Feeds

Developing for Vista

Will it work with my app?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

The imminent arrival of Windows Vista is a mixed blessing for developers. The good bit is lots of new features to play with, along with better security and an updated user interface. The downside is compatibility problems, and with the challenge of meeting expectations for well-behaved, good-looking Vista applications. There is going to be some pain.

Tripping up over UAC

At a developer-focused press briefing last week, Microsoft assured us that Vista is the biggest release of Windows ever. Perhaps it is; but the most basic question is this: will your existing applications run on Vista

They may do; but if they trip up, it will most likely be over UAC or User Account Control, Microsoft's attempt to bring Unix-like user security into Windows. There is a fair amount of confusion over UAC, which is mainly famous for perplexing the user with numerous permission prompts. These have been tamed in the latest Vista Release Candidate, but the fundamentals of UAC remain.

By default all users run without administrator rights, even administrators. Applications that require additional permissions must be started as an elevated process, hence the prompts. But how will Windows know what permissions your application requires? The answer: only by reading a manifest resource embedded in the executable.

Pre-Vista applications will not have one, so they might crash or behave strangely. The strange behaviour is because of a UAC feature called virtualization. The idea is to accommodate legacy applications that write to protected locations such as Program Files, or registry keys in HKEY_LOCAL_MACHINE.

This is so common that Microsoft devised a mechanism that allows these applications to work. When they write to the protected location, Windows redirects the write operation to a user-specific location. The application thinks it is writing to Program Files, but in reality a file gets written to a second Program Files directory in the user's Virtual Store. In some cases this works fine, but it is far from perfect. Data which the application thinks is globally accessible silently becomes private to the user, and near-invisible to other applications unless they also have virtualization enabled; and typically only legacy applications will use virtualization.

You are also likely to get unexpected behaviour. Imagine that your application modifies a file that already exists in Program Files. It will succeed, but in reality Windows will make a copy and put it in the Virtual Store. Now there are two different versions of that file. Some applications will see one, and some the other. Next, imagine that the application tries to delete the file. The delete appears to succeed, yet the file still exists in Program Files and remains visible to the application. If it retries the delete, an access denied exception is thrown. This is going to cause some perplexing bugs. Virtualization is one feature of UAC that administrators may want to disable.

Programming the new API

Vista introduces a hugely expanded Windows API, some of which is also available as an add-on for Windows XP. These XP-compatible elements will be initially more interesting to developers, and include Internet Explorer 7, the XML-based GUI called XAML, the distributed computing libraries called Windows Communication Foundation, the Windows Workflow Foundation, and the XML Paper Specification. Parts of IE 7 are relevant even to FireFox diehards, particularly the RSS Platform, a centralized store for RSS feeds.

Many other parts of the new API are exclusive to Vista, including the shell and desktop APIs to support translucent glass effects, live thumbnails that show your running application in miniature, and new task dialogs that include features such as progress bars, hyperlinks and expandable text. The idea of task dialogs is to enable richer dialogs and message boxes without forcing developers to built custom forms. These are unmanaged, C++ APIs, and to use them in .NET applications you need to use Platform Invoke, which lets you call native DLLs from .NET code.

If you want your application to look like a true Vista citizen, some conditional code to call these APIs when running on Vista is the way to do it. Another handy newcomer is called Application Recovery. The idea is to enable your application to crash gracefully, saving critical data as it fails, and firing up again automatically. Apparently the feature was designed for Windows Explorer in XP, for which it works some of the time, but has now been opened up for any application. While on the subject of crashing applications, it is worth mentioning that any developer can register with Microsoft to get access to crash reports uploaded by users for their application, for the cost of a digital certificate.

A two-tier API?

The extent of Microsoft's commitment to .NET has often been debated. At one extreme, .NET managed code is presented as the future Windows API. In the other corner are the sceptics who observe that most of Vista and Office remains native code. If .NET is really the future of Windows, it is disappointing to discover that Microsoft has not yet wrapped some key Vista features in official .NET libraries.

On the other hand, the Windows Presentation Foundation, the new declarative programming model for Windows, is a .NET API. In truth these two streams will continue for the foreseeable future. Both COM and native code remain in heavy use at Microsoft. Nevertheless, for enterprise developers who want to keep pace with Microsoft’s platform, .NET is the only sane choice, supplemented by native code where necessary. Essential platform technologies like Windows Communication Foundation depend on it.

What you need to know about Vista

Vista enthusiasts have plenty to explore; but what is the minimum that hard-pressed developers and admins need to know? The big one here is UAC, and the best single source of information is the white paper aimed at developers, which you can find here:

In particular, everyone needs to understand virtualisation, which is enabled by default but can be disabled through security policy. There are going to be hassles for any application that does not follow best practices, and developers will be hastening to fix any features that require local admin rights, signing their applications, and adding UAC manifests. It will be painful, but this is excellent news for Windows users and long overdue. ®

Other resources

Vista developer center: http://msdn.microsoft.com/windowsvista/ “Certified for Windows Vista” requirements: http://microsoft.mrmpslc.com/VistaPlatformAdoption/Overview/CertifiedFor.aspx

Vista RC1 and SDK download links: http://msdn.microsoft.com/windowsvista/downloads/products/getthebeta/default.aspx

Kenny Kerr on Windows Vista for developers: http://weblogs.asp.net/kennykerr/archive/2006/07/12/Windows-Vista-for-Developers-_1320_-A-New-Series.aspx

Official site for info on what works in Vista and what does not. http://devreadiness.org/default.aspx

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.