Tester 'll Never " Satisfied "

XP Myths
System Requirements

Myth - "Windows XP requires a high end PC to install and run."

Reality - "Windows XP can be installed on surprisingly low system requirements contrary to popular opinion. With the average life cycle of a regular PC being roughly 4-6 years, just about any PC being used today can run Windows XP. The following requirements are Microsoft's "official" minimum system requirements which I have tested to work fine with the exception of only 64 MB of RAM (performance is poor). Increasing your RAM to 1 8 MB would be the only upgrade I would strongly consider as my absolute minimum Windows XP system requirements."

33 MHz CPU (300 MHz Recommended) *
1 8 MB Recommended (64 MB of RAM minimum supported, limits performance and some features) *
1.5 GB of available hard disk space *
Super VGA (800 x 600) or higher-resolution video adapter and monitor
CD-ROM or DVD drive
Keyboard and Microsoft Mouse or compatible pointing device

* Actual requirements will vary based on your system configuration and the applications and features you choose to install. Additional available hard disk space may be required if you are installing over a network. - -

4GB RAM Limit

Myth - "Windows XP does not support 4GB of RAM"

Reality - "On any 3 -bit Operating System (not only Windows), you only have access to 4GB of address space by default. A 3 -bit Operating System can actually handle 4GB of memory. The issue is the way in which the hardware allocates memory for its own re s. The hardware needs to allocate memory space to use for things like the PCI bus, BIOS, the video card and others. It allocates this from the address space presented to it, which is not necessarily the same as the amount of physical RAM installed. Also of note, it allocates this memory from top to bottom. The problem is, when you have 4GB of RAM installed, the amount of physical memory installed is the same as the address space. If you have 4GB RAM, and the hardware needs to allocate a large chunk of memory for its own use, and it does this from top to bottom, the memory that is blocked off starts at 4GB and allocates downwards. So, the final amount of RAM the OS will be able to see is the difference. This is because when it actually allocates for the physical RAM in the system, it has to skip the chunk that was blocked off by the hardware. Since a 3 -bit OS can only see 4GB, the rest of the RAM is invisible because it is above the 4GB barrier. By using the /PAE switch, you enable the OS to see above this barrier, and you can see all of your RAM, sometimes. The real problem comes back to hardware. The OS can only handle whatever re s are shown to it by the hardware BIOS. If the hardware does not support a large enough addressing range, then it simply won't report anything above that so the OS is in the dark. If the hardware supports 36-bit PAE Intel Extensions or the AMD equivalent, and you use an OS that supports PAE, you should be able to enable both and see all of the RAM." - - -


DOS Game Compatibility

Myth - "You cannot run DOS games on Windows XP."

Reality - "Many MS-DOS-based games will run on Windows XP and a community out there is dedicated to smoothing the way. MS-DOS was a 16-bit platform. Windows 95 meshed 16-bit and 32 -bit code with MS-DOS at its core. Most 16-bit MS-DOS based programs would work fine on Windows 95. Windows 95, 98, and Me were all based on the same core technology (called kernel). Windows XP is based on a completely different kernel. It's built on code that was introduced in Windows NT, evolved into Windows 000, and was enhanced for Windows XP. The Windows NT kernel doesn't have any MS-DOS components in it at all-it's a pure 3 -bit beast. It includes a 16-bit emulator and a command prompt mode that looks like MS-DOS. MS-DOS-based games don't have the friendly installers found in the Windows 9x-based games. You should install MS-DOS-based games from a command prompt. One of the trickiest parts of making MS-DOS-based games to run on Windows XP is getting the sound to work. Succeeding at getting your ancient games up and running on Windows XP can be as rewarding as playing the game itself!"

Notes - If all else fails you can always try the - DOSBox DOS Emulator.


NTFS Game Compatibility

Myth - "NTFS is not compatible with games."

