News Stay informed about the latest enterprise technology news and product updates.

It's elementary that Dr. Watson should be disabled

Microsoft's "Dr. Watson" program-error debugger may not be an enterprise must-have, but it does have its uses for IT and developers. recently spoke with Russ Cooper, senior information security analyst with Cybertrust Inc., in Herndon, Va., about Dr. Watson's value to the enterprise.

You probably want to make sure that the dump files are erased from some systems, especially sensitive systems, and that you are not creating a dump file until you absolutely need it.

Russ Cooper, security analyst,

Cybertrust Inc.

What is Dr. Watson and how does it work?
Dr. Watson is an internal debugging tool to provide detailed memory information at the time of a program crash. Basically, it would log contents of memory and store it in a disk file so that it can be inspected later with a debugger. More often than not, you would take the dump file and send it off to Microsoft support, and they would determine what caused the system to crash. What is your understanding of how Microsoft is planning to improve Dr. Watson?
They say they're going to scrub data out of the stuff that's being sent to Microsoft so that you don't have to be as concerned about the sensitive information. Presumably, they're going to be able to determine what is data versus what is not data.

They know where data is being stored for various applications that are running. The biggest advantage will be with this type of thing deployed to millions of home users who are allegedly crashing their systems all the time. With something like this that automatically sends to Microsoft unless you tell it you don't want them to, these crashes are going to get sent to Microsoft. What role does this crash-dump service have in the enterprise?
It doesn't really have a role other than providing Microsoft with additional information beyond the cryptic message that appears on the screen when a program crashes.

In general, corporations would likely disable that feature, and chances are that could be done via a Group Policy setting because they wouldn't want to waste the bandwidth sending all of this off to Microsoft.

Internally in an organization, if you develop your own applications, then you'd be able to have that information sent to you. You could have it pointed wherever you wanted to receive it and you'd be able to get that crash information for your developers to find out where your own bugs are.

If you do a lot of internal development, then that probably would be a very useful feature. What does an IT admin need to know if they want to use the service?

Related links

Why you should create a 'crash reporting' policy topic: Desktop management


Ask Microsoft: When Windows crashes

You probably want to make sure that the dump files are erased from some systems, especially sensitive systems, and that you are not creating a dump file until you absolutely need it. You have it disabled until you've experienced a crash. Then if the crash occurs again, you would have the dump file to send to whomever. Once that's done, disable it again and save yourself the wasted disk space. Does Dr. Watson make enterprises more vulnerable to hackers?
No. We all use it. It's enabled on every Windows box. You could disable it, but most people don't. It doesn't make you any more vulnerable. I guess it's probably that a sophisticated hacker who was trying to find information on your computer may go looking on old dump files because they don't get erased. You may have dump files on your system that you want to get rid of. There are settings to determine whether a dump file gets written at all.

Dig Deeper on Windows Server Monitoring and Administration

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.