| Date: | August 10, 2005 / year-entry #220 |
| Tags: | other |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20050810-12/?p=34633 |
| Comments: | 38 |
| Summary: | What happens to all the crashes in programs not written by Microsoft that are submitted via Windows Error Reporting? Microsoft still collects and indexes them, and vendors can sign up to gain access to the error reporting database to see the crashes in their programs. The service is free, although it does require a Verisign... |
What happens to all the crashes in programs not written by Microsoft that are submitted via Windows Error Reporting? Microsoft still collects and indexes them, and vendors can sign up to gain access to the error reporting database to see the crashes in their programs. The service is free, although it does require a Verisign ID so that the Winqual system can confirm that you are who you claim you are. (It would be bad if somebody could pretend to be, say, Adobe, and get all their crash data.) There will be a session at the PDC which will go into how you the software developer can take advantage of all this data in order to improve your product from pre-release through general availability and even into sustained engineering.
Yes, it's a kind of boring title. The original title was "Turning dissatisfied customers into gold". I would've used something like "Your program is crashing. Are you listening?" Oh well, the title isn't important. What's important is that you can use this information to make your products better. |
Comments (38)
Comments are closed. |
I would be happy if we could just set it up to send the crash dumps directly to us.
It is unfortunate that Microsoft only accept digital signatures from Verisign, not (for example) Thawte. To be consistent, shouldn’t Internet Explorer reject Thawte-signed pages too?
btw that verisign link seems broken
if i get an ID will windows stop terrorizing my users whenever they download & try to run my program from the net?
MS must be taking commissions from these verisign guys :)
let’s face it, whether i get a verisign certificate or not says nothing about how good an egg i am as a developer — it just says i’ve got deep pockets, no?
One further question arising out of both the earlier comments: is there a documented way for an application to prevent Windows from offering to send crash dumps to Microsoft? This would allow the app to implement its own handling of crashes [possibly including an offer to send the crash information directly to the application vendor].
Universalis:
Yes. Implement your own Unhandled Exception Filter.
nikos: The certificate doesn’t prove that you’re a good person. All it proves is that you are who you say you are.
"It is unfortunate that Microsoft only accept digital signatures from Verisign, not (for example) Thawte. "
especially since Thawte is owned by Verisign.
see http://www.codeproject.com/debug/crash_report.asp
for how to setup your own crash handler and have reports sent directly to you
"All it proves is that you are who you say you are."
If Verisign spent your $400 on doing its job properly rather than lining the shareholders pockets this might be true, but there have been many cases of bogus certificates issued. There was even a "Microsoft Corporation" certificate issued to a third-party a few years ago:
http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx
nikos: Okay now think like a bad guy. Imagine what you could do if the signature test were removed.
How independent software vendors get access to Windows Error Reporting Data. Which is why you should send reports if the data isn’t sensitive….
I understand the need to verify that crash dumps don’t fall into the wrong hands, but a Verisign backed certificate isn’t the only way to solve that problem.
A self-signed certificate isn’t any less secure than a third-party backed one since you’re not concerned about identity here, all you need to assert is that the person (or entity) that’s requesting the crash dumps is the same one that produced the executable.
Has anyone here been able to use this facility successfully for a real project? We hit Microsoft organizational issues when we tried, and ended up just FTP’ing crash reports ourselves.
Verisign, huh? I remember a Microsoft programmer trying to bash Firefox claiming that it was an "unsecure download, etc. all software should be signed", despite some known spyware being signed by Verisign. Basically, it don’t mean nuffink.
As an independent software vendor do I get access to other companies’ crash logs? All my applications I’ve developped lately are plugins or extensions, so the crash actually happens in somebody else’s program (IE for example), even if it’s caused by my module. Do I get access to those reports as well (my code is signed)?
Mr Cynic: You’re referring to this?
http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
(See also http://blogs.msdn.com/ptorr/archive/2005/03/26/402585.aspx)
The point is that when you’re downloading an application from the web (e.g. Firefox) you need to be sure it hasn’t been modified (e.g. spyware added). Signing the download allows the system to check the download hasn’t been altered since the original publisher created it. If you’re downloading and installing unsigned apps you’re asking for trouble.
(Of course, for signed downloads, you also need to check that the signature matches what you expect)
Riva (and others): The whole point about having a (high-grade) certificate is that Verisign—or any other publicly trusted CA for that matter—has verified that the entity really is who it says it is. That’s a major undertaking. This way a company such as Microsoft doesn’t have to it (and screw up). It only has to read the information that the certificate carries along. Simple and efficient!
