Microsoft to add 'black box' to Windows
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: Microsoft to add 'black box' to Windows

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Post Microsoft to add 'black box' to Windows

    In a move that could rankle privacy advocates, Microsoft said Monday that it is adding the PC equivalent of a flight data recorder to the next version of Windows, in an effort to better understand and prevent computer crashes.

    The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created. Businesses will also choose whether they want their own technology managers to receive such data when an employee's machine crashes.
    For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual. Though the details are being finalized, Windows lead product manager Greg Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed. Also, such reporting will also be anonymous.
    http://news.zdnet.com/2100-9588_22-5...=zdfd.newsfeed

    Is this really useful or just another place for hackers and viruses to target?
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I have no issues with sending info to MS, I do it now with a w2003 server....It asks me...and it is up to me to send....but then again I dont have anything to hide

    As for hackers and security...sending out...not coming in...

    Am I missing something???

    I guess it is possible for the info to get hijacked..or redirected.

    Maybe it will be encrypted??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Location
    Texas!
    Posts
    270
    Well, if data goes out, then there are always it can come in.
    [gloworange]DISLEX[/gloworange]

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I do not see why document or transaction contents should be included. They are of no relevance to a system crash, and just represent a potential security leak of confidential data.

    Over the top and overkill as I see it.........."we can do it so we will"

    If the data entered into a word processor or transaction processor causes Windows to crash, then there is something radically wrong with the application, not the operating system.


  5. #5
    be it ne piece of software...it is target for crackers(especially if its sth new)
    definitely ppl will try and hack it and create unpleasant codes themselves....
    wat matters is not dat whether ppl will try to hack it or not...but wat matters is an initiative to do ur best to provide better services which is a healthy signal in the form of 'black box'....

    'black box' in the rite manner will help understand new developement in the field of malicious softwares and open doors to better anti-cracker teams of hackers....

    it is a good initiative.....

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    218
    I have no issues with sending info to MS, I do it now with a w2003 server....It asks me...and it is up to me to send...
    you leave the error reporting services running on your servers? tsk tsk.


    'black box' in the rite manner will help understand new developement in the field of malicious softwares and open doors to better anti-cracker teams of hackers....
    no clue where you are coming with that man. the information is going to microsoft, not 3rd party security experts. we are talking compatibility issues and software errors, not the abundance of flaws within windows os security. someone 'cracking' your windows machine will not be showing up in your windows error reporting. in your event viewer maybe, but only if you have auditing configured properly.

    i agree with nihil... it is just another potential security THREAT and a potential leak of sensitive information... not a security benefit there panther_black, but a security RISK.

    i currently disable the error reporting services in all images here on base, workstations and servers, and will continue to do so with the new beefed up services.

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    If the data entered into a word processor or transaction processor causes Windows to crash, then there is something radically wrong with the application, not the operating system.
    Yes, but more often than not the application will be a Microsoft application, so I can see why they may want this information.

    I agree, though it is definitely over the top, and while Micosoft may not abuse this information, it could open up a whole new world to market research type spyware apps. I see nothing wrong with the bug reporting uses for this, but the potential for abuse is just too high.

    Think of it -- somebody breaks into your network, but can't find any data of any use to him.her. So they just crash every box they can. The resulting bug reports could then send a copy of every open file on the network, easily sniffed if somebody alredy has access.

    It's just too easy to abuse.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, but more often than not the application will be a Microsoft application, so I can see why they may want this information.
    There is no need for this information, it has no bearing on why a system crashes, which makes it a spurious and gratuitous collection of potentially confidential information.

  9. #9
    Junior Member
    Join Date
    Apr 2005
    Posts
    9
    There are issues when it comes to what data it's sending back to Microsoft. Once it starts getting into sending the contents of the documents, that can be an issue. There are legal guidelines that organizations must follow, making sure that such sensitive data not be sent to or viewed by unauthorized people.

    Since it sounds like Microsoft is taking that into account by letting users change/alter the data prior to it being sent back to them. However, they do need to make it easy for the user to review/edit the error report. If it's cryptic, the user might miss something that should be "censored" so to speak.

    Definitely sounds like they're on the right path, IMHO.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Panic


    That is basically my point. The content of documents or data entry applications have absolutely no value to troubleshooting a system crash.

    However, it might be sensitive, and as you rightly suggest might even be in contravention of privacy and data protection laws.

    I do not see why the onus should be on the user to check that no sensitive information is leaked. Potentially sensitive and illegal information should not be collected in the first instance?

    As previously suggested I always turn this crap off as well. If I get a persistent problem then I would turn it back on and use test data to provoke the crash. I would have no qualms in sending that information.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •