back to article Windows 10 debuts Blue QR Code of Death – and why malware will love it

Microsoft has added a QR code to its infamous Blue Screen of Death in Windows 10. As of Windows 10 Insider Preview build 14316, when the operating system falls over, you get not only the sad ASCII smiley but also a QR square that contains an encoded URL that leads you to a webpage about your problem. Scan it with a smartphone …

  1. Michael Thibault

    What will make this work

    (for large values of "work") is that Windows users will likely think 'ah, M$ has finally got it right and gone all modern, and when that link is followed, there will be a pot of informational gold at the end of it'.

    1. Dan 55 Silver badge
      Alert

      Re: What will make this work

      Download the Micros0ft Windows 10 diagnostic app for Android. To install, simply go to settings and allow installation from all sources (this is necessary to install Windows apps) and then tap Install...

      1. Bob Vistakin
        Facepalm

        Re: What will make this work

        Ahh ... I see where this is going. All those billions of blue screens need an Android device, you say? Will the app be paid for, or just show ads?

        1. RyokuMas
          Childcatcher

          Re: What will make this work

          God, I hope not. The telemetry in Windows 10 alone is bad enough without adding Google's big brother to it.

      2. Roland6 Silver badge

        Re: What will make this work

        Download the Micros0ft Windows 10 diagnostic app for Android"

        Actually, this would be a very handy tool that would mean the blue screen QR code only needs to contain an error code and such information - in fact it could be a series of QR codes. The Win diag app would then control the web interaction, making it harder to fake the blue screen etc...

        Obviously, versions for iOS etc. would also be useful.

        1. Stoneshop
          FAIL

          Re: What will make this work

          in fact it could be a series of QR codes.

          Sure. And what will stop a fake crash screen to display a malware URL anyway instead of just crash diagnostic codes? What percentage of users (that have an Android with the app installed in the first place) will fire up that app first to let it grab the codes, instead of blindly pointing it at the screen and tapping the 'go fetch' button?

          It doesn't matter that the QR from a genuine crash shows diagnostic codes only, it matters what a fake crash displays and how users deal with that.

      3. Destroy All Monsters Silver badge
        Trollface

        Re: What will make this work

        Download the Micros0ft Windows 10 diagnostic app for Android

        Since I have installed this, I get offers from Nigerian princes and my compromising family photos are being used on /b/. How can I stop this?

    2. Anonymous Coward
      Anonymous Coward

      Re: What will make this work

      "and why malware will love it"

      Presumably because the devices you point at it will mostly be running Android or IOS and will be exploited by sending them to a target webpage.

  2. Anonymous Coward
    Anonymous Coward

    This would spoil the fun of trying to grab the error code on a Windows blue screen, which only flashes up for 500ms. Pre-digital camera era.

    1. Hans 1
      Windows

      >This would spoil the fun of trying to grab the error code on a Windows blue screen, which only flashes up for 500ms. Pre-digital camera era.

      Disable automatic restart on BSOD, simple, I always do ... I know MS tries to hide these from the user, but it does not really help, does it?

      My fav has always been "Windows has been shut down to prevent damage to your computer." Now, if Windows damages computers, why do 99.99% of computers on the market come with it pre-installed ?

      1. Anonymous Coward
        Anonymous Coward

        "Disable automatic restart on BSOD, simple, I always do ... I know MS tries to hide these from the user, but it does not really help, does it?"

        It helps a lot on a remote server where the BSOD may have been a one-off and you want the thing to start back up on it's own. A lot of servers may not even have monitors attached.

        Did always wonder why there wasn't the option to restart automatically after say 60 seconds.. but I guess you can achieve the same result by asking it to do a full dump.

        1. Duffaboy
          FAIL

          Disable automatic restart on BSOD

          Yes and how many images do you see this done on ?

      2. OrangeDog

        "to prevent damage to your computer"

        All (good) systems do this, just with more technical messages about why exactly damage would occur otherwise.

      3. el_oscuro

        Why not write the code to the hard drive?

        Maybe have a small diagnostic partition. Of course if the hard drive shits the bed, this won't work. But if it is one of the more common BSODs, it should be able to write to it fine. And by being on a separate partition, it shouldn't hose the filesystem.

        As for the servers, maybe have the screen flash for, say 1 minute? That way it gives you time to get the code while still allowing headless servers to reboot.

