Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Dr. Watsons Longhorn Makeover Raises Eyebrows



 By: Ryan Naraine
2005-05-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


  Table of Contents:
  1. Dr. Watsons Longhorn Makeover Raises Eyebrows
  2. ' Opting In May Not '

Rate This Article:
Poor Best
Dr. Watsons Longhorn Makeover Raises Eyebrows
( Page 1 of 2 )

When Longhorn ships, Microsoft plans to change the way data is collected via the Dr. Watson error-reporting tool, causing some users to fear for their privacy.Microsofts Dr. Watson error-reporting tool will undergo a significant makeover in Longhorn, but changes in the way program crash data is collected and transmitted have raised eyebrows among privacy rights advocates.

The Dr. Watson program error debugger, aka Windows error reporting, will be revamped to collect more than just the dump of the memory image when an application crashes.

Although Microsoft Corp. will set up a strict "opt-in" process to determine how data will be collected, security experts believe end users will find it difficult to sort through the sheer volume of information.

Russ Cooper, founder and editor of the NTBugtraq security mailing list, was among the first to raise privacy concerns.

"[T]he vast majority of consumers wont be able to navigate through the volumes of data to make informed decisions as to what they dont want to send.

Resource Library:
"Microsoft has said the data will be submitted anonymously, but its hard to see how a submission will be useful to the person who submits it if its done completely anonymously," Cooper argued in a published column.

In an interview with Ziff Davis Internet News, Cooper said the risks could be even higher in a corporate environment where valuable intellectual property and confidential data is transmitted automatically when a piece of software crashes.

"There is a real risk that data could be intercepted," said Cooper, who doubles as senior security analyst with Cybertrust Inc. He described a theoretical situation in which a malicious hacker could trigger a denial-of-service attack against an application and eavesdrop on the error-reporting dump transfer to hijack data.

Longhorn will not be built on a .Net framework after all. Click here to read more.

Cooper believes that the automatic error-reporting coming in Longhorn will help Microsoft in its quest to stabilize the operating system, but warned that IT administrators will simply turn off the tool to avoid problems.

A spokesperson for Microsoft downplayed the privacy fears, arguing that the user would be total control over any data that is collected.

"In Longhorn, the first level of detail collected by these tools does not include any personal information. If additional levels of detail are required, consumers will be invited to inspect the data that would be sent and only after they provide their consent will the data be sent to Microsoft," the spokesperson said in a statement sent to Ziff Davis Internet News.

"Data is used to make the entire Windows ecosystem measurably better over time for customers," he added.

Internally, Microsoft executives dismissed the issue as "paranoia" and stressed that any potentially sensitive data would be transmitted securely via SSL (Secure Sockets Layer) encryption. A company source insisted that "mini8dumps" or other requested data will only be collected via the opt-in process, and argued that all terms will be clearly spelled out in the Windows Privacy Policy.

However, if theres anyone to blame for users initial fears, try company chairman Bill Gates. At WinHEC this year, Gates likened the Dr. Watson makeover to the data recorders used during flights to monitor cockpit activity.

"Think of it as a flight data recorder, so that any time theres a problem, that black box is there helping us work together and diagnose whats going on," Gates said. That description suggested (erroneously, according to insiders) that the tool would continuously monitor computer usage before, during and after an application crash.

After Gates WinHEC speech, the company huddled to contain the damage. The message from Redmond was that no information, under any circumstances, would be collected without user consent.

Click here to read about Microsofts "Palladium" security in Longhorn.

A source stated that only data that is absolutely necessary would be collected if the user reporting the error hit a particular type of crash. At that stage, Microsoft would ask for a description of the problem and default data, which is described a "crash minidump."

The source acknowledged that, in some cases, the minidump could theoretically contain sensitive data. The information in the minidump is described as a small snapshot of the state of the application at the time of the crash.

In rare cases, small portions of documents, e-mails or IM conversations may be included in the minidump, but, even then, it would not be enough to qualify as a security or privacy risk.

Next Page: Opting in may not help out end users.





