Error Reporting Security (Windows Embedded CE 6.0)
1/5/2010
Windows Embedded CE Error Reporting dump files are not protected from any application, even when using privileged environment functionality. Hence, Windows Embedded CE Error Reporting presents potential security risks:
- Dump file contents can potentially contain user information that is private.
- Dump files can contain critical system information about the device, including identification information, memory contents, and security information.
Best Practices
The following are best practices for mitigating security risks for Windows Embedded CE Error Reporting.
- Obtain user consent for upload. Advise users of possible dump file content risks, and obtain user consent before uploading reports.
- Use authentication. Use authentication for access to the device if the device contains personal or sensitive information, including using a password to lock the device.
Default Registry Settings
Be aware of the registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation.
Error reporting without a user interface can be enabled on headless devices. If your device cannot obtain user consent during initial product setup, do not upload error reports.