Article published February 09, 2002
Best not to report errors to Microsoft
"Microsoft Word has encountered a problem and needs to close. We are sorry for the inconvenience. Please tell Microsoft about this problem. We have created an error report that you can send to help us improve Microsoft Word."
Millions of people are seeing that dialog box when Windows XP and popular programs like Word, Internet Explorer, Excel, Outlook, and PowerPoint "crash," or stop working.
Windows XP is the new operating system, or master control program for computers, which went on the market late last year. Like Windows 98 and Windows Me, it coordinates a computer's activities.
Microsoft has included the feature, called Error Reporting, in all software since 2000. Error Reporting is not used on Macintosh computers, which have a different operating system.
Now privacy concerns about Error Reporting have surfaced.
The dialog box gives people the option of clicking one button marked "Send Error Report" or another, "Don't Send."
Sending an error report sounds like a good deed that helps programmers detect and fix "bugs," or defects, in software and develop more crash-resistant programs. But it could prove to be a bad mistake in some cases.
Specifically, think twice about sending the report if the program crashed while you were working on a personal or confidential document, or visiting certain Web sites.
Microsoft Error Reporting sends a lot of information about the crash to company headquarters in Redmond, Wash. Microsoft then may send the report to third parties, including software or hardware developers at other companies, so they can work on the problem.
Included is the block of memory where the program was running when it crashed. The contents of the document you were composing, editing, or viewing - or the Web page you were visiting - could be in that block.
Most home computer users think it makes no difference. Who cares if Microsoft technicians see a page of that school report, the e-mail to Aunt Sara, a recipe for chocolate cake, or a page from that weather forecast Web site?
Think again.
Suppose the crash occurs with a very private e-mail or a document that contains personally identifiable information? That could include your name, street address, e-mail address, phone number, Social Security number, credit card numbers, or passwords for bank or brokerage accounts?
Business computer users know it can make a big difference. That Excel spread sheet could be corporate profit-loss projections. That e-mail could be a confidential message to a lawyer or accountant. That Web page could be from a site off-limits on company time, or an in-house site intended only for workers at one corporation.
The Federal Government's Computer Incident Advisory Capability (CIAC) already has warned agencies that the error reporting tool may send sensitive documents to Microsoft. CIAC estimated that document content gets into 1 in 3 error reports.
A CIAC bulletin, with instructions for permanently disabling Error Reporting, is available at: www.ciac.org/ciac/bulletins/m-005.shtml. The procedure involves editing part of Windows, called the Windows Registry, where mistakes can disable a computer.
Unless you're a computer veteran, use the simpler approach if privacy is a concern. Just click "Don't Send" each time the error report dialog box appears. The box itself should include a clear statement that error reports may contain the document being viewed during a crash.
To get that information now, you must click a hyperlink in the box. It takes you to the Microsoft Web site, to wade through a lengthy explanation.
Michael Woods is the Blade's science editor. His column on computers and technology appears each Saturday. Email him at mwoods@theblade.com.
Permanent Link
|
|
 |
|
Search
advertisement