    2. Doctor_Wibble
      Trollface

      Wait while I find my camera

      I only have an old instamatic, let me get a picture, send it off, wait for the print, scan it, run it through the QR-reader software, visit the URL, run the reader software again because this has to be a wind-up, surely they would not have a web page that just said "err=unknown_driver_fail please uninstall the driver for Unknown Device" and nothing else...?

      Or maybe I could take a shortcut around this whole insane process and use tracing paper and scan that instead?

      Actually it doesn't seem like a bad idea, I just have no faith that the page you end up at will be of any use whatsoever and will simply add a delay and another swearing session before you swear and format and reinstall like you were going to do anyway. (admittedly I never entirely understood the logic of those who always did this)

      1. AndrewDu

        Re: Wait while I find my camera

        "surely they would not have a web page that just said "err=unknown_driver_fail please uninstall the driver for Unknown Device" and nothing else...?"

        Oh, yes they would!

        Reminds me of the old IBM error messages that used to say something like "Error 10042fcd occurred" and you thought oh goodie that's nice and specific, the big blue book will tell me what's wrong. So you got out the big blue book and looked at the list of error codes, and the numbers jumped from 10042fc7 to 10042fe0 or something like that. Gah! Foiled again, curse you, Red Baron!

    3. Fuzz

      dump

      that's what the dump is for

      1. Darryl

        Re: that's what the dump is for

        I thought it was to fill up the old 60 gig hard drives so that people ran out to buy bigger ones?

      2. hplasm
        Linux

        Re: dump

        "that's what the dump is for"

        Dumping the Windows PC?

        Seems a bit harsh on the hardware...

    4. TheVogon

      " trying to grab the error code on a Windows blue screen, which only flashes up for 500ms"

      It's likely in the event log. Also the code is usually displayed for a few seconds as the OS will complete a crash dump before rebooting.

      1. hplasm
        Meh

        "...the OS will complete a crash dump before rebooting"

        And when it doesn't reboot?

  3. Phil Kingston

    Wot, no Microsoft Tag?

    But seriously, El Reg is right - terrible idea that WILL be exploited in exactly the manner described.

  4. Anonymous Coward
    Anonymous Coward

    Penguin

    Why not just use the Linux method, and just don't crash ever?

    1. Filippo Silver badge

      Re: Penguin

      In the past 10 years or so, every BSOD on my Windows machines was either because of faulty hardware, or because of dodgy uncertified drivers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Penguin

        Yes. but the cryptic blue screen message meant the average user hadn't a clue it was a hardware problem or driver problem. Windows is still shit at explaining the difference.

        1. Anonymous Coward
          Anonymous Coward

          Windows is still shit at explaining the difference.

          So true. So come on, own up. Which fanboi downvoted this?

        2. Anonymous Coward
          Anonymous Coward

          Re: Penguin

          "the cryptic blue screen message meant the average user hadn't a clue it was a hardware problem or driver problem."

          The crash codes are easily Binged if you don't know what they mean.

          1. 404

            Re: Penguin

            Binged? BINGED? GTFO! That way ->

            1. Dwarf

              Re: Penguin

              Now we know who the Microsoft employees's are :-)

              Nobody else would admit to using bing !

              1. cambsukguy

                Re: Penguin

                > Nobody else would admit to using Bing !

                Yes they would, I typed a film name in Google, told me it was on at a cinema 20 miles away.

                Typed the name in Bing, show times for my local cinema, 1 mile and the next one, 8 miles.

                Also a link to a trailer that wasn't some scam trailer forcing me to dump it and keep looking in the YouTube nightmare.

                Very damn useful, anything that stops one needing to operate within YT is useful to me.

                1. Bob Vistakin
                  Facepalm

                  Re: Penguin

                  @cambsuguy One word: torsorophy. Try searching for it, using a search engine.

              2. Terry 6 Silver badge

                Re: Penguin

                Never mind admit... No one else would even bother to try.

            2. Anonymous Coward
              Anonymous Coward

              Re: Penguin

              "Binged? BINGED? GTFO! That way ->"

              You could go Google it instead and get targeted by adverts from privacy invading analysis of your personal emails...

          2. BurnT'offering

            Re: The crash codes are easily Binged

            I can get drunk on them? Tell me more!

