Windows - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Windows


Dr. Watsons Longhorn Makeover Raises Eyebrows



 By: Ryan Naraine
2005-05-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


  Table of Contents:
  1. Dr. Watsons Longhorn Makeover Raises Eyebrows
  2. ' Opting In May Not '

Rate This Article:
Poor Best
Dr. Watsons Longhorn Makeover Raises Eyebrows
( Page 1 of 2 )

When Longhorn ships, Microsoft plans to change the way data is collected via the Dr. Watson error-reporting tool, causing some users to fear for their privacy.Microsofts Dr. Watson error-reporting tool will undergo a significant makeover in Longhorn, but changes in the way program crash data is collected and transmitted have raised eyebrows among privacy rights advocates.

The Dr. Watson program error debugger, aka Windows error reporting, will be revamped to collect more than just the dump of the memory image when an application crashes.

Although Microsoft Corp. will set up a strict "opt-in" process to determine how data will be collected, security experts believe end users will find it difficult to sort through the sheer volume of information.

Russ Cooper, founder and editor of the NTBugtraq security mailing list, was among the first to raise privacy concerns.

"[T]he vast majority of consumers wont be able to navigate through the volumes of data to make informed decisions as to what they dont want to send.

Resource Library:
"Microsoft has said the data will be submitted anonymously, but its hard to see how a submission will be useful to the person who submits it if its done completely anonymously," Cooper argued in a published column.

In an interview with Ziff Davis Internet News, Cooper said the risks could be even higher in a corporate environment where valuable intellectual property and confidential data is transmitted automatically when a piece of software crashes.

"There is a real risk that data could be intercepted," said Cooper, who doubles as senior security analyst with Cybertrust Inc. He described a theoretical situation in which a malicious hacker could trigger a denial-of-service attack against an application and eavesdrop on the error-reporting dump transfer to hijack data.

Longhorn will not be built on a .Net framework after all. Click here to read more.

Cooper believes that the automatic error-reporting coming in Longhorn will help Microsoft in its quest to stabilize the operating system, but warned that IT administrators will simply turn off the tool to avoid problems.

A spokesperson for Microsoft downplayed the privacy fears, arguing that the user would be total control over any data that is collected.

"In Longhorn, the first level of detail collected by these tools does not include any personal information. If additional levels of detail are required, consumers will be invited to inspect the data that would be sent and only after they provide their consent will the data be sent to Microsoft," the spokesperson said in a statement sent to Ziff Davis Internet News.

"Data is used to make the entire Windows ecosystem measurably better over time for customers," he added.

Internally, Microsoft executives dismissed the issue as "paranoia" and stressed that any potentially sensitive data would be transmitted securely via SSL (Secure Sockets Layer) encryption. A company source insisted that "mini8dumps" or other requested data will only be collected via the opt-in process, and argued that all terms will be clearly spelled out in the Windows Privacy Policy.

However, if theres anyone to blame for users initial fears, try company chairman Bill Gates. At WinHEC this year, Gates likened the Dr. Watson makeover to the data recorders used during flights to monitor cockpit activity.

"Think of it as a flight data recorder, so that any time theres a problem, that black box is there helping us work together and diagnose whats going on," Gates said. That description suggested (erroneously, according to insiders) that the tool would continuously monitor computer usage before, during and after an application crash.

After Gates WinHEC speech, the company huddled to contain the damage. The message from Redmond was that no information, under any circumstances, would be collected without user consent.

Click here to read about Microsofts "Palladium" security in Longhorn.

A source stated that only data that is absolutely necessary would be collected if the user reporting the error hit a particular type of crash. At that stage, Microsoft would ask for a description of the problem and default data, which is described a "crash minidump."

The source acknowledged that, in some cases, the minidump could theoretically contain sensitive data. The information in the minidump is described as a small snapshot of the state of the application at the time of the crash.

In rare cases, small portions of documents, e-mails or IM conversations may be included in the minidump, but, even then, it would not be enough to qualify as a security or privacy risk.

Next Page: Opting in may not help out end users.





  Reader Comments: Dr. Watsons Longhorn Makeover Raises Eyebrows
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Windows Articles          >>> More By Ryan Naraine
 


