Post permalink

• nerddawg
  Apr 19, 2010 at 8:26 AM

  As a member of the Silverlight team I greatly appreciate the interest in this topic. There's a bunch of misinformation and leaps to conclusion in the blog post that you cited in the original post. That is being carried over to this thread.

   

  Let me attempt to rectify that with these notable points about Silverlight trusted apps:

  - Trusted apps are opt in for app authors from the development time perspective. By default Silverlight apps run within the browser, and within a security sandbox. 

         Likewise with the Automation model (cited in the code examples in the post), you need to deal with late binding and the language-specific library references. In short, you don't just "stumble" into building a trusted app.

   

  - Install time experience provides for end user consent to be the gatekeeper into installing trusted apps. This is consistent with install experiences on each OS Silverlight supports trusted apps.

         We use the power of incentives and provide values to signed apps over unsigned ones, including but not limited to UI/UX

   

  - At runtime, the apps run with standard user credentials with admin tokens stripped off in the DACLs
      Note: here's what Process Explorer would show you if you looked at sllauncher.exe, the process that runs these apps. So regardless of what the app attempts to do in code, it is the OS that enforces security, whether on Win7 or all the way down to Win2k.

  

   

   

  - Even though Silverlight supports Automation in the context of trusted apps, it does not support COM Elevation Moniker. This means that any automation servers that do systemwide or impactful operations that would otherwise kick in elevation (and UAC on modern Windows OSes) will simply not work

   

  One would know all this if one were to attempt to a) write a key to HKLM or b) write to %ProgramFiles% from within a trusted app. The blogger you quoted surely didn't write any such code. I invite you to try it yourself. There are pointers in this post: http://nerddawg.blogspot.com/2010/03/stepping-outside-browser-with.html

   

  All said, we're pushing the envelope here with low-friction app deployments, ease of development, meaningful safe defaults, and balancing that with customers' needs to build impactful apps that work best with local data. We're a very customer focused team and are eager to hear debate and discussion on this and other topics. Our forums are another such way you can express your views: http://forums.silverlight.net/

   

  Ashish Shetty
  Program Manager, Microsoft Silverlight

   

   

See more posts in thread…