          3. Afernie

            Re: Penguin

            "The crash codes are easily Binged if you don't know what they mean."

            Hi there TheVogon. Still the only living human to advocate Bing as a search engine, I see.

      2. Mage Silver badge

        Re: Penguin

        In the last 20 years every crash (since NT4 release) has been faulty hardware, or rubbish graphics driver or rubbish printer driver.

        1. Hans 1
          Windows

          Re: Penguin

          >In the last 20 years every crash (since NT4 release) has been faulty hardware, or rubbish graphics driver or rubbish printer driver.

          Rubbish Windows ecosystem, then.

        2. pAnoNymous

          Re: Penguin

          Didn't use Windows ME then?

          There's plenty of BSOD hotfixes so not sure about that, although I'm sure it's true for a large number (I would add Network Card drivers to that).

    2. heyrick Silver badge

      Re: Penguin

      When trying out a recent Ubuntu, I got it to kernel panic simply by trying to run Firefox. Quirk? Bad luck? I don't know, but it didn't impress me...

      1. Updraft102

        Re: Penguin

        I had a similar issue trying to get Kubuntu (the version of Ubuntu with the KDE desktop) 15.10 to work . The installer kept crashing before the installation was complete. It took a lot of tries, but it finally finished installing.

        Twenty seconds or so after booting, it would either stop responding to the keyboard and mouse clicks or go into a full kernel panic (if you thought the XP/Vista/7 BSOD was bad, try the Linux version). It failed in one of these two ways every time, whether I booted from the installation USB drive or from the boot device (SSD).

        So much for the vaunted "never crashes" Linux.

        1. Anonymous Coward
          Anonymous Coward

          Re: Penguin

          I was given a pc a couple of years ago, the owner was that fed up of win7 and win8 crashing on him he was going to have a ceremonial burning in the garden. I rescued it and installed ubuntu, it would be fine for days then crash, reinstall, rinse, repeat. Eventually i tracked down the fault to a dodgy sata cable. So for the cost of a 3 quid cable i've now got a shiny stable workstation. The original owner spent 800 quid on a new pc... Which crashes, reinstall ...

          Crap hardware will crash anything, windows, linux, MSDOS 1.1ish (my first OS , them wer't days).

          1. ADRM

            Red SATA Cables

            Just as a matter of interest was it a red generic SATA cable with no locking mechanism and straight connectors either end? I have had nothing but issues with them. Drive read errors, drives disappearing. My systems have been purged of them and replaced with locking quality cables. A crap SATA cable is something easily overlooked but is a cause of random crashing especially if the system drive cable is bad intermittently.

          2. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Firefox on Ubuntu

        Ubuntu runs Firefox just fine. You think if it didn't, no one would have noticed? Your fault finding doesn't impress me

        1. Dan 55 Silver badge

          Re: Firefox on Ubuntu

          It might not run with a certain combination of motherboard, graphics card, and graphics drivers.

          Sorry for the blasphemy and all that.

          1. RegGuy1 Silver badge

            Re: Firefox on Ubuntu

            Have you tried plugging the graphics card INTO the motherboard?

        2. Doctor Syntax Silver badge

          Re: Firefox on Ubuntu

          "Ubuntu runs Firefox just fine. You think if it didn't, no one would have noticed? Your fault finding doesn't impress me"

          Way back, when Ubuntu first went to Upstart, it became more difficult to diagnose incompatibilities between H/W & drivers or config settings. It was that issue with regard to graphics that pushed me off Ubuntu onto Debian. Of course when Debian Wheezy goes out of LTS and it's wall-to-wall systemd that particular solution will have been lost.

          So I believe the OP. "Works for me" is not an example of skilled fault finding but unfortunately it always seemed to be the staple of a few voluble Linux fan-boys.

        3. cambsukguy

          Re: Firefox on Ubuntu

          By that logic, Windows runs just fine too.

      3. Hans 1

        Re: Penguin

        >When trying out a recent Ubuntu, I got it to kernel panic simply by trying to run Firefox.

        Not possible, the kernel panic cannot be related to firefox, it just happened at exactly that moment ... it must have been something else, did you compile the kernel yourself ?

        I have never seen Linux throw a kernel panic outside of boot phase, and then, the last one I saw was related to a dodgy sound driver, that I compiled. The one before that was in 2001, and I use Linux daily, since at least 1999 on laptops, desktops, etc...

