56 comments

[ 3.1 ms ] story [ 118 ms ] thread
All well and good, but on my Linux box the need for an equivalent to BSOD is just not needed, never mind having a QR code on it.
Linux/UNIX has the equivalent: kernel panic
There was a proposal of stuffing the kernel panic into a qr code in 2012. It never took off: the kernel doesn't want a qr code library and the panic was too big anyway.
Which never seems to happen as often of me
I'm not sure I've ever seen one, and I've run exclusively *nix on my personal machines for about 8 years. Yet I've seen a lot on the Win10 laptop I just bought a few months ago (mostly due to a broken windows update -- updating again fixed it).
I've seen plenty of kernel panics at work last year due to faulty hardware, but I can't remember seeing any panics in the past 10 years that's software related.
I guess you aren't running X Windows then.
Huh, why? Normally you don't see kernel panics because of X¹¹, as it prevents you from accessing the TTY with the dump data. :-)
Sure you do, it is when the machine either hangs or suddenly reboots. X is very good at it.
On Windows, Linux, and OS X most kernel panics are caused by one of two things:

- Faulty drivers.

- Faulty hardware.

Linux often runs on server hardware, that helps, but also if you aren't doing desktop Linux you're exposed to fewer potentially faulty drivers. As soon as you enable 3D acceleration and sound Linux crashes about as much as Windows (due to third party closed source drivers).

You really have to compare like with like. I think Linux is very stable, but I also think Windows Server is very stable too (doubly so in Core Mode). However Windows or Linux running on a five year old laptop that has clogged up air ducts or failing fans and which gets too hot to touch isn't going to be a stable scenario for any OS.

If anything because Windows has been forced to run on such terrible hardware they've done a lot to mitigate it. They've moved sound completely out of kernel space and moved MOST of the graphics stack out too. Now both can crash without causing a BSOD, that's pretty neat.

I think this is a bad idea. Now imaging a new channel for all sorts of fake BSODs and out-of-band malicious links in the shown QR codes.
Now your PC malware can infect your mobile device. Wheee!

Microsoft is usually pretty good at modeling security threats these days. I'm surprised they did this, it's a bad idea.

I really don't see what the problem is here.
The idea they are talking about is most like the scenario where malware throws up a fake BSOD with its own QR code.

The user then scans the QR code to open a link to the microsoft website with more details about the BSOD.

Except the QR code is fake and it opens a page that is targeted to infect your phone/tablet.

Now 2 devices are infected. Yay

Seems pretty convoluted to the point of absurdity.

If your threat model automatically assumes links are directly proportionate to infections then you're already screwed since getting a user to click a link is insanely easy, and if you had a link that would infect mobile devices you'd likely just drop it on a few news aggregators rather than go through this mess.

Threat modeling is about evaluating the risks, including how realistic they are. Your risk model is just unrealistic, you're now infecting PCs with malware for the sole purpose of generating a fake BSOD, which in turn creates a link, which in turn infects mobile devices. Why even infect PCs in that scenario? Seems much MUCH easier to trick mobile users into clicking links OR redirecting them (e.g. AD hijacking).

If you really wanted to attack mobile devices from an infected PC you'd likely use their direct USB connection, seems like a much more reliable route. Also may accomplish infections not normally possible from a simple link.

> Seems pretty convoluted to the point of absurdity.

I dunno, trojan diallers and phishing seem pretty convoluted to me.

Mobile phones are a major target for attack in the UK at the moment.

I don't really understand what it is you're getting at.

It is convoluted because a PC infection is unnecessary in that scenario. You could skip it and accomplish the same thing.

Phones contain valuable data, too.
Oh man, you have no idea what the state of security is, or how persistent attackers are. This is definitely not absurd. In fact, I'll bet that attackers are writing code for this right now.

I've encountered Bad Guys who happily walk users through enabling Debug mode on their Android devices (requires a bunch of gyrations and scary dialogs). Many users are absolutely clueless about security, and will follow instructions in pursuit of !!Free Stuff!!. It's amazing.

Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea. Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.

What stops malware from doing this already? If your PC is compromised, what stops it, today, from popping up a message that says, "hey, open this url on your phone to [fix your registry|enter this contest|get free porn|pay our ransom|whatever]"?

No new attack vector was created by adding QR codes to BSODs. Most people aren't going to scan the QR code anyway, for the same reason they didn't search for the error codes: they done know what to do with the info. They will restart the machine and eventually call a friend/relative/tech support for help.

