Coffeehouse Thread

11 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Proposal for Windows 8 - Application Scopes

Back to Forum: Coffeehouse
  • User profile image
    W3bbo

    Users of IIS will no-doubt be familar with the concept of an application scope: which is basically a subtree of the filesystem where any page, script, or executable contained within counts as being part of that "application".

     

    I think the concept can be applied to desktop programs too, where each application's directory under Program Files would be marked as its own application scope, and all executables contained within can run under its own security principal which gives users more control, remedies problems associated with UAC, and more stuff besides. For instance users might prohibt all programs from editing their files, in case of things like ransomware, or reading files in certain directories (like banking details).

     

    The idea being than an application is freely able to alter the filesystem in its own directory, which means an end to the misuse of the ProgramData directory on Vista/Win7 as a "UAC-free" version of Program Files (which defeats the point of UAC to avoid program file modification in the first place).

     

    This idea could be combined with an overhauled package management system which makes things easier for program installation, management, security, and uninstallation. Kind of like Apple's .app system, but on steroids.

     

    Discuss.

  • User profile image
    Cannot​Resolve​Symbol

    Sounds a lot like the iPhone sandbox.

  • User profile image
    Cream​Filling512

    Yeah I think Windows could benefit from a stronger application model.  All the technologies are pretty much there I think, it's just not really tied together in a monolithic way.

  • User profile image
    spivonious

    Sounds like a great idea to me. I'd also include the AppData folder in the sandbox.

  • User profile image
    littleguru

    Would apps opt into this? I can see a lot of existing applications break because of this enforcement... Not that I say it's not an interesting idea... I guess there could be a lot done to make application behave nicer. But there are a lot of open questions like, e.g. how would you handle multiple users? Do you have the C:\users folders spread out over all the application directories? What about saving files... are you allowed to save files to C:\users\signed in user?

  • User profile image
    elmer

    Sounds a bit like Sandboxie - www.sandboxie.com

  • User profile image
    Cyonix

    This sounds like a great idea. Although i agree with littelguru that backwards compatibility would present an interesting challenge.

     

    Perhaps old applications could keep the "Program Files" directory and a new directory called "Applications" could be created in the root folder.

     

    Or you could even have an "Applications" directory in both the root folder and the users folder. Then if an application like Google Chrome wants to only install for the user, it could do so without stuffing its self under AppData.

  • User profile image
    AndyC

    I'm not sure why you think using ProgramData to store system-wide shared state for an app is abusing it, that's what it is there for. And since it's not flagged as a "trusted location" you aren't circumventing UAC either.

  • User profile image
    littleguru

    My problem is that if you make something like this opt in nobody will actually opt in. Or a small minority. If you enforce it tons of apps break and that version of Windows is going to be even less well received than Vista... 

  • User profile image
    W3bbo

    AndyC said:

    I'm not sure why you think using ProgramData to store system-wide shared state for an app is abusing it, that's what it is there for. And since it's not flagged as a "trusted location" you aren't circumventing UAC either.

    AndyC: I read documents from Microsoft that suggested for MMOs and other games that require constant patching that they just put all their files in ProgramData so they don't require UAC elevation to self-patch. This includes the executable program code, not just game assets.

     

    Except if that's the case, why not just install all programs to ProgramData to avoid all UAC prompts?

     

    But if you do that, you lose the benefit of protection from malware-modified program files.

  • User profile image
    W3bbo

    littleguru said:

    My problem is that if you make something like this opt in nobody will actually opt in. Or a small minority. If you enforce it tons of apps break and that version of Windows is going to be even less well received than Vista... 

    You could use heuristics to enforce this right now: assume that each directory under %programfiles% containing an executable is an application scope, and monitor filesystem changes made by installers. The monitoring that Application Mode Terminal Services already does is considerably more complicated.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.