Chances are, there is a copy of Java on any computer you walk up to. According to Sun Microsystems, the company behind Java, it has been installed on more than 800 million computers. There are versions of Java for many operating systems, including Windows, OS X, Linux, and Solaris, just to name a few. You can see if Java is installed on a computer by visiting Javatester.org.
If there is a copy of Java on a computer you own or maintain, it may be old. JavaTester.org not only reports the installed version but gives you some idea of how old that version is, by listing the most recent versions and when they were released.
Multiple versions of Java can, and often do, coexist on a single computer. This is because installing newer versions of Java has never removed older versions. Windows users will see any old versions in the usual Add/Remove Programs list in the Control Panel.
Do you need Java at all? Maybe, maybe not.
Many people use Java without realizing it. I recently wrote about the Secunia Online Software Inspector, a great online service for reporting old, dangerously buggy software that's installed on Windows computers. It requires Java. If you have a Box.net account and use their drag-and-drop multiple file uploader, you're using Java.
Installing
What follows are step-by-step instructions for installing the latest versions of Java on a Windows computer.
Sun, the company behind Java, just released a new version known as Java 6 Update 10 (among other names). As I noted previously, there's no compelling reason to install this latest version, in fact, a case can be made that the prior version, Java 6 Update 7, is the better way to go. The steps involved in installing either version are the same.
The Java plug-in fails to automatically install in Firefox
In theory, the first time you try to use a Web page that requires Java it should be automatically installed. In reality, this rarely works. I just tested it under Windows XP with Firefox versions 2 and 3 and with Internet Explorer versions 6 and 7. Not once did Java auto-install (see above).
No matter, the manual installation is fairly simple. And unlike Flash, Windows users only have to install Java once.
Technically, what you download is the Java Runtime Environment (JRE). The latest JRE version is always available at www.java.com/en/download/manual.jsp. Go for the "offline" version. The prior Java version (Java 6 Update 7) is available at java.sun.com/products/archive/j2se/6u7/index.html. Click on the "Download JRE" link at the bottom of the page.
For both versions, when you run the downloaded EXE file, the installation starts with the usual license agreement.
Starting the installation of Java
Then you may be given the chance to download additional software. When I installed Java 6 Update 7, there was no additional software. But when I installed the latest version, it defaulted to also installing the Yahoo Toolbar for Firefox. No one needs the Yahoo Toolbar, so I suggest not installing it. Defensive computing means installing only the software you really need. The less software installed, the less of a bug magnet your computer is.
Additional software, unrelated to Java, may be an option.
As the software is being installed, you'll see a standard progress bar.
Java is being installed.
When it's all done, this too is clearly shown.
Java has been installed.
Old Versions
What to do with older versions of Java that may be on your computer is debatable.
My preference is to delete old software, so that malicious software can't exploit any known bugs. Others may argue to let sleeping dogs lie because there may be some software that specifically requires an old version of Java. I'll take that chance. In the worst case, you can always download an old version of Java at java.sun.com/products/archive/.
On Windows, Java uninstalls in the normal, standard manner.
This latest version of Java (6 Update 10) is going to complicate things in the future. Newer versions of Java 6 may install themselves over this version or they may not. Java can now be installed in two ways: patch-in-place and static.
If your copy of Java 6 Update 10 is "patch-in-place" then a newer version of Java 6 will remove Update 10 when it's installed. However, if your copy of Java 6 Update 10 is "static," then newer versions of Java 6 will not replace Update 10.
Either way, newer versions of Java 6 will not remove versions of Java 6 prior to Update 10. Also, when Sun gets up to Java version 7 Update 1, that will not remove any copies of Java 6 that may exist.
I don't make these decisions, I only report them.
See a summary of all my Defensive Computing postings.
Secunia's Online Software Inspector (OSI) is a great free service, one that all Windows users should avail themselves of regularly. OSI is an online scan of a Windows computer (Macs and Linux are not supported) that looks for software with known security flaws. Any computer that gets a clean bill of health from OSI is better defended than one that doesn't.
As I write this, only 7,019 scans have been run in the last 24 hours. More Windows users need to be made aware of the scanner, and I hope this posting does so. That said, OSI isn't perfect.
