala wrote:
> > Since installed the Microsoft recommended critical patch KB891711 (via
> > automatic windows update), my windows ME keep getting blue screen
> > during startup.
> >
> > I've tried to remove it from control panel, then it work, but
> > automatic update keep asking me to install it all the time. As there
> > is no way I can set windows update to ignore it, I have to install it
> > (so it's detected by automatic update) then remove it ffrom the
> > registry under run once service. I know this is not the ideal way, but
> > work. Anyone got better suggestuion on handling this?
> >
> > Based on what I've read from the net, this patch is for XP, NOT for
> > Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> > believe many others are also experience the same. Can Microsoft remve
> > it from their update site? Anyother reason to move away from Microsoft
> > Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> > the box to hard even for our office's application to work).
> >
> >
> > Bosco
>
>
Anonymous
April 4, 2005 7:16:04 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

DanR <dan@my-olddeja.com> wrote:

> As far as I know I am not having problems with this patch but would
> like to know if it's supposed to show as a running program in CNTRL
> ALT DEL close program dialog.

Yes. The KB891711 patch runs as a service launched each time that Win Me
boots by an entry in the registry that can be seen using MSConfig |
Startup.

> I don't know if something went wrong
> with the installation or if this is a MS stand-alone program??? Also
> curious about its use of resources. (WinME)

I would suggest that you ask your question about resources in a new
thread, giving some details of whatever problem it is that you are
experiencing.

Regards,
--
Mike Maltby MS-MVP
mike.maltby@gmail.com
Anonymous
April 4, 2005 8:47:04 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

YesBalala wrote:
> Since installed the Microsoft recommended critical patch KB891711 (via
> automatic windows update), my windows ME keep getting blue screen
> during startup.
>
> I've tried to remove it from control panel, then it work, but
> automatic update keep asking me to install it all the time. As there
> is no way I can set windows update to ignore it, I have to install it
> (so it's detected by automatic update) then remove it ffrom the
> registry under run once service. I know this is not the ideal way, but
> work. Anyone got better suggestuion on handling this?
>
> Based on what I've read from the net, this patch is for XP, NOT for
> Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> believe many others are also experience the same. Can Microsoft remve
> it from their update site? Anyother reason to move away from Microsoft
> Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> the box to hard even for our office's application to work).

I turn off automatic update. In fact, that's one reason why I never
installed it on my system - it seemed to me that it would harp at me to
update when I don't want to.

I don't know about you, but I have enough self discipline to
occasionally run Windows Update manually. Automatic updating is for novices.

--
Regards from John Corliss
Anonymous
April 4, 2005 11:01:55 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Carol
Don't forget that by disabling the patch, you're leaving a vulnerability
open on your PC for potential bad guys to exploit!!


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"caroloyl" <caroloyl.nospam@gmail.com> wrote in message
news:D 2qjmb0pto@enews4.newsguy.com...
>I too have noticed this patch running in the Close Program dialog and am
> wondering about resource usage also.
>
> I went to a lot of trouble recently to have a new computer built that I
> could use with Windows Millennium. I've installed all the critical Me
> updates--this is one I didn't have before--but have not had this new
> patch crash me. Along with noticing the patch running in the CP dialog,
> I've also found the "working in the background" cursor appearing
> perpetually
> at least once a minute. Through elimination I've discovered the cause of
> the cursor action to be KB891711.exe. Without ending this task I doubt if
> I'll ever be able to get through a defrag unless I use Safe Mode.
>
> Other observations:
> --I had a wonderful little free program called "Volumouse"--a mouse-wheel
> volume control that's activated when the cursor is over a specified part
> of
> the screen (I have it set to run when my cursor is over the
> taskbar)--installed on my old Windows Me computer and it always worked
> perfectly. I've reinstalled it on this new computer but it's not working
> right at all--it'll be available after a fresh boot but unresponsive
> later.
> --"Desktop Architect," a desktop theme application I've used for years, an
> option of which is to create transparent backgrounds for icon text and
> outline that text with contrasting color, is working intermittantly in
> both
> those respects on this new machine.
>
> Since I've read these threads, visited the links, and learned this patch
> was
> intended to solve cursor and icon issues, I'm thinking it's probably the
> reason for both programs' problems. I will disable the patch and continue
> observing to see if all returns to normal.
>
> carol
>
>
> "DanR" <dan@my-olddeja.com> wrote in message
> news:uFQjMoLOFHA.3560@TK2MSFTNGP14.phx.gbl...
>> As far as I know I am not having problems with this patch but would like
> to know
>> if it's supposed to show as a running program in CNTRL ALT DEL close
> program
>> dialog. I don't know if something went wrong with the installation or if
> this is
>> a MS stand-alone program??? Also curious about its use of resources.
> (WinME)
>>
>>
>> YesBalala wrote:
>> > Since installed the Microsoft recommended critical patch KB891711 (via
>> > automatic windows update), my windows ME keep getting blue screen
>> > during startup.
>> >
>> > I've tried to remove it from control panel, then it work, but
>> > automatic update keep asking me to install it all the time. As there
>> > is no way I can set windows update to ignore it, I have to install it
>> > (so it's detected by automatic update) then remove it ffrom the
>> > registry under run once service. I know this is not the ideal way, but
>> > work. Anyone got better suggestuion on handling this?
>> >
>> > Based on what I've read from the net, this patch is for XP, NOT for
>> > Windows ME. Seems like Microsoft may a "critical" mistake here, and I
>> > believe many others are also experience the same. Can Microsoft remve
>> > it from their update site? Anyother reason to move away from Microsoft
>> > Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
>> > the box to hard even for our office's application to work).
>> >
>> >
>> > Bosco
>>
>>
>
>
>
>
>
>
>
>
>
>
Anonymous
April 4, 2005 11:01:56 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Hi Noel

I thank you for the warning. It's a risk I'll have to take though at least
until I find out if the patch is the problem--if it isn't the root of it
then I'll turn it back on. I've been using Me nearly four years now and
assume I've been vulnerable to this exploit during all that time--but I read
in this link to ZDNet I followed that no one has ever reported being subject
to an attack by it:

http://news.zdnet.com/2100-1009_22-5648595.html?tag=nl....