Reality - "Your normal software and games could not care less what file system they are being stored on. As long as it's supported by the operating system you are using, there will be no problem. With NTFS, however, permissions can play a factor in whether a game runs correctly or not. If you don't have access to a particular file that's needed by the software, it's not going to work. This is different than when a file is stored on FAT3 , and is probably responsible for the mistaken belief that a game, or other software, must be compatible with NTFS. This is another good reason to familiarize yourself with the file and folder permissions in NTFS." -
Windows 95/98/ME vs XP Reliability

Myth - "Windows 95/98/ME is as reliable as XP." - Comparison Chart - Reliability Video

Reality - "Windows XP is 10-30 times more reliable then Windows 95/98/ME. Windows XP Professional is built on the proven code base of Windows 000, which features a 3 -bit computing architecture, and a fully protected memory model. Windows XP offers several enhancements that make it the most reliable version of Windows yet: Application Compatibility, Compatibility Mode, Improved Device and Hardware Support, Shared DLL Support, Shutdown Event Tracker, Windows Driver Protection, Device Driver Rollback, Windows Installer, Auto Update, Dynamic Update, Windows Update, Shadow Copy Integration with Backup, Last Known Good Configuration, Automated System Recovery, System Restore Enhancements, Error Messaging and Product Support, Online Crash Analysis, " -

Optimization XP Myths
Also known as "Bad Tweaks" these are frequently recommended and included in various tweaking programs claiming to improve performance. You will not find them supported with documented reproducible testing but rather anecdotal evidence. In each case they either do absolutely nothing or even worse, actually hurt performance. For optimizations that work use the Optimize XP guide.

Key

= No Effect on Performance
= Reduces Performance
= Partial Performance Improvement
= Causes other Problems


Windows 000 vs XP

Myth - "Using Windows 000 over Windows XP will improve performance"

Reality - Windows XP offers better performance than Windows 000 so long as the recommended Windows XP requirements are met regardless of the age of the computer. With 1 8 MB of RAM Windows XP is superior to Windows 000 and all older versions of Windows. This includes dramatically faster boot and resume times and highly responsive applications. Performance only gets better with additional re s, particularly when you run memory-intensive multimedia applications. -


Always Unload DLL (Disable DLL Caching, Force XP to unload DLLs)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] "AlwaysUnloadDLL"

Myth - "Enabling AlwaysUnloadDLL frees up more memory and improves performance."

Reality - "Adding this Registry Key in Windows 000 or XP has no effect since this registry key is no longer supported in Microsoft Windows 000 or later. The Shell automatically unloads a DLL when its usage count is zero, but only after the DLL has not been used for a period of time. This inactive period might be unacceptably long at times, especially when a Shell extension DLL is being debugged. For operating systems prior to Windows 000, you can shorten the inactive period by adding this registry key." - -



EnablePrefetcher

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement\PrefetchParameters] "EnablePrefetcher"

Myth - "Setting any value higher then 3 to EnablePrefetcher will improve performance."

Reality - The Prefetcher component in Windows XP is part of the Memory Manager, and helps to shorten the amount of time it takes to start Windows and programs. This is a new feature in Windows XP which improves application load times and Windows boot times automatically. The slower your system and the larger an application, the more Prefetching helps. Even high end systems benefit from prefetching with large, slow loading applications, such as large games. By default Prefetching is enabled in Windows XP and already configured optimally. The following list describes the different possible values for the EnablePrefetcher registry key.

0 = Disabled
1 = Application launch prefetching enabled (Will cripple Window's boot times)
= Boot prefetching enabled (Will cripple all application load times)
3 = Applaunch and Boot enabled (Optimal and Default)

By default the Prefetcher is set to a value of 3 in Windows XP. Values such as 4, 5, 6 ect... do not exist and are thus useless. Leave this at the default value of 3 which is already optimal for maximum performance on both Windows XP Boot and initial application launches. -

Low Memory Systems - Recommendations to disable Prefetching on low memory systems (1 8 MB - 51 MB) is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. The slower the system the more it will benefit from Prefetching. 64 MB systems will suffer due to insufficient RAM, reducing but not eliminating Window XP's prefetching benefits. 1 8 MB is the recommended minimum for optimal prefetching performance.