Defining The Problem
A screenshot illustrating a portion of the OSI report is shown below. The easy-to-understand green check vs. red X indicates that Flash versions 9 and 10 are considered safe, whereas Flash version 7 is not. This illustrates a design choice made by Secunia that I disagree with.
Software with known bugs is given a green check if the vendor has not yet released a patch for the bug(s).
Secunia describes its assorted scanners as focusing "...solely on detection and assessment of missing security patches and end-of-life programs." An unpatched bug is not missing a security patch, so it's green-lighted.
This may be what large organizations need to know, but I think home users should be warned of known buggy software, patch or no patch. For example, if the Adobe Reader has a known bug, we can decide to use the Foxit PDF Reader in the meantime.
Flash version 9 is currently in this state; version 10 fixes a number of bugs. I recently blogged about installing Flash version 10 and warned that version 9 should be replaced. This resulted in an e-mail exchange with Thomas Kristensen, Secunia's CTO.
In his own words:
The OSI and the PSI reports missing security updates for supported software. Flash 9 is still supported and no security related update has been released yet, thus we don't report any missing update for Flash 9. Flash 10 is not a security update for Flash 9, since Flash 9 still is supported.
The interesting perspective here is whether Adobe is using the security issue in Flash 9 to promote Flash 10.
The real problem here is not the OSI and PSI results, the real problem is that Adobe hasn't released an update for Flash 9 (or announced "end of life" for Flash 9).
PSI refers to the Secunia Personal Software Inspector, a free Windows application from Secunia. PSI runs on Windows XP, Vista, 2003, and 2000. The big advantage of PSI is that it scans for 7,000 applications whereas the online scan only evaluates 70. At CNET's Download.com, the editor's review gave PSI five stars (out of five).
Running a scan
The online scan is a Java applet and thus requires that Java be installed. Specifically, it requires Java version 1.6.x. You can test the state of Java on your computer at my javatester.org Web site. If Java is not installed, you can download the latest version at www.java.com/en/download/manual.jsp. I prefer to use the "offline" installation which is just over 15 megabytes.
When the Secunia Java applet loads into your computer, you are asked whether to trust it. This is normal, and you need to trust it to run the scan. The question is issued by the Java runtime environment because Java, by default, does not allow applets to see the local file system. Because it's a Java applet, you can run the scan from any Web browser.
The OSI page has a red "Start Scanner" button at the bottom of the page that doesn't start the scanner. Instead it loads the Java applet and offers a choice as to the type of scan.
A default scan looks for software in the default location for each product. A "thorough system inspection" (enabled by a check box) looks everywhere. Anyone using portable software, needs to run a thorough scan. A default scan is faster and may be a good starting point the first time you use the service. However, I recommend the thorough scan. Inquiring minds want to know.
Scan results
The first thing you'll notice (see below) when the scan completes is the report on missing bug fixes to Windows itself.
Secunia did not reinvent Windows Update; instead, it calls the Windows Update software and reports the results. You see this in the system requirements which include the "Latest version of Microsoft Windows Update."
What it doesn't explicitly mention is that the underlying Windows service (called "Automatic Updates" in XP and 2000, and "Windows Update" in Vista) needs to be running. Every time I run the scan on one of my computers I get the error shown below.
This is because I keep the underlying service disabled, only enabling it once a month to install patches.
I mention this because it brings up another questionable design decision by Secunia. If it can't communicate with the Windows Update software, it nonetheless gives Windows a green check. I think a question mark would better reflect the situation.
E-mailed notifications
When the scan completes, you're prompted to subscribe to Secunia's OSI reminder service, which notifies you by e-mail of significant changes to OSI.
I've been on the list for a while and get maybe one or two notifications a week. The latest one (shown below in a slightly edited format) would have come in very handy Thursday as a warning about the latest critical bug in Windows.
Hi,
Secunia has updated the Secunia Online Software Inspector (OSI) with new rules for detecting insecure software.
Run the Secunia OSI to make sure that your system is up-to-date:
What is New:
1) Inspection rules have been updated to detect a special out-of-band security patch from Microsoft.
You have received this email because you have subscribed to the Secunia
OSI Reminder Service.
Each e-mail includes a link to remove yourself from the list.
Despite my nit-picking, Secunia is offering a great service to Windows users.
See a summary of all my Defensive Computing postings.
