Slashdot Mirror


Microsoft To Add A Black Box To Windows

An anonymous reader writes "According to ZDNet, Microsoft plans to add the software equivalent of a 'black box' flight recorder to Windows. According to the article, 'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'" Commentary available via C|Net as well.

16 of 514 comments (clear)

  1. What's In Your Box? by ackthpt · · Score: 5, Insightful
    "Think of it as a flight data recorder, so that any time there's a problem, that 'black box' is there helping us work together and diagnose what's going on," Microsoft Chairman Bill Gates

    Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.

    "occupant of 17A was eating peanuts, doing inflight magazine crossword and had dirty underwear"

    "Our stance on this is that the user is in control," Sullivan [Windows lead product manager] said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."

    Sounds reasonable, so long as it doesn't hide anything from view. Of course, if you have Visual Studio you can hit Debug and lookie yourself, which is usually more helpful than anything I've ever got back from Microsoft.

    The probablem was likely caused by a faulty driver

    And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.

    Consumers stick with what works. If hitting Don't Send works, they stick with it. If the problem persists then they'll probably send.

    It said, "what we have here is failure to communicate." What's that mean?

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:What's In Your Box? by SIGALRM · · Score: 5, Insightful

      cat /var/log/* | less and you'll find some interesting and even personal stuff. The accumulation of diagnostic data isn't the real concern, it's the transfer to external sources. I question the legality of sending document data if, for example, it contains protected heathcare information (as many of my documents do) it may violate HIPAA.

      --
      Sigs cause cancer.
    2. Re:What's In Your Box? by YrWrstNtmr · · Score: 5, Insightful
      Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.

      It does, however, record exactly what the users (the flight crew) was doing at the time of the crash.

  2. Privacy Alert! Maybe not. by toofast · · Score: 4, Insightful

    At first I was tempted to do like most: yell out that this was a privacy issue. Microsoft has no right knowing what software I'm using! But there are so many instances where I could claim that my privacy is invaded that I'm afraid I'm becoming more accepting of it.

    The latest of these instances occurred when I fired up Half Life 2 last night. "Logging on to Steam as ...". So Steam/Valve know each time I play half-life. Interesting stats for them.

    Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux. Sure, I could hack my user agent string, but really. Most people don't, right? So now the slashdot editors know what I run, what my IP address is, ...

    I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box, but how else are they to fix issues if they don't know what I'm running and what I was doing when it crashed? When do we draw the line between normal computer use and invasion of privacy?

  3. Privacy on the job by bmw · · Score: 5, Insightful

    The biggest issue I see with this, at least in the short term, is the possible use of this feature in the corporate setting.

    With businesses, however, IT managers typically set the policy. If they wanted total information, they could configure systems so that they'd know not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com. Or, they might find out not only that a worker was running Instant Messenger but also that he or she was talking to a co-worker about getting a new job.

    This is a major invasion of privacy if you ask me. Of course, while at work you are using company resources so they really do get to say how and when they are used but I feel there is an important difference between monitoring your employee's resource usage and actually reading their emails and instant messages. You don't have to totally invade everyone's privacy to enforce your company policy of internet usage.

    But Sullivan pointed out that businesses can already install third-party software to monitor workers' computer usage and some do.

    While the above is most certainly true, having something like this built into Windows by default just makes it that much easier and thus inviting for a company to implement this sort of monitoring. I just can't wait for the day when all employees have a tracking system attached to them at all times and are reprimanded if they spend too much time going to the bathroom or chatting to a coworker. What great fun that is going to be!

    Another issue with this that is mentioned in the article is the fact that while you will be able to look through all the data being reported, most people will not have the knowledge to determine how much of it is sensitive.

    And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.

    Not everything is totally obvious, such as personal emails or credit card numbers. Not to mention the fact that it will very likely be buried among a lot of other unintelligable data. Also, given the habit of most Windows users of just clicking 'OK' or 'YES' to anything and everything that pops up on their screen, I doubt many people will actually review the information being sent in the report.

    1. Re:Privacy on the job by nmb3000 · · Score: 3, Insightful

      The biggest issue I see with this, at least in the short term, is the possible use of this feature in the corporate setting.

      I'm sure this new "black box" will be controllable via Group Policy. The management and IT can decide if they want to use it and if not turn it off for everyone with a fewer than maybe 15-20 mouse clicks.

      I think this is probably a good step forward in trying to diagnose and prevent crashes for home users, as long as they don't start digging too deep. I don't really mind them knowing what processes were running, but sending them more than just a mini memory dump is too much. I'd also want to make sure they don't grab anything from memory that's supposed to be protected like passwords. Really, that's the only place I see issues, for example if I'm running some financing software which crashes. They grab a memory dump of the program which just happens to contain my SSN, birthday, credit card numbers, bank account numbers, etc. There is the possibility this information could be misused by an employee at Microsoft.

      Microsoft's Online Crash Analysis, the current version of this type of thing, has helped me a time or two. I've had Windows shoot a BSOD at me and after submitting the dump to MS, they readily told me which driver was the culprit and saved me perhaps an hour of troubleshooting.

