Do your PCs leak valuable intel with every Windows error report?

Anyone familiar with any version of Microsoft Windows is largely desensitized to the reality of occasional crashes. These range from process failures you never see to Windows Explorer shutdowns that cause all your icons to be jolted back into existence after your desktop flashes back to life.

Behind the scenes, a process called Windows Error Reporting, or Dr. Watson, keeps a vigilant watch over your system’s telemetry and that of a billion other PCs around the world. The service is expressly designed to collect detailed data on your system to improve the working of your computer and that of every other Windows user globally.

It’s a noble idea and one that has without a doubt served to make the current version of Windows one of Microsoft’s most stable ever. And it’s also one that you probably chose not to opt out of early on in your relationship with your Windows machine.

But what if I were to tell you that along with all the crash data and application errors Microsoft collects, there’s also the inevitable batch of personally identifiable data, information that could include a variety of specifics about your usage, your apps and whatever else Windows happens to know about you that might be considered important for support purposes. That should not surprise you, and Microsoft doesn’t try to hide this fact. In fact, they make it clear that any such data transfers are encrypted with SSL and the collected data is protected by their privacy policy.

Phew! So what am I talking about then?

Well, there are two kinds of data that the good Dr. Watson collects, and the other kind is ‘parametric’ information – effectively system, application & configuration data used to figure out why Windows choked on something or other. That data is not encrypted and according to a sobering post by WebSense, those data transfers take place much more often than you may think.

In fact, they occur any time you plug in a USB device, when your network connections experience routine timeouts, failed application updates, new driver installations, etc. Basically, there’s enough data leaving your computer to get a clear idea about what hardware configuration you’re using, what applications are running and most importantly, what patches and updates have been applied.

What will Microsoft do with that information? WebSense hints that it might be interesting for them from a competitive perspective, to know how many Windows users are connecting iPhones and how. You can’t pay for that kind of intel. But from our perspective, it doesn’t really matter. What does matter is who else might be listening on the party line.

If a billion computers are routinely filing daily reports about network latency, drivers, apps and missing patches, can you think of any eccentric uncle or crazy neighbour who might be interested in that kind of juicy, actionable, targeted data? If data interception is not a concern, then hacking should be.

In a future post, we may opt to explore the compliance implications of this for your organization (especially now that you know about the issue). But for now, you may choose to shrug it off, or you could take Microsoft’s advice and use Group Policy to safely submit error reports. Of course, you can always opt to turn off Windows Error Reporting if the risk of hacking or surveillance really puts a damper on things for you.

Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.