        1. Anonymous Coward
          Anonymous Coward

          Re: Penguin

          Bad RAM can cause your system to crash randomly and is more common than you might think - google for "sig 11 faq"

          1. Anonymous Coward
            Anonymous Coward

            Re: Penguin

            Memtest86+ is your friend

          2. Dwarf

            Re: Penguin

            Cheap RAM is a false economy.

            You know it's a common problem when both Linux and Windows has a memory test tool option from the boot menu

            Personally, I always buy good branded ram and soak test it with memtestx86+ for several hours before I'll trust it to do real work.

            I had an odd machine the other day though, where it passed memtest OK, but the PC was really unstable, turned out the customer had brought their ram off eBay from China as it was cheap.

            I found that all 4 sticks have the same serial number and claim to be Kingston brand and have a part number of Kingston. Nice work cloning team !

            1. Vic

              Re: Penguin

              Cheap RAM is a false economy.

              I have a policy wih RAM: if there is any suspicion that it might be faulty, a DIMM gets broken in two.

              Far too often have I seen "suspicious" sticks put into someone's desk drawer, only to be brought out again a few months later to wreck another machine's uptime...

              Vic.

          3. lorisarvendu

            Re: Penguin

            Bad RAM can cause your system to crash randomly and is more common than you might think - google for "sig 11 faq"

            http://www.bitwizard.nl/sig11/

            I like his mate's solution to intermittently dodgy RAM - part-chop it for an "upgrade", secure in the knowledge that the shop-keeper's memory test will not pick up the fault. And you think the current Tory Government is immoral? They've got nothing on us geeks.

        2. BurnT'offering

          Re: Penguin

          Fie, mortal! Don't you know Linux only has user errors, never bugs? You are clearly not pure in thought. Leave the magic kingdom and once and return to Windoze purgatory

        3. heyrick Silver badge

          Re: Penguin

          Nope, didn't compile anything myself. My machine runs Windows rock solid (except when using crappy Prolific driver). I didn't do anything that would be weird or unusual.

          My fault finding? It kernel panicked. Sod it. Reboot to Windows. End of. I don't give a crap about the politics, I just want a machine that works and life is too short to waste sorting out stuff.

        4. el_oscuro
          Linux

          Re: Penguin

          If you want to run Linux, by a system with it preloaded. Doesn't really matter what distro it has, just that it has Linux. That way you know all of your shit will work with it. Imagine trying to run Windows on a system that wasn't designed for it.

      4. Someone_Somewhere
        Devil

        Re: Penguin

        > When trying out a recent Ubuntu I got it to kernel panic what I deserved for running the *nix analogue of Windows.

        There, ftfy. :P

        Sorry - couldn't resist ;)

        Seriously though, I'm not normally a distro basher - each to their own say I and it has its place - but, over the years, Ubuntu really has morphed into the lowest common denominator version of linux: fine for people who just want a free version of Windows but encouraging exactly the same kind of mentality that Windows does.

        If you jusat want to turn it on and browse the interwebs/play a move/listen to some music/maybe do a little light graphical tinkering, it's perfectly okay, but, to achieve that, it has to take the same one-kitchen-sink-fits-all approach, so you can't expect it to offer the same degree of stability/reliability as your own hand-crafted install.

        Tbh, I'm impressed it's as stable as it is under the circumstances and hats off to Canonical for achieving something that's nearly as good a consumer distro as Mint.

        Couldn't be doing with it myself though: it's buggy, unstable and there's just no real facility to tweak and tune it to the degree I require - and there's /way/ too much bloat.

        Tl;dr

        Each to their own but /I/ wouldn't touch it with /yours/. ;)

    3. Anonymous Coward
      Anonymous Coward

      Re: Penguin

      Really? My Linux box stacked it just this weekend past.

      Do I have an aberrant machine?

      Not being snarky or anything, but as a long time Linux AND Windows user I've long since stopped noticing any sort of major stability difference between them.

    4. Bob Vistakin
      Linux

      Re: Penguin

      "Why not just use the Linux method, and just don't crash ever?"

      Even better - build one of those tiny linux distros right in there, boot to it and then offer the "report this/get more info" functions from a fixed menu, which of course could still be blue and have any graphics you wanted. Some motherboards already do something very similar.