Another thing I should have mentioned that might be preventing related
crashes for me is that I'm still using IE 5.5 SP2--by preference: I tried
then uninstalled IE 6 for Me because it did some really strange stuff!

carol


"Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
news:o $pIKvNOFHA.580@TK2MSFTNGP15.phx.gbl...
> Carol
> Don't forget that by disabling the patch, you're leaving a vulnerability
> open on your PC for potential bad guys to exploit!!
>
>
> --
> Noel Paton (MS-MVP 2002-2005, Windows)
>
> Nil Carborundum Illegitemi
> http://www.btinternet.com/~winnoel/millsrpch.htm
>
> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
>
> "caroloyl" <caroloyl.nospam@gmail.com> wrote in message
> news:D 2qjmb0pto@enews4.newsguy.com...
> >I too have noticed this patch running in the Close Program dialog and am
> > wondering about resource usage also.
> >
> > I went to a lot of trouble recently to have a new computer built that I
> > could use with Windows Millennium. I've installed all the critical Me
> > updates--this is one I didn't have before--but have not had this new
> > patch crash me. Along with noticing the patch running in the CP dialog,
> > I've also found the "working in the background" cursor appearing
> > perpetually
> > at least once a minute. Through elimination I've discovered the cause
of
> > the cursor action to be KB891711.exe. Without ending this task I doubt
if
> > I'll ever be able to get through a defrag unless I use Safe Mode.
> >
> > Other observations:
> > --I had a wonderful little free program called "Volumouse"--a
mouse-wheel
> > volume control that's activated when the cursor is over a specified part
> > of
> > the screen (I have it set to run when my cursor is over the
> > taskbar)--installed on my old Windows Me computer and it always worked
> > perfectly. I've reinstalled it on this new computer but it's not working
> > right at all--it'll be available after a fresh boot but unresponsive
> > later.
> > --"Desktop Architect," a desktop theme application I've used for years,
an
> > option of which is to create transparent backgrounds for icon text and
> > outline that text with contrasting color, is working intermittantly in
> > both
> > those respects on this new machine.
> >
> > Since I've read these threads, visited the links, and learned this patch
> > was
> > intended to solve cursor and icon issues, I'm thinking it's probably the
> > reason for both programs' problems. I will disable the patch and
continue
> > observing to see if all returns to normal.
> >
> > carol
> >
> >
> > "DanR" <dan@my-olddeja.com> wrote in message
> > news:uFQjMoLOFHA.3560@TK2MSFTNGP14.phx.gbl...
> >> As far as I know I am not having problems with this patch but would
like
> > to know
> >> if it's supposed to show as a running program in CNTRL ALT DEL close
> > program
> >> dialog. I don't know if something went wrong with the installation or
if
> > this is
> >> a MS stand-alone program??? Also curious about its use of resources.
> > (WinME)
> >>
> >>
> >> YesBalala wrote:
> >> > Since installed the Microsoft recommended critical patch KB891711
(via
> >> > automatic windows update), my windows ME keep getting blue screen
> >> > during startup.
> >> >
> >> > I've tried to remove it from control panel, then it work, but
> >> > automatic update keep asking me to install it all the time. As there
> >> > is no way I can set windows update to ignore it, I have to install it
> >> > (so it's detected by automatic update) then remove it ffrom the
> >> > registry under run once service. I know this is not the ideal way,
but
> >> > work. Anyone got better suggestuion on handling this?
> >> >
> >> > Based on what I've read from the net, this patch is for XP, NOT for
> >> > Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> >> > believe many others are also experience the same. Can Microsoft remve
> >> > it from their update site? Anyother reason to move away from
Microsoft
> >> > Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> >> > the box to hard even for our office's application to work).
> >> >
> >> >
> >> > Bosco
> >>
> >>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
Anonymous
April 4, 2005 11:01:56 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Noel Paton wrote:

> Carol
> Don't forget that by disabling the patch, you're leaving a vulnerability
> open on your PC for potential bad guys to exploit!!

Noel,
From http://www.microsoft.com/technet/Security/bulletin/ms05...
(regarding the vulnerability which update KB891711 is supposed to
address) the following:

"A remote code execution vulnerability exists in the way that cursor,
animated cursor, and icon formats are handled. An attacker could try to
exploit the vulnerability by constructing a malicious cursor or icon
file that could potentially allow remote code execution if a user
visited a malicious Web site or viewed a malicious e-mail message. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system."

and:

"In a Web-based attack scenario, an attacker would have to host a Web
site that contains a Web page that is used to exploit this
vulnerability. An attacker could also attempt to compromise a Web site
to have it serve up a Web page with malicious content attempting to
exploit this vulnerability. An attacker would have no way to force users
to visit a Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's site or a site compromised by the attacker."

As for the email portion, there are workarounds listed for that as well.

The page also says the following (again) when describing the "Windows
kernel vulnerability" aspect:

"A denial of service vulnerability exists in the way that cursor,
animated cursor, and icon formats are handled. An attacker could try to
exploit the vulnerability by constructing a malicious cursor or icon
file that could potentially cause the operating system to become
unresponsive. The operating system would have to be restarted to restore
functionality."

and again, regarding mitigating factors and how the attacker would be
able to install such a "malicious cursor or icon file" in the first
place, the following:

"In a Web-based attack scenario, an attacker would have to host a Web
site that contains a Web page that is used to exploit this
vulnerability. An attacker could also attempt to compromise a Web site
to have it serve up a Web page with malicious content attempting to
exploit this vulnerability. An attacker would have no way to force users
to visit a Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's site or a site compromised by the attacker."

Personally, I don't use Internet Explorer unless I absolutely have to.
And by that, basically I mean I only use it when I do Windows Update.
Otherwise, I use Mozilla for surfing. That way I don't run the risk of
an ActiveX exploit occuring on my system.

One other thing to consider is that as yet, there are no known instances
of these exploits. Thus IMHO, it's another "the sky is falling"
scenario. At least for the time being. I for one am going to continue to
run without the patch until MS fixes whatever it is about it that's
causing the problems.

I also notice that this little item is conspicuously inserted in the
Mitigating Factors section:

"Microsoft Windows XP Service Pack 2 is not affected by this vulnerability."

Hmmm..... "Geez, guess I'd better rush out and buy XP with Service Pack 2."

Here's something else to consider:

"This is a remote code execution vulnerability. If a user is logged on
with administrative privileges, an attacker who successfully exploited
this vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full privileges. However, user interaction is
required to exploit this vulnerability. Users whose accounts are
configured to have fewer privileges on the system could be less impacted
than users who operate with administrative privileges."

If a person has a system that's not running in a networked environment
(and by that I don't mean the internet) and doesn't WANT the code for
Remote Call Procedure or networking installed on their system, why isn't
it possible to simply remove such things, thus decreasing that system's
vulnerability? To me, making such things optional would be the obvious
way for Microsoft to avoid a lot of their security problems.

