Microsoft rethinks the Windows application platform one more time

Plan to bring most Windows apps to the Store, never mind security

Distinguished Engineer John Sheehan speaking at Build 2016
Distinguished Engineer John Sheehan speaking at Build 2016. "We're putting a lot of trust in the developer"

Build 2016 "There are 16 million Win32 or .NET apps in the world. When we built the Universal Windows Platform, we left them behind. And that was dumb," said Microsoft Distinguished Engineer John Sheehan, speaking at the Build conference last week in San Francisco.

Microsoft's Universal Windows Platform (UWP) is based on the Windows Runtime, the environment once known as Metro, which was introduced with Windows 8 in an attempt to reinvent the operating system.

The Windows Runtime had several goals. One was to bring Windows into the world of tablets, with a user interface designed with touch in mind. Another was to enable users to install and remove applications easily and cleanly, via the Windows Store or custom business portals. Thirdly, the Windows Runtime was intended to be secure, with each application sandboxed both from the operating system and from other applications. Only a safe subset of the Windows API was available, and access to the file system was restricted to an isolated app-specific area, or to standard locations for things like documents and pictures – subject to the user's consent.

The long-term strategy seemed to be that users would gradually use more Store apps and fewer legacy desktop apps, until the moment came when most Windows apps used the new model and Microsoft would be able to lock down the operating system to be more like Apple's iOS, which is less vulnerable to malware and to intrusive third-party software that damages the user experience.

Unfortunately for Microsoft, developers did not rush to build Store apps, and users continued primarily to run old-style desktop applications, because that was why they used Windows. The work the Windows team did to secure the Store app environment in Windows 8 was largely wasted, since few used it.

Windows 10 introduced big changes to Microsoft's strategy. The Store app environment was retained, but in a modified form so that apps run in a desktop window. The company also unified the app platform across PC, mobile, Xbox, HoloLens and Windows IoT Core, renaming it as the UWP.

At Build, Microsoft also made it clear that the security of the UWP has taken a back seat behind compatibility. Project Centennial, also known as the Desktop App Converter, is a feature coming in the Windows 10 Anniversary Update that will let developers adapt desktop applications so that they can be deployed from the Store and have easy access to UWP APIs such as notifications, Live Tiles and background tasks. These applications will not be sandboxed. "We looked at, maybe we could restrict it, lock it down, but it turned out the apps wouldn’t run then. We are putting a lot of trust in the developer”, said Sheehan at Build.

Microsoft also intends to increase the subset of the Windows API available to UWP applications. “You can expect the [Store app] SDK surface area to keep growing and growing, not just with new APIs but adding back all the stuff that we had left out earlier," said Sheehan.

I discussed this with some of the Project Centennial team at Build, and the point they made was simple. Since users can easily download and run Win32 applications that may be malicious or undesirable, the security offered by the UWP is easily bypassed anyway.

Microsoft's approach now is to make the AppX installation files used by the UWP standard for all kinds of Windows applications. In some ways it is the next generation of Windows Installer. Provided an AppX has been signed with a trusted digital certificate, users will be able to install it not only from the Store, but also by downloading from a web site and simply double-clicking the file (a feature which drew a cheer from Build attendees). "You never have to write an installer ever again," said Sheehan.

The same technology is also been adapted for Windows Server, where it is called a Windows Server App (WSA). This is coming first to the cut-down Nano Server, but will also be supported in Server Core and full Windows Server 2016. "WSA extends the AppX schema to add Windows Server specific extensions required to install many server apps, such as supporting NT Service installation. As a set of extensions to the AppX installer, WSA does not support custom actions, so will not have the reliability and uninstall issues of MSI," says Microsoft's server team. An MSI is a classic Windows Installer file, and this kind of deployment is not supported at all on Nano Server, because of the dependencies it would introduce.

Developers writing new applications will not need to use the Project Centennial Desktop App Converter to create an AppX from an MSI, since installation builders like the commercial InstallShield or the open source WiX will be able to generate AppX directly.

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017