If you use a Windows computer connected to a network, a newly discovered bug makes it possible for a bad guy to wreak havoc on the computer without your doing anything. The most vulnerable versions of Windows are XP, 2000 and Server 2003. Vista and Server 2008 are also vulnerable, but not as badly. Microsoft considers the bug important enough to issue the patch immediately rather than waiting for their normal once-a-month patch Tuesday.
Susan Bradley, writing for the Windows Secrets newsletter recommends immediately installing the just-issued patch. Then she offers some unusual advice, suggesting people first restart their computers "to verify that your machine is bootable." Can't hurt. Then she says to install the patch and reboot again. Her article also includes direct links to the patch for each version of Windows. If, for some reason, you can't run Windows/Microsoft Update you can manually download the patch and install it.
A standard of Defensive Computing is that the less software installed and running the better. This particular bug is with a part of Windows known as the Server service. If you are not sharing files and/or printers on a local area network, then you don't need to have the server service running, bug or no bug.
Making a Windows service not run all the time is called disabling and/or stopping. Stopping refers to the instance of the service currently running. Disabling means preventing it from ever starting again. Microsoft describes how to both stop and disable the Server service in Security Bulletin MS08-067. They also suggest doing the same to the Computer Browser service.
Anyone not sharing files and/or printers on a network should also turn off File and Printer Sharing for Microsoft Networks (the Windows XP name) on all network definitions. For example, on a laptop with both wired Ethernet networking and wireless Wi-Fi networking, File and Printer Sharing should be turned off in both network definitions.
If the Server and Computer Browser services are disabled, then some people might consider the last point (and the next) overkill. I think they are a good idea because it means two mistakes would have to be made to enable file and printer sharing as opposed to only one mistake.
Build a better fence around your Windows computer.
For still more safety, look into how your firewall is configured to ensure that it does not allow incoming traffic on TCP port 139 or 445. Again, this is for someone not sharing files and printers. Firewall configuration varies widely, but if you are using the Windows firewall in XP, the exception for this is called "File and Printer sharing."
Firewalls are the first line of defense against this type of problem. With that in mind, you may want to review the series of postings I did recently on adding a second router to a LAN to provide additional firewall protection to your most important computers. See A second router protects adults from kids.
See a summary of all my Defensive Computing postings.
All web browsers have bugs, but when simply viewing a web page can infect your computer with malicious software, the speed with which bugs are found and fixed is critical. It may be the most important yardstick by which to measure any web browser.
For Windows users, the choice between Firefox and Internet Explorer isn't a contest at all. Microsoft is slow in fixing IE bugs, being locked into a once a month cycle. Not Firefox.
Mozilla released version 3.02 of Firefox on Tuesday. It had a bug. Happens all the time. What doesn't happen all the time is that the bug was fixed quickly and version 3.03 of Firefox was released on Friday.
Anyone interested in Defensive Computing doesn't want their bug fixes idling at the gate waiting for the one day a month when they are set free.
See a summary of all my Defensive Computing postings.
The September 11th edition of the Windows Secrets newsletter included a couple stories about Windows XP SP3, trying to answer the questions of when and whether to install it. Back in April, when Service Pack 3 was released, I advised against rushing into it. But, it's been almost five months, is it safe to go into the SP3 water?
According to Scott Dunn, who wrote the lead article, you don't need to install Service Pack 3 for another year and a half. He says "... overall support for SP2 expires in early 2010, [so] you'll need to have SP3 installed by that date if you want general support for XP."
I view the SP3 issue as a risk vs. reward decision and the reward still seems small compared to the risk. But there can be a Defensive Computing advantage to not installing SP3 that has nothing to do with avoiding potential problems.
The risk of SP3 causing a problem, while persistent, decreases daily as more software, people and hardware get acquainted with it. You can get a sense of the risk involved by reviewing the Microsoft Knowledge Base article Steps to take before you install Windows XP Service Pack 3. As for reward, in one of the articles Scott Dunn tries to make a case for the upside of SP3. I wasn't impressed.
A New Reason To Wait
But, this assumes you're dealing with a normally functioning copy of Windows XP. Installing SP3 can be a great ace in the hole to have when dealing with a problematic or infected copy of Windows XP. I learned this hard way working on a couple computers for clients. In each case the near total refresh of Windows that SP3 provides proved invaluable.