Boot Performance - Recommendations to set the EnablePrefetcher value to to improve boot performance is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows XP startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. Only the files used during boot will be Prefetched. The Prefetch folder is not a cache. Windows XP will boot in the exact same amount of time with either value or 3, the only difference with is that now all of your initial application launches will not be Prefetched and thus load slower. The default value of 3 in no way negatively affects Windows XP boot times. Leave the value at 3 for optimal Windows XP boot and initial application launch times.


Enable Superfetch

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement\PrefetchParameters] "EnableSuperfetch"

Myth - "Adding EnableSuperfetch to the registry improves performance in Windows XP as it does in Windows Vista."

Reality - "This myth was started when the Inquirer irresponsibly ran a bogus letter without doing any fact checking. Windows internals guru Mark Russinovich said this won't work, the "Superfetch" string isn't even in the Windows XP kernel. You can confirm this yourself by checking with the strings.exe utility. This makes it impossible for it to do anything since no "Superfetch" command exists. Windows cannot execute a nonexistent command and will simply ignore it. Anyone who says this works is not only lying but a fool." -


Conservative Swapfile

System.ini [386Enh] ConservativeSwapfileUsage=1

Myth - "Adding ConservativeSwapfileUsage=1 to the System.ini file improves performance."

Reality - "The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit applications (MS-DOS-based programs). They have no effect on the Windows XP paging file settings which are stored in the Registry. This setting only effects Windows 95/98 operating systems. The default setting for ConservativeSwapfileUsage is 1 for Windows 95, and 0 (zero) for Windows 98. On Windows 98 systems you can set ConservativeSwapfileUsage=1 under the [386Enh] heading of the System.ini file causing the system to behave as Windows 95 does, at some cost in overall system performance." - - - 3


Deleting Temp Files

Myth - "Deleting Temp Files improves performance."

Reality - Deleting temporary files does not improve application, gaming or system performance on NTFS volumes. All it does is increase your available disk space. This is because performance does not degrade under NTFS, as it does under FAT, with larger volume sizes. While AntiVirus, AntiSpyware and general disk scan/search times can be reduced, these are not what people associate with improved performance. Deleting the contents of your browser cache actually reduces performance for previously visited webpages since they must be reloaded into the cache. This does not mean you should not do this periodically for house cleaning reasons. Only that you should not expect improved performance from doing so.

NTFS - Maximum files per volume: 4, 94,967, 95
NTFS - Maximum files and subfolders within a single folder: 4, 94,967, 95
FAT3 - Maximum files per volume: 4,177,9 0
FAT3 - Maximum files and subfolders within a single folder: 65,534*

* The use of long file names can significantly reduce the number of available files and subfolders within a folder.



Clearing the Paging File

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "ClearPageFileAtShutdown"

Myth - "Clearing the Paging File at Shutdown improves performance."

Reality - "Enabling this will clear the Window's paging file (Pagefile.sys) during the shutdown process, so that no unsecured data is contained in the paging file when the shutdown process is complete. If you enable this feature, the shutdown time will be increased. Some third-party programs can temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of the Windows virtual memory architecture, this information can be present in the paging file. Although clearing the paging file is not a suitable substitute for physical security of a computer, you might want to do this to increase the security of data on a computer while Windows is not running." -


Disable the Paging File

Myth - "Disabling the Paging File improves performance."

Reality - "You gain no performance improvement by turning off the Paging File. When certain applications start, they allocate a huge amount of memory (hundreds of megabytes typically set aside in virtual memory) even though they might not use it. If no paging file (pagefile.sys) is present, a memory-hogging application can quickly use a large chunk of RAM. Even worse, just a few such programs can bring a machine loaded with memory to a halt. Some applications (e.g., Adobe Photoshop) will display warnings on startup if no paging file is present." -


Moving the Paging File

Myth - "Moving the Paging File to a different partition on the same drive improves performance."