> Oh man, you have no idea what the state of security is, or how persistent attackers are.

It is only my day job...

You also forgot to explain why, if you had a link which auto-infects a mobile device, that you wouldn't just post the link on Twitter/Reddit/HK/etc rather than infect PCs and then "trick" users into going to the link.

If you're going to spend the time and money it takes to create PC malware, you're going to want specific value from that infection in and of itself. Meaning information theft, botnet member, spam proxy, etc, by using this BSOD route you're likely to expose your PC implant and lose the value there.

> Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea.

So is clicking a link on Hacker News, but I bet you've done it dozens of times in the last hour.

> Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.

And by "this vector" you mean a link, on the internet? Again explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc. Or heck explain why AD redirects aren't a threat?

You're not thinking like an attacker who is trying to get to a specific target (such as Obama's iMessages).
It's obvious you've been using ad blockers for years. Turn it off for a few days and you'll see a bunch of malware Ads mimicking anti virus warnings with words like 'Scan your computer for viruses' or "1789 viruses found on your pc, click here to remove them"

>>explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc.

Trust. A fake email that looks like its from your bank directing you to a website that looks like your bank's site is usually successful

In the same vein, an attacker utilizing trust and habit can gain access to your email account or/and get you to install anything

Of course "you" won't be fooled but many others will be

Not absurd at all. The malware infects the PC and does its bad thing. After it's finished doing the bad stuff, it creates a full screen window which looks just like a BSOD screen with the QR code containing the attacker's URL.

User scans the QR code and navigates to that URL. Now he thinks he's on microsoft.com and will readily hand over his Microsoft credentials.

When you have Bitcoin, bank accounts, credit cards, etc as potential rewards, bad guys can (and do) get quite creative..

Can't you just create QR code that goes to a site that tells you "Your PC broke, to fix it install this software" or something... Then just rely on less experienced users thinking the faked BSOD is real.
I think it's a great idea, in theory (although Microsoft's use of it here is pointless though, as implemented). QR codes are just machine-readable text. Cryptic codes only accessible visually that are time-consuming and error prone to copy by hand? QR codes were designed for this.

Security issues with QR codes, while they exist, should be considered flaws in the QR reader. Doing anything with a QR code by default apart from displaying its content (not the content behind the URL that might be in the QR code, the actual QR code content) should be considered a security risk. And if visiting URLs = ownage for your device, you've got bigger problems.

If little bits of plain text are too insecure for us to handle, we may as well give up on the whole web, never mind QR codes.

One of the problems, though, is that few, if any people (at least in the US) actually know how to scan QR codes.
Am I the only one flabbergasted at the sheer number of sleep-of-death and BSODs I'm now seeing on Win 10? Two different devices have nosedived in quality, and one's my Surface 3 tablet so MS can't blame the hardware on that one.
I'm having a ton of issues with an Asus laptop that worked perfectly on Win8 and now every time I open it after sleep it's a gamble if I'll get a BSOD or not with "FAULTY_HARDWARE_CORRUPTED_PAGE"
I put Windows 10 on an older Dell laptop and it's been a disaster. I like the UI quite a lot but it crashes at least once a day, sometimes more.

Granted Dell says that model (Precision M4400) has "not been tested" for Windows 10, and the problem (surprise surprise) seems to be the video driver. I grabbed the latest driver for my card from Nvidia and it didn't really improve things.

I never seem to have the problems others do

On my custom built machine at home I've had one BSOD since upgrading to 10 from 7 and that was when it was first released

Our Surface Pro 3s and 4s at work have been terrible though, they've always been kinda flaky with 8.1 and 10; I hate working on them

I had tons of blue screens on a brand new home built PC. I tried everything, memtest86+ passed, every driver I could get my hands on was up to date, even ran driver verifier a few times to narrow down which driver it was. Turns out once I updated the BIOS, every problem went away.
I have been running Windows 10 Pro on my ThinkPad T420s since release last July and not had a single system crash. It goes to sleep when I close the lid and wakes up when I open it. No issues.

While I have other issues with Windows 10 (the shitty "apps", Twitter and Candy Crush auto-installs on my "Pro" version) I am impressed with how solid it has been for me even on an old and officially unsupported machine.

The T420 isn't listed as officially supporting W10 by lenovo. When I installed Windows 10 on mine the wifi would go out after it woke from sleep.

https://support.lenovo.com/us/en/documents/ht103535#thinkpad

I just use the driver supplied via Windows Update. It works out of the box but there is also a driver update available if you manually upgrade the driver from device manager.