  Reader Comments: Dr. Watsons Longhorn Makeover Raises Eyebrows
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Windows Articles          >>> More By Ryan Naraine
 


x}r8s;iW1ŋvI%5m[KU %B!)rbbq3 -RU}\QDD"3H${$sG7L{B.cnQ?sOG3齿O$w}L9UQ#C3W)92 E]0eNznDzq@^cFwD%x_@jO @.Rs2 Z9esO/#nO~e0-ڶAq6)6N0,,Z P8$p$Z=$?*B4eG$oqX}؁䛿S=2t3ݛ6BTuK$!1QcDOwг{/PQ~jXZ -gt 4"X'[vkx!Dy!rs#g ݻ`$nPr&N7w#205b )V,#&3ýб:s `p)jX{n_%z(swߘekfy3?b Jg3F~3G_:nN[77VGNפ9i>9sِlnAZ|^kU[{_C燙EXCyCa#U~Ff=jio]}8>$7Yn[gs`HmDm[ܾ̑\R yǛka(7F`X@7? iP2\M8Zujt0kPko43@_x0Nusns'@kFPYT`6R\ 9lb v!fByM)oz@@ZR~nV(US%EI7#DD v2#~B(pHq> z%e1\sd>U<8~^oVV͉:]XYujZnE?iQw9qn?\[wսuEkoǫuw#вnZFI9QM}{Qk+%YE*G@8ʍ??5m!S[ö@ .Ss+< |0F;}F{g0PP?: pѦޣ83}45 @ Ln0i\+Gݺ~LnXŞ+ Q߭F#m|@T؎(??6 ; G`p&;xky05С4}a qjQ?]*3<9d} o  馥M L<ģ|D }p ]x9-RC/1tK@H hI#r Bг1,`@o!``P􎄰R1iJlRi sg RTD;7 KŔ=*%nqR%a 934YIjL=?Fu Q򍜈="`&Qea*0pRx5Qn-`oʑUtDބxlLX,ՙxnZi &𝀴t0OiH\U}ɲEg0sO<sy h? OzuG VV̚s=R.ƃ5‚L;ilQ@sfڰ`) 0|Ch2!isM/Z&5SN`3%ql9an5Ɖ<\y͏S@}Q>jguϙܑ-ӾȇRoBoڅRT眺_dA_fMjlȌu>IVB17O wf@nmhIJ:#w4)dz~#Jݸ^`3h{q#%IAg=U檳@tlX+nMo?JՍEI8Jەa]jk-T8W7Bɶ/²xcP6B6Rk šaY^`(ytMʆТ-iM*c#|söV/U OG,-s9Za5sV@@@7h TlVCax5Zz' As,\OT\r /6*'l|0ː ;u- CO5,v&Vfj:Y[~2.|O V,'0{ gб3a|ea;m eSKq6Om V9Je!6c{i-6ӮWKHLZ`!?RP՘$'i/#Y /9-0cY}6aDm6#(MEZ"=G΁4MD85[/OAE-4$qx3??uPV&<[J?}uVN0\?@R)Ö13ghim&{ǙXT'/łx_ℯ/8ݩM?? L4/~RjzCG>s}G>N-â-h'(0v *5TJR!<,`P.Q9Ufj(87~Ɋ`3 خ crAmhv~9N(k589'& B1&GJFg%:!pwC*2GԻ5ubH:G:0ݛ,()yന^u/iYOS)&V$tu| `_ nM==WK$*XGv=3hTa6uUԪ}VW{%|h#Q `! Kx{ZCAk1۩w\܁c:P>H(Tg7gMEH]ac6U{z@n)Z-MӓU;4 Ϣ#Τ͋p#[.