--
Regards from John Corliss
April 4, 2005 1:17:31 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

On Mon, 4 Apr 2005 01:41:54 -0500, "caroloyl"
<caroloyl.nospam@gmail.com> wrote:

>but I read
>in this link to ZDNet I followed that no one has ever reported being subject
>to an attack by it:

That's not quite what the article said.
-----begin partial quote-----
According to Bryant's post, Microsoft has yet to be notified by anyone
who has experienced an attack related to the problem.
-----end quote-----


There is an exploit in the wild!
<http://isc.sans.org/presentations/dnspoisoning.php&gt;
-----begin partial quote-----
########################################################################
## What malware was placed on my machine if I visited the evil
servers?
########################################################################

The webservers in the first/third attack tried to drop a spyware
program onto the victim's computer using a Microsoft Internet Explorer
vulnerability for ANI cursor handling. The vulnerability was released
on January 11, 2005 and further technical information can be found
here:

http://www.microsoft.com/technet/security/Bulletin/MS05...

Proof of concept exploit code was publicly released soon after the
vulnerability was announced. The filenames being used in this attack
were: abx.ani and abx22.ani. Using VirusTotal, these ANI files were
detected as:

Kaspersky: Trojan-Downloader.Win32.Ani.d
McAfee: Exploit-ANIfile
BitDefender: Exploit.Win32.MS05-002.Gen

The ANI exploit attempted to download one of the following two
executable files (same exact file) on the webserver: abx_search.exe or
mhh.exe. These binaries were detected as:

Kaspersky: AdWare.ToolBar.SearchIt.h
Panda: Adware/AbxSearch

If you were infected by this toolbar, you should run your favorite
spyware/adware program to identify and clean it from your computer.
-----end quote-----
April 4, 2005 1:43:49 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

On Mon, 04 Apr 2005 05:15:59 -0700, John Corliss
<jcorliss@fake.invalid> wrote:

>The page also says the following (again) when describing the "Windows
>kernel vulnerability" aspect:
[snip]
>Personally, I don't use Internet Explorer unless I absolutely have to.
>And by that, basically I mean I only use it when I do Windows Update.
>Otherwise, I use Mozilla for surfing. That way I don't run the risk of
>an ActiveX exploit occuring on my system.
>
>One other thing to consider is that as yet, there are no known instances
>of these exploits. Thus IMHO, it's another "the sky is falling"
>scenario. At least for the time being. I for one am going to continue to
>run without the patch until MS fixes whatever it is about it that's
>causing the problems.

If I understand "Windows kernel vulnerability", any program could be
exploited by the animated cursor/icon problem. All they have to do is
use the code in the Windows kernel and they're vulnerable.

There is an exploit in the wild being used in conjunction with DNS
cache poisoning to silently direct users to nasty web pages.
<http://isc.sans.org/presentations/dnspoisoning.php&gt;
Even though the methodology of the attacks is not fully
explained/understood, it looks bad.

It really is time for MSFT to step up to the plate and deliver a
workable patch for this critical vulnerability in the Win98(SE)/ME
operating systems.
April 4, 2005 1:51:26 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

"caroloyl" <caroloyl.nospam@gmail.com> wrote in
news:D 2qjmb0pto@enews4.newsguy.com:

Inline comments

> I too have noticed this patch running in the Close Program dialog and
> am wondering about resource usage also.

In the last 1 day 10 hours uptime KB891711 has had 0.09% of my CPU usage.

>
> I went to a lot of trouble recently to have a new computer built that
> I could use with Windows Millennium. I've installed all the critical
> Me updates--this is one I didn't have before--but have not had this
> new patch crash me. Along with noticing the patch running in the CP
> dialog, I've also found the "working in the background" cursor
> appearing perpetually at least once a minute. Through elimination
> I've discovered the cause of the cursor action to be KB891711.exe.
> Without ending this task I doubt if I'll ever be able to get through a
> defrag unless I use Safe Mode.
>

KB891711 runs with zero problems here, no 'working in background' cursor.

> Other observations:
<snip Volumouse>

> --"Desktop Architect," a desktop theme
> application I've used for years, an option of which is to create
> transparent backgrounds for icon text and outline that text with
> contrasting color, is working intermittantly in both those respects on
> this new machine.

Desktop Architect still runs fine here too.

>
> Since I've read these threads, visited the links, and learned this
> patch was intended to solve cursor and icon issues, I'm thinking it's
> probably the reason for both programs' problems. I will disable the
> patch and continue observing to see if all returns to normal.
>
> carol

But please reply if disabling the patch cures these problems for you.

--
Life should NOT be a journey to the grave with the intention of arriving
safely in a pretty and well preserved body, but rather to skid in
broadside, thoroughly used up, totally worn out and loudly proclaiming
"WOW, WHAT A RIDE"
Anonymous
April 4, 2005 4:25:17 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

> I've been using Me nearly four
> years now and assume I've been vulnerable to this exploit during all
> that time

True, but then again for most of that time the vulnerability was unknown
and no proof of concept code existed. Such code exists now in the public
domain and that means you are vulnerable. It takes just one crazy to
decide to exploit the vulnerability.

> Another thing I should have mentioned that might be preventing related
> crashes for me is that I'm still using IE 5.5 SP2--by preference

You are therefore even more vulnerable to attack since there are a number
of known vulnerabilities that exist in IE5.5 that do not exist in IE6.
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


caroloyl <caroloyl.nospam@gmail.com> wrote:

> I thank you for the warning. It's a risk I'll have to take though at
> least until I find out if the patch is the problem--if it isn't the
> root of it then I'll turn it back on. I've been using Me nearly four
> years now and assume I've been vulnerable to this exploit during all
> that time--but I read in this link to ZDNet I followed that no one
> has ever reported being subject to an attack by it:
>
> http://news.zdnet.com/2100-1009_22-5648595.html?tag=nl....
>
> Another thing I should have mentioned that might be preventing related
> crashes for me is that I'm still using IE 5.5 SP2--by preference: I
> tried then uninstalled IE 6 for Me because it did some really
> strange stuff!
Anonymous
April 4, 2005 7:53:41 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

> It really is time for MSFT to step up to the plate and deliver a
> workable patch for this critical vulnerability in the Win98(SE)/ME
> operating systems.

And they are doing just that as has already been clearly stated by Jerry
Bryant in a message posted to this newsgroup on 26 March which included:
"Microsoft has received reports about issues with KB891711 on Windows 98,
Windows 98 SE and Windows ME. At this point, we have been able to confirm
these reports and are currently working on a resolution."