Reality - "Moving the Paging File (pagefile.sys) to a different partition on the same physical hard disk drive does not improve performance. Simply using a different partition on the same drive will result in lots more head-seeking activity, as the drive jumps between the Windows and paging file partitions. Even though moving the paging file in this case can have the positive effect of defragmenting it, the loss in I/O performance out weighs any gains. It is better to simply defragment the paging file using PageDefrag and keep maximum I/O performance by leaving the paging file where it is with a single drive setup. -

Notes - However you can enhance performance by putting the paging file on a different partition and on a different physical hard disk drive. That way, Windows can handle multiple I/O requests more quickly. When the paging file is on the boot partition, Windows must perform disk reading and writing requests on both the system folder and the paging file. When the paging file is moved to a different partition and a different physical hard disk drive, there is less competition between reading and writing requests."


Paging File RAMdisk

Myth - "Putting the Paging File on a RAMdisk improves performance."


Disable Certain Services

Myth - "Disabling these Services improves performance."

Reality - "Disabling these Services actually reduces performance."

DNS Client Service - "The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server." -

Task Scheduler Service - "Disabling the Task Scheduler completely cripples Windows XP's Boot and Application Load times by preventing Prefetch (.PF) trace files and the Layout.ini file from being created or updated." -

Notes - Disabling other unnecessary services in general has only one affect on performance and that is reduced Windows XP boot times. -


Disable Paging Executive Low Memory Systems, or High Memory Systems

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "DisablePagingExecutive"

Myth - "Setting DisablePagingExecutive to 1 improves performance by preventing the kernel from paging to disk."

Reality - "DisablePagingExecutive applies only to ntoskrnl.exe. It does not apply to win3 k.sys (much larger than ntoskrnl.exe!), the pageable portions of other drivers, the paged pool and of course the file system cache. All of which live in kernel address space and are paged to disk. On low memory systems this can force application code to be needlessly paged and reduce performance. If you have more than enough RAM for your workload, yes, this won't hurt, but then again, if you have more than enough RAM for your workload, the system isn't paging very much of that stuff anyway. This setting is useful when debugging drivers and generally recommended for use only on servers running a limited well-known set of applications." - - - 3


Disable System Restore

Myth - "Disabling System Restore improves performance."

Reality - "System Restore does not cause any noticeable performance impact when monitoring your computer. The creation of a Restore point also is a very fast process and usually takes only a few seconds. Scheduled System Checkpoints (every 4 hours by default) are created only at system idle time to avoid interfering with a computer during use." -


Disk Defragmenter

Myth - "The built-in Disk Defragmenter is good enough."

Reality - "This statement would be true if the built-in defragmenter was fast, automatic, and customizable. Unfortunately, the built-in defragmenter does not have any of these features. The built-in defragmenter takes many minutes to hours to run. It requires that you keep track of fragmentation levels, you determine when performance has gotten so bad you have to do something about it, and then you manually defragment each drive using the built-in defragmentation tool." -

Disk Defragmenter Limitations - The Disk Defragmenter tool in Windows 000/XP is based on the commercial version of Diskeeper. The version that is included with Microsoft Windows 000/XP provides limited functionality in maintaining disk performance by defragmenting volumes that use the FAT, the FAT3 , or the NTFS file system. The XP version offers some improvements over the 000 version but still has the following limitations: -

- It can defragment only local volumes.
- It can defragment only one volume at a time.
- It cannot defragment one volume while scanning another.
- It cannot be easily scheduled without scripts or third party utilities
- It can run only one Microsoft Management Console (MMC) snap-in at a time.


Deleting Hiberfil.sys

Myth - "It is necessary to delete the Hiberfil.sys before defragmenting."

