Microsoft To Add A Black Box To Windows 514
An anonymous reader writes "According to ZDNet, Microsoft plans to add the software equivalent of a 'black box' flight recorder to Windows. According to the article, 'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'" Commentary available via C|Net as well.
What's In Your Box? (Score:5, Insightful)
Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.
"occupant of 17A was eating peanuts, doing inflight magazine crossword and had dirty underwear"
"Our stance on this is that the user is in control," Sullivan [Windows lead product manager] said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
Sounds reasonable, so long as it doesn't hide anything from view. Of course, if you have Visual Studio you can hit Debug and lookie yourself, which is usually more helpful than anything I've ever got back from Microsoft.
The probablem was likely caused by a faulty driver
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Consumers stick with what works. If hitting Don't Send works, they stick with it. If the problem persists then they'll probably send.
It said, "what we have here is failure to communicate." What's that mean?
Hmmmm... (Score:4, Funny)
Pleasuring yourself one last time before you die?
Low expectations (Score:5, Funny)
C'mon, man. If the plane's going down, even a slahdork could probably find some girl on the plane who would be interested in a final go-round. Don't underestimate the power of impending death. It might be your best hope for losing your virginity.
Re:Low expectations (Score:5, Funny)
I tried to, but was shot down :(
Re:Low expectations (Score:4, Funny)
Re:Low expectations (Score:3, Funny)
No offense if I pass you by.
Re:Low expectations (Score:3, Funny)
Man, talk about a quickie!
At least you have an excuse, if she starts to say "Boy, that was short!".
Re:Hmmmm... (Score:5, Funny)
Re:Hmmmm... (Score:4, Funny)
Pleasuring yourself one last time before you die?
No -- in Soviet Russia, the plane goes down on you! (Ewww...)
Re:What's In Your Box? (Score:5, Insightful)
Re:What's In Your Box? (Score:5, Interesting)
Which is an excellent point. So where does this diagnostic data go?
Suppose I was some insensitive clod sitting around a computer lab at school, experimenting with my wargame stuff, trying to figure out whether the US could invade India or China, in some far-fetched scenario and my process died... next thing you know someone sifting through debugging data in Bangalore or Shanghai gets the idea that the US has the Theo Roosevelt off the coast just for that actual and imminent purpose and it gets forwarded to all the necessary wrong parties ...
Or maybe closer to the pocket book, didn't we just see something in the news about some outsourcing thing in India playing around with people's bank accounts in New York? Can't find the story right now...
Re:What's In Your Box? (Score:5, Informative)
and/or
Administrative Tools, Services, stop and disable Error Reporting service
Re:What's In Your Box? (Score:3, Insightful)
Knowing these is kind of handy when you are dealing with XP users and you don't know whether they are running in classic or standard mode (or you are running several W2K boxes with a non-active KVM switch and it loses your mouse constantly).
WindowsKey+R brings up the run dialog, from there you can run anything. Useful o
Re:What's In Your Box? (Score:3, Informative)
Easy to install [linux.com] and configure. [tomsnetworking.com]
Pretty well documented, [m0n0.ch] too.
I repalced Astaro with m0n0wall [m0n0.ch], and have most of the features I used - minus some of the application proxies.
I have a tor [eff.org] installation on the box - easy to set-up with privoxy [privoxy.org], after i added Perl to the m0n0 mix (big as the rest of the distribution!)
There are some add-ons, [xs4all.nl] too.
Re:What's In Your Box? (Score:5, Insightful)
It does, however, record exactly what the users (the flight crew) was doing at the time of the crash.
Re:What's In Your Box? (Score:2)
See.... Bill Cosby's mom *was* right.
Re:What's In Your Box? (Score:2, Funny)
Oh, man, how old are you ?
try again... (Score:4, Informative)
the prison guard talking to/about paul newman
http://imdb.com/title/tt0061512/quotes [imdb.com]
Re:What's In Your Box? (Score:3, Insightful)
What security on the box? (Score:5, Insightful)
Plus, Qui custodet ipsos custodies? Microsoft just created a new target for hackers, both writing to (for hiding their own tracks) and reading from (for extracting information when searching for personal user information.) Not insurmountable problems, but will M$ think to solve them before being bit on the backside?
One step forward, two steps back...