|zK>'8MG9Fi$]|;P rfVȍZtNd_&z}G ϓ{jZ)ߗ,09W|)3p321Ow}VApaqgX]U;A9Tb9JiRx` fΌzliNM= h˃Q̓G\\7h#tDo0|7=#S$·RiEmT)玾ߓJ\}ĵ) rA-GYdQ.|aR)*`W%ɠK= j \h?C M8qm oRٟ:sɖBz_KLCVj3,`jBUܘKFDccb^f>`UGS( L $q}* N=A@W?g}e_:m^t?&~fm?<u!aa="g~`}܇4._eCR:"jueK\4߷p-:%5ރ6 `i8~{D]qׇ́ĽYjZ56|v>72DHv4|w/Υ{޽Gy-%Ws=ADHC䄬W!yNFSLuk;d4)(gjmXc?tgL6tڗu}͙b9kI.Dz=jW'27hc7Skޚ( V`!旁1d|PR# (ʑHR ~tDӻ:o~dun/2 m ,Щ cALFrEl&zRG>egIəπ/QIQ):*9Q{_akѷo9Aߐ>O1Ok7tExW(hLVfsF;HdNlp jwz`ySrF4/_"Tc8LMàv)fTDxS%Oޡ)-&GXuT䵤 g[UHN~DC.6OY-`0!9˫|1{~T*۾l3{tQH4S `/#9ʼSsaZ GW ./W3k{R̵j 2aє{`ֳs@לπ(|s9xf"64NlyWy#KxESrcW}V7ʳ/q!~<,?4niueO5i^~ꟁ&m_ |1$?[С;#|$~>xFM{uS意G 93rĸEۨ+˘a4FKp?KoؽҾ28 0^l"4P$yUZVU $]d%FtZx@2M#}ݾJfzӼ2hAxn>7 <}tK7bRJ?A?'GLw.z@z@pw6{Zg%QJ=,qM@jjiIr\<~^YZ䑽أp ,$>?Gko D:*p&޸ Qh*yJ#rIRLAXDHx&̴uϷ`x~Y;}c=#G蕑O{/TU(59"J9;_zZ|?^wS !t[ rTGc/pKC|EiK (ɽqWUZRIłSJkA{i#ߧМ%qu^ R$w%u?\JySXbFMu}h/Aa y%?Fn*{9A;-6zɄO:d(΀{, XSvHVK?(P6N̓1p$aɂnβ A>sBld5=exu9 NS^>8V 1(6poGa\{2S˙~lOӊػ,3O2X!ajboX7=%a4)Yz%.<=xqY17bܒjJԁ['KZiŗΊo>'1#^r'"!xXOOo @ǎA=lP|Y LkO⼌tKܐsEG+%C+mF2p A%~x%]0,64$hEIOBE&S)"oyra,MP 7s~\;, Bnd g,()N`H_ҥ+t0GL-R PbKz$@&A⹎N E@yJ85%S88YBNί^㰿.z$UQ ~Ӟo#1a õZ =G*J.qIgYXnL =a'7tîT$Uv /f.X qM-Ӿɛ|),w$_R%X>g0W.bxRP(O-z^)RZJ>I!% ͓8U6Bk})*~q6^kK K X#tF/+K_]-, RG%]^epP?"d#HdnUw--o^t{6|)aib s >6._M7fUӰN^~)"UVIdynDƟԙ[tJuO:zΌJݞTTRIdxӟpxt{_2y&)B*nK2U奘j6.@S1nI-`:fBP"1(T I"గKH")EI-ob8±R~c33U oooo{qU)W经c^dfY< 0u0)s{"ٗ"WIUd Cr9$ aF/0K5{Upk;5&TŰwjl.rJ/5z„i~Ϋ"l8Ylo3x=j$Ȱ6u-9żlTV$vNחpd ŗ'B lEYwLcsٖcUL(NqW y ,sB^3T}̺ͬB;6ГZPa?\AƋ2.3Qߜߜߜߜߜ8MkesQb( Ͽa(~0 UV.?