Reality - "The Hiberfil.sys is a file to which the system's physical memory is written during hibernation. On resuming from hibernation, the BIOS reads Hiberfil.sys to restore the state of the computer to its pre-hibernation state. Because the location of the Hibernate file is determined very early in the startup process, it cannot be moved. It can, however, be defragmented safely at startup using a commercial defragmenter such as Diskeeper or the freeware utility PageDefrag." -


FAT3 vs. NTFS

Myth - "The FAT3 file system is faster/better than NTFS."

Reality - "NTFS provides performance, reliability, and advanced features not found in any version of FAT. NTFS features: Built-In Security, Recoverability, Alternate Streams, Custom File Attributes, Compression, Object Permissions, Economical Disk Space Usage using a more Efficient Cluster Size and Fault Tolerance. Windows XP comes with NTFS 3.1 which includes even more advanced features such as: Encryption, Disk Quotas, Sparse Files, Reparse Points, Volume Mount Points. None of which is available with FAT3 ." - Comparison Chart


Converting FAT3 to NTFS

Myth - "Converting FAT3 volumes to NTFS instead of formatting them will reduce performance by forcing a 51 byte cluster size."

Reality - "Windows XP CONVERT creates the best possible cluster size according to the existing FAT format. On NTFS volumes, clusters start at sector zero; therefore, every cluster is aligned on the cluster boundary. For example, if the cluster size was 4K and the sector size was 51 bytes, clusters will always start at a sector number that is a multiple of 4096/51 for example, 8. However, FAT file system data clusters are located after the BIOS Parameter Blocks (BPB), reserved sectors, and two FAT structures. FAT formatting cannot guarantee that data clusters are aligned on a cluster boundary. In Windows 000, CONVERT handled this problem by forcing an NTFS cluster size of 51 bytes, which resulted in reduced performance and increased disk fragmentation. In Windows XP, CONVERT chooses the best cluster size (4K is the ideal)." -

Notes - The FAT3 file system does not use a default cluster size smaller than 4 KB. The maximum NTFS default cluster size under Windows XP is 4 KB because NTFS file compression is not possible on drives with a larger allocation size. -



IO Page Lock Limit

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "IoPageLockLimit"

Myth - "Increasing the IO Page Lock Limit will lock more memory for exclusive access by the kernel, improving performance."

Reality - "Indeed, it does do this but only in an RTM Windows 000 machine. It does absolutely nothing in Windows 000 Service Pack 1 and up, and absolutely nothing in Windows XP. This makes it effectively useless, since no one in their right minds would be running RTM Windows 000. The RTM kernel references IoPageLockLimit. The SP1 kernel does not. Neither do any subsequent editions of the kernel; neither does the XP kernel in any of its incarnations." -


IRQ Priority

[HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl] "IRQ8Priority"

Myth - "Adjusting the Priority of IRQs especially IRQ 8 improves system performance."

Reality - "IRQs don't even HAVE a concept of "priority" in the NT family; they do have something called "IRQL" (interrupt request level) associated with them. But the interval timer interrupt is already assigned a higher IRQL than any I/O devices, second only to the inter-processor interrupt used in an MP machine. The NT family of OSes don't even use the real-time clock (IRQ 8) for time keeping in the first place! They use programmable interval timer (8 54, on IRQ 0) for driving system time keeping, CPU time accounting, and so on. IRQ 8 is used for profiling, but profiling is almost never turned on except in very rare development environments. Even if it was possible it doesn't even make sense why adjusting the real-time clock priority would boost performance? The real-time clock is associated with time keeping not CPU frequency. I would not be surprised if this originated in an overclocking forum somewhere. This "tweak" can be found in most XP all-in-one tweaking applications. This is a perfect example of why they are not recommended." -


IRQ14=4096

System.ini [386Enh] IRQ14=4096

Myth - "Adding IRQ14=4096 to the System.ini file improves performance."