Re: (Score:3, Insightful)
Just like the real black boxes (Score:5, Funny)
Re:Just like the real black boxes (Score:5, Funny)
hawk, who was once offered condolences when he said this . . .
Re:Just like the real black boxes (Score:5, Funny)
With voice recognition turned on... (Score:3, Funny)
11:34:46: A few exception stack numbers etc. 11:34:49: User said:"Duck". 11:34:53: User said:"Ewe phukkan piss of shirt". 11:34:53: HDD reports tracking errors due to high impact shock.
Privacy Alert! Maybe not. (Score:5, Insightful)
The latest of these instances occurred when I fired up Half Life 2 last night. "Logging on to Steam as
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux. Sure, I could hack my user agent string, but really. Most people don't, right? So now the slashdot editors know what I run, what my IP address is,
I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box, but how else are they to fix issues if they don't know what I'm running and what I was doing when it crashed? When do we draw the line between normal computer use and invasion of privacy?
Re:Privacy Alert! Maybe not. (Score:5, Insightful)
However, it's important that you actually have to acknowledge this - so, for example, the default button (the one that has the focus) should be "No" rather than "Yes", so users actually have to make a conscious decision instead of just saying hitting return because that's what they always do when an error pops up.
In other words, consent is required, but it also has to be informed consent. Someone who just says "Yes, do this" because they don't understand what's going on and what the implications are does not consent IMO.
Re:Privacy Alert! Maybe not. (Score:3, Insightful)
Well, there are some of us who run a load lot more than that, and no, not willing to let anyone trustworthy get their hands on anything. And no, I don't consider some MS developer browsing through crash data trustworthy.
Anyways, I don't care what their boxes' color will be
Re:Privacy Alert! Maybe not. (Score:2)
Re:Privacy Alert! Maybe not. (Score:2, Insightful)
So they have to invade your privacy because they did not write a robust OS in the first place ? What an argument!
--
Go Debian!
Re:Privacy Alert! Maybe not. (Score:2)
I find this quite disturbing. This seems to be the case with every aspect of our lives as of late and it is only going to get worse. The more often these sorts of things happen the more accustomed to it we become and the further such invasions of privacy can be expanded. Where does it all end?
I'm really starting to worry about the future we're creating.
Re:Privacy Alert! Maybe not. (Score:5, Insightful)
When information is reported without your consent.
Comment removed (Score:5, Informative)
Re:Privacy Alert! Maybe not. (Score:4, Insightful)
When the vendor leverages the market information to make the decision for you that you should upgrade, I daresay you may feel invaded, while falling short of concluding whether or not Daddy Knows Best.
Time will Tell.
Re:Privacy Alert! Maybe not. (Score:3)
[...]
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux.
When you send your agent string, it's not tied to any personally identifiable data. When you log into steam, it is.
Aggregate data doesn't invade your privacy. Given those two cases, the line seems pretty easy to draw.
Re:Privacy Alert! Maybe not. (Score:3, Insightful)
But what I don't think is even neccessary is the contents of the document I'm working on: that has no place whatsoever being sent to MS. But, hell, let MS do that: it means instantly that governments and corporations will not adopt that version of windows for reasons of due dilligence and privacy. Hell, as someone posted before, hospitals etc will be
Re:Privacy Alert! Maybe not. (Score:5, Insightful)
Strawman. This isn't about giving my address to someone, this is about potentially telling them every detail of what I sent through the mail, including credit card information, private letters to loved ones, potentially sensitive business documents, etc.
The concern isn't that a stack trace might be sent to MS -- it's that they want to have a copy of any document open on one's computer at the time. For now, we can turn it off. But, it pays to keep an eye on things to make sure we can always turn it off. After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?
Re:Privacy Alert! Maybe not. (Score:5, Interesting)
Which brings up HIPPA concerns, here in the US.
Re:Privacy Alert! Maybe not. (Score:3, Insightful)
Or worse, having their insurance cancelled after that same document finds its way to their insurance company via a Microsoft "data affiliate" program?
Granted, this is little more than pure paranoia now, but then again, just look at how badly some folks want to collect such data. If the demand for collection is this high
HIPAA (Score:5, Interesting)
You can a floor nurse working at the same time next to another nurse who has a patient with an unusual disease. If you log in and look up the patient's record--or even look over the shoulder of your coworker when he logs in--the hospital is liable under HIPAA for privacy violations. They can be fined, and they can be sued, and enforcement of these rules happens frequently. Now imagine what could happen if THIS system is used in a hospital computer!