    5. Chika
      FAIL

      Re: Penguin

      Why not just use the Linux method, and just don't crash ever?

      Never hear of a kernel panic? They're fun to deal with!

      Not that I get them that often, but then I don't have to deal that often with BSODs either... at least not the Windows 7 kind. There's no such thing as a completely non-crashing OS.

      ?Error text lookup failure

    6. Anonymous Coward
      Anonymous Coward

      Re: Penguin

      "Why not just use the Linux method, and just don't crash ever?"

      Because kernel panics, hung consoles, frozenand locked up ghost processes are much harder to debug?

    7. cambsukguy

      Re: Penguin

      Hmm, my Ubuntu 14.04 LTS wouldn't respond yesterday, it has been up weeks of course.

      I went out and left it, the disk light was super busy. I had prevented updates installing several times and presumed they were being forced.

      It was running when I got back, all apps gone, obviously rebooted.

      Keyboard was wrong, no backslash but still set to UK KB, UK locale etc. Cue search for strange runes to type (sudo dpkg-reconfigure keyboard-configuration, obvious really).

      Still it worked, all I had to do was start all my apps again

      Mind you, Firefox re-loaded its tabs correctly, a first, maybe it was updated, it was in the list that popped up. Shame it didn't obey my request to not update.

  5. Anonymous Coward
    Anonymous Coward

    Dodgy QR codes

    Maybe the resulting malware will run better than Windows 10.

    </sarc>

  6. Anonymous Coward
    Anonymous Coward

    Support Windows? Linux tools have been providing the sticking plaster for 20 years.

    If it wasn't for Linux providing the sticking plaster for Windows 95 and on, i.e. imaging tools by getting underneath Windows, allowing restoration, rather than re-installation from scratch, I'm pretty sure I would have ditched Windows long ago out of sheer frustration.

    Using a Android mobile to scan a QR code is just an extension of that, you have to wonder why it took so long. Linux based tools (and now mobiles) are the only thing keeping Windows alive.

    Windows update has become bag of rusty nails, it should help you protect against malware, but seems to do the complete opposite of late. When are we all going to dump this MS crap (including me), instead of apologising for its inherent problems/quirks.

  7. Mark 85
    Thumb Down

    So the infamous BSOD without any useful information returns again.... like there will be any useful info to the Joe Average User by following the QR code. For someone very tech savvy, yes. For everyone else... all we techies will get is "I got a BSOD, now what?".

    1. Anonymous Coward
      Anonymous Coward

      "My computer crashed the other day. Tell me why and how to prevent it happening again."

      "No, I didn't note any of the error message or the time or anything but it just crashed. Why would you need any more information than that?"

    2. herman

      It will be a QROD

  8. Steve Davies 3 Silver badge

    Come on MS. Please tell us who thought that this was a good idea?

    QR Codes are so.... well twenty naughties. Not the latter half of this decade.

    I have not and will never scan a QR code.

    You have absolutley no idea where or what it is referencing.

    The same goes for those silly short URL's for that matter.

    As has been said, this is just another big fat jucy target for the malware writers.

    Won't they ever learn?

    IMHO, Nah. Nope, Niet, Nien, Non etc etc

    1. Anonymous Coward
      Anonymous Coward

      Re: Come on MS. Please tell us who thought that this was a good idea?

      You're obviously not a millennial. They love QR codes. They just scan those things all day long.

      1. joeW

        Re: Come on MS. Please tell us who thought that this was a good idea?

        Millennials don't though. Nobody really does, apart from during the first two weeks of owning a smartphone.

      2. Someone_Somewhere

        Re: Come on MS. Please tell us who thought that this was a good idea?

        > You're obviously not a millennial. They love QR codes. They just scan those things all day long.

        Find me a milennial with enough technical knowledge to know what a QR code is /for/ and I'll take this comment back - if they're 'scanning' [sic] them all day long, it's because they want to show their friends the 'sick' graffit they've been seeing all over the country.

    2. tony72

      Re: Come on MS. Please tell us who thought that this was a good idea?

      With the QR code readers I've used, you can see the URL before choosing to visit it, so its no different than listing a URL from a security standpoint. However I've only used a couple of readers, so I don't know if that is typical.

      However I agree, QR codes never seemed to get much traction. For kicks I put up a QR code for our guest wifi access at work, but in the years that's been up, pretty much nobody has managed to use it, they all still come and ask for credentials.

