digplanet beta 1: Athena
Share digplanet:

Agriculture

Applied sciences

Arts

Belief

Business

Chronology

Culture

Education

Environment

Geography

Health

History

Humanities

Language

Law

Life

Mathematics

Nature

People

Politics

Science

Society

Technology

Windows Error Reporting displaying problem details from an issue with Windows Explorer

Windows Error Reporting (WER) (codenamed Watson) is a crash reporting technology introduced by Microsoft with Windows XP[1] and included in later Windows versions and Windows Mobile 5.0 and 6.0. Not to be confused with the Dr. Watson debugging tool which left the memory dump on the user's local machine, Windows Error Reporting collects and offers to send post-error debug information (a memory dump) using the Internet to the Microsoft or stops responding on a user's desktop. No data is sent without the user's consent.[2] When a dump (or other error signature information) reaches the Microsoft server, it is analyzed and a solution is sent back to the user when one is available. Solutions are served using Windows Error Reporting Responses. Windows Error Reporting runs as a Windows service and can optionally be entirely disabled. If Windows Error Reporting itself crashes, then an error reports that the original crashed process cannot be sent at all.

History[edit]

Windows XP[edit]

Microsoft first introduced Windows Error Reporting with Windows XP.[1]

Windows Vista[edit]

Windows Error Reporting was improved significantly in Windows Vista. Most importantly a new set of public APIs have been created for reporting failures other than application crashes and hangs.[3] Developers can create custom reports and customize the reporting user interface. The new APIs are documented in MSDN. The architecture of Windows Error Reporting has been revamped with a focus on reliability and user experience. WER can now report errors even when the process is in a very bad state for example if the process has encountered stack exhaustions, PEB/TEB corruptions, heap corruptions, etc. In earlier OSs prior to Windows Vista, the process usually terminated silently without generating an error report in these conditions. A new Control Panel applet, "Problem Reports and Solutions" was also introduced, keeping a record of system and application errors and issues, as well as presenting probable solutions to problems.

Windows 7[edit]

The Problem Reports and Solutions Control Panel applet was replaced by the Maintenance section of the Windows Action Center on Windows 7 and Server 2008 R2.

A new application, Problem Steps Recorder (PSR.exe), is shipping on all builds of Windows 7. This feature enables the collection of the actions performed by a user while encountering a crash so that testers and developers can reproduce the situation for analysis and debugging.[4]

System Design[edit]

WER is a distributed system. Client-side software detects an error condition, generates an error report, labels the bucket, and reports the error to the WER service. The WER service records the error occurrence and then, depending on information known about the particular error, might request additional data from the client, or direct the client to a solution. Programmers access the WER service to retrieve data for specific error reports and for statistics-based debugging.

Errors collected by WER clients are sent to the WER service. The WER service employs approximately 60 servers connected to a 65TB storage area network that stores the error report database and a 120TB storage area network that stores up to 6 months of raw CAB files. The service is provisioned to receive and process well over 100 million error reports per day, which is sufficient to survive correlated global events such as Internet worms.[5]

Buckets[edit]

In the Microsoft Windows Error Reporting (WER) system, crash reports are organized according to "buckets". Buckets classify issues by:[6]

  • Application Name,
  • Application Version,
  • Application Build Date,
  • Module Name,
  • Module Version,
  • Module Build Date,
  • OS Exception Code,
  • and Module Code Offset.

Ideally, each bucket contains crash reports that are caused by the same bug. However, there are two forms of weakness in the WER bucketing: weaknesses in the condensing heuristics, which result in mapping reports from a bug into too many buckets. For example if you compile your application one more time without any changes Module Build Date will changes however and same crash will be placed to another bucket. And weaknesses in the expanding heuristics, which result in mapping more than one bug into the same bucket. For example if two different bugs crash inside strlen function because they call it with corrupted string there will be only one bucket for both. The reason is because the bucket is generated on the Windows OS client without performing any symbol analysis on the memory dump. The module that is picked by the Windows Error Reporting client is the module at the top of the stack. Investigations of many reports result in a faulting module that is different from the original bucket determination.[7]