Privacy on the job (Score:5, Insightful)
With businesses, however, IT managers typically set the policy. If they wanted total information, they could configure systems so that they'd know not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com. Or, they might find out not only that a worker was running Instant Messenger but also that he or she was talking to a co-worker about getting a new job.
This is a major invasion of privacy if you ask me. Of course, while at work you are using company resources so they really do get to say how and when they are used but I feel there is an important difference between monitoring your employee's resource usage and actually reading their emails and instant messages. You don't have to totally invade everyone's privacy to enforce your company policy of internet usage.
But Sullivan pointed out that businesses can already install third-party software to monitor workers' computer usage and some do.
While the above is most certainly true, having something like this built into Windows by default just makes it that much easier and thus inviting for a company to implement this sort of monitoring. I just can't wait for the day when all employees have a tracking system attached to them at all times and are reprimanded if they spend too much time going to the bathroom or chatting to a coworker. What great fun that is going to be!
Another issue with this that is mentioned in the article is the fact that while you will be able to look through all the data being reported, most people will not have the knowledge to determine how much of it is sensitive.
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Not everything is totally obvious, such as personal emails or credit card numbers. Not to mention the fact that it will very likely be buried among a lot of other unintelligable data. Also, given the habit of most Windows users of just clicking 'OK' or 'YES' to anything and everything that pops up on their screen, I doubt many people will actually review the information being sent in the report.
Re:Privacy on the job (Score:4, Insightful)
I'm sure this new "black box" will be controllable via Group Policy. The management and IT can decide if they want to use it and if not turn it off for everyone with a fewer than maybe 15-20 mouse clicks.
I think this is probably a good step forward in trying to diagnose and prevent crashes for home users, as long as they don't start digging too deep. I don't really mind them knowing what processes were running, but sending them more than just a mini memory dump is too much. I'd also want to make sure they don't grab anything from memory that's supposed to be protected like passwords. Really, that's the only place I see issues, for example if I'm running some financing software which crashes. They grab a memory dump of the program which just happens to contain my SSN, birthday, credit card numbers, bank account numbers, etc. There is the possibility this information could be misused by an employee at Microsoft.
Microsoft's Online Crash Analysis, the current version of this type of thing, has helped me a time or two. I've had Windows shoot a BSOD at me and after submitting the dump to MS, they readily told me which driver was the culprit and saved me perhaps an hour of troubleshooting.
Re:Privacy on the job (Score:3, Informative)
doesnt the crash dump tool say "no personal data transmitted"?
The way it works is after submitting a problem, if there's recognizable issues it asks if you want to use OCA and if you choose Yes, it opens a web page in IE and tells you what happened. You can link OCA activity to your Passport to help keep track of it and a record of your problems.
Doesn't always work, but it's nice when it does.
Re:Privacy on the job (Score:5, Insightful)
There is to be *NO* expectation of privacy while using computers at work. Don't think for a minute that your company won't pull out those records if necessary.
In the mean time protect yourself. Run everything over encrypted tunnels, don't use your company's DNS servers, use a browser that allows you to save your cache to a safe location (USB hard drive,
Unethical? Yeah. Legal? Definitely. Get over it and protect yourself as best you can. That means don't use your Internet connection at work for anything that would get you fired or could be used against you later.
Re:Privacy on the job (Score:5, Insightful)
Re:Privacy on the job (Score:3, Interesting)
I work in IT, and I always tell everyone, if you don't want me reading it, don't send it through company e-mail. I tell everyone up-front. Just don't.
Now the rea
That is but a short-term solution. (Score:3, Insightful)
Staying one step ahead of Big Brother is a poor substitute for privacy rights. What would stop a "black box" recorder from noting the fact
But (Score:3, Funny)
Re:But (Score:3, Funny)
So... (Score:3, Funny)
So one mans spyware is another mans "helpful utility"?