One computer had been sent to the hardware manufacturer for repair and when it was returned, it was forgotten about, since it was old and just serving as a backup. But, when it became important again, it needed 99 bug fixes. Downloading the patches went fine, but only seconds after the installation process started, it ended with a useless error message and no error code.
Suspecting that the install logic for 99 concurrent patches might not have been well-tested, I tried installing just one patch and it worked fine. Then I removed a few that I suspected might be problematic but the remaining 90 failed to install. A random clump of 5 patches installed cleanly, but I wasn't going to sit around installing a couple patches at a time.
Service Pack 3 to the rescue. It downloaded and installed just fine.
Another computer was blue-screening at startup, just after the Windows desktop was displayed. By the time I got it, things had improved, only a background process was crashing, Windows itself remained up. But, as soon as I clicked OK to the warning about a serious failure, it failed again. The Microsoft online crash debugger reported that the offending driver was for the WiFi network adapter. But, updating the driver didn't fix the problem. In fact, the new driver had a new name but the crashes kept occurring in the old driver according to Microsoft.
There were dozens of available Minidumps, but I didn't feel like tracking down and installing the software to read and format the dumps. Much of the information in the dump is over my head anyway.
Here again, Service Pack 3 came to my rescue. Since it was installed, no more crashes.
SP3 is like doing a repair install of Windows, only better. It's a nice fallback option to have when things go wrong.
What To Do?
There is no one right answer for when to install Service Pack 3. Me, I'm hanging back for now. But one thing every techie can agree on, is the need for a disk image backup before installing any service pack.
If you haven't installed SP3 yet, then be aware that Microsoft offers free technical support for installing it until April 14, 2009. Depending on where you live, you may be able to speak to someone from Microsoft on the phone, use an online chat or communicate with them by email.
And take a look at the Windows Secrets newsletter. I find it worthwhile.
Updated September 12, 2008: Re-wrote introductory paragraphs to make things clearer.
See a summary of all my Defensive Computing postings.
The New York Times published an article on Friday about Windows Vista that included this: "The main problem with Vista, Microsoft said, was that given the delays, uncertainty and significant changes in the software, the rest of the industry was not ready when Vista finally arrived."
This is, of course, self-serving; companies rarely admit their mistakes. How convenient that the fault lies with the "rest of the industry."
In fact, Microsoft released Vista prematurely. One can only assume that there was pent-up pressure stemming from the delay in getting it out the door. But few Windows users care about the delay. What made an impression, to the non-techies of the world, were the initial problems people had using it.
In the quote above Microsoft was referring to the lack of hardware drivers. They have to shoulder some of the blame for this, both in terms of not working sufficiently with hardware vendors and for releasing Vista knowing full well that driver problems awaited early adopters. Then too, they signed off on calling under-powered computers "Vista capable".
On top of this, Vista wasn't fully baked when it was released. The huge number of articles that suggested waiting for the first service pack is a testament to that.
In fairness, the same can be said of Apple. Leopard (Mac OS X 10.5) too, was far from fully baked when it was released. In this regard at least, Linux shines. There is no marketing department or sales department at Linux headquarters pushing the operating system out the door before the programmers say it's ready. In fact, there are no Linux headquarters at all.
Hassle factor
The Times article goes on to say: "By now, Microsoft insists that most of the frustrating technical problems with Vista...have been resolved--and many industry executives and analysts agree." Assuming, for argument's sake, that's true, the out-of-the-gate problems aren't the end of the story.
Vista has to be better than Windows XP. And the judgment of whether it's better or not varies with the audience. While techies may write blogs and articles, nerds are the minority--most Windows users are normal people with lives focused elsewhere. And for many normal people, Vista just ain't worth it.
For example, I can drive a car with an automatic transmission, but not a stick shift. Assuming, for argument's sake, that stick shifts offered an advantage (perhaps better mileage), I have to weigh the advantage against the cost and hassle of making the switch.
For many computer users, Windows XP works just fine. It's familiar, it's what they know, it's not a problem waiting to be solved. Some can barely use Windows XP and may not have the ability to adapt to anything new. Technical change is fun and easy for techies, but the same change is hard and/or distracting for others. I deal with many non-techies with jobs in other fields who could care less about operating systems. Their computer is a tool to get their work done and any change is a nuisance--perhaps one they don't have time for.