"Mr Cynic" –
And isn’t it telling that Mozilla started signing Firefox and all the other binary installers for Windows shortly thereafter? You might want to ask them if Peter Torr’s article was just a coincidence, and when you ask them please also quiz them as to why they would sign them at all. Maybe you’ll learn something.
C-J: With regard to crash dumps you’re not verifying identity, you’re verifying ‘ownership’ which doesn’t necessarily require identity.
If I embed a signature into an executable and a dozen others step up and claim to have produced it then it’s a trivial matter to find out who is the rightful ‘owner’ since I will be the only one with the original certificate. If it’s self-signed you can’t be certain what my identity is since noone but me is vouching for it but there won’t be any doubt that I and noone else signed it.
I get this question
a lot, so I thought I’d pass on The Old New Thing blog
entry on Windows…
I am not currently going to the PDC, but if I were I would probably want to attend the session entitled…
Oh dear. "Digital ID", eh? That does have connotations that "certificate and private key" doesn’t. That seems like an attempt to make PKI more "friendly".
Riva: Anyone who has a copy of the file you signed also has the certificate (it’s in the file). You’re the only one with the private key (a .pvk file if it’s from Verisign). That’s how you prove you signed it.
Well, sort of. Really the best you can do is show that you currently hold the private key and the issuing CA can offer whatever evidence it has about the identity it issued to and we can combine all that information and have some degree of confidence that you were the signer. Assuming that someone didn’t steal your key.
C-J: Two problems: (1) Verisign doesn’t always do a very good job of validating that the person requesting a cert is really who they say they are. Public CA’s create a false sense of security. (2) There isn’t a free market for CA services, so Verisign gets away with charging inflated prices. The whole idea of yearly renewals is especially bogus — if I proved I was John Doe last year, I’m still John Doe this year, and I shouldn’t have to pay the CA again.
2. Using VeriSign certificates doesn’t provide any extra security for Microsoft customers. But it does provide the ILLUSION of security, which is better value for Microsoft (the illusion is low impact unlike the real thing), and it operates as an additional (low) barrier to entry for competitors in some of Microsoft’s business sectors.
I’ve allways felt sorry for the person who’s getting all those error reports in the inbox: http://www.bbspot.com/News/2004/06/microsoft_error_reports.html
I am probably very stupid (yes) therefore I cannot understand why cannot the developer sign the app/module and when it crashes the signature along with hash of the app goes to MS and then MS checks its database where the developer has sent his certificate before the app was published. Now if crash happens and the information match we know whos app it was and so on. Zero need for Verishitn. Or?
zzz: You’re assuming the entire application binary is available at the time of the crash (so it can be hashed and its signature verified). If the crash was because the user yanked the CD out of the drive suddenly or the network connection was dropped, attempting to compute the hash will re-raise the error that caused the crash to begin with.
Actually, Universalis, GregM and especially John are right – it’s looks like VeriSign monopoly with unknown reason for it. It’s easier to receive certificate from other CAs from root CA program(http://www.microsoft.com/technet/archive/security/news/rootcert.mspx) in "other parts of the world" and with lower price. We (as ISV) was very excited about OCA program, but this limitation prevent us from joining.
Raymond wrote:
>It would be bad if somebody could pretend to be, say, Adobe, and get all their crash data.
Bad for $buggy_sw_product_co, maybe, but quite useful for the potential purchasers of $buggy_sw_product_co software?
Also quite useful to anyone who wants to trace crashes back to an exploitable security issue which is why making crash data available to just anyone would not be such a bright idea.
We use a modified version of the old MSJEXHND exception handler code to generate a crash dump, and then use simple MAPI to generate an email to us, and it has been very useful.
However, it would be nice to get the WINQUAL data as well. Unfortunately, we have a Thawte certificate.
Any chance the powers that be might consider supporting Thawte as well?
The title might be boring, but it’s certainly un-grammatical!
Anthony: Are you licensed to do that with your modified MSJEXHND?
In Windows Vista and IE7 we have changed the parameter validation code in WinInet to be more consistent…
It appears that there are other gotchas in this process other than the verisign cert. During the process, you are asked to provide a business address, and the text says…
"Certain services have fees"….
Er?
What fees?
Why can’t someone be up front about that part of the idea…
If you’re a company wanting to get access to the data from the crash dialog, this article isn’t for you.
Get crash data from Microsoft