Right, now many of you will call me a Mac fanatic and mod me down, but seriously: Apple does not think of shit like this... I can just see the new virus' composed to utilize the flaws in this feature... Wait, I got it, they will use it to compete with Apple's Automator in Tiger:
"Tired of having to go to the store to buy the latest Microsoft product? Now you will never have to again! The windows automator(tm) scans all your messages, emails, text documents, and computerized purchase orders for your credit card information, bank number, PIN numbers, etc; sends the data to the Microsoft data servers. Your information is then carefully protected, until the newest Microsoft product is ready for shipment. Then your accounts are drained, and everything you needed, even if you didn't know it, will be shipped to your door. Remember: Microsoft works...."
And yes, I read the article, and the passage: " "Our stance on this is that the user is in control," Sullivan said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
But it kinda hurts the joke... That and with Microsoft's record of error, would you really trust this?
Great (Score:2)
Thanks guys!
I don't care... (Score:5, Insightful)
Re:I don't care... (Score:2)
Re:I don't care... (Score:2)
No, I mean it. XPSP2 is the biggest leap forward in terms of basic Windows security for ages.
Re:I don't care... (Score:2)
Re:I don't care... (Score:3, Interesting)
It should prompt you to turn it on only after the initial bootup and default to no. Aside from that, it should be mandated to be in the off condition until an administrator turns it on. Finally, it shold send it to a central server of the organizations choosing, and then the administrator can remove/alter the files, and send only corporate approved ones.
Re:I don't care... (Score:3, Insightful)
I used to think so too, until I met a girl who had imported her entire collection copyprotected. re-ripping cd's is not fun.
You probably can switch it off (or use something less braindamaged to rip cd:s), but average users will never go to the advanced tab to switch copyprotecting off.. And a huge annoyance to notice after getting an iPod.
Your realize what this means? (Score:2, Insightful)
Nice.
Re:Your realize what this means? (Score:3, Interesting)
If they can do that (Score:4, Funny)
Re:If they can do that (Score:2)
More effective logging (Score:5, Funny)
Everything falls into place now... (Score:2, Insightful)
Not on my system you don't (Score:5, Interesting)
Re:Not on my system you don't (Score:5, Informative)
And it wouldn't even surprise me that, hidden somewhere in there, there's a license agreement that mentions that you give all the rights to the content you send to Microsoft somehow, or give them an unlimited royalty-free license... just like you do everytime you attach a file on Hotmail.
From the Hotmail Service Agreement :
Re:Not on my system you don't (Score:4, Informative)
Oh, and said virus could also easily access any unencrypted file on your system, and dumping your pagefile or info currently in memory would be pretty trivial.
Point: if you're worried about this enabling a virus to invade your privacy, then I'm sorry to burst your bubble but a virus can invade your privacy pretty easily already.
Why call it a black box? (Score:2, Interesting)
Re:Why call it a black box? (Score:2)
Re:Why call it a black box? (Score:2)
Microsoft server crash nearly causes 800-plane pile-up [techworld.com]
Spybox? (Score:2, Insightful)
So everytime my windows crashes, the stuff I worked on gets sent to MS. Everytime IE crashes, MS gets to know where I browse. How does this motivate them to make crashes less frequent? I don't like the idea at all. Another reason to leave MS products compl
They key point here really is (Score:5, Insightful)
For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual. Though the details are being finalized, Windows lead product manager Greg Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed. Also, such reporting will also be anonymous.
The only concern, one might suppose, is for people who don't want this information accumulated should their computer later be searched by others (the law? An employer? A relative?). This is perhaps a legitimate concern, but hard to argue for, as a reason to cripple error reporting.
Re:They key point here really is (Score:2)
So you say official letters in/out company, banking data, confidential businness texts/data, developer's stuff i.e. program code, images, documents w/ nda, designs, e-mail texts, whatever else is data that nobody should ever hi
It's really funny (Score:2)
But then, I guess, now that I think about it, on Windows these days, every single application either is written by Microsoft or mere support or widgets for Microsoft applications. I seem to remember
Re:It's really funny (Score:2)
Strange press... (Score:5, Insightful)
Re:Strange press... (Score:3, Interesting)
Thank god.. (Score:2)
Thank you, Microsoft, for thinking of the little guys.
Little korean guys. Who's job it is to write trojan and key loggers.
We're getting there... (Score:2)
It just works! (Score:2)
After all, there's no way they could have the "black box" record whether or not you have a duplicate license key. Hmmm....