Third-party software[edit]

Software and hardware manufacturers may access their error reports using Microsoft's Windows Dev Center Hardware and Desktop Dashboard (was Winqual) program.[8] In order to ensure that error reporting data only goes to the engineers responsible for the product, Microsoft requires that interested vendors obtain a VeriSign Class 3 Digital ID or DigiCert certificate.[9] Digital certificates provided by cheaper providers (such as Thawte, Comodo, GlobalSign, GeoTrust, Cybertrust, Entrust, GoDaddy, QuoVadis, Trustwave, SecureTrust, Wells Fargo) are not accepted.[10][11][12][13][14]

Software and hardware manufacturers can also close the loop with their customers by linking error signatures to Windows Error Reporting Responses. This allows distributing solutions as well as collecting extra information from customers (such as reproducing the steps they took before the crash) and providing them with support links.

Impact on future software[edit]

Microsoft has reported that data collected from Windows Error Reporting has made a huge difference in the way software is developed internally. For instance, in 2002, Steve Ballmer noted that error reports enabled the Windows team to fix 29% of all Windows XP errors with Windows XP SP1. Over half of all Microsoft Office XP errors were fixed with Office XP SP2.[15] Success is based in part on the 80/20 rule. Error reporting data reveals that there is a small set of bugs that is responsible for the vast majority of the problems users see. Fixing 20% of code defects can eliminate 80% or more of the problems users encounter. An article in the New York Times confirmed that error reporting data had been instrumental in fixing problems seen in the beta releases of Windows Vista and Microsoft Office 2007.[16]

Privacy concerns and use by the NSA[edit]

Although Microsoft has made privacy assurances, they acknowledge that personally identifiable information could be contained in the memory and application data compiled in the 100-200 KB "minidumps" that Windows Error Reporting compiles and sends back to Microsoft. They insist that in case personal data is sent to Microsoft, it won't be used to identify users, according to Microsoft's privacy policy.[17][18] But in reporting issues to Microsoft, users need to trust Microsoft's partners as well. About 450 partners have been granted access to the error reporting database to see records related to their drivers, utilities and applications.[citation needed]

Older versions of WER send data without encryption; only WER from Windows 8 uses TLS encryption.[19]

In December 2013, an independent lab found that WER automatically sends information to Microsoft when a new USB device is plugged to the PC.[19]

According to Der Spiegel, the Microsoft crash reporter has been exploited by NSA's TAO unit to hack into the computers of Mexico's Secretariat of Public Security. According to the same source, Microsoft crash reports are automatically harvested in NSA's XKeyscore database, in order to facilitate such operations.[20]

Alternatives[edit]

While WER effectively collects all crashes over the world, it is not so effective in crash analysis and organization without debugging symbols. Also there are some difficulties mentioned above to get access to WER data for independent software vendors, especially for small one and open source teams. Because of that, there are some third party alternatives which allow users to also submit crash reports to the developers of the crashing software.

  • Doctor Dump Crash Reporting System, free crash reporting and memory dump analyzing service, that collects, organizes and stores crash reports from Windows platform and provides users with solution/workaround to the problem immediately after the crash.
  • Google Breakpad, an open-source multi-platform crash reporting system.
  • XCrashReport, library that adds basic exception handling and crash reporting to Windows C++ application.

See also[edit]

References[edit]


Original courtesy of Wikipedia: http://en.wikipedia.org/wiki/Windows_Error_Reporting — Please support Wikipedia.
This page uses Creative Commons Licensed content from Wikipedia. A portion of the proceeds from advertising on Digplanet goes to supporting Wikipedia.
110277 videos foundNext > 

Disable Error Reporting in Windows 7 Step By Step Tutorial

Disable Error Reporting in Windows 7 Step By Step Tutorial :)

Microsoft SCOM 2007: Windows Error Reporting

Microsoft SCOM 2007: Windows Error Reporting. For more information please contact us at www.KAlliance.com or call 1-800-330-9111. Twitter: https://twitter.co...