xv㶲 ;^+(}LRlm,oKNYZ I)R|Ifsּw߽ dYf0TE[\Ϥ^=Am۟@u 5q9:r z=>;| `OS{S uɔZiPلQߗ>}^~b .pvL⎳Qm xuK%yCDRɏm~O|׶#8,>v@ߩADL&þM"x<&j>wl3GdY (ƻf {iZvP;Eyah -\r.",ս@M*6 D=iTV,w2*-&;1ґk)e 5\`r*jXY6tG,> H>1`?wIV@h ɠæq/!_Cp`eFSKjF=Ķ|hG's:t ̿{׳#ݸx1³L`E-"GlR =y7uJazH&5\O, EsؗCYͼ.`E3l˸;4 HSKVUBX)ڑrwwӽmY[~1ϕiR/:g9(֝hnKVj0U;ާ;yԸ} Vb}" @D%\.fI"0i5tt򰞄:AHsEF j|%R+ iɥzd$is)1N,ԐX;AK~6/˫NM퓳NlM,!R42V,^YHAu|qݹhwEZOvI᳻i ɗVy['^<$~z>5401\]Z-$53eLusBr,_Nd5h_s`Bi۲ܾȑ\ yכȃ+aXY|Dͼ94oߦIfw[ 4j5+tUT7o`H2 3I_ 붞;j\K0[=RF \ a#|`Mil&XJp7є6`I*2TI0%mQq:]R$y3DDȭ g3E94>BBp4<01FpJn.r? [ʚ&gfeUYWaLozLUE~?u~}8^$glh|*$]ezrcZԷWJϏV)AbVq+-~~j2B cLt/ lB`:~g#LQZ#q!9N: N+/Cͥqf1@ T^a ;p|w͇z9ԅaKUԇQ^i5PCGA :]TR}>tq PhRP<sz7Z@[3衟%j{t$t4/f{@`^@89ppYY?0@]ub Bݷ|{ޚouG *QsaPBԁ!~9.b&A/tKt=JIALh"D&  TAǰEFNlbo(O$^I-TbDJOq$wJ"JX*QYlp[/ rRdZ0u 򃜈<"`*ˑe*0pMSx6QnZbަ!B~^Y8&O\YJh5 HJ˖o9䐎3ttwa O︐Æ[|k|{< 6Z|-Gs{wDf+,o>,>HQox@63ˀ%4+dpPsg <`tP,jp>q|}I%/*8bp; y_*޻ĦTQ݂*׽ RN](Xk°&>l<\P`t>* eX) 5*:Ixm"`/ˇ%ʹ谣H }j,mQIV0 l" ?ŤX TkQ Gť5 GφSL1>̌:k}\WJZPK{iyAPsVv-"fdbDF4@s@5ŴB+xn |:Ra{ނ9"zfnހWIJ(L[_JO.OVUШ4> ͋yL\Gtoᄛ,OqgSk14rljqc0g<}'ZhQZBY@ & ϛ/j>ϣ"CW5KʗɈBŜ"K>AJ׌U:\Kln?,fLz_jlXd w- 1b.~e-&sctd[(ssMl7b ڵ +mALa\TPY\|U&CUX)TԒ/YXᐋ^vdή hx;L Ll'ĠPȣS&ZmR*+na/ew!ڜP? &i:^ISΛY*`2I$K{ a&LXu@j:, U)7OLJZZ$lp z􁮢cU4qyi7L5Luox< x5H;O5q[P7@|PInI墦AkR;~O;a#ҵLƈ Q@Z: GdQ.|eR)*7%ʠK Z8`<"MMXh?=a?u-492=ZgaG^P(㜘^~?؇^kUeQbcE6 Ԇk{J~Zg^p 4(+?gs@:mv; ^;N0v 0WK4.mXJVCR:"+%um~m1%|˾WMw $ȅ XMp#fOճ"ju.KWmv> 2w4H4r z]ۼz߹_>-#r޹hK^KQ\# R?!pSv*aSڎ6N ̋#Z[?80KD8 mÀ@ c]WXЧzɭӱB3ZMUc | A06y8eR쭩]59Q%l67 FWE'k;te{--'2}m1џ.W` eڃ͟&Vrۨ':H NN|>os_"@#ppFPxc.A)H7ԾJ>$S4QJ"g8^;)~ڲ/CY(^Hc۽; {v@Iu=LP'i&.sK7t[b-ɔbJ49wyH3%dBE۰=IҲYGƐ&P, f|ʊ R!*=Yeb{ҀĴ&{6wg^%J$cζ!ė4 yR#A[xqXt!}6PגR4\һoeU! 0>)'fP'z@+,mTVHx7s,: ȓ``/q" he֩ҊN}uкB ?ݡC5=IfCs5z2SS6^u?y{do&<0Yz$AC~kM|rBǔ~imԕ,`6 }Np?Koҽ{᧥sest#VR{b{I2$BUUk ;ɾZDVeΜtї^t+<2gx7YU x3D?.ye919gnP;-Ӈz2GPϣk~=ϸ2]a O}Yj}D.]9n㚨p;D98y^Y8Z䑼DqD%t`5o14Ll*z3=}v9[vÏ5&<,5ȥn4?t79wFf#AVާA35ro2Lx!@KaP=x VɋX"LYt)=; 畾px&rtϷaxY;)}YT>ꪪZQjr+= " h]ynŠBGܐ0~!"3~R2:d f fg@{eܧМ%q#v^ b$w%%e?LJy [b4FIu!