There was a proposal of stuffing the kernel panic into a qr code in 2012. It never took off: the kernel doesn't want a qr code library and the panic was too big anyway.
I'm not sure I've ever seen one, and I've run exclusively *nix on my personal machines for about 8 years. Yet I've seen a lot on the Win10 laptop I just bought a few months ago (mostly due to a broken windows update -- updating again fixed it).
I've seen plenty of kernel panics at work last year due to faulty hardware, but I can't remember seeing any panics in the past 10 years that's software related.
On Windows, Linux, and OS X most kernel panics are caused by one of two things:
- Faulty drivers.
- Faulty hardware.
Linux often runs on server hardware, that helps, but also if you aren't doing desktop Linux you're exposed to fewer potentially faulty drivers. As soon as you enable 3D acceleration and sound Linux crashes about as much as Windows (due to third party closed source drivers).
You really have to compare like with like. I think Linux is very stable, but I also think Windows Server is very stable too (doubly so in Core Mode). However Windows or Linux running on a five year old laptop that has clogged up air ducts or failing fans and which gets too hot to touch isn't going to be a stable scenario for any OS.
If anything because Windows has been forced to run on such terrible hardware they've done a lot to mitigate it. They've moved sound completely out of kernel space and moved MOST of the graphics stack out too. Now both can crash without causing a BSOD, that's pretty neat.
Seems pretty convoluted to the point of absurdity.
If your threat model automatically assumes links are directly proportionate to infections then you're already screwed since getting a user to click a link is insanely easy, and if you had a link that would infect mobile devices you'd likely just drop it on a few news aggregators rather than go through this mess.
Threat modeling is about evaluating the risks, including how realistic they are. Your risk model is just unrealistic, you're now infecting PCs with malware for the sole purpose of generating a fake BSOD, which in turn creates a link, which in turn infects mobile devices. Why even infect PCs in that scenario? Seems much MUCH easier to trick mobile users into clicking links OR redirecting them (e.g. AD hijacking).
If you really wanted to attack mobile devices from an infected PC you'd likely use their direct USB connection, seems like a much more reliable route. Also may accomplish infections not normally possible from a simple link.
Oh man, you have no idea what the state of security is, or how persistent attackers are. This is definitely not absurd. In fact, I'll bet that attackers are writing code for this right now.
I've encountered Bad Guys who happily walk users through enabling Debug mode on their Android devices (requires a bunch of gyrations and scary dialogs). Many users are absolutely clueless about security, and will follow instructions in pursuit of !!Free Stuff!!. It's amazing.
Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea. Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.
What stops malware from doing this already? If your PC is compromised, what stops it, today, from popping up a message that says, "hey, open this url on your phone to [fix your registry|enter this contest|get free porn|pay our ransom|whatever]"?
No new attack vector was created by adding QR codes to BSODs. Most people aren't going to scan the QR code anyway, for the same reason they didn't search for the error codes: they done know what to do with the info. They will restart the machine and eventually call a friend/relative/tech support for help.
> Oh man, you have no idea what the state of security is, or how persistent attackers are.
It is only my day job...
You also forgot to explain why, if you had a link which auto-infects a mobile device, that you wouldn't just post the link on Twitter/Reddit/HK/etc rather than infect PCs and then "trick" users into going to the link.
If you're going to spend the time and money it takes to create PC malware, you're going to want specific value from that infection in and of itself. Meaning information theft, botnet member, spam proxy, etc, by using this BSOD route you're likely to expose your PC implant and lose the value there.
> Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea.
So is clicking a link on Hacker News, but I bet you've done it dozens of times in the last hour.
> Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.
And by "this vector" you mean a link, on the internet? Again explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc. Or heck explain why AD redirects aren't a threat?
It's obvious you've been using ad blockers for years. Turn it off for a few days and you'll see a bunch of malware Ads mimicking anti virus warnings with words like 'Scan your computer for viruses' or "1789 viruses found on your pc, click here to remove them"
>>explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc.
Trust. A fake email that looks like its from your bank directing you to a website that looks like your bank's site is usually successful
In the same vein, an attacker utilizing trust and habit can gain access to your email account or/and get you to install anything
Of course "you" won't be fooled but many others will be
Not absurd at all. The malware infects the PC and does its bad thing.
After it's finished doing the bad stuff, it creates a full screen window which looks just like a BSOD screen with the QR code containing the attacker's URL.
User scans the QR code and navigates to that URL. Now he thinks he's on microsoft.com and will readily hand over his Microsoft credentials.
When you have Bitcoin, bank accounts, credit cards, etc as potential rewards, bad guys can (and do) get quite creative..