Disable Windows Error Reporting (WIN7-VISTA)

How To Disable Windows Error Reporting Service. 1.Go To Search Bar Type in Services.msc 2.Find Windows Error Reporting Service 3.Click On It 4.Disable It 5.R...

How to Disable Error Reporting in Windows

Learn how to disable error reporting in Windows. Set when you want Windows to check for solutions to the problem it has incurred. Don't forget to check out o...

Disable windows error reporting service

How to disable the pesky windows xp error reporting service. Please rate&subscribe Thanks!

How To: Disable Windows Error Reporting & Check for Solutions In Windows 7

Whenever a program is not responding windows always takes the time to check for a solution, when it just needs to be closed. This also stops Windows Error Re...

How To Disable Error Reporting Service To Make Windows Applications Run Faster

This video shows you how to disable Error Reporting Service to make Windows applications run faster. Its for Windows XP users but Windows 7 and Vista users c...

Windows XP Tip: Turn Off Error Reporting

Follow the instructions in the video to disable error reporting on Windows XP.

Bad First Impressions - Microsoft Windows Error Reporting

The debut of Microsoft's phone home error reporting is quite notable, if only for how it makes the situation so spectacularly worse. From Windows XP/Whistler...

Disable Windows Error Reporting

This video shows you how to disable windows error reporting.

110277 videos foundNext > 

245 news items

Graham Cluley Security News

Forbes
Wed, 01 Jan 2014 10:09:22 -0800

This sounds like a remarkably alarming warning: as many as 1 billion networked PCs around the world are allegedly at risk because Windows Error Reporting (aka Dr. Watson) sends its report in the clear. And those reports do include machine type, OS, ...
 
Virus Bulletin (blog)
Wed, 19 Feb 2014 06:36:05 -0800

All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm Websense has shown how Windows Error Reporting can be used to detect hitherto unknown attacks. Windows Error Reporting ...

Ottawa Citizen

Threatpost
Wed, 19 Feb 2014 10:00:00 -0800

Windows Error Reporting, also known as Dr. Watson reports, are Windows crash reports sent by default unencrypted to Microsoft, which uses them to fix bugs. The reports are rich with system data that Microsoft also uses to enhance user interaction with ...

Ars Technica

WinBeta
Mon, 30 Dec 2013 09:34:58 -0800

Now, take this report with a grain of salt. The report comes out of Germany and the claims are a bit farfetched. But you be the judge. According to a new report coming from Germany's Der Spiegel, the US National Security Agency (NSA) has been working ...
 
WinBeta
Mon, 30 Dec 2013 14:19:30 -0800

Research carried out by Websense Security Labs shows that data sent from computers through Microsoft Error Reporting could be intercepted by hackers and used to formulate an attack. The problem stems from the fact that crash reports are transmitted in ...

CNBC.com

CNBC.com
Thu, 13 Feb 2014 08:51:57 -0800

Microsoft's reporting system, Windows Error Reporting (also called Dr. Watson), is on 80 percent of all network-connected PCs, according to the company. Reports sent on Windows XP, Vista and Windows 7 are all unencrypted (Windows 8 PCs include ...
 
ZDNet.be
Tue, 28 Oct 2014 08:57:01 -0700

Dat is echter geen nieuw probleem: zakelijke klanten moeten altijd voorzichtig zijn bij het configureren van Windows Error Reporting als ze deze Windowsversies op cruciale machines installeren. Als je bestanden moet openen die vertrouwelijke informatie ...
 
Ghacks Technology News
Thu, 25 Aug 2011 00:41:15 -0700

AppCrashView is only compatible with Vista and Windows 7. It furthermore pulls the information from system crash logs (wer files) that are created by Windows Error Reporting. This means that you may see multiple error listings in AppCrashView that may ...
Loading

Oops, we seem to be having trouble contacting Twitter

Support Wikipedia

A portion of the proceeds from advertising on Digplanet goes to supporting Wikipedia. Please add your support for Wikipedia!

Searchlight Group

Digplanet also receives support from Searchlight Group. Visit Searchlight