      1. Tim Jenkins

        Re: Come on MS. Please tell us who thought that this was a good idea?

        "I put up a QR code for our guest wifi access at work"

        We tried them here. It turns out that while many people recognise they have something to do with a smartphone camera, that's the limit of their knowledge, so while a handful of folk who had a QR app installed prior to arrival could use them successfully, the rest just ended up with a nice picture of a blotchy box in their Gallery to remind them of their visit...

        1. Stevie

          Re: tried this

          I don't have a smartphone. I'm immune to your guest wifi.

        2. Terry 6 Silver badge

          Re: Come on MS. Please tell us who thought that this was a good idea?

          Yes, a number of phones I've used, so maybe most phones, have not got a QR code reader preinstalled and most users 've spoken to ( not many I admit) seem to have no idea that you can get one, or how.

    3. Just Enough

      Re: Come on MS. Please tell us who thought that this was a good idea?

      What would you prefer instead of a QR Code? A URL that you have to copy out by hand to transfer to another device?

      And if you don't trust a QR Code that a Windows BSOD displays, then you are running the wrong OS. Windows talks to the outside internet all the time. If Microsoft Windows wanted to trick you someplace you didn't want to go, it doesn't need to do it this convoluted way.

      And everything is a "big fat juicy target" for malware writers. If you demand an OS that doesn't include targets for malware somewhere, get yourself a Commodore 64 and stay off all networks.

      1. Dan 55 Silver badge

        Re: Come on MS. Please tell us who thought that this was a good idea?

        What would you prefer instead of a QR Code? A URL that you have to copy out by hand to transfer to another device?

        Why, is bsod.microsoft.com/1234 too difficult?

      2. ecofeco Silver badge

        Re: Come on MS. Please tell us who thought that this was a good idea?

        What would you prefer instead of a QR Code?

        Is this goddamn fucking rocket science?! How about a plain English description of the cause? Remember plain English? I know it's not hip and fashionable these days, but for FFS! Is it that fucking hard?!!!

        No. It isn't. It's just FAIL to not do so.

    4. Mark Simon

      Re: Come on MS. Please tell us who thought that this was a good idea?

      Personally, I have no skills whatsoever at reading QR codes either. That’s why I leave it up to my QR scanning software to tell me what it says before I actually go the URL.

      I agree, however that QR codes are a bit dated. They grew out of a particular need at the time (for tracking car parts), but it’s conceivable that they may be replaced with something cooler.

  9. Ken Moorhouse Silver badge

    Sponsored links

    I think El Reg is correct. This will be exploited, meaning two or more dud devices rather than just the one.

    How long before the marketeers get their teeth into this? PC manufacturers could pay MS to use a QR on the BSOD to sell the victim a new pc ("Your pc has just crashed, we can help with that") or Amazon could say "while you're twiddling your thumbs, visit our site and choose a book to read" or even "Ah that error is covered in this title, buy now".

    Then we'll have Banner Ads. Then, gradually, users will be saying "My machine has crashed? I didn't realise that, I thought that was how it was supposed to be."

    1. Chika

      Re: Sponsored links

      "This bug was brought to you by Raid! One spray and they're gone!"

  10. Uffe Seerup
    FAIL

    The Register Fails

    > . Fake a system crash by popping up a blue screen, show a QR code that links to a malicious website, and fool someone into opening it on their browser.

    2 problems with that thinking:

    1. How do you fake a system crash without already having control of the computer? No, a browser will not do - you cannot take over the entire screen. For a browser to take over the screen, the user must perform an explicit action, and even then there are clues on the screen that it is but a browser and that you can just hit ESC to return.

    2. If it was so easy, why are malware not doing this already? Do you really think average Joe needs to know (or will even know) that Microsoft started using QR codes on BSODs? If Joe in inclined to fall for this, surely there's no reason to wait for Microsoft to start using QR codes?

    1. Pascal Monett Silver badge
      Thumb Down

      For whome the Fail tolls

      2 problems with your thinking :

      1) Clues on the screen ? Please, we're talking about Joe User here, if he had a clue he wouldn't have clicked that attachment in the first place. Press ESC ? My God man, you're actually attributing a thought process to a user ? Tsk, tsk.