Can't you just create QR code that goes to a site that tells you "Your PC broke, to fix it install this software" or something... Then just rely on less experienced users thinking the faked BSOD is real.
I think it's a great idea, in theory (although Microsoft's use of it here is pointless though, as implemented). QR codes are just machine-readable text. Cryptic codes only accessible visually that are time-consuming and error prone to copy by hand? QR codes were designed for this.
Security issues with QR codes, while they exist, should be considered flaws in the QR reader. Doing anything with a QR code by default apart from displaying its content (not the content behind the URL that might be in the QR code, the actual QR code content) should be considered a security risk. And if visiting URLs = ownage for your device, you've got bigger problems.
If little bits of plain text are too insecure for us to handle, we may as well give up on the whole web, never mind QR codes.
Am I the only one flabbergasted at the sheer number of sleep-of-death and BSODs I'm now seeing on Win 10? Two different devices have nosedived in quality, and one's my Surface 3 tablet so MS can't blame the hardware on that one.
I'm having a ton of issues with an Asus laptop that worked perfectly on Win8 and now every time I open it after sleep it's a gamble if I'll get a BSOD or not with "FAULTY_HARDWARE_CORRUPTED_PAGE"
I put Windows 10 on an older Dell laptop and it's been a disaster. I like the UI quite a lot but it crashes at least once a day, sometimes more.
Granted Dell says that model (Precision M4400) has "not been tested" for Windows 10, and the problem (surprise surprise) seems to be the video driver. I grabbed the latest driver for my card from Nvidia and it didn't really improve things.
I had tons of blue screens on a brand new home built PC. I tried everything, memtest86+ passed, every driver I could get my hands on was up to date, even ran driver verifier a few times to narrow down which driver it was. Turns out once I updated the BIOS, every problem went away.
I have been running Windows 10 Pro on my ThinkPad T420s since release last July and not had a single system crash. It goes to sleep when I close the lid and wakes up when I open it. No issues.
While I have other issues with Windows 10 (the shitty "apps", Twitter and Candy Crush auto-installs on my "Pro" version) I am impressed with how solid it has been for me even on an old and officially unsupported machine.
I just use the driver supplied via Windows Update. It works out of the box but there is also a driver update available if you manually upgrade the driver from device manager.
Card is Intel Ultimate-N 6300 AGN
Driver is 15.18.0.1 Date 30/04/2015
The only drivers I had to install were for the SD card reader (Ricoh) and an update for Audio from Lenovo as it is a later version than from Windows Update for some reason.
Not on Windows 10, but back in the day I had a piece of software whose DRM would cause a manual BSOD if the DRM's service became unresponsive when a DRM-consumer was attempting to use it.
The BSOD contained zero information about what caused it and said it was an intentionally initiated crash. Figuring out that it was this DRM garbage took quite an effort.
> I assume you REALLY needed that piece of software to put up with that.
Sad part? Yes.
I cannot for the life of me remember what the software did, but it had a physical dongle on the serial port (not USB, serial), I think it may have been related to HVAC control but don't quote me on that.
Ultimately when I left they were still using the software on its own dedicated machine. Even then it was total junk, but it "worked," so cannot mess with that!
So they removed the very specific search engine friendly, but human unreadable code (such as 0x00000f4) and are now requiring me to carry a cell phone with a working QR Code scanner and forcing me to use microsoft (not bing) search support that is specific to their website as a jump point. I am sure that a search for HARD_DRIVE_CRASH will always come up with troubleshooting tips, but I'll have to wade through 5 pages before I get to the advanced topics that I need.
I know there is an argument for making this more readable, but if you are at the level of fixing blue screens chances are you can use a search engine.
Windows 8 started this. They decided to copy Apple's useless OS X kernel panic screen, and so only give you one word of useful information, no error code, no exception information, etc.
Unfortunately the QR code might be an improvement over Windows 8 and 8.1 if the QR code contains more detailed information. There are scenarios where you cannot get to the event viewer (or WinDbg) and need to diagnose a pre-boot BSOD. Windows 8 made this almost impossible without attaching a kernel debugger.
Windows 2000 had the best BSODs because they not only told you the details of the crash but also told you which module caused it. This often allowed you to immediately know what the issue was (e.g. if it was in Creative or Nvidia's drives you'd know just from the filename). You can still get the module via WinDbg but it would be useful to have it on the BSOD itself or even in the event log listing.
PS - I strongly suspect the reason Microsoft removed the module name in the Windows XP BSOD was because they were hurting third party hardware vendor's reputation.
