PC Magazine - February 3, 2004
Windows XP Error Reports

By Sheryl Canter

When a program crashes under Windows XP, a dialog box may ask you to send an error report to Microsoft (see Figure 1 ). Does sending a report do any good? More important, do error reports contain private information about you?

Figure 1: Vendors writing to the Win XP API can ask users to
submit error reports if an application or driver crashes.

Windows Error Reporting (WER), introduced with Windows XP, lets users send detailed reports when programs crash and lets vendors inform users of fixes and workarounds for reported errors. The error reports are stored in a password-protected database.

Programs must be specially written to use WER. Microsoft uses WER in all recent programs and strongly encourages other companies to do the same. There is no charge for using the system. The list of participating vendors is long (see https://winqual.microsoft.com/parentorgs.asp), and the feedback has been positive. Representatives at Zone Labs say that WER has quickly alerted them to incompatibilities with new operating systems and patches.

What About Privacy?

The data collected in error reports depends on the type of error and may include recent actions (for example, menu choices), network information, machine configuration, relevant files (such as documents, logs, or configuration files), a snapshot of memory, and software configuration information obtained by scanning file versions and Registry settings. A detailed list can be found at http://oca.microsoft.com/en/dcp20.asp.

Error reports can inadvertently contain private information. For example, a snapshot of memory might contain your name, fragments of a document you were writing at the time of the crash, or data recently submitted to a Web site. Private information also may be in Registry keys, log files, or documents sent with the error report.

Error reports are transmitted using HTTPS. Encryption prevents others from eavesdropping on your transmission, but it also prevents security tools such as Zone Lab's myVault from detecting when personal information is being passed. Developers using WER must sign an agreement ensuring your privacy, but if you think a particular error report may contain personal information, you shouldn't send the report.

Unless identifying information is captured inadvertently, the basic report is anonymous. But vendors can incorporate other options when WER-enabling their software. After submitting an error report, you may be asked whether you'd like to fill out a survey or track the status of your report. Such options remove anonymity.

With the latest update to WER, information related to your report, if available, is displayed automatically when you submit the report. This may include a hotfix, an update, or information on a workaround. For details, see the Microsoft Knowledge Base article 821253 (http://support.microsoft.com/default.asp?scid=kb;en-us;821253).

Configuring WER

By default, Windows XP offers to submit all error reports, but if you are logged on with Administrator privileges, you can customize which errors are reported or disable error reporting entirely.

Figure 2: You can configure WER not to send reports or to
send reports only for certain programs or types of programs.

To change your WER options, open the Control Panel, launch the System applet, and click on the Error Reporting button in the Advanced page. This launches the Error Reporting dialog (see Figure 2 ).

If you select Disable error reporting, you can still be notified when critical errors occur. To see the list of errors, go to the System Tools folder under Accessories, launch the System Information applet, expand the Software Environment node, then highlight Windows Error Reporting.

IT administrators can use the Corporate Error Reporting tool to collect reports throughout their organizations and select which to submit. The tool is part of the Office XP Resource Kit (http://go.microsoft.com/fwlink/?LinkID=6754). To configure Corporate Error Reporting, enable the Report Errors policy setting in the Group Policy applet and set the Corporate upload file path to the local file server where the tool is installed. All error reports will then be directed to this file server for review.

Submitting crash reports provides good information to vendors but use the feature cautiously, since private information can be included in the error report.

HomeWritingSpeakingWeb DesignGraphic DesignBioBlogContact