The keyboard on your computer uses a layout that was chosen for reasons that no longer apply. Yet, who knows how many better layouts have failed to take off because they couldn't overcome the hassle involved in changing. Once someone learns to type on an existing keyboard, the benefit has to be huge to switch to a new layout.
Against this background, Vista has to be better than Windows XP. Much better. Noticeably better.
I don't see it.
I don't see Vista offering sufficient benefit in the way of must-have features to make it worth the changeover hassle. On top of this, despite whatever strides Microsoft may cite, Windows XP will be more compatible with existing hardware and software for the immediate future. Thus, XP is still the right decision for many Windows users.
Businesses choose which version of Windows to use and most chose XP (see Intel and General Motors). Consumers, by and large, don't choose, they are force-fed Vista. That's a shame. In part, it has led to the resurgent interest in Macs (along with the commercials, of course) and may well lead to the rise of Linux on Netbook computers. We'll see.
Update September 7, 2008: I'm not a Mac person, so my analogy about Apple also releasing an OS before it was ready may have been off. A commenter below said: "You would be more correct in using OS X 10.0 as a parallel example, which was released way too quickly, and was full of bugs. OS X 10.1 (which had all the fixes) came out very quickly after that, and was distributed to all OS X users for free as a partial apology."
See a summary of all my Defensive Computing postings.
I'm no fan of beta software. Defensive Computing means never dealing with new software, be it in beta form or shortly after a major upgrade. Experimenters and the curious should use virtual machines.
Now, from Sunbelt Software comes this warning about the beta version of Internet Explorer 8 and Windows XP SP3. In a nutshell, if you install the first beta version of IE8, then upgrade Windows XP from SP2 to SP3, then upgrade to the second beta version of IE8, you are now married to both IE8 and XP SP3.
You can see the original blog posting from Microsoft or, better yet, avoid beta software as a rule.
I'm no fan of SP3 either (here and here).
See a summary of all my Defensive Computing postings.
NASA confirmed this week that a computer on the International Space Station is infected with a virus. (See "Houston, we have a virus" at The Register.)
The malicious software is called W32.TGammima.AG, and technically it's a worm. The interesting point, other than how NASA could let this happen, is the way the worm spreads--on USB flash drives.
Randy Abrams, director of technical education at ESET, alerted me about this. Touching on both interesting points, he said:
To start with, no computer going into space should have autorun enabled. Simply disabling autorun would have almost certainly rendered the worm inert. Given that age of the worm, and its low risk ranking, it is probable that current (antivirus) software was not being used either.
(Credit:
NASA)
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft. Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC. How convenient, both for end users and for bad guys.
Abrams blogged about this back in December, and I wrote about it in March. In that posting, I described how to disable autorun for Windows XP and Windows 2000 and I just revised it to include Vista.
In his December blog, Abrams writes, "Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims."
Don't be a victim, disable autorun (also known as autoplay) for all devices. It may be a bit inconvenient going forward, but to me, the added safety is well worthwhile.
See a summary of all my Defensive Computing postings.
Bad news: Service Pack 3 for Windows XP, or one of the subsequent patches, breaks Windows Update. Not all the time, but often enough that I got burned twice.
Good news: Microsoft offers free technical support for Windows Update and that support provided a solution to my problem.
While consumers are conditioned to call their hardware manufacturer for technical support, Microsoft offers free support for Service Pack 3 for Windows XP, IE7 and Windows Update. Support for SP3 and IE7 is offered on the phone (866-234-6020), although, I had a hard time qualifying. Support for Windows Update is offered by email.
(Credit:
Microsoft)
To request assistance with Windows Update, start at the Windows Update website (Tools -> Windows Update in IE6 and IE7) and click on the "Get help and support" link in the gray stripe on the left. Then click on "Send a problem report".
The best way to do this is with Internet Explorer on the computer with the problem. This allows Microsoft to download an ActiveX control that gathers assorted debugging information and sends it back to them. In my case, this debugging information proved critical.
A Microsoft technician responded to my plea for help well within their 24 hour goal.
My problem was particularly annoying because there was no error code, thus nothing to search the net for. The error message simply referred to "a problem on your computer". In addition, a review of the update history (click on "Review your update history" in the left side gray stripe) showed no failures at all. I had even checked the system event logs and come up empty.