Remember also that it is not everyone that has problems with the original
Win Me version of the patch.
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


Vince <nobody@home.invalid> wrote:

> If I understand "Windows kernel vulnerability", any program could be
> exploited by the animated cursor/icon problem. All they have to do is
> use the code in the Windows kernel and they're vulnerable.
>
> There is an exploit in the wild being used in conjunction with DNS
> cache poisoning to silently direct users to nasty web pages.
> <http://isc.sans.org/presentations/dnspoisoning.php&gt;
> Even though the methodology of the attacks is not fully
> explained/understood, it looks bad.
>
> It really is time for MSFT to step up to the plate and deliver a
> workable patch for this critical vulnerability in the Win98(SE)/ME
> operating systems.
April 4, 2005 10:50:28 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Mike M wrote:
> DanR <dan@my-olddeja.com> wrote:
>
>> As far as I know I am not having problems with this patch but would
>> like to know if it's supposed to show as a running program in CNTRL
>> ALT DEL close program dialog.
>
> Yes. The KB891711 patch runs as a service launched each time that Win Me
> boots by an entry in the registry that can be seen using MSConfig |
> Startup.
>
>> I don't know if something went wrong
>> with the installation or if this is a MS stand-alone program??? Also
>> curious about its use of resources. (WinME)
>
> I would suggest that you ask your question about resources in a new
> thread, giving some details of whatever problem it is that you are
> experiencing.
>
> Regards,

I guess I'm not experiencing any problems. I just compared system resources
before and after I stopped (end task) KB891711 and there is no difference. My
WinME machine verges on crashing when system resources gets low. (I MUST reboot
every other day) I wondered about the overhead of running this program
(service?) in the background.
Anonymous
April 5, 2005 5:45:44 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

Wow, this thread has filled up with lots of information!

Here are the results of my testing:

I've just re-enabled this patch and am pleased (although a bit chagrined)
to say it was not the cause of any of the problems I mentioned I was
having--the anti-virus program "eTrust" was!

After I disabled the patch with msconfig and found no change in the errant
behaviors of Volumouse, Desktop Architect, or the "working in the background
cursor" even, I finally uninstalled eTrust because I wasn't liking it very
much and intended to replace it (it was new to me with this new
computer--I'd always used Norton before) and was also curious to find out if
it might have a part in my small but annoying troubles. So it's gone, the
problems are gone, and I'm using avast! now which seems so far to be
harmless. Sorry to be so little help here!

carol


"Noel Paton" <NoelDPspamless@btopenworld.com> wrote in message
news:o $pIKvNOFHA.580@TK2MSFTNGP15.phx.gbl...
> Carol
> Don't forget that by disabling the patch, you're leaving a vulnerability
> open on your PC for potential bad guys to exploit!!
>
>
> --
> Noel Paton (MS-MVP 2002-2005, Windows)
>
> Nil Carborundum Illegitemi
> http://www.btinternet.com/~winnoel/millsrpch.htm
>
> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
>
> "caroloyl" <caroloyl.nospam@gmail.com> wrote in message
> news:D 2qjmb0pto@enews4.newsguy.com...
> >I too have noticed this patch running in the Close Program dialog and am
> > wondering about resource usage also.
> >
> > I went to a lot of trouble recently to have a new computer built that I
> > could use with Windows Millennium. I've installed all the critical Me
> > updates--this is one I didn't have before--but have not had this new
> > patch crash me. Along with noticing the patch running in the CP dialog,
> > I've also found the "working in the background" cursor appearing
> > perpetually
> > at least once a minute. Through elimination I've discovered the cause
of
> > the cursor action to be KB891711.exe. Without ending this task I doubt
if
> > I'll ever be able to get through a defrag unless I use Safe Mode.
> >
> > Other observations:
> > --I had a wonderful little free program called "Volumouse"--a
mouse-wheel
> > volume control that's activated when the cursor is over a specified part
> > of
> > the screen (I have it set to run when my cursor is over the
> > taskbar)--installed on my old Windows Me computer and it always worked
> > perfectly. I've reinstalled it on this new computer but it's not working
> > right at all--it'll be available after a fresh boot but unresponsive
> > later.
> > --"Desktop Architect," a desktop theme application I've used for years,
an
> > option of which is to create transparent backgrounds for icon text and
> > outline that text with contrasting color, is working intermittantly in
> > both
> > those respects on this new machine.
> >
> > Since I've read these threads, visited the links, and learned this patch
> > was
> > intended to solve cursor and icon issues, I'm thinking it's probably the
> > reason for both programs' problems. I will disable the patch and
continue
> > observing to see if all returns to normal.
> >
> > carol
> >
> >
> > "DanR" <dan@my-olddeja.com> wrote in message
> > news:uFQjMoLOFHA.3560@TK2MSFTNGP14.phx.gbl...
> >> As far as I know I am not having problems with this patch but would
like
> > to know
> >> if it's supposed to show as a running program in CNTRL ALT DEL close
> > program
> >> dialog. I don't know if something went wrong with the installation or
if
> > this is
> >> a MS stand-alone program??? Also curious about its use of resources.
> > (WinME)
> >>
> >>
> >> YesBalala wrote:
> >> > Since installed the Microsoft recommended critical patch KB891711
(via
> >> > automatic windows update), my windows ME keep getting blue screen
> >> > during startup.
> >> >
> >> > I've tried to remove it from control panel, then it work, but
> >> > automatic update keep asking me to install it all the time. As there
> >> > is no way I can set windows update to ignore it, I have to install it
> >> > (so it's detected by automatic update) then remove it ffrom the
> >> > registry under run once service. I know this is not the ideal way,
but
> >> > work. Anyone got better suggestuion on handling this?
> >> >
> >> > Based on what I've read from the net, this patch is for XP, NOT for
> >> > Windows ME. Seems like Microsoft may a "critical" mistake here, and I
> >> > believe many others are also experience the same. Can Microsoft remve
> >> > it from their update site? Anyother reason to move away from
Microsoft
> >> > Windows (besides forcing people to upgrade XP to SP2 where SP2 harden
> >> > the box to hard even for our office's application to work).
> >> >
> >> >
> >> > Bosco
> >>
> >>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
Anonymous
April 5, 2005 8:18:10 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

On Mon, 4 Apr 2005 03:16:04 +0100, "Mike M"
>DanR <dan@my-olddeja.com> wrote:

>> As far as I know I am not having problems with this patch but would
>> like to know if it's supposed to show as a running program in CNTRL
>> ALT DEL close program dialog.

