Thu, Apr 28 2005 23:19
Sometimes it's funny how people react to things. There was a recent set of stories of how the next version of Windows would have a 'black box' feature to aid in gathering data of system crashes and what not.
In some circles you would think Microsoft has a division that just can't wait to read what stuff we have on the computers. Just take some of these comments:
“My initial impression is that in the health care industry this will be a violation of the HIPAA security rules.” and “I've heard a lot of discussion on Microsoft's privacy issues. I was an avid Windows XP user, using it for personal web hosting and gaming. But discussions like this BlackBox and Palladium have gotten me spooked”
And yet, do many of you realize that as of right now, if this is a privacy issue to you later, it is a privacy issue now...and better yet, do you realize what benefit it is?
First off there is a setting, a registry edit that you can do to turn this off if you are that paranoid and concerned. Furthermore, when the crash dump occurs, say no and don't send it.
HKLM\Software\Microsoft \DrWatson \CreateCrashDump is the registry key if you want to disable it...but wait... keep reading...
But do you realize the benefit of these dumps? Case in point is SBS. Last April we saw our SBS boxes blue screen and send a dump off to Microsoft, it ended up being a virus engine update that they knew BECAUSE of the crash dumps. They knew within minutes while the rest of us were totally guessing. Charlie Anthe has posted before of all the items that have been identified because of crash dumps.
You can take a look at this link http://oca.microsoft.com/en/Response.asp?SID=896 and see what kind of things have been found with the online crash report. Change that SID number in fact and you'll see the kinds of things that have been found. The Data collection policy is posted on the web site.
As it says on the site “When collecting information, it is possible for personal or confidential information to be present in the report. For instance, a snapshot of memory may include your name, part of a document you were working on, or data you recently submitted to a Web site. It is also possible for personal information to be included in a log file, a portion of the registry, or other product specific files needed to determine the cause of the problem. If you are concerned that the report may contain personal or confidential information, please do not send the report.”
Bottom line if you have a concern about the black box technology in Longhorn, you should have a security concern now. The technology is not increasing, it's just enhancing what's already there. It's like the concept of the SBS community. Peer sharing so we can all benefit.
Now how about taking some if this paranoia against our line of business vendors can't do least user privilege coding, eh?
Filed under: Security