}h/aAay%?Fn{9A;-6Ʉb;d9|'Cv$<f^@ CjZHchF9ܷqŽ!!c-DHtuteP {' b$ &[.l8Nyii첎Fp(t#q?,mEa#QnjqvYPg~dBfzK$"B6S{sgTbR2H"F#px*3QbaǑ7v+YRݖJ/ET,--Ӿ (,l]Q(!Wj15 \3 AĠP2P$ ^/!JvFCc;\ERZޖ/EpQ@K v҉kH<)w˜JbN] 6J&kZ2/"AE.0_B=-'TzMBAݳ\_LPJW%tn$"bF@ % (A,-`@!ɀuUK )*=7JHzSYf`7B+oooorE*7Ʋ%d3AP;TL<`\'e֝/{$SEKYq;}=%spx^-IM{muS h7}wkay Ic \t>3X6q!"A$1DK1Cp%{Ϩ%^kAt6|Ϡv H!*1|-I$=dz\@Z@mI/fNv{]= |XVo'=Ɓik(>ItHŗXu$ dE͵8Gg-] 6+Ec%Zv'&w[-װ~@m@ȼ#MlD5Vfs+l%"Q0M&å)⌱fnm9 BI4R "J+aiq פKt:}/ 8eQ ^|j~~i//m~mO- Z/" 6m{;pO̦}-G^P4o&qn =9.AgЭq652,L r=\΀Tnp=jh $Ϛ`*e ՀګRѪE5pFw`yPJ#ڻḱ 4TOdG=yԑ8mx##/bZN{ioeVa*eS֌0X>lgN((%NYm&|]cC?F@G0gۡWǪcjFMxA:`B78X{ ; m HXcEԞNxׇ}َU݆õnՂOt)@P\'vz9~ȋ: :Β2Wlm?ڒVo5JzK(ӘFLLaLwtQ סрHsa`߷b~m+sYl'FE9.&MSM/_Ō\>fF+5mB<1ExOU TTbЭB1KM;IP}3Y?d=`'t2u/x߽G!VU%r&C+ 6'm\ĮOuc:&|v߮EG c /;rth&7\9P[D8@`m¬܏@BS&Gd&$1rs4 ;ʊWH7}H[g'郀tZꈁ$0e슃\(ag\B @q4f\}G +@Ff< g``#osd|}^$R좲" 2'E»<.c犰8<_ܰn?Dr6Б`5b'r"!|c.JM)`.?v.ڗWAqj50v>L5mkLI/P^4m,(NL3\H^Dƒ<^;OKvE3@eqy^ ;O38Sv}YQBi21SlԖS|~ī#x]jɉkfHw>9ZZ-!z_U8j4Wa\q4ħyd@z\#TyD}Qyx?d f_A&Pj3#|? qsY'8lrN+#g:NF?sϐys9?π]1?]7c]͂f f fx@ D'gdw!{1?sw1=/=? ː/@q /3_\eOoA_ >f'1OO| 3ڿΠZ'I73yS*RqA/2ȋ৬|B]f ?CϠi7zZme˅\/^}NV*话˓^+a\銊gm5nǸJt16 2xԾ(K֡`ʼ7((wE6a+F&Ь-'hވu]f=g%aIY-0?$Ut{2ٹWޕ\~Ufe+tV1&ϋR<=sNxwY-j9“m(@9q}»2NC: k:5HQ3Z %CC?k p0t>RqFPgë^%^TE|x|fbV/OUq< 5'p"!H8߱Z! g~NqN]Q[tpzEWiTp8&n Bߑ:#\ԴZjRsG'Wd|.8 )`通DdU*.ZX,g/g2l]FJ ZCO0CX.Fฃ} lk".$1=: gǬP*VH6of)(^( ^"Tv&Ac(<)MqgqD4[o-XGnQ+wˡR g)b|+3}.ՇoϓA. E/^NCJ,6B 5tШ=_O2ń#2O 5U"zOB;P'GgWX`/YB/sb)H]#~YzF˫@O>%vA;׻rOa.<Egxe @ @JX v7n:֤`HOESVWSL ItXL/j1M45~ɱfL(1 kEFW RQb/N˩s Y|݅F|lPK/±-{˳mb@nԙ%O_T3FbΌ+dRx Yw|1GB8$" Ct϶y&z_x D了mvKz_1疳gO&S,|PCDaX'Tfg16IXR/!I]y0r'+ߝ)g;5|Q\֊,#!1˄I Mc {Vj*q/wiEc~:4!]?}83"{sB K0`^璑̀t>u>Kw0nר-"Xm񏉧{v U ^{3D3$0z<H :BVF&3n=GIDπnuMjβْ-9]K`RJVm. =n`n61!LB D$$E '_! 76GY~j,XoϨD ,[K|IG:i$*Fyc< 9Z@n0$ o ig%^] (}n6~]f2KFз57b(P| ӽχ=L_&%\"d< l43@FC0!Y}"sEt䐲%(Xp^'A6j3w6E~bȱȎlyJ/՜GċOgxmҵh_qnQ|1-%#=^Fc`p ۂ{ʐXhWeJ@)tnO˞S˰Os =,/{QAbfB#q쁢uD{~w1Ǹ 04cd﮳~/[[K cd&GXI@ qKlBMn4Mb5"[ݑ^IidžWv؃5E|,@a+5z`n~3 VY[X5b?HP9͓z0~ sͅx!wS׆)a+Ea2z(-f,1Fs *@< P&=`B4l+:cSEᘸe=)jal9n~;>{jX~r[)#Uk̹D/5V_JB\~jh5