Dr. Watson Gets an Extreme Makeover
Changes to Microsoft's error reporting tool are more than just cosmetic, but are they for the better?
Microsoft Chairman and Chief Software Architect Bill Gates
said at a recent conference that Microsoft is enhancing the features of the
" error reporting tool. Dr. Watson
has been part of the Windows operating system since the inception of Windows
NT more than 12 years ago. As with other features in the operating system, Microsoft
plans to extend the granularity of Dr. Watson's controls to allow consumers
to send data in context, rather than just as a memory image. Further, consumers
will be able to decide what data will be sent to Microsoft and selected third-party
When an application crashes today, Dr. Watson typically stores a dump of the
entire memory image, together with specific details about the application that
crashed. If, for example, Outlook crashes while an e-mail's being created, the
data contained in the e-mail up to that point is part of the memory image. The
consumer has no way of removing it, although he can decide not to send the entire
image. In the future version, you'll be able to clear out the data in that e-mail
and still send the balance of the memory image to Microsoft for inspection.
Microsoft has realized that in order to make better use out of the data it
receives when a crash occurs, it needs additional information, such as what
other programs were running, what other data was in memory, the status of Registry
keys and so on. Consumers will have the ability to choose what data to share—and
what not to share—with Microsoft. Corporations will be able to control
these details through a Group Policy Object.
Privacy advocates aren't going to like this new change in the functionality
of Dr. Watson, since the vast majority of consumers won't be able to navigate
through the volumes of data to make informed decisions as to what they don't
want to send. Microsoft has said the data will be submitted anonymously, but
it's hard to see how a submission will be useful to the person who submits it
if it's done completely anonymously.
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
Further, in a corporate environment, the fact that significant and potentially
confidential data would be transmitted automatically across the network due
to an application crash may lead to an entirely new type of Denial of Service
attack. If it's possible to crash a machine at precisely the right time, then
intercept or eavesdrop on the Dr. Watson dump transfer, the attacker could obtain
whatever was in memory at the time of the crash.
Currently, Automatic Error Reporting yields little useful information for the
consumer whose application has just crashed. This new information and greater
detail may help Microsoft understand the failures better, but in reality it
makes everyone a beta tester. This will likely become a popular feature to turn
off, except possibly on developers' systems. Also, imagine the overhead requirements
to keep such data available for dumping during a crash—it will likely
U.S. Federal Communications Commission (FCC) Chairman Kevin
Martin is moving to impose some regulation on Voice
over IP (VoIP) phone providers to ensure that 9-1-1 calls get through.
In some cities, VoIP customers may not reach 911 at all. Even if calls get through,
some necessary information, such as the address, may not appear. The problem
stems from a lack of data access between the VoIP provider and traditional landline
providers. Vonage, the largest U.S. VoIP provider, continues to make agreements
with landline providers to give 911 centers all the relevant information on
the Vonage customer, but progress is slower than the FCC believes it should
Although such regulation was inevitable, it may do more harm than good. There
is a tangible correlation between a physical piece of copper and an address;
the same can't be said of a VoIP terminal. It's inevitable that we'll hear about
some fire or police department responding to an emergency call and ending up
at the wrong place. The burden of accuracy will end up falling on the consumer,
who will likely have to ensure the information they have with their VoIP provider
is up-to-date and accurate enough for 911 call centers.
Retailers have until June 30 to comply with the Payment
Card Industry Data Security Standard. In order to receive certification,
retail merchants are required to meet numerous security requirements, including
use of a firewall, non-default passwords and restricted data access amongst
other controls. In addition, businesses must not store card verification codes
or data from magnetic strips. That may be more difficult than either party realize,
as recent information suggests that some credit-card processing software temporarily
stores PIN numbers, which can be vulnerable to data theft. Any merchant who
fails to comply will face fines, or may be banned from taking credit transactions.
Banning merchants may prove more difficult than the payment card industry believes,
as so many companies are offering services to process payments on behalf of
retailers who want or need the service. On the other hand, the new standard
may well reign in resellers of processing services, making them more careful
to whom they offer their services.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.