Be Rock Solid

Be Rock Solid

---

Windows Vista® has been redesigned from the foundation up to provide increased security, reliability, and manageability. With Windows Vista, we’re bringing a new level of confidence to the desktop experience.

• From the user perspective, it means that a computer just works—as expected, no surprises—it does exactly what you expect it to do.

• From a developer perspective, it’s about really delivering on the basics and providing a platform for rock-solid applications.

Properly leveraging these advantages in Windows Vista requires an understanding of the technologies that Windows Vista provides in three areas: security, reliability and management, and error reporting.

Run Securely

Windows Vista provides a range of enhancements to the Windows security model. The Windows security model includes many technologies, features, and tools.

This high-level overview of the new security features in Windows Vista is a good place to start learning about Windows Vista Security:

Windows Vista Security Overview (June 2006)

User Account Control

Under User Account Control in Windows Vista, by default, all interactive processes run as standard user by default, even if they are launched by a member of the Administrators group. Developers should understand how UAC works and how it can impact their applications.

Resources:
Windows Vista Application Development Requirements for User Account Control Compatibility The definitive source of UAC information.
User Account Control Resources for IT Professionals (TechNet Landing Page) A broader, IT Pro view of UAC, provided by TechNet.
UAC Team While no longer active (it was rolled into the Windows Vista Security when Windows Vista was released), the UAC team blog provides an interesting view of many aspects of how UAC evolved.
Windows Vista UX Guidelines for UAC Provides a guide for designing applications where the root process runs as a standard user and launches privileged operations in a separate process.
COM Elevation Moniker Explains how the COM elevation moniker allows applications that are running under a limited user account to activate COM classes with elevated privileges.
ShellExecute Explains another supported mechanism for elevating privileges.
AC: User Account Control Describes application compatibility issues and remedies that result from updating applications to work with UAC.
User Account Control (UAC) Includes a large amount of practical User Account Control information for developers.

Internet Explorer Protected Mode

On Windows Vista, Microsