Posted by Javier Guerrero, April 28th, 2010

Blue screens, also known as BSODs (Blue Screen of Death), are one of the aspects of Windows that users most loathe, fear and despise. In fact, we dare say they are annoying for users and developers alike : -).

In this post we will explain in a fairly simple way what BSODs are and their causes. Unfortunately, we will not be able to provide instructions on how to prevent them, as -due to their nature- that is virtually impossible.

A question of error

Any software running on a computer (applications, device controllers, antivirus programs or operating systems) can fail for several reasons: a programming error, a file corruption, an unexpected scenario or a hardware problem. Some errors are considered ‘minor’ (‘minor’ meaning ‘can be supported by the affected software’), while others are considered more important or even critical. BSODs belong to this last group.

Usually, when ‘critical’ errors occur at application level in what is known as the ‘user layer’, the situation is resolved without further problems: the error message is displayed and the corresponding process is terminated, as can be seen in the following image.

Windows 7 Error Message

However, when critical errors occur at a more ‘internal’ level of the operating system – in what is known as the ‘kernel layer’ – things are different. This involves an anomalous situation in the most fragile part of the operating system, which causes instability and prevents normal functioning. The system launches a blue screen which is Windows’ way of reporting the problem.

Can any information be obtained from BSODs?

The system tries to provide information about the problem via blue screens. The downside is that the content is highly technical, very specific and depends on the error. Consequently, users without the necessary technical knowledge would not understand it.

However, the name of the module that caused the error (or the context) can be obtained. In the image below we have marked the cause of the error in red: driver “myfault.sys”:

BSOD
BSOD

Although this data is not one hundred percent reliable, it is highly useful for users, since it provides a clue as to the source of the problem.

For example, if you get a blue screen referring to the graphic card driver, you can reject other possibilities and focus on that component; it could be due to a programming error in the device controller, or even a physical flaw in the device.

Why must computers be restarted after a BSOD?

It is normal to wonder why Windows doesn’t ignore the error and continue with the kernel execution flow. The answer is to avoid greater consequences. The system prefers to act safely and not run any risks in such a sensitive element as the operating system kernel.

Interesting data

To finish this post, I would like to reveal some interesting aspects about BSODs.

Did you know
.?

  • Despite what some people may think, Microsoft takes system errors very seriously. It has a large infrastructure to collect errors and a department which is exclusively dedicated to studying problem reports sent by users. Microsoft figures are surprising; on average, Microsoft analyzes errors received from over 400 million PCs.
  • The conclusions drawn from these studies are astonishing: for example, most BSODs are caused by drivers (monitoring filters or authentic device controllers) belonging to products from other companies, including malware running on the kernel layer. The rest are due to hardware problems, and a few correspond to bugs in the operating system themselves. Consequently, Windows is not as unstable as it may seem.
  • It is also possible that the module displayed in the BSOD may not be the real source of the problem. In fact, it’s not unusual for drivers to be blamed, when -due to their special features- they just happened to be ‘in the wrong place at the wrong time’. Panda’s Interception Unit has seen this happen many times.
  • As a user it is possible for you never to have seen a blue screen on your system, but hasn’t your PC ever restarted on its own? That means a critical error occurred but you didn’t notice it because your Windows operating system was configured to automatically restart under critical errors. This action can be configured in Control Panel -> System -> Start and recovery, by using the Automatic restart option.

Hope this article gives you a little insight into blue screens.

And remember, if you have any queries or comments, this blog is at your disposal.

Best regards,
Javier Guerrero
Development Dept.  R+D