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    2. Re:Privacy on the job by garcia · · Score: 5, Insightful

      This is a major invasion of privacy if you ask me. Of course, while at work you are using company resources so they really do get to say how and when they are used but I feel there is an important difference between monitoring your employee's resource usage and actually reading their emails and instant messages. You don't have to totally invade everyone's privacy to enforce your company policy of internet usage.

      There is to be *NO* expectation of privacy while using computers at work. Don't think for a minute that your company won't pull out those records if necessary.

      In the mean time protect yourself. Run everything over encrypted tunnels, don't use your company's DNS servers, use a browser that allows you to save your cache to a safe location (USB hard drive, /dev/null, whatever), don't use work e-mail for anything other than work, don't use unencrypted webmail, don't assume that they aren't using keylogging, the list goes on...

      Unethical? Yeah. Legal? Definitely. Get over it and protect yourself as best you can. That means don't use your Internet connection at work for anything that would get you fired or could be used against you later.

    3. Re:Privacy on the job by bmw · · Score: 4, Insightful

      I don't have any expectation of privacy while at work except that which I create for myself. However, don't you think it is a bit unnecessary to actually read people's conversations and emails? Preventing abuse of company resources is one thing but actually reading the content of my emails is another. I could very well be talking about something that is work related but that I do not want certain people to read. Is that really so wrong? There are things you might have to say to another coworker that wouldn't get you fired but might cause trouble amongst other coworkers if they were read by the wrong person. I just think such total monitoring is excessive.

  4. I don't care... by Admiral+Ackbar+8 · · Score: 5, Insightful

    as long as I can shut it off!

  5. They key point here really is by screwballicus · · Score: 4, Insightful

    That there's nothing compulsory about this, obviously. And furthermore, it appears that the system will be suited to provide for the customer's preservation of personal privacy:

    For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual. Though the details are being finalized, Windows lead product manager Greg Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed. Also, such reporting will also be anonymous.

    The only concern, one might suppose, is for people who don't want this information accumulated should their computer later be searched by others (the law? An employer? A relative?). This is perhaps a legitimate concern, but hard to argue for, as a reason to cripple error reporting.

  6. Strange press... by shrapnull · · Score: 4, Insightful

    I think it's awfully interesting that Microsoft has begun announcing tiny feature announcements one by one in a nice string of succession throughout the month of April. And slashdot's just eating it up! They wouldn't be, say, announcing one feature plan at a time for the next 30 day to steal some of Apple's thunder while rolling out OS X Tiger would they? Not a friendly entity like Microsoft?!?!

    --
    If you're half as beautiful naked, you'd be 4 times as beautiful with twice as many clothes on.
  7. Re:Privacy Alert! Maybe not. by slavemowgli · · Score: 5, Insightful

    Personally, I'd draw the line at the point where "opt-in" becomes "opt-out". If the customer is being asked whether they want to send this information to M$, and told just what is being transmitted, then I don't see that much of a problem.

    However, it's important that you actually have to acknowledge this - so, for example, the default button (the one that has the focus) should be "No" rather than "Yes", so users actually have to make a conscious decision instead of just saying hitting return because that's what they always do when an error pops up.

    In other words, consent is required, but it also has to be informed consent. Someone who just says "Yes, do this" because they don't understand what's going on and what the implications are does not consent IMO.

    --
    quidquid latine dictum sit altum videtur.
  8. Re:Privacy Alert! Maybe not. by MarkGriz · · Score: 5, Insightful

    "When do we draw the line between normal computer use and invasion of privacy?"

    When information is reported without your consent.

    --
    Beauty is in the eye of the beerholder.
  9. Re:Privacy Alert! Maybe not. by smittyoneeach · · Score: 3, Insightful
    When do we draw the line between normal computer use and invasion of privacy?
    Well, you have a vendor, a market, and a consumer.
    When the vendor leverages the market information to make the decision for you that you should upgrade, I daresay you may feel invaded, while falling short of concluding whether or not Daddy Knows Best.
    Time will Tell.
    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  10. What security on the box? by abb3w · · Score: 5, Insightful
    A blackbox on a jet is also designed to be able to survive an explosion... and resist tampering. Will the Windows blackbox file be able to say the same?

    Plus, Qui custodet ipsos custodies? Microsoft just created a new target for hackers, both writing to (for hiding their own tracks) and reading from (for extracting information when searching for personal user information.) Not insurmountable problems, but will M$ think to solve them before being bit on the backside?

    One step forward, two steps back...

    --
    //Information does not want to be free; it wants to breed.
  11. Re:Privacy Alert! Maybe not. by Proteus · · Score: 4, Insightful
    And God, I want mail delivery, but giving my address to the post office is just going way over the line!

    Strawman. This isn't about giving my address to someone, this is about potentially telling them every detail of what I sent through the mail, including credit card information, private letters to loved ones, potentially sensitive business documents, etc.

    The concern isn't that a stack trace might be sent to MS -- it's that they want to have a copy of any document open on one's computer at the time. For now, we can turn it off. But, it pays to keep an eye on things to make sure we can always turn it off. After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?

    --
    We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower