Dr. Watsons Longhorn Makeover Raises Eyebrows

By Ryan Naraine  |  Posted 2005-05-31

Dr. Watsons Longhorn Makeover Raises Eyebrows

Microsofts Dr. Watson error-reporting tool will undergo a significant makeover in Longhorn, but changes in the way program crash data is collected and transmitted have raised eyebrows among privacy rights advocates.

The Dr. Watson program error debugger, aka Windows error reporting, will be revamped to collect more than just the dump of the memory image when an application crashes.

Although Microsoft Corp. will set up a strict "opt-in" process to determine how data will be collected, security experts believe end users will find it difficult to sort through the sheer volume of information.

Russ Cooper, founder and editor of the NTBugtraq security mailing list, was among the first to raise privacy concerns.

"[T]he vast majority of consumers wont be able to navigate through the volumes of data to make informed decisions as to what they dont want to send.

"Microsoft has said the data will be submitted anonymously, but its hard to see how a submission will be useful to the person who submits it if its done completely anonymously," Cooper argued in a published column.

In an interview with Ziff Davis Internet News, Cooper said the risks could be even higher in a corporate environment where valuable intellectual property and confidential data is transmitted automatically when a piece of software crashes.

"There is a real risk that data could be intercepted," said Cooper, who doubles as senior security analyst with Cybertrust Inc. He described a theoretical situation in which a malicious hacker could trigger a denial-of-service attack against an application and eavesdrop on the error-reporting dump transfer to hijack data.

Longhorn will not be built on a .Net framework after all. Click here to read more.

Cooper believes that the automatic error-reporting coming in Longhorn will help Microsoft in its quest to stabilize the operating system, but warned that IT administrators will simply turn off the tool to avoid problems.

A spokesperson for Microsoft downplayed the privacy fears, arguing that the user would be total control over any data that is collected.

"In Longhorn, the first level of detail collected by these tools does not include any personal information. If additional levels of detail are required, consumers will be invited to inspect the data that would be sent and only after they provide their consent will the data be sent to Microsoft," the spokesperson said in a statement sent to Ziff Davis Internet News.

"Data is used to make the entire Windows ecosystem measurably better over time for customers," he added.

Internally, Microsoft executives dismissed the issue as "paranoia" and stressed that any potentially sensitive data would be transmitted securely via SSL (Secure Sockets Layer) encryption. A company source insisted that "mini8dumps" or other requested data will only be collected via the opt-in process, and argued that all terms will be clearly spelled out in the Windows Privacy Policy.

However, if theres anyone to blame for users initial fears, try company chairman Bill Gates. At WinHEC this year, Gates likened the Dr. Watson makeover to the data recorders used during flights to monitor cockpit activity.

"Think of it as a flight data recorder, so that any time theres a problem, that black box is there helping us work together and diagnose whats going on," Gates said. That description suggested (erroneously, according to insiders) that the tool would continuously monitor computer usage before, during and after an application crash.

After Gates WinHEC speech, the company huddled to contain the damage. The message from Redmond was that no information, under any circumstances, would be collected without user consent.

Click here to read about Microsofts "Palladium" security in Longhorn.

A source stated that only data that is absolutely necessary would be collected if the user reporting the error hit a particular type of crash. At that stage, Microsoft would ask for a description of the problem and default data, which is described a "crash minidump."

The source acknowledged that, in some cases, the minidump could theoretically contain sensitive data. The information in the minidump is described as a small snapshot of the state of the application at the time of the crash.

In rare cases, small portions of documents, e-mails or IM conversations may be included in the minidump, but, even then, it would not be enough to qualify as a security or privacy risk.

Next Page: Opting in may not help out end users.

Opting In May Not

Help Users">

Rick Fleming, chief technology officer of IT security-services firm Digital Defense Inc., said Microsoft should be credited for setting up the opt-in process, but warned that it could be a "double-edged sword" if consumers cant figure out how to opt out.

"Any time you put that decision in the hands of the end user, it could cause problems. The average consumer will just hit YES and send everything, even if there is a choice to pick and choose what to send," Fleming said.

"If you present the user with a screen full of information, even if its formatted nicely, the majority wont be able to figure it out. Thats always a concern," he said.

Fleming also noted that the error-reporting opt-in choice being introduced with Longhorn will be done during setup to avoid prompting the user every time a crash occurs.

He warned that bugs in the system could cause more than just basic data to be sent, without the secondary opt-in that the company insists would be in place if sensitive data is involved.

However, Microsoft insiders said that the initial opt-in applies only to "parameters," or a basic description of the problem.

"Parameters will never contain any private or sensitive information," a source said. Parameters will typically cover the name, version and timestamp of the ".exe" or ".dll" files involved with the crash.

Even with an opt-in option presented up front, the source said end users must provide a second consent before the tool collects information that could potentially contain sensitive data.

Robert McLaws, president of IT consulting firm Interscape Technologies Inc., said he was not overly worried about the Dr. Watson makeover. "The privacy concerns are legitimate, but, at the end of the day, Microsoft is focused on building an operating system that runs all the time. If this helps to get Longhorn to a place where software crashes are a thing of the past, Im okay with these changes."

McLaws, a Microsoft MVP who runs the Longhorn Blogs network, said the Dr. Watson enhancements will ultimately benefit computer users: "Windows XP and XP SP2 [Service Pack 2] are much more stable because of error reporting and the Watson tool. I can only see good coming out of this."

Since adding Dr. Watson to the Windows client, Microsoft executives say the company has been able to zero in on—and provide fixes for—software crashes. About 85 percent of all of the crashes reported by Dr. Watson were caused by just six drivers, which meant that Microsoft could work closely with third-party developers to get the drivers fixed.

While this sharing of data with third-party companies also raised red flags, a company source said the terms of the information sharing are detailed in Microsofts Data Collection Policy. "Data is only shared when appropriate to get things fixed for customers," the source said.

Despite the initial worry, Cybertrusts Cooper said he has always been comfortable with the information collected by Microsoft. "Weve yet to hear of any large breach even though Microsoft is a high-priced target thats always under attack. I trust Microsoft to do a reasonable job of educating their customers about how the opt-in and opt-out will work, especially the average home user," Cooper said.

Like McLaws, Cooper said the enhanced error reporting is the "best way to address stability issues" in the operating system.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Rocket Fuel