Reality - "The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit applications (MS-DOS-based programs). They have no effect on any Windows XP settings which are stored in the Registry. This is a made up tweak as no such setting exists." - -


Launch folder windows in a separate process

Myth - "Enabling Launch folder windows in a separate process improves performance."

Reality - "Use this setting if your computer frequently crashes, and you are trying to minimize problems or troubleshoot. Be aware, however, this process uses more memory and that doing this could slow down the performance of your computer." -

Notes - Windows XP is a very stable operating system and should never Lock-up (freeze), display Blue Screen Stop Errors or Randomly Reboot. These are all warning signs something is wrong or misconfigured with your system. Use the Diagnose XP Guide to help troubleshoot the most common causes of system problems.


Large System Cache

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "LargeSystemCache"

Myth - "Enabling LargeSystemCache improves desktop/workstation performance."

Reality - "LargeSystemCache determines whether the system maintains a standard size or a large size file system cache, and influences how often the system writes changed pages to disk. Increasing the size of the file system cache generally improves file server performance, but it reduces the physical memory space available to applications and services. Similarly, writing system data less frequently minimizes use of the disk subsystem, but the changed pages occupy memory that might otherwise be used by applications. On workstations this increases paging and causes longer delays whenever you start a new app. Simply put enable this on a file server and disable it on everything else." -


NTFS is Fragmentation Free

Myth - "The NTFS File system does not get fragmented and Defragmenters are unnecessary."

Reality - "Even though NTFS is more resistant to fragmentation than FAT, it can and does still fragment. The reason NTFS is less prone to fragmentation is that it makes intelligent choices about where to store file data on the disk. NTFS reserves space for the expansion of the Master File Table, reducing fragmentation of its structures. In contrast to FAT's first-come, first-served method, NTFS's method of writing files minimizes, but does not eliminate, the problem of file fragmentation on NTFS volumes." -


QoS

Myth - "Disabling QoS will free up the 0% bandwidth reserved by QoS."

Reality - "There have been claims in various published technical articles and newsgroup postings that Windows XP always reserves 0 percent of the available bandwidth for QoS. These claims are incorrect. As in Windows 000, programs can take advantage of QoS through the QoS APIs in Windows XP. 100% of the network bandwidth is available to be shared by all programs unless a program specifically requests priority bandwidth. This "reserved" bandwidth is still available to other programs unless the requesting program is sending data. By default, programs can reserve up to an aggregate bandwidth of 0% of the underlying link speed on each interface on an end computer. If the program that reserved the bandwidth is not sending sufficient data to use it, the unused part of the reserved bandwidth is available for other data flows on the same host."
- Microsoft Knowledge Base -


RAM Optimizers/Defragmenters

Myth - "Increasing the amount of available RAM using RAM Optimizers/Defragmenters improves performance."

Reality - "RAM Optimizers have no effect, and at worst, they seriously degrade performance. Although gaining more available memory might seem beneficial, it isn't. As RAM Optimizers force the available-memory counter up, they force other processes' data and code out of memory. Say that you're running Word, for example. As the optimizer forces the available-memory counter up, the text of open documents and the program code that was part of Word's working set before the optimization (and was therefore present in physical memory) must be reread from disk as you continue to edit your document. The act of allocating, then freeing a large amount of virtual memory might, as a conceivable side effect, lead to blocks of contiguous available memory. However, because virtual memory masks the layout of physical memory from processes, processes can't directly benefit from having virtual memory backed by contiguous physical memory. As processes execute and undergo working-set trimming and growth, their virtual-memory-to-physical-memory mappings will become fragmented despite the availability of contiguous memory."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow - -


Clearmem

Myth - "Running Clearmem improves performance by freeing up memory."