      2) Malware is made based on things users are used to. Now that Microsoft has included this functionality, malware authors can take advantage of it. It would be pretty stupid of them to go and put in an unknown, highly-visible tag with no prior user experience for it. Doing that would only make it easy for everyone and their dog to say "See that QR code ? That means its a trap." and only the truly clueless would get caught. Now that Microsoft is including it, it becomes a viable target.

      Oh, and congratulations, Microsoft, you have clearly outdone yourself this time. For 20 years we have been battling the insecurities and baffling decisions of your swiss-cheese platform, and you have just gone and added a whole new attack vector for criminals to take advantage of. Way to go to keep the AV vendors afloat.

      1. 's water music

        Re: For whome the Fail tolls

        ...only the truly clueless would get caught...

        Whilst I agree with your point about MS normalising QR codes and hence encouraging people to follow them with gay abandon, I've seen it claimed that 419 emails use poor grammar for exactly the reason of filtering out the clueful meaning that the marks are pre-screened to be biased towards the ill-educated and credulous.

      2. Stevie

        Re: For whome the Fail tolls

        Spot on, Pascal Monet.

        My mother in law thinks she's broken her e-mail if she closes the window. I've explained it with demonstrations and icons and written post-its, but she counters this by chanting "I'm just a stupid old woman" over whatever I'm saying.

    2. jaywin

      Re: The Register Fails

      3. The linked malware will affect the device scanning the QR code, not the PC showing the QR code.

      But yeah, the biggy is, as Raymond Chen would put it, if you're on the other side of the airtight hatchway, your malware doesn't need to trick the user into downloading more malware, it can just do it itself.

      1. Daniel 18

        Re: The Register Fails

        So the malware in your computer installs malware in your smartphone...

        and your smartphone based two factor banking authentication is now worth (insert favourite perjorative).

    3. Darryl

      Re: The Register Fails

      Proof of concept is the huge amount of current browser popups that claim "Your computer/phone/whatever has a virus. Click here to fix it."

      If they didn't work, I don't think you'd see as many. People are gullible.

  11. synthe

    Good idea...

    I like the the idea and i hope they put funny cat pictures on the website behind that link - that could really help getting over a messed up pc...

  12. Herby

    Is it just me, or...

    Don't you need a computer to get whole pages of information about the QR code. Sure you scan the silly thing with a nice iDevice and get a web page, but will it be optimized for the "small screen", or will you need a nice big 20+ inch screen (on the vary computer that just crashed) to get all the info you really need/

    When in danger, or in doubt

    Run in circles, scream and shout. (The Microsoft way)

  13. Seajay#

    If MS know in detail what caused the crash, why not just display that information on the screen at this point?

    If they don't know then the web page isn't going to be any help either (unless it's a problem which has only just been uncovered, since the last windows update).

    1. hplasm
      Devil

      The QR code will lead to the fault diagnosis:-

      "Windows 10 installation detected!"

    2. Someone_Somewhere

      > If MS know in detail what caused the crash, why not just display that information on the screen at this point? <

      Because Windows isn't a static collection of bugs - with time, some of them get fixed and new ones get introduced.

      You might as well ask what the point of CSS is - why not just write the relevant code in individual pages?

      Also, an enduser isn't going to be any the wiser to learn that the crash was caused by a segmentation fault in thread xxx of module yyy of weirdly named process zzz.

      > If they don't know then the web page isn't going to be any help either (unless it's a problem which has only just been uncovered, since the last windows update). <

      The QR code won't tell you what the problem is, it will just start an automated remote fix tailored to the unique device identified by the unique QR code.

      The only time a user will read anything more than "Please wait while we try to fix your computer" will be when the message is "It's not /our/ fault, talk to your hardware/app vendor."

  14. allthecoolshortnamesweretaken

    Bah, bring back the old, written by Ballmer BSOD, I say!

    1. Chika
      Trollface

      "Your system has crashed. Buggered if I know what went wrong"

      Is that the one you mean?

  15. nuclearstar

    Would be better if the QR code just displayed an actual code that can be copied and pasted into a microsoft website like microsoft.com/errorcode

  16. Winkypop Silver badge
    Devil

    Quick, Reboot

    Oh, not that QR code..........

  17. Anonymous Coward
    Anonymous Coward

    That'll breach an air gap - think compromise of 2FA

    Dodgy QR code that looks like a crash.

