Microsoft To Add A Black Box To Windows

An anonymous reader writes "According to ZDNet, Microsoft plans to add the software equivalent of a 'black box' flight recorder to Windows. According to the article, 'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'" Commentary available via C|Net as well.

Not on my system you don't

[twiddlingbits]

Talk about an invasion of your privacy and a HUGE hole to reveal corporate IP. It won't be long until someone invents an hack or virus to exploit this and capture all of what you are working on. I'm supposed to trust that MS won't use any of my info they captured to debug thier software?

Why call it a black box?

[OneBigWord]

A plane crash is a bit more severe (and much less common), than a Windows crash.

Re:Your realize what this means?

[Cat_Byte]

Uh...wouldn't the same pertain to any software company where a dependency of their app/OS isn't tested or approved? I work in a Linux shop and we do the same thing with log files. "Oh I see here you were running a non-standard library when you compiled. This was not tested in-house so try putting the original/latest back on and it will work.".

Re:What's In Your Box?

[ackthpt]

The accumulation of diagnostic data isn't the real concern, it's the transfer to external sources. I question the legality of sending document data if, for example, it contains protected heathcare information (as many of my documents do) it may violate HIPAA.

Which is an excellent point. So where does this diagnostic data go?

Suppose I was some insensitive clod sitting around a computer lab at school, experimenting with my wargame stuff, trying to figure out whether the US could invade India or China, in some far-fetched scenario and my process died... next thing you know someone sifting through debugging data in Bangalore or Shanghai gets the idea that the US has the Theo Roosevelt off the coast just for that actual and imminent purpose and it gets forwarded to all the necessary wrong parties ...

Or maybe closer to the pocket book, didn't we just see something in the news about some outsourcing thing in India playing around with people's bank accounts in New York? Can't find the story right now...

Shouldn't that be illegal?

[ankhcraft]

Or is it already?

If sending your computer's configuration to Microsoft in the background was found to be illegal by the courts back in the Win95 days...

Wouldn't sending configuration information PLUS document contents be considered illegal today?

I mean, come on now, this couldn't possibly be happening, and out in the open to boot?

Re:Strange press...

[DebianDog]

Hah! What would you do if you had 64 billion dollars and were going to be a year late with a competing product? Buy a few ZDnet's and start rolling out the vaporware I say!

What about spying on the competition?

[KarrottoP]

What if you are a competing company like Sony or even Apple. So now when you are working on a document in Word to the CEO explaining some sort of secret and then Windows decides to crash, your document content gets sent back to M$ ..... That would be a big problem.

Re:I don't care...

[Trigun]

Oh sure, you can shut it off, for now.

It should prompt you to turn it on only after the initial bootup and default to no. Aside from that, it should be mandated to be in the off condition until an administrator turns it on. Finally, it shold send it to a central server of the organizations choosing, and then the administrator can remove/alter the files, and send only corporate approved ones.

Re:Privacy Alert! Maybe not.

[TheIndefiniteArticle]

Pause you who read this, and think for a moment of the long chain of iron or gold, of thorns or flowers, that would never have bound you, but for the formation of the first link on one memorable day. --Dickens, Great Expectations

Re:Privacy Alert! Maybe not.

[Undertaker43017]

"After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?"

Which brings up HIPPA concerns, here in the US.

HIPAA

[xant]

With this concern, and given the stringent regulations that hospitals and health care providers have to obey, it should be mandatory that this feature be turned off permanently and irrevocably at install time for any system purchased by any health care provider. If this technology is even available on the computers they use, hospitals are opening themselves up to massive liability.

You can a floor nurse working at the same time next to another nurse who has a patient with an unusual disease. If you log in and look up the patient's record--or even look over the shoulder of your coworker when he logs in--the hospital is liable under HIPAA for privacy violations. They can be fined, and they can be sued, and enforcement of these rules happens frequently. Now imagine what could happen if THIS system is used in a hospital computer!

Re:Not on my system you don't

[Anonymous Coward]

Agreed. Didn't we recently have a virus that mods you hosts file for popular banks? How about one that mods you hosts file for the location where they send the crash dumps. Of course, it will likely be subject to something worse than a /. effect, but imagine all the potentially sensitive/damaging material you could collect?

Yes, you may give "informed consent" to send the data to Microsoft, but can you be sure that it's really going there?

Re:Privacy on the job

[nine-times]

However, don't you think it is a bit unnecessary to actually read people's conversations and emails? Preventing abuse of company resources is one thing but actually reading the content of my emails is another. I could very well be talking about something that is work related but that I do not want certain people to read. Is that really so wrong?

I work in IT, and I always tell everyone, if you don't want me reading it, don't send it through company e-mail. I tell everyone up-front. Just don't.

Now the reason for this isn't because I like to snoop. In fact, if I wanted to snoop, I wouldn't tell anyone, I'd just snoop around reading e-mail. However, other things come up. For example, I once ended up catching an e-mail about an extra-marital affair an employee was having. I wasn't looking for it, but I was browsing our spam filter to make sure we weren't getting false positives, and the mistress used a dirty word, which meant she got caught in the filter. By the time I was sure it was a personal e-mail and not spam, it was too late. I already knew too much.

Or some more examples:

• I've had people ask that I find an e-mail sent to them that they've lost.
• I've had situations where I've had to search e-mail of ex-employees for business-related information.
• I've had a mail server go down due to lack of hard drive space in the middle of the night, and I've had to sort through mail of people with big attachments, save the attachments to another disk, and remove them from the mail server.
• I've sat down in front of someone's machine to fix something only to find that they've left very personal e-mail opened in the front window.

I could probably come up with more situations where an IT guy might be in a position to read your e-mail without intentional monitoring. Hell, I've caught people visiting naughty websites because I was monitoring traffic for unrelated security purposes.

My point is, it's not all snooping. I'm not the sort to want to stick my nose in other people's business, and in fact, when I stumble across some personal information, I generally wish I hadn't. I don't want to know, so please, everyone, for the sake of your IT guys who don't want to know about your personal lives, don't send revealing personal e-mail through your company's servers.

Not legal under Canadian law

[ashitaka]

Canada's Personal Information Protection and Electronic Documents Act [privcom.gc.ca] (PIPEDA) expressely forbids the external transmission of client data, which would no doubt include the documents on our firm's computers, without their consent.

I can't see too many of our clients agreeing to let the confidential contents of their documents be sent to Microsft to figure out why our PCs crashed.

Black box for windows? hmmmm

[pg110404]

I wonder if it will survive the crash.

If this tool is really to catch errant drivers, it's usually pretty serious for the OS to throw up its hands.

I wonder if the OS will maintain enough smarts to flush the BSOD information and other stuff to disk properly.

For that matter, if it's not a critical driver (e.g. a sound card driver or network card driver, etc), that goes wonky, why BSOD completely? Why can't the OS log a critical message stating 'This driver encountered an unrecoverable error and has been disabled'. Please close what you were doing and reboot *NOW*'.