>Yes. The KB891711 patch runs as a service

Service, or application? I ask, because services started via
RunServices (as opposed to apps via Run etc. or interactively) don't
show up as tasks within Ctl+Alt+Del as a rule.



>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -
Anonymous
April 5, 2005 8:22:42 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

On Mon, 04 Apr 2005 05:15:59 -0700, John Corliss
>Noel Paton wrote:

> From http://www.microsoft.com/technet/Security/bulletin/ms05...

>Thus IMHO, it's another "the sky is falling" scenario.

Track down the original exploit write-up and read it carefully.

There's NOTHING in that to suggest this issue can only be exploited
"remotely"; AFAICT, that's just a red herring in MS's extrapolation of
implications, and such articles often underestimate these.



>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -
Anonymous
April 6, 2005 12:10:08 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

What exactly were the problems you were having when using eTrust AV? I
ask because in the years since Win Me was launched this is one of the AV
applications that has caused few if any problems unlike both Norton and
McAfee which are better known for destroying over time the systems on
which they are installed.
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


caroloyl <caroloyl.nospam@gmail.com> wrote:

> Wow, this thread has filled up with lots of information!
>
> Here are the results of my testing:
>
> I've just re-enabled this patch and am pleased (although a bit
> chagrined) to say it was not the cause of any of the problems I
> mentioned I was having--the anti-virus program "eTrust" was!
>
> After I disabled the patch with msconfig and found no change in the
> errant behaviors of Volumouse, Desktop Architect, or the "working in
> the background cursor" even, I finally uninstalled eTrust because I
> wasn't liking it very much and intended to replace it (it was new to
> me with this new computer--I'd always used Norton before) and was
> also curious to find out if it might have a part in my small but
> annoying troubles. So it's gone, the problems are gone, and I'm
> using avast! now which seems so far to be harmless. Sorry to be so
> little help here!
Anonymous
April 6, 2005 12:10:09 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Hi Mike

I have a brand new custom-built computer running Windows Me (by choice :-))
The problems I was having that I've attributed to eTrust AV concerned
"helper" programs not acting right and working-in-the-background cursor
activity.

I've used Desktop Architect (a desktop theme manager) for years with Me and
never had it misbehave until I installed it on this new computer. It just
wasn't applying some of its simple effects, like making desktop icon
backgrounds transparent and outlining the desktop icon text with a different
color.

The other program involved was a volume controller called Volumouse that I'd
used without problems on my old Me computer. It uses the mouse wheel to
bring up a little slide to adjust the sound volume when the cursor is placed
over a user-chosen area of the screen (which is far more convenient than
clicking the systray sound horn which turns the sound off while it's being
adjusted!) Volumouse was not loading consistently at startup and when it
did it usually disappeared after I accessed it once or twice.

Immediately after I first plugged in and powered up this new computer (which
I had built after my old C drive failed, and which came with eTrust already
installed)--but before I installed any other programs--I visited MS to get
all critical updates (I saved them all to a folder too). It was not long
after that I noticed that one of the updates was listed in the Close Program
dialog. Since I'd never seen an update running there I deduced it was one
I'd never had before. Also at that time, I first noticed that the "working
in the background" cursor was appearing briefly once every minute no matter
what I was doing with the computer.

My first thought about the cursor activity was that eTrust was up to
something behind the scene, but when I "snoozed" it the cursor activity
didn't stop. That's when I began to wonder if the KB patch was involved.
The info I read here about the KB891711 patch affecting cursors and icons
inspired me to disable that patch to see if the cursor activity and the
other icon/cursor related glitches I'd noticed would go away. But they
didn't. So I removed eTrust--which I was not pleased with anyway,
especially because it wasn't easily disabled for installing new programs or
working offline. When I saw that everything was behaving normally again, I
reactivated the KB patch without incident.

For years I used NortonAV 2000 then 2002 . The only mischief it caused that
I'm aware of was that when I'd invoke it to check some file it'd
occasionally throw up a script error--and every time I used System Restore
it'd end up corrupted. I'd have to uninstall it then search for and delete
everything its uninstall left behind--which necessitated a registry
cleaning--before I could get a reinstall that performed. Of course I was
then obliged to spend a couple of hours downloading updates for it with my
pokey dial-up! I can't say if Norton was the root of any big OS problems
I've had though.

HTH

carol



"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:o 38v6NhOFHA.244@TK2MSFTNGP12.phx.gbl...
> What exactly were the problems you were having when using eTrust AV? I
> ask because in the years since Win Me was launched this is one of the AV
> applications that has caused few if any problems unlike both Norton and
> McAfee which are better known for destroying over time the systems on
> which they are installed.
> --
> Mike Maltby MS-MVP
> mike.maltby@gmail.com
>
>
> caroloyl <caroloyl.nospam@gmail.com> wrote:
>
> > Wow, this thread has filled up with lots of information!
> >
> > Here are the results of my testing:
> >
> > I've just re-enabled this patch and am pleased (although a bit
> > chagrined) to say it was not the cause of any of the problems I
> > mentioned I was having--the anti-virus program "eTrust" was!
> >
> > After I disabled the patch with msconfig and found no change in the
> > errant behaviors of Volumouse, Desktop Architect, or the "working in
> > the background cursor" even, I finally uninstalled eTrust because I
> > wasn't liking it very much and intended to replace it (it was new to
> > me with this new computer--I'd always used Norton before) and was
> > also curious to find out if it might have a part in my small but
> > annoying troubles. So it's gone, the problems are gone, and I'm
> > using avast! now which seems so far to be harmless. Sorry to be so
> > little help here!
>
Anonymous
April 6, 2005 3:47:46 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Carol,

Sorry to read that you have had problems and thanks for the information.
As I mentioned I've never had the problems with eTrust AV (other than when
trying to renew my licence last month) and never had to disable it to
install any application and similarly it has never interfered when
downloading and installing updates from the Windows Update site unlike
Norton McAfee both of which do need to be disabled. I've also never seen
reports of others having similar problems to yourself but since we all
have different PCs with different installed applications there's no
guarantee that what one person sees will also be seen by another. For
example I've never tried to install or use Volumouse (I must check that
one out for myself it sounds interesting) or Desktop Architect so that
makes at least two of many differences between your system and my own.

I feel that for you managed to run NAV2002 without destroying your system
qualifies you for a medal. <g> Few others have managed to do this since
both NAV and LiveUpdate are severely flawed applications especially so
when run on Win Me.

Incidentally I can think of a number of other possible reasons other than
eTrust that could cause the sort of problems you mention including Win
Me's winmgmt and stmgr processes both of which on occasion can soak up cpu
cycles causing massive problems for the user. Winmgmt due to the PCHealth
entries still being present in MSConfig | Startup and the Task Scheduler
(quite unnecessary in my opinion and do nothing for either you or your PC)
and stmgr where this application can run amok if there is a build up of
files in the C:\_RESTORE\TEMP archive requiring analysis.

Regards and best wishes,
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


caroloyl <caroloyl.nospam@gmail.com> wrote:

> Hi Mike
>
> I have a brand new custom-built computer running Windows Me (by
> choice :-)) The problems I was having that I've attributed to eTrust
> AV concerned "helper" programs not acting right and
> working-in-the-background cursor activity.
>
> I've used Desktop Architect (a desktop theme manager) for years with
> Me and never had it misbehave until I installed it on this new
> computer. It just wasn't applying some of its simple effects, like
> making desktop icon backgrounds transparent and outlining the desktop
> icon text with a different color.
>
> The other program involved was a volume controller called Volumouse
> that I'd used without problems on my old Me computer. It uses the
> mouse wheel to bring up a little slide to adjust the sound volume
> when the cursor is placed over a user-chosen area of the screen
> (which is far more convenient than clicking the systray sound horn
> which turns the sound off while it's being adjusted!) Volumouse was
> not loading consistently at startup and when it did it usually
> disappeared after I accessed it once or twice.
>
> Immediately after I first plugged in and powered up this new computer
> (which I had built after my old C drive failed, and which came with
> eTrust already installed)--but before I installed any other
> programs--I visited MS to get all critical updates (I saved them all
> to a folder too). It was not long after that I noticed that one of
> the updates was listed in the Close Program dialog. Since I'd never
> seen an update running there I deduced it was one I'd never had
> before. Also at that time, I first noticed that the "working in the
> background" cursor was appearing briefly once every minute no matter
> what I was doing with the computer.
>
> My first thought about the cursor activity was that eTrust was up to
> something behind the scene, but when I "snoozed" it the cursor
> activity didn't stop. That's when I began to wonder if the KB patch
> was involved. The info I read here about the KB891711 patch affecting
> cursors and icons inspired me to disable that patch to see if the
> cursor activity and the other icon/cursor related glitches I'd
> noticed would go away. But they didn't. So I removed eTrust--which
> I was not pleased with anyway, especially because it wasn't easily
> disabled for installing new programs or working offline. When I saw
> that everything was behaving normally again, I reactivated the KB
> patch without incident.
>
> For years I used NortonAV 2000 then 2002 . The only mischief it
> caused that I'm aware of was that when I'd invoke it to check some
> file it'd occasionally throw up a script error--and every time I used
> System Restore it'd end up corrupted. I'd have to uninstall it then
> search for and delete everything its uninstall left behind--which
> necessitated a registry cleaning--before I could get a reinstall that
> performed. Of course I was then obliged to spend a couple of hours
> downloading updates for it with my pokey dial-up! I can't say if
> Norton was the root of any big OS problems I've had though.
Anonymous
April 8, 2005 5:48:51 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

On Tue, 5 Apr 2005 17:09:15 -0500, "caroloyl"

>I have a brand new custom-built computer running Windows Me (by choice :-))
>The problems I was having that I've attributed to eTrust AV concerned
>"helper" programs not acting right and working-in-the-background cursor
>activity.

The only thing I heard about eTrust was an interaction with Zone
Alarm; apparently ZA "uses" eTrust's engine or something. The info I
was given wasn't too clear, and I've forgotten the context; may have
been email application crashes or something.

>I've used Desktop Architect (a desktop theme manager) for years with Me and
>never had it misbehave until I installed it on this new computer. It just
>wasn't applying some of its simple effects, like making desktop icon
>backgrounds transparent and outlining the desktop icon text with a different
>color.

OK; that's a space that Active Desktop, as well as mouse and SVGA
drivers and add-ons, can play in.

>The other program involved was a volume controller called Volumouse that I'd
>used without problems on my old Me computer. It uses the mouse wheel to
>bring up a little slide to adjust the sound volume when the cursor is placed
>over a user-chosen area of the screen (which is far more convenient than
>clicking the systray sound horn which turns the sound off while it's being
>adjusted!) Volumouse was not loading consistently at startup and when it
>did it usually disappeared after I accessed it once or twice.

Hm. Also desktop and SVGA space, I'n not have through av as much

>Immediately after I first plugged in and powered up this new computer (which
>I had built after my old C drive failed, and which came with eTrust already
>installed)--but before I installed any other programs--I visited MS to get
>all critical updates (I saved them all to a folder too). It was not long
>after that I noticed that one of the updates was listed in the Close Program
>dialog. Since I'd never seen an update running there I deduced it was one
>I'd never had before. Also at that time, I first noticed that the "working
>in the background" cursor was appearing briefly once every minute no matter
>what I was doing with the computer.

This is WinME, so there may be a bit of system underfootware involved;
as part of the troubleshoot, I might try disabling PC Health as that
data gatherer sometimes doesn't exit soon after it runs as it is
supposed to, and it runs every few minutes. SR will add overhead when
it packs loose files within C:\_RESTORE into .CAB archives there, but
that is supposed to happen only when idle.

MS Office Fast Find? Other indexers, e.g. for media files?

Are you online all the time? If so, anything "updating" itself?

>The info I read here about the KB891711 patch affecting cursors and icons
>inspired me to disable that patch to see if the cursor activity and the
>other icon/cursor related glitches I'd noticed would go away. But they
>didn't. So I removed eTrust--which I was not pleased with anyway,
>especially because it wasn't easily disabled for installing new programs or
>working offline. When I saw that everything was behaving normally again, I
>reactivated the KB patch without incident.

Yes, your mileage is one that points away from SVGA-vs.-patch as the
mechanism; thanks. The patch is OK on my own Win98SE.

It's possible the patch may interact adversely with av; how did it go
with the patch disabled and eTrust active?

>I can't say if Norton was the root of any big OS problems

Norton doesn't "get" WinME - and I can see why.

When MS released WinME, they announced it as the last of the Win9x
line (which developers could read as "don't waste effort developing
for this dead-end OS"). They also provided no Resource Kit
documentation (which developers could read as "it's pretty much
unchanged from Win98SE, so no need for us to write it up").

But WinME debuts a number of new subsystems, many of which are deep
and run all the time; SR, SFP and PC Health. So a dev that proceeds
as if this is "the same as Win98SE" while writing low-level
underfootware such as av is very likely to screw up.