It turns out that Windows Update has 2.5 activity log files.
In addition to the "update history", there are two plain text log files in the C:\WINDOWS folder. The "half" is a file called "Windows Update.log" which doesn't seem to be used any longer. I checked four XP machines and in each case the file had almost no data and hadn't been updated in a long time.
Update: A reader named Joseph pointed out that this is from an older version of Windows Update.(July 27, 2008)
But the other log file, "WindowsUpdate.log" is a gold mine of information (this file has no spaces in the name). It was included in the debugging information sent to Microsoft and revealed that my problem was an error 0x80004002.
The Fix
Windows Update was resuscitated with the oldest trick in the book, re-installing the software.
Microsoft's first suggestion was to download version 3 of the Windows Update "Agent" (file WindowsUpdateAgent30-x86.exe) to the root of the C disk, then run it with Start -> Run and the following command:
C:\WindowsUpdateAgent30-x86.exe /wuforce
The installation was quick and painless. On both computers, this fixed the problem.
The link to this stand-alone version of the Windows Update agent may change over time. A technician at Microsoft suggested getting the software from here. This fix is also offered here, for a similar Windows Update problem.
How widespread is this problem?
There's no way for me to know how widespread this problem is. If you've had problems with Windows Update after installing Windows XP SP3 leave a comment below.
I don't use Automatic Updates, but if you do, and find the yellow shield never goes away, you may be experiencing this problem. To see, try running Windows Update manually from the website to insure it can install patches.
A brief search turned up forum postings at Microsoft.com from others with this problem. This thread, XP SP3 Preventing any other Windows Update Installs, started almost 3 months ago.
The thread includes an email from Microsoft technical support with three possible fixes. One of them, involving re-registering DLLs, was my fallback if the first suggestion didn't work. Scott Dunn from Windows Secrets covered re-registering Windows Update DLLs last September in Stealth Windows update prevents XP repair.
Finally, let me repeat a warning about upgrading to Internet Explorer 7. When you first install IE7, you get a known buggy version. After rebooting, run Windows Update immediately to get the patch shown below
Update July 27, 2008: After installing XP SP3 and all the subsequent patches on three more computers, my best guess is that the problem has to do with the type of license for Windows. On all four machines that were purchased from the same hardware vendor (very different models), Windows Update broke. However, a copy of Windows XP purchased at retail in a shrink-wrapped box had no problems with Windows Update.
See a summary of all my Defensive Computing postings.
On two Windows XP machines of mine, the installation of post-SP3 patches has broken Windows Update.
I first wrote about this yesterday, when it happened on one machine. Today, on a computer with very different hardware, the problem repeated itself.
In both cases the computers had no application software installed. Each had only Windows XP SP2 and a handful of vendor installed utilities. Neither machine had any anti-malware software of any kind, not even a firewall (other than XP's firewall). Both were running Internet Explorer 6.
Each time I started by installing SP3 and rebooting. Next, I ran Windows Update manually and opted to install all the post-SP3 patches, with the exception of Internet Explorer 7. I prefer to install IE7 by itself. The patches install fine, and I reboot again.
At this point Windows Update no longer works.
As I suggested three months ago, it's best to hold off on Service Pack 3.
Update July 27, 2008: This problem is not related to IE6, it was re-produced on two machines running IE7. At this point, I have tried to reproduce it on five computers. My best guess now is that the problem has to do with the type of license for Windows. On four machines that were purchased from the same hardware vendor (very different models), Windows Update broke. However, a copy of Windows XP purchased at retail in a shrink-wrapped box had no problems with Windows Update.
One Windows XP test machine started out with no service packs. I installed SP2, rebooted, installed IE7, rebooted, installed SP3, rebooted and then installed all the post-SP3 patches except for one. One patch had to be omitted because without something to install there is no way to know that Windows Update is broken. Specifically, I chose not to install KB923789, an update to the Adobe Flash player. The post-SP3 patches that I did install were KB951748, KB951978, KB890830, KB951376, KB950762, KB950760 and KB942763. One of them broke Windows Update.
For the fix to Windows Update see Fixing Windows Update on XP SP3
See a summary of all my Defensive Computing postings.