Reality - "Microsoft's Clearmem, the memory-consuming test tool, is a simulation tool that lets developers measure the minimum working set for a process and to help system administrators isolate cache bottlenecks on servers. Clearmem was originally found on the Windows NT Re Kit 4.0 CD and can now be found on the Windows Server 003 Re Kit. It allocates and references all available memory, consuming any inactive pages in the working sets of all processes (including the cache) and effectively clears the cache of all file data. As Clearmem increases its working set the working sets of all other processes are trimmed until they contain only pages currently being used and those most recently accessed. This reduces the performance of all running applications every time you run this by reducing their amount of available memory, forcing them to needlessly page and causing any cached file data to have to be reread from disk." - -



Registry Cleaners

Myth - "Registry Cleaners improve performance."

Reality - "A few hundred kilobytes of unused keys and values causes no noticeable performance impact on system operation. Even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow -

Notes - "Registry Cleaners can fix problems associated with traces of applications left behind due to incomplete uninstalls. So it seems that Registry junk is a Windows fact of life and that Registry cleaners will continue to have a place in the anal-sysadmin's tool chest, at least until we're all running .NET applications that store their per-user settings in XML files - and then of course we'll need XML cleaners."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow -


Security XP Myths
Cookies

Myth - "Cookies are Spyware."

Reality - "Cookies are not Spyware. It's grossly irresponsible for these Anti-Spyware companies to treat cookies like Spyware. REAL Spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That's it. Go ahead and open the cookie on your computer and you'll see it's harmless. Cookies are not Spyware, no matter how hard these Anti-Spyware companies try to make them out to be." - - - 3

Notes - "Certain Cookies can still pose some privacy concerns and if you wish to remove them it will do no harm. The point is when you find many of these after running a standard Anti-Spyware scan you should not get excited that you are infected with malicious Spyware. You don't need anti-spyware software to get rid of these cookies, simply use these steps."


Limited User Accounts

Myth - "Limited User Accounts are a Realistic Security Solution."

Reality - "On a nonmanaged XP machine today, it isn't realistic to run without Administrator privileges. Unlike UNIX and UNIX-like systems such as Linux and Apple Computer's Mac OS X, Windows isn't very useable with a non-Administrator account, largely because so many applications are ignorant of rights and were written to work only with Administrator-level accounts. This is particularly problematic in a home environment, in which XP Home Edition's crippled Limited Account type, designed for children and less-technical users, is virtually useless. In Windows XP, the lame Run As option, virtually hidden under a right-click menu that typical users will never know about, is a poor substitute." -

"After you log on to a computer by using a Limited User Account, you may observe one or more of the following behaviors when you try to use a program that is not expressly designed for Windows XP.

- The program does not run.
- The program stops responding (hangs).
- You receive notification of run-time error 7 or run-time error 3446.
- The program does not recognize that a CD-ROM is in the CD-ROM drive.
- The program does not allow you to save files.
- The program does not allow you to open files.
- The program does not allow you to edit files.
- The program displays a blank error message.
- You cannot remove the program.
- You cannot open the Help file.

This behavior can occur because the Limited User Account prevents older programs from performing certain functions. Microsoft lists over 189 applications in this article alone that do not work right on a Limited User Account." -


Power User Accounts

Myth - "Power User Accounts are a Good Compromise Security Solution."

Reality - "Power User accounts allow the installation of software, including ActiveX controls and can easily be elevated to fully-privileged administrators. The lesson is that as an IT administrator you shouldn't fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow -



Spyware, Malware and Virus Security

Myth - "It is impossible or difficult to secure Windows XP from Spyware, Malware or Viruses."

Reality - "It is very easy to secure Windows XP, simply use Secure XP - A Windows XP Security Guide. To put it bluntly I simply do not get infected with anything. Keep in mind nothing can fully protect you from something you manually install." -


Really Hidden Files

Myth - "There are Really Hidden Files in Windows XP that are impossible to see."

