Feeds

Developing for Vista

Will it work with my app?

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The imminent arrival of Windows Vista is a mixed blessing for developers. The good bit is lots of new features to play with, along with better security and an updated user interface. The downside is compatibility problems, and with the challenge of meeting expectations for well-behaved, good-looking Vista applications. There is going to be some pain.

Tripping up over UAC

At a developer-focused press briefing last week, Microsoft assured us that Vista is the biggest release of Windows ever. Perhaps it is; but the most basic question is this: will your existing applications run on Vista

They may do; but if they trip up, it will most likely be over UAC or User Account Control, Microsoft's attempt to bring Unix-like user security into Windows. There is a fair amount of confusion over UAC, which is mainly famous for perplexing the user with numerous permission prompts. These have been tamed in the latest Vista Release Candidate, but the fundamentals of UAC remain.

By default all users run without administrator rights, even administrators. Applications that require additional permissions must be started as an elevated process, hence the prompts. But how will Windows know what permissions your application requires? The answer: only by reading a manifest resource embedded in the executable.

Pre-Vista applications will not have one, so they might crash or behave strangely. The strange behaviour is because of a UAC feature called virtualization. The idea is to accommodate legacy applications that write to protected locations such as Program Files, or registry keys in HKEY_LOCAL_MACHINE.

This is so common that Microsoft devised a mechanism that allows these applications to work. When they write to the protected location, Windows redirects the write operation to a user-specific location. The application thinks it is writing to Program Files, but in reality a file gets written to a second Program Files directory in the user's Virtual Store. In some cases this works fine, but it is far from perfect. Data which the application thinks is globally accessible silently becomes private to the user, and near-invisible to other applications unless they also have virtualization enabled; and typically only legacy applications will use virtualization.

You are also likely to get unexpected behaviour. Imagine that your application modifies a file that already exists in Program Files. It will succeed, but in reality Windows will make a copy and put it in the Virtual Store. Now there are two different versions of that file. Some applications will see one, and some the other. Next, imagine that the application tries to delete the file. The delete appears to succeed, yet the file still exists in Program Files and remains visible to the application. If it retries the delete, an access denied exception is thrown. This is going to cause some perplexing bugs. Virtualization is one feature of UAC that administrators may want to disable.

Programming the new API

Vista introduces a hugely expanded Windows API, some of which is also available as an add-on for Windows XP. These XP-compatible elements will be initially more interesting to developers, and include Internet Explorer 7, the XML-based GUI called XAML, the distributed computing libraries called Windows Communication Foundation, the Windows Workflow Foundation, and the XML Paper Specification. Parts of IE 7 are relevant even to FireFox diehards, particularly the RSS Platform, a centralized store for RSS feeds.

Many other parts of the new API are exclusive to Vista, including the shell and desktop APIs to support translucent glass effects, live thumbnails that show your running application in miniature, and new task dialogs that include features such as progress bars, hyperlinks and expandable text. The idea of task dialogs is to enable richer dialogs and message boxes without forcing developers to built custom forms. These are unmanaged, C++ APIs, and to use them in .NET applications you need to use Platform Invoke, which lets you call native DLLs from .NET code.

If you want your application to look like a true Vista citizen, some conditional code to call these APIs when running on Vista is the way to do it. Another handy newcomer is called Application Recovery. The idea is to enable your application to crash gracefully, saving critical data as it fails, and firing up again automatically. Apparently the feature was designed for Windows Explorer in XP, for which it works some of the time, but has now been opened up for any application. While on the subject of crashing applications, it is worth mentioning that any developer can register with Microsoft to get access to crash reports uploaded by users for their application, for the cost of a digital certificate.

A two-tier API?

The extent of Microsoft's commitment to .NET has often been debated. At one extreme, .NET managed code is presented as the future Windows API. In the other corner are the sceptics who observe that most of Vista and Office remains native code. If .NET is really the future of Windows, it is disappointing to discover that Microsoft has not yet wrapped some key Vista features in official .NET libraries.

On the other hand, the Windows Presentation Foundation, the new declarative programming model for Windows, is a .NET API. In truth these two streams will continue for the foreseeable future. Both COM and native code remain in heavy use at Microsoft. Nevertheless, for enterprise developers who want to keep pace with Microsoft’s platform, .NET is the only sane choice, supplemented by native code where necessary. Essential platform technologies like Windows Communication Foundation depend on it.

What you need to know about Vista

Vista enthusiasts have plenty to explore; but what is the minimum that hard-pressed developers and admins need to know? The big one here is UAC, and the best single source of information is the white paper aimed at developers, which you can find here:

In particular, everyone needs to understand virtualisation, which is enabled by default but can be disabled through security policy. There are going to be hassles for any application that does not follow best practices, and developers will be hastening to fix any features that require local admin rights, signing their applications, and adding UAC manifests. It will be painful, but this is excellent news for Windows users and long overdue. ®

Other resources

Vista developer center: http://msdn.microsoft.com/windowsvista/ “Certified for Windows Vista” requirements: http://microsoft.mrmpslc.com/VistaPlatformAdoption/Overview/CertifiedFor.aspx

Vista RC1 and SDK download links: http://msdn.microsoft.com/windowsvista/downloads/products/getthebeta/default.aspx

Kenny Kerr on Windows Vista for developers: http://weblogs.asp.net/kennykerr/archive/2006/07/12/Windows-Vista-for-Developers-_1320_-A-New-Series.aspx

Official site for info on what works in Vista and what does not. http://devreadiness.org/default.aspx

Combat fraud and increase customer satisfaction

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.