But we know that spying on users is not the purpose of the "black box". Right?
Maybe they'll release the source for the "black box". Then all we have to do is recompile Windows and
It's getting really difficult to believe what
At least the data ... (Score:2)
What's to stop people from just flooding it with nonsense data?
I mean EVEN if it's "MS signed" or whatever... it's made by a program on your computer.
I say people should reverse engineer the program and make a bot that spews nonsense into it.
Tom
I better not hear any whining about privacy (Score:2)
So please, let's only whine when we need to.
Re:I better not hear any whining about privacy (Score:2)
Re:I better not hear any whining about privacy (Score:3, Insightful)
Yes, your unix/linux box can be configured to automatically send dump information to a server. This is a useful feature -- but needs to be explicitly enabled.
If dump information from the Windows box can be sent to a central server that is controllable (eg. not an outside agency), then I am all for this feature -- plus I want to be able to disable this feature.
Same as being able to forward logging information (again, under installation control on those Unix boxes).
So, having this feature available
yet another reason to switch. (Score:2, Funny)
visions of 1984 (Score:4, Funny)
Or Max Headroom.. (Score:3, Funny)
Hmmm, nothing new... (Score:2)
The Mainframe logs almost everything in MVS. Thats why Mainframes and AS/400's are so much more stable. They log everything and there has been 40 years to analyze it...
If MS would just do decent logging, there would not be a need for a "Black Box"
Just thought of something really creepy (Score:2)
So, then, if a government wanted to see what you were up to, they could cause a crash ( power outage ), wait for you to upload the data, then sopena ms for the details.
Ya ya, I know, tinfoil hat and all that. However, if that tool did exist, that's what would happen. Were I a cop, that's what I'd do.
Need more black box software! (Score:2)
However, no
Blackbox Virus? (Score:2)
--Mike--
Potential GPL violation (Score:2)
If I have licensed code open in my text editor when my computer crashes, could some microsoft techie see it? What about the clauses in various licenses that only permit the transmittal of code via tightly controlled methods?
Now I don't think that MS had any nefarious design in mind when they though of this, but is this a rational to fear the sticky legal issues th
Porn fanatics and horders will be less than happy. (Score:2, Funny)
2012-03-14 @ 17:20: Windows Media Player crashed trying to load "Amazing Asses 70: The Return of the Brazilian Butts"
2012-03-16 @ 18:11: Windows Media Player crashed trying to load "The Adventures of Buttman".
Sounds like invasion of privacy to me. Not that I'm a porn addict or anything.
*runs out of thread fast*
Microsoft... (Score:2)
I hope file contents are opt-in (Score:2)
This is not really anything too revolutionary. When an application dies in OS X the Crash Reporter application gives the user the option of mailing the crash report and debug info to Apple. Crash Reporter does not, as far as I am aware, include the contents of any files being edited. I usually paste in any file snippets that I think might be relevant (like wacky javascripts when Safari dies).
If MS makes including files the default, however, there will be serious legal and privacy concerns. Imagine medi
Beyond Privacy... New Security Threat? (Score:2)
Privacy alert! Tin Foil hat on. (Score:2)
Where this is dangerous is that it can be used to secretly collect data. For example, Windows Media Player 10 always contacts the internet
Shouldn't that be illegal? (Score:5, Interesting)
If sending your computer's configuration to Microsoft in the background was found to be illegal by the courts back in the Win95 days...
Wouldn't sending configuration information PLUS document contents be considered illegal today?
I mean, come on now, this couldn't possibly be happening, and out in the open to boot?
Not legal under Canadian law (Score:5, Interesting)
I can't see too many of our clients agreeing to let the confidential contents of their documents be sent to Microsft to figure out why our PCs crashed.
Black box for windows? hmmmm (Score:5, Interesting)
If this tool is really to catch errant drivers, it's usually pretty serious for the OS to throw up its hands.
I wonder if the OS will maintain enough smarts to flush the BSOD information and other stuff to disk properly.
For that matter, if it's not a critical driver (e.g. a sound card driver or network card driver, etc), that goes wonky, why BSOD completely? Why can't the OS log a critical message stating 'This driver encountered an unrecoverable error and has been disabled'. Please close what you were doing and reboot *NOW*'.
Blackbox = UNIX core dump (Score:3, Informative)