In my last blog, I discussed the importance of a Security Development Lifecycle and how we’re making resources available to our customers and partners. Today, I want to discuss a more resources Microsoft provides our partners to develop and refine their products running on Windows and point out opportunities for integration with Hyper-V. There are a number of ways we work with partners to improve code quality and security starting with Windows Error Reporting.
Windows Error Reporting (WER)
Windows Error Reporting is a set of Windows technologies that capture software crash data and support end-user reporting of crash information. Through Windows Quality Online Services (Winqual), software and hardware vendors can access reports in order to analyze and respond to these problems. WER technologies are implemented in Windows XP, Vista, Windows 7, Windows Server 2003/2003 R2 and Windows Server 2008/2008 R2.
Vendors can use WER to view error reports at no charge. This service is available for all products, even those that do not qualify for the “Designed for Windows” logo-although we strongly recommend that you submit your products to the Windows Logo Program.
With data from Microsoft Windows Error Reporting (WER), you can identify the most common real-world customer problems and quickly provide a solution to your customers. While customer support calls provide information about common issues, they do not always provide enough detail to debug the actual code. Further, support records indicate only those problems which prompted calls. Because it is much easier for users to submit an error report than to contact customer support, WER can provide a more comprehensive picture of the problems your customers are having. And because WER collects data at the point of failure, you can get a more detailed picture of what is going wrong.
In the end, this is a win-win situation. PARTNERS WIN because they can diagnose and produce better code (and lower support costs) and CUSTOMERS WIN with higher quality solutions. If your company develops software and aren’t using WER, you need to take advantage of this resource. Here’s the link to the WER site:
While WER can be a boon to developers by providing critical information to triage issues, we didn’t stop there. We also released a new tool, called the !exploitable Crash Analyzer, on CodePlex March 20 at the CanSecWest conference in Vancouver, British Columbia. A Windows debugger extension, this heuristics-based tool is aimed at not only helping developers assess what is causing crashes, but also ranking the seriousness of a bug.
Introducing !exploitable Crash Analyzer: What does it do?
The program works by examining crash data-information gathered when an application stops performing its expected function-to identify the unique issues that caused the crash. From there, the program provides guidance on how exploitable the crash is, and can be used by third-party developers to then prioritize the problem.
“As a tool, it can save developers time and effort,” said Roger Kay, president of tech industry analyst group Endpoint Technologies Associates. “A number of apparently different crashes can actually be caused by the same code. The analyzer isolates the offending block and essentially says, ‘Here, all these different crashes are actually the same failure, and it’s an important one that you ought to fix right away because it presents an open attack surface.'”
If you’re interested in this tool, go to the Microsoft Security Engineering Center where you can download the tool from CodePlex (CodePlex is Microsoft’s open source project hosting web site) and find how this can help in your development.
The link is here: http://www.microsoft.com/security/msec/default.mspx
Principal Group Program Manager
Windows Server, Hyper-V