(Cku\Nlխ! I/8/@޶Í*1 X5=0#&3m79{Go|-%vԗƦ:e|Lj;w^'\yb|FِGlOX% gR)$xma2P|֩ pf7,]/mñʩ^#w*/5 +lyث(ȝa7`.rW/rDR| -˿28rO|k vs)D ̙1$B(Am`*d;1ÕL%Ij~ж}A˽=V4iD mY[`}XE0m-mYޣ3玮{UZZJ niiw>no`.:- @ɼ#l$5̐ؐ,l%I"q0M_LJ\k/Lؙ: Փ>.,^kOuvy1HK%XS=o략 Mq(,6K&Q,[S☤B2"(S[]ă08]3(OqW'N Ù`\oN+r P:ς])s!aZ;AgYV$e.a+i+K9Iˑ1;^h``fڟ,\yuuvI^ۤwrݹw}޽Y/W;sm}:^}:\;\#e|j5<6/*v(P^6/NSʙ`Q{µ,% y*wDE Gcqy^ L ۋ'Q?B)Qe; \CĨҫSi0LL<7[veS+t?gg:^.9q Χi7Q`1D 'M&7bQ>oIk&5+<v<((('MfFyʻ-AQ~'O>y(ku6wZFQu2CL2dK/Q ?m.?ak\d"" >"@ \@/2Ŭ2zˏP1 2(rˌ̐Kˌ  _?2 ޿x:z^F{^F ׇ ʡ31~7P~U{7MF77$)cf5pvJEsQ^53T}~)P5(ge3Vڍna{Ar!{F@^~bsum%R+ ]Q%=Mk[I2}W:c|u$X2& r hxVydb bye/?+( wOʻϝ!i҇Kd^ WsU}Ӊ0VbMdG,E<m} sbžȾ)1[QǒGl.Ñp[{%?|sa[ 09N~̬(^Л؃~r mh7W,pK|􋧎` }.omG;yh#62vf;w S췡^2<)egeA:*5OKD,1| e%Hi0\-n>QXV՟p3nc&Hy>jo|V/O*8uߜ:I<w} VX&@Y$'}p)1DZ=S jhN_i{N|7q 1Y&ƎIΝrQӊj~JR}'\[دa8 "(`DdU*[ZX,.g /(@#غ̷xR#xC7<8aRq p+E!|@Zh^zIc֤`DyHe&MMx]Vt-SLit.Z|5h_uiH-'c@ԯN`Xkt J7xjD823&ow^N݂k.,|[ (}Z4mc6H[8=ۺ9l؆"׈ZTw-=~"d`ZϮfB~.=.%лx^#1GN"CarٴDBO]׈nBaIg i6{Nz ̄0QxE@|?K+_yl x Qh/I'kQ`8'nU](gѝ7|Y\,##1ˌY Mc{Vk*q.w ivc4iq+D愽HaC4u;WeԢԱ"tHϱ=8wf0D6c«U/=ׇ"2cX t(,MaMY{N6 )4M뚈ѝeX!%i;j9.KPRJVm.Q ?n`n6{b"mO@Kx.^|3oVggvm|c*=S2m-)e'.r}7{,ݤdv/+ 0bŽ%OvQ>w. %CbF8] "!_Saniy㲁%!:}`S h9w3[T:9A&{5OeG.Lc(ŬBCd=)O?6'[nEG\<>bi xfyc< 9zn% / iKu_]HnvDg>6كl2p&s`ܐ}oDI COyw=HJ B ϱɮxبogn`Cl .3.OY% hWa) e71KLP`Ol3ӈj3w6G}dȱ(l}j͜GԋOg0xeѵhOyq;Z?] m-1k$~El=fu{+Wr1e~8Şi#|@ n[a׀5V`=2H]kqSg.(ZF#,Wc-ҭ<P0@~c.v^e܌1G\ ѨpSTUDl3^+S3{&**kW46* <Ǥ9-o@>1[?܋ϑ{̾16 Yf+1ݱUt g)d̅2 !N^xyu~ҕ^)I&_cQd+8*)ؐrm50X1'(NRK&t>f0 'Ɣ ϰ" sWexDh\NwRLFHf";]2*gA-F12%o,gkV"F깘 #y= _5>gvC%z1~X0~v1/渲Y>ɲƘ]>T{&Lǫ6cڅGSy6:|,ݐ׷$v"VKjMΡmbqR!fƲ 7cP. Yd-'oB@:S .xBG,?ɋ|P byx ^ŧ$NS?X|ړT+Oƕ)@Xqɩ8To?W˛ByڽK͋CRI>Rmv,_֊MZ2c{͵N_ lAt ,