That seems to have happened to both Norton and McAfee.



>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -
Anonymous
April 8, 2005 5:55:26 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

It's interesting to note that in these groups, I can only recall a couple of
instances of McAfee causing problems - while there are daily appearances of
Norton-related stuff.

I hated McAfee when I had it (on 98SE), and got rid of it pretty fast - it
would seem that they managed to tune it for ME pretty quickly, with the
result that while it's still a hog, it doesn't cause too many problems.


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote in
message news:60rc51hbovh3qrlg48ls8fphftqcoolr00@4ax.com...
> But WinME debuts a number of new subsystems, many of which are deep
> and run all the time; SR, SFP and PC Health. So a dev that proceeds
> as if this is "the same as Win98SE" while writing low-level
> underfootware such as av is very likely to screw up.
>
> That seems to have happened to both Norton and McAfee.
>
>
>
>>---------- ----- ---- --- -- - - - -
> Gone to bloggery: http://cquirke.blogspot.com
>>---------- ----- ---- --- -- - - - -
Anonymous
April 8, 2005 6:04:51 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

In article <uyEP6oDPFHA.3296@TK2MSFTNGP15.phx.gbl>, Noel Paton says...

> It's interesting to note that in these groups, I can only recall a couple of
> instances of McAfee causing problems - while there are daily appearances of
> Norton-related stuff.

> I hated McAfee when I had it (on 98SE), and got rid of it pretty fast - it
> would seem that they managed to tune it for ME pretty quickly, with the
> result that while it's still a hog, it doesn't cause too many problems.

HP included the McAfee on line virus scanner with my HP Pavilions (equipped
with HP's OEM version of Windows ME). McAfee turned out to cause a lot of
problems. For the year that I ran Norton Anti Viruse 2003, I had no trouble
with it. Go figure.

Of course, I turned off the email scanning feature. It had the nasty habit
of popping up a window announcing its activity as I was typing, which cause
some consternation. It also did not check inbound email on the Mercury Mail
'S' module; which is not an SMTP client, but an SMTP server. Most retail AV
packages don't work with servers. I currently use F-Prot for DOS; as an AV
Policy in Mercury Mail, where it scans POP3 mail, SMTP relay email (client),
and inbound SMTP email (server). For that reason, nobody using email on my
LAN needs to have client side email scanning enabled. Pull email through my
MTA, and push it through my MTA; let my MTA handle the virus scanning.

I have said this before, but I feel it is worth reporting. The primary
reason I did not update to NAV 2004 is that they implemented their
counterpart to MSFT's "Product Aggravation". I won't be adding Windows XP to
my system anytime soon because of that bit of software publisher arrogance.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Anonymous
April 9, 2005 2:29:05 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Out of curiosity two questions, did you ever use system restore when you
had NAV2003 installed and what happened if you restored to a checkpoint
created prior to the most recent update of viral reference signatures, and
how did you update those reference signatures such as how was LiveUpdate
configured?
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


N. Miller <anonymous@discussions.microsoft.com> wrote:

> HP included the McAfee on line virus scanner with my HP Pavilions
> (equipped with HP's OEM version of Windows ME). McAfee turned out to
> cause a lot of problems. For the year that I ran Norton Anti Viruse
> 2003, I had no trouble with it. Go figure.
>
> Of course, I turned off the email scanning feature. It had the nasty
> habit of popping up a window announcing its activity as I was typing,
> which cause some consternation. It also did not check inbound email
> on the Mercury Mail 'S' module; which is not an SMTP client, but an
> SMTP server. Most retail AV packages don't work with servers. I
> currently use F-Prot for DOS; as an AV Policy in Mercury Mail, where
> it scans POP3 mail, SMTP relay email (client), and inbound SMTP email
> (server). For that reason, nobody using email on my LAN needs to have
> client side email scanning enabled. Pull email through my MTA, and
> push it through my MTA; let my MTA handle the virus scanning.
>
> I have said this before, but I feel it is worth reporting. The primary
> reason I did not update to NAV 2004 is that they implemented their
> counterpart to MSFT's "Product Aggravation". I won't be adding
> Windows XP to my system anytime soon because of that bit of software
> publisher arrogance.
Anonymous
April 9, 2005 10:40:35 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

In article <#EBvDHIPFHA.2144@TK2MSFTNGP09.phx.gbl>, Mike M says...

> Out of curiosity two questions, did you ever use system restore when you
> had NAV2003 installed and what happened if you restored to a checkpoint
> created prior to the most recent update of viral reference signatures, and
> how did you update those reference signatures such as how was LiveUpdate
> configured?

Hmmm. I probably did, but I don't recall having any problems. I have seen
System Restore report the inability to restore a restore point often enough
that I always resort to SR with a certain bit of trepidation. About half the
time, when SR did the job, it did not fix things. I tend to use it as a last
resort; but more than once, upon reflection, realized that I should have
taken a different course of action. I really can't say that I have learned
enough about SR to positively know that it should work under the
circumstances when I have tried it.

As for NAV; it always worked as expected, right up to the time that the
subscription lapsed, and NAV popped up nag windows. At that time I removed
it completely, and didn't look back.

Symantec had implemented "Product Activation" on the next version of NAV,
and I have relegated the subsequent versions of NAV to the same non-use
category that I use for Windows XP.

Prior to getting this copy of Windows ME with the HP Pavilion 6745C, I had
several licensed copies of MS DOS. I had one copy of HP Vectra DOS 3.2, two
copies of HP Vectra DOS 4.01, and two copies of HP Vectra DOS 5.0; enough
for five computers. I had purchased three copies of the retail version of
the MS DOS 6.22 upgrade for prior versions of MS DOS. I had not found any
information suggesting that I couldn't use the HP OEM versions of MS DOS as
a basis for buying the upgrades, nor any license restrictions on the HP
Vectra DOS versions which precluded installation on a non HP Vectra
computer. Enough copies of MS DOS for five computers, but never running more
than three computers at one time.

And MSFT rewards my honesty with an anti piracy measure aimed at casual
sharing among their retail customers; Product Aggravation. I reward MSFT by
not buying their latest OS.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Anonymous
April 10, 2005 7:45:23 AM

Archived from groups: microsoft.public.windowsme.general (More info?)

Thanks.