Card is Intel Ultimate-N 6300 AGN Driver is 15.18.0.1 Date 30/04/2015

The only drivers I had to install were for the SD card reader (Ricoh) and an update for Audio from Lenovo as it is a later version than from Windows Update for some reason.

I think my favorite part of the article is the error code in the screenshot. . .

"If you call a support person, give them this info: Stop code: MANUALLY_INITIATED_CRASH"

I'd actually like to hear that call to tech support :)

Not on Windows 10, but back in the day I had a piece of software whose DRM would cause a manual BSOD if the DRM's service became unresponsive when a DRM-consumer was attempting to use it.

The BSOD contained zero information about what caused it and said it was an intentionally initiated crash. Figuring out that it was this DRM garbage took quite an effort.

This is roughly the 2000 or early XP era.

So basically the software was saying "Somebody might be trying to hack me. So I'm gonna take down the whole system just in case."

I assume you REALLY needed that piece of software to put up with that.

> I assume you REALLY needed that piece of software to put up with that.

Sad part? Yes.

I cannot for the life of me remember what the software did, but it had a physical dongle on the serial port (not USB, serial), I think it may have been related to HVAC control but don't quote me on that.

Ultimately when I left they were still using the software on its own dedicated machine. Even then it was total junk, but it "worked," so cannot mess with that!

So they removed the very specific search engine friendly, but human unreadable code (such as 0x00000f4) and are now requiring me to carry a cell phone with a working QR Code scanner and forcing me to use microsoft (not bing) search support that is specific to their website as a jump point. I am sure that a search for HARD_DRIVE_CRASH will always come up with troubleshooting tips, but I'll have to wade through 5 pages before I get to the advanced topics that I need.

I know there is an argument for making this more readable, but if you are at the level of fixing blue screens chances are you can use a search engine.

Windows 8 started this. They decided to copy Apple's useless OS X kernel panic screen, and so only give you one word of useful information, no error code, no exception information, etc.

Unfortunately the QR code might be an improvement over Windows 8 and 8.1 if the QR code contains more detailed information. There are scenarios where you cannot get to the event viewer (or WinDbg) and need to diagnose a pre-boot BSOD. Windows 8 made this almost impossible without attaching a kernel debugger.

Windows 2000 had the best BSODs because they not only told you the details of the crash but also told you which module caused it. This often allowed you to immediately know what the issue was (e.g. if it was in Creative or Nvidia's drives you'd know just from the filename). You can still get the module via WinDbg but it would be useful to have it on the BSOD itself or even in the event log listing.

PS - I strongly suspect the reason Microsoft removed the module name in the Windows XP BSOD was because they were hurting third party hardware vendor's reputation.

(comment deleted)
The text code they list in the "if you have to call a support person" map one-to-one to the old hex codes, and a search on Microsoft's site will get you the hex codes quickly if you need them.

The MANUALLY_INITIATED_CRASH from the screenshot is an 0xE2, for example.

It's fascinating to see all the other theories here. It's the exact same information, here's the hex code list with system error codes: https://msdn.microsoft.com/en-us/library/hh994433.aspx

My favorite is 0xDEADDEAD

A BSOD isn't interactive, the only thing you can do is search for the error code. Even if users copy down and type the hex code correctly (not at all a given), the search results might be a random ten year old blog post or information about a different version of Windows. The QR Code takes you to an official help page that gives updated, version specific instructions a normal computer user could follow: http://windows.microsoft.com/en-us/windows-10/troubleshoot-b...

I've troubleshot BSOD errors over the phone with relatives. Plain-text error message are a welcome improvement over hex codes.

(comment deleted)
By forcing you to use a QR code that links to their site they can track how frequently BSODs happen and what the most common error codes are simply by reporting on web server logs. Its a way of forcing people to report crashes when they otherwise wouldn't.
>>Its a way of forcing people to report crashes when they otherwise wouldn't.

They already automatically collect crash logs in win 7,8, 10. Don't think it can be turned off in 10 though

In my opinion, it's simply change for change sake.

I like the effort to make things easier but it would have made much more sense to just make use of a short and friendly URL which the user can easily share with someone rather than having to take a photo of a QR core.
Older users are going to be so confused by this.
Will Microsoft deliver users a smartphone to scan QR codes when they upgrade to Windows 10?