> Unfortunately the QR code might be an improvement over Windows 8 and 8.1 if the QR code contains more detailed information.
The QR code shown in the example screenshot is just a link to http://windows.com/stopcode - hopefully they'll improve it to at least include the bug check code.
The text code they list in the "if you have to call a support person" map one-to-one to the old hex codes, and a search on Microsoft's site will get you the hex codes quickly if you need them.
The MANUALLY_INITIATED_CRASH from the screenshot is an 0xE2, for example.
A BSOD isn't interactive, the only thing you can do is search for the error code. Even if users copy down and type the hex code correctly (not at all a given), the search results might be a random ten year old blog post or information about a different version of Windows. The QR Code takes you to an official help page that gives updated, version specific instructions a normal computer user could follow: http://windows.microsoft.com/en-us/windows-10/troubleshoot-b...
I've troubleshot BSOD errors over the phone with relatives. Plain-text error message are a welcome improvement over hex codes.
By forcing you to use a QR code that links to their site they can track how frequently BSODs happen and what the most common error codes are simply by reporting on web server logs. Its a way of forcing people to report crashes when they otherwise wouldn't.
I like the effort to make things easier but it would have made much more sense to just make use of a short and friendly URL which the user can easily share with someone rather than having to take a photo of a QR core.
56 comments
[ 3.1 ms ] story [ 118 ms ] threadhttp://thread.gmane.org/gmane.linux.redhat.fedora.devel/1690...
(Money quote: "The QR code stuff is for showing a scannable QR code for the FSS sealing key. It's a gimmick.")
- Faulty drivers.
- Faulty hardware.
Linux often runs on server hardware, that helps, but also if you aren't doing desktop Linux you're exposed to fewer potentially faulty drivers. As soon as you enable 3D acceleration and sound Linux crashes about as much as Windows (due to third party closed source drivers).
You really have to compare like with like. I think Linux is very stable, but I also think Windows Server is very stable too (doubly so in Core Mode). However Windows or Linux running on a five year old laptop that has clogged up air ducts or failing fans and which gets too hot to touch isn't going to be a stable scenario for any OS.
If anything because Windows has been forced to run on such terrible hardware they've done a lot to mitigate it. They've moved sound completely out of kernel space and moved MOST of the graphics stack out too. Now both can crash without causing a BSOD, that's pretty neat.
http://picturesofpeoplescanningqrcodes.tumblr.com/
And I am pleased to note that typing "qr robot barf" into DuckDuckGo creates a QR code for "robot barf."
Microsoft is usually pretty good at modeling security threats these days. I'm surprised they did this, it's a bad idea.
The user then scans the QR code to open a link to the microsoft website with more details about the BSOD.
Except the QR code is fake and it opens a page that is targeted to infect your phone/tablet.
Now 2 devices are infected. Yay
If your threat model automatically assumes links are directly proportionate to infections then you're already screwed since getting a user to click a link is insanely easy, and if you had a link that would infect mobile devices you'd likely just drop it on a few news aggregators rather than go through this mess.
Threat modeling is about evaluating the risks, including how realistic they are. Your risk model is just unrealistic, you're now infecting PCs with malware for the sole purpose of generating a fake BSOD, which in turn creates a link, which in turn infects mobile devices. Why even infect PCs in that scenario? Seems much MUCH easier to trick mobile users into clicking links OR redirecting them (e.g. AD hijacking).
If you really wanted to attack mobile devices from an infected PC you'd likely use their direct USB connection, seems like a much more reliable route. Also may accomplish infections not normally possible from a simple link.
I dunno, trojan diallers and phishing seem pretty convoluted to me.
Mobile phones are a major target for attack in the UK at the moment.
It is convoluted because a PC infection is unnecessary in that scenario. You could skip it and accomplish the same thing.
I've encountered Bad Guys who happily walk users through enabling Debug mode on their Android devices (requires a bunch of gyrations and scary dialogs). Many users are absolutely clueless about security, and will follow instructions in pursuit of !!Free Stuff!!. It's amazing.
Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea. Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.
No new attack vector was created by adding QR codes to BSODs. Most people aren't going to scan the QR code anyway, for the same reason they didn't search for the error codes: they done know what to do with the info. They will restart the machine and eventually call a friend/relative/tech support for help.
It is only my day job...
You also forgot to explain why, if you had a link which auto-infects a mobile device, that you wouldn't just post the link on Twitter/Reddit/HK/etc rather than infect PCs and then "trick" users into going to the link.
If you're going to spend the time and money it takes to create PC malware, you're going to want specific value from that infection in and of itself. Meaning information theft, botnet member, spam proxy, etc, by using this BSOD route you're likely to expose your PC implant and lose the value there.
> Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea.
So is clicking a link on Hacker News, but I bet you've done it dozens of times in the last hour.
> Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.
And by "this vector" you mean a link, on the internet? Again explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc. Or heck explain why AD redirects aren't a threat?
>>explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc.
Trust. A fake email that looks like its from your bank directing you to a website that looks like your bank's site is usually successful
In the same vein, an attacker utilizing trust and habit can gain access to your email account or/and get you to install anything
Of course "you" won't be fooled but many others will be
User scans the QR code and navigates to that URL. Now he thinks he's on microsoft.com and will readily hand over his Microsoft credentials.
When you have Bitcoin, bank accounts, credit cards, etc as potential rewards, bad guys can (and do) get quite creative..
Security issues with QR codes, while they exist, should be considered flaws in the QR reader. Doing anything with a QR code by default apart from displaying its content (not the content behind the URL that might be in the QR code, the actual QR code content) should be considered a security risk. And if visiting URLs = ownage for your device, you've got bigger problems.
If little bits of plain text are too insecure for us to handle, we may as well give up on the whole web, never mind QR codes.
Granted Dell says that model (Precision M4400) has "not been tested" for Windows 10, and the problem (surprise surprise) seems to be the video driver. I grabbed the latest driver for my card from Nvidia and it didn't really improve things.
On my custom built machine at home I've had one BSOD since upgrading to 10 from 7 and that was when it was first released
Our Surface Pro 3s and 4s at work have been terrible though, they've always been kinda flaky with 8.1 and 10; I hate working on them
While I have other issues with Windows 10 (the shitty "apps", Twitter and Candy Crush auto-installs on my "Pro" version) I am impressed with how solid it has been for me even on an old and officially unsupported machine.
https://support.lenovo.com/us/en/documents/ht103535#thinkpad
Card is Intel Ultimate-N 6300 AGN Driver is 15.18.0.1 Date 30/04/2015
The only drivers I had to install were for the SD card reader (Ricoh) and an update for Audio from Lenovo as it is a later version than from Windows Update for some reason.
"If you call a support person, give them this info: Stop code: MANUALLY_INITIATED_CRASH"
I'd actually like to hear that call to tech support :)
The BSOD contained zero information about what caused it and said it was an intentionally initiated crash. Figuring out that it was this DRM garbage took quite an effort.
This is roughly the 2000 or early XP era.
I assume you REALLY needed that piece of software to put up with that.
Sad part? Yes.
I cannot for the life of me remember what the software did, but it had a physical dongle on the serial port (not USB, serial), I think it may have been related to HVAC control but don't quote me on that.
Ultimately when I left they were still using the software on its own dedicated machine. Even then it was total junk, but it "worked," so cannot mess with that!
I know there is an argument for making this more readable, but if you are at the level of fixing blue screens chances are you can use a search engine.
Unfortunately the QR code might be an improvement over Windows 8 and 8.1 if the QR code contains more detailed information. There are scenarios where you cannot get to the event viewer (or WinDbg) and need to diagnose a pre-boot BSOD. Windows 8 made this almost impossible without attaching a kernel debugger.
Windows 2000 had the best BSODs because they not only told you the details of the crash but also told you which module caused it. This often allowed you to immediately know what the issue was (e.g. if it was in Creative or Nvidia's drives you'd know just from the filename). You can still get the module via WinDbg but it would be useful to have it on the BSOD itself or even in the event log listing.
PS - I strongly suspect the reason Microsoft removed the module name in the Windows XP BSOD was because they were hurting third party hardware vendor's reputation.
The QR code shown in the example screenshot is just a link to http://windows.com/stopcode - hopefully they'll improve it to at least include the bug check code.
(QR code decoder output: https://zxing.org/w/decode?u=http%3A%2F%2Fcdn.arstechnica.ne...)
The MANUALLY_INITIATED_CRASH from the screenshot is an 0xE2, for example.
My favorite is 0xDEADDEAD
A BSOD isn't interactive, the only thing you can do is search for the error code. Even if users copy down and type the hex code correctly (not at all a given), the search results might be a random ten year old blog post or information about a different version of Windows. The QR Code takes you to an official help page that gives updated, version specific instructions a normal computer user could follow: http://windows.microsoft.com/en-us/windows-10/troubleshoot-b...
I've troubleshot BSOD errors over the phone with relatives. Plain-text error message are a welcome improvement over hex codes.
They already automatically collect crash logs in win 7,8, 10. Don't think it can be turned off in 10 though
In my opinion, it's simply change for change sake.