A feature in Microsoft Corp.s upcoming Windows XP operating system could potentially send sensitive personal information to the software company, according to a government warning.
The feature, called Error Reporting, sends data on program crashes and debugging operations back to Microsoft in order to help detect and fix bugs in the software. As part of the operation, the utility takes a snapshot of the portion of the PCs memory where a program was running when it crashed. Included in that snapshot is a copy of whatever document or file the user was working on at the time of the crash, according to an advisory issued by the Department of Energys Computer Incident Advisory Capability office.
Before any data is sent, a dialog box appears asking the user if he or she would like to send the information. The user has the option not to send any data.
However, the dialog box does not inform the user that any documents will be sent along with the crash data.
The utility is included in Office XP, Internet Explorer versions 5.0 and later and the upcoming release of Windows XP, Microsofts next-generation desktop OS.
In order to disable Error Reporting in XP and IE 6 on Windows 2000, administrators have two options. They can right-click on My Computer, choose Properties, Advanced and then Error Reporting, and then click on the error reporting box. Another way is to edit the registry script; the operation must be done for each individual user on the system. It can be disabled in IE 5.x by using the ADD/Remove Programs feature in the Windows Control Panel.
For detailed instructions on removing the utility, see www.ciac.org.