    Reach for phone camera and infect that instead, or maybe as well as the kit displaying the code.

    Potentially two birds with one stone.

    2FA using SMS compromised?

  18. oceanhippie

    Share button

    Surely this could be taken further, you could "share" your BSOD with Facebook, so your geek mates can be dragged into helping.

    hashtagBSOD and all that.

  19. Tromos

    QR code readers need a software modification

    They should OCR the text starting "http" and totally ignore the silly boxes and squiggles.

  20. Duffaboy
    Coat

    Here's a thought

    I know its out there and Leftfield, but how about having an error message that actually states what went wrong ?

  21. Pseudonymous Diehard

    Come to daddy...

    Since a QR code looks like one of the sides of the Lament Configuration from Hellraiser...cant they just make it so that Windows users get dragged to hell by Ballmer dressed as Pinhead followed by his other cenobites one with a lip piercing containing a Clippy where they have "such sights to show you" and an "eternity to know your flesh".

    If that doesnt get people off Windows I dont know what will.

    Ive always imagined Microsoft Hell (coming soon) to be coloured using the NT4 pallete and be plastered with progress bars stuck at 99%.

    Teal....lots of teal.

  22. DrXym

    If something malicious can fake a BSOD

    Then you've got far more immediate and bigger problems. I suppose there is an outside chance that a customer / user in an org might take a picture, send it to tech support, they scan it, unwittingly follow a URL and just so happen to do it in a vulnerable browser. But it seems like a tenuous chain for an attack to succeed.

  23. Jagged

    Rickroll

    I bet every QR codes takes you to a video of Rick Astley.

  24. Stevie

    Bah!

    This is what happens when you fire the engineers and hire fuckwits.

    I imagine a room full of twenty-somethings in blue shirts spitballing what the next "great" feature of Windows 10 will be in the usual atmosphere of texting and browsing on smartphones instead of "being there". Someone looks up from a cat video, aware that he must contribute something today, looks down again at the glass slab in his hand and says "Hey, wouldn't it be neat if ..."

  25. Anonymous Coward
    Windows

    Good old El Reg

    If MSFT had announced a cure for the common cold, El Reg hacks would think of 6 reaaons why that's BAAD

    1. Captain DaFt

      Re: Good old El Reg

      "If MSFT had announced a cure for the common cold, El Reg hacks would think of 6 reaaons why that's BAAD"

      Well, a proper dose of arsenic, ricin, or strychnine will permanently cure the common cold*.

      The point is, I think it's less El Reg attacking the intent, than shaking its head at the implementation.

      *Ask you doctor before using, if he agrees, get a different doctor. :)

    2. Chika
      FAIL

      Re: Good old El Reg

      If MSFT had announced a cure for the common cold, El Reg hacks would think of 6 reaaons why that's BAAD

      That would depend on what they were proposing. For example, if they proposed that the best way to cure a headache, runny nose and sore throat was to cut your head off, I'm sure that somebody would object.

  26. herman

    Monetize

    I'm sure miscreants will find many original ways to monetize the new error screens.

  27. Diodelogic

    Had to laugh at myself

    It's been so long since I've seen a BSOD on a Windows box that it took me a few seconds to remember what a BSOD is. The last time I had one was when I installed some defective "brand new" memory--around about 1999, or maybe 2000 (memtest confirmed the problem for me). After that happened, I kept a small spare machine around just for testing new hardware of any kind, or for testing older hardware that seemed to have failed.

    The closest I've come to such a problem was a few months ago, after updating my video driver. A resizing operation inside of Photoshop suddenly starting failing, but at least I got a nice clear message that the problem was, in fact, in the video driver. Not really a crash, more of an inability to perform the operation. Rolled-back the driver and was fine.

  28. Laughing_Man

    So why don't they use their HCCB variant Microsoft tag?

  29. Kev99 Silver badge

    Well that's really smart. Use a cell phone app (Q code) to let you know how to fix the problem with the cell phone OS. SO now you can lose not only your pc but also your cell phone, all with one OS.

  30. ecofeco Silver badge

    Genius!

    Cryptic error messages replaced with totally unreadable ones!

    Yep. That's more efficient! HUZZAH!

    "We heard you like work, so we added more work to your work!"

  31. Mike Shepherd
    Unhappy

    We're searching for a solution to your problem...

    [ covers receiver ] [ sniggers ]

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like