Reality - "Any file can be seen in Windows XP once you change from the default view settings. Go to the Control Panel, Appearance and Themes, Folder Options, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended). Protected operating system files also known as Super Hidden Files are by default hidden from view. They are critical system files that if deleted can cause various system problems." - - - 3

Streams - The NTFS file system includes a feature called alternate or multiple data streams that enables data to be managed as a single unit. Using multiple data streams, a file can be associated with more than one application at a time, such as Microsoft Word and WordPad or a graphics program can store a thumbnail image of a bitmap in a named data stream within the NTFS file containing the image. Windows Explorer will not report the correct file size for files utilizing multiple data streams. A free utility, Streams can be used to view files utilizing multiple data streams. - - - 3

Rootkits - It is possible to get infected by malicious programs known as "Rootkits" which can truly hide themselves from being viewed in Windows Explorer. These malicious programs can be detected using special scanners such as RootkitRevealer. -


Virus Hoaxes

Myth - "All Email Virus warnings are real."

Reality - "With the increase in the growth of viruses and Trojan programs, many computer users have turned to the Internet as a fast and easy tool to warn friends and co-workers of these threats. At the same time, there has also been a growth of virus hoax warnings. These warnings often describe fantastical or impossible virus or Trojan program characteristics, but appear to be real and forwarding these hoax warnings to friends and co-workers only perpetuates the problem. If you receive an Email that you suspect is a hoax, do not forward it to anyone and never open the attachments. Check in the Vmyths Hoax Database to confirm it is a hoax and delete the Email. If the Email originated from someone you know, send them an Email explaining the hoax." -




XP Firewall

Myth - "The Windows XP Firewall is not good enough because it lacks outbound filtering."


"Secret" XP Myths
There are various myths people incorrectly think are hidden Secrets, Easter eggs or bugs in Windows XP.

'CON' Folder

Myth - "Not being able to name a file or folder 'CON' is a bug or a secret"

Reality - "Several special file names are reserved by the system and cannot be used for files or folders: CON, AUX, COM1, COM , COM3, COM4, LPT1, LPT , LPT3, PRN, NUL. This goes back to DOS 1.0 which didn't support subdirectories, lowercase, or filenames longer than 8.3. 'CON' is a reserved word from the old DOS days, simply meaning 'console'. If you wanted to create a new text file in DOS you could type 'copy con newfile.txt' meaning copy from the console to newfile.txt. This would let you type some lines and when you ended the file you would have a file called newfile.txt containing whatever you wrote in the console. Since they are still relied on with things like batch files (redirect to >NUL) they are still reserved today." - -

Notes - This has nothing to do with the patched "DOS Device in Path Name" Vulnerability of Windows 95/98.


Notepad Phrases

Myth - "There are Secret phrases like "bush hid the facts" you can type into Notepad"

Reality - "Notepad makes a best guess of which encoding to use when confronted with certain short strings of characters that lack special prefixes. The encodings that do not have special prefixes and which are still supported by Notepad are the traditional ANSI encoding (i.e., "plain ASCII") and the Unicode (little-endian) encoding with no BOM. When faced with a file that lacks a special prefix, Notepad is forced to guess which of those two encodings the file actually uses. The function that does this work is IsTextUnicode, which studies a chunk of bytes and does some statistical analysis to come up with a guess. Sometimes it guesses wrong and displays random characters after you save and open the file. Any combination of characters in the same order 4-3-3-5 will cause the same problem: "Bill lie and cheat" "this app can break", "hhhh hhh hhh hhhhh", "this isa bug dummy" ect..." - -


Telnet Star Wars

Myth - "There is a hidden ASCII version of Star Wars in Windows"

Reality - "No hidden version of Star Wars exists in Windows. This version is accessed over the Internet using a program called Telnet. Telnet is a simple, text-based program that allows you to connect to another computer by using the Internet. While Telnet is included in Windows, the ASCII (text-based) version of Star Wars is not. Simply disconnecting or powering down your modem will prevent you from watching it. This is no different from watching a video file over the Internet but instead of using a web browser you are using the Telnet program. These text-based animations can be viewed online