Do your PCs leak valuable intel with every Windows error report?
Anyone familiar with any version of Microsoft Windows is largely desensitized to the reality of occasional crashes. These range from process failures you never see to Windows Explorer shutdowns that cause all your icons to be jolted back into existence after your desktop flashes back to life.
Behind the scenes, a process called Windows Error Reporting, or Dr. Watson, keeps a vigilant watch over your system’s telemetry and that of a billion other PCs around the world. The service is expressly designed to collect detailed data on your system to improve the working of your computer and that of every other Windows user globally.
It’s a noble idea and one that has without a doubt served to make the current version of Windows one of Microsoft’s most stable ever. And it’s also one that you probably chose not to opt out of early on in your relationship with your Windows machine.
Phew! So what am I talking about then?
Well, there are two kinds of data that the good Dr. Watson collects, and the other kind is ‘parametric’ information – effectively system, application & configuration data used to figure out why Windows choked on something or other. That data is not encrypted and according to a sobering post by WebSense, those data transfers take place much more often than you may think.
In fact, they occur any time you plug in a USB device, when your network connections experience routine timeouts, failed application updates, new driver installations, etc. Basically, there’s enough data leaving your computer to get a clear idea about what hardware configuration you’re using, what applications are running and most importantly, what patches and updates have been applied.
What will Microsoft do with that information? WebSense hints that it might be interesting for them from a competitive perspective, to know how many Windows users are connecting iPhones and how. You can’t pay for that kind of intel. But from our perspective, it doesn’t really matter. What does matter is who else might be listening on the party line.
If a billion computers are routinely filing daily reports about network latency, drivers, apps and missing patches, can you think of any eccentric uncle or crazy neighbour who might be interested in that kind of juicy, actionable, targeted data? If data interception is not a concern, then hacking should be.
In a future post, we may opt to explore the compliance implications of this for your organization (especially now that you know about the issue). But for now, you may choose to shrug it off, or you could take Microsoft’s advice and use Group Policy to safely submit error reports. Of course, you can always opt to turn off Windows Error Reporting if the risk of hacking or surveillance really puts a damper on things for you.