You would know if you had ever used system restore and rolled back to
before the last NAV signature update as NAV would have no longer worked.
The only fix being to uninstall and then reinstall NAV and this is due to
the way that NAV stores details of its updates in the registry. When the
registry rolls back as part of the restore it gets out of synch with the
signature files. This is the only known AV application that works in this
way and the only one that is broken so easily by using system restore.
IMO and that of many others the domestic versions of NAV is an over rated
and over blown AV application that sells as a result of massive
advertising and does not merit or warrant its position in the market.

I find little in your rant about DOS licences to justify your stance on
windows product activation (WPA) and XP but that's your decision not mine
although I don't see the connection. Product activation is an attempt to
ensure that each PC has its own licence and to prevent users purchasing a
single copy of an operating system and installing it on multiple PCs as is
possible for example with Win Me, etc. For honest people such as yourself
WPA should make no difference to the day to day operation of their PCs.
Now when WPA goes wrong that could be another matter entirely an perhaps
justify some criticism but personally with some eight machines I look
after (not all mine but including those of my family) all running XP I
have yet to encounter a single problem other than on one occasion having
had to reactivate automatically when next on-line following a problem with
a NIC on one of my PCs. The same is true where I have machines running
either Office XP or Office 2003.

The question of OEM copies is however a different subject entirely and one
where I feel that Microsoft needs to take a stand. OEM copies are sold at
a heavy discount to OEMs and should really only be sold with a new PC and
tied to that PC with the manufacturer providing full support as per their
agreement with Microsoft, hence their heavy discount. Whether an OEM then
makes an upgrade available or not would then be for the manufacturer to
decide or not. Regrettably though OEM copies are sold on the grey market
and also Microsoft allows them to be sold with an item of hardware,
sometimes as trivial as an internal IDE cable, with the OEM copy then
being supposedly tied to that hardware rather than to a specific PC.
Personally I feel this practice needs to be cleaned up and OEM software
only be sold with a PC - and tied to that PC, with all other software
being "non OEM" and thus transferable between systems (although only ever
installed on one system at a time) and be eligible for upgrade.
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


N. Miller <anonymous@discussions.microsoft.com> wrote:

> Hmmm. I probably did, but I don't recall having any problems. I have
> seen System Restore report the inability to restore a restore point
> often enough that I always resort to SR with a certain bit of
> trepidation. About half the time, when SR did the job, it did not fix
> things. I tend to use it as a last resort; but more than once, upon
> reflection, realized that I should have taken a different course of
> action. I really can't say that I have learned enough about SR to
> positively know that it should work under the circumstances when I
> have tried it.
>
> As for NAV; it always worked as expected, right up to the time that
> the subscription lapsed, and NAV popped up nag windows. At that time
> I removed it completely, and didn't look back.
>
> Symantec had implemented "Product Activation" on the next version of
> NAV, and I have relegated the subsequent versions of NAV to the same
> non-use category that I use for Windows XP.
>
> Prior to getting this copy of Windows ME with the HP Pavilion 6745C,
> I had several licensed copies of MS DOS. I had one copy of HP Vectra
> DOS 3.2, two copies of HP Vectra DOS 4.01, and two copies of HP
> Vectra DOS 5.0; enough for five computers. I had purchased three
> copies of the retail version of the MS DOS 6.22 upgrade for prior
> versions of MS DOS. I had not found any information suggesting that I
> couldn't use the HP OEM versions of MS DOS as a basis for buying the
> upgrades, nor any license restrictions on the HP Vectra DOS versions
> which precluded installation on a non HP Vectra computer. Enough
> copies of MS DOS for five computers, but never running more than
> three computers at one time.
>
> And MSFT rewards my honesty with an anti piracy measure aimed at
> casual sharing among their retail customers; Product Aggravation. I
> reward MSFT by not buying their latest OS.
Anonymous
April 10, 2005 5:04:32 PM

Archived from groups: microsoft.public.windowsme.general (More info?)

PS
> The question of OEM copies is however a different subject entirely
> and one where I feel that Microsoft needs to take a stand.

By this I meant to try and say that Microsoft needs to take a stand on
behalf of the end user or purchaser of an OEM product. The current
shambles is IMO a disgrace and one where the end user is almost always the
loser. Microsoft needs to not only ensure that OEM copies are only sold
as part of a new PC but also that the OEM is capable of giving the end
user the full support they may require. What happens at the moment is,
again IMO, a total cop out by Microsoft.

Regards,
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


Mike M <No_Spam@Corned_Beef.Only> wrote:

> Thanks.
>
> You would know if you had ever used system restore and rolled back to
> before the last NAV signature update as NAV would have no longer
> worked. The only fix being to uninstall and then reinstall NAV and
> this is due to the way that NAV stores details of its updates in the
> registry. When the registry rolls back as part of the restore it
> gets out of synch with the signature files. This is the only known
> AV application that works in this way and the only one that is broken
> so easily by using system restore. IMO and that of many others the
> domestic versions of NAV is an over rated and over blown AV
> application that sells as a result of massive advertising and does
> not merit or warrant its position in the market.
> I find little in your rant about DOS licences to justify your stance
> on windows product activation (WPA) and XP but that's your decision
> not mine although I don't see the connection. Product activation is
> an attempt to ensure that each PC has its own licence and to prevent
> users purchasing a single copy of an operating system and installing
> it on multiple PCs as is possible for example with Win Me, etc. For
> honest people such as yourself WPA should make no difference to the
> day to day operation of their PCs. Now when WPA goes wrong that could
> be another matter entirely an perhaps justify some criticism but
> personally with some eight machines I look after (not all mine but
> including those of my family) all running XP I have yet to encounter
> a single problem other than on one occasion having had to reactivate
> automatically when next on-line following a problem with a NIC on one
> of my PCs. The same is true where I have machines running either
> Office XP or Office 2003.
> The question of OEM copies is however a different subject entirely
> and one where I feel that Microsoft needs to take a stand. OEM
> copies are sold at a heavy discount to OEMs and should really only be
> sold with a new PC and tied to that PC with the manufacturer
> providing full support as per their agreement with Microsoft, hence
> their heavy discount. Whether an OEM then makes an upgrade available
> or not would then be for the manufacturer to decide or not. Regrettably
> though OEM copies are sold on the grey market and also
> Microsoft allows them to be sold with an item of hardware, sometimes
> as trivial as an internal IDE cable, with the OEM copy then being
> supposedly tied to that hardware rather than to a specific PC.
> Personally I feel this practice needs to be cleaned up and OEM
> software only be sold with a PC - and tied to that PC, with all other
> software being "non OEM" and thus transferable between systems
> (although only ever installed on one system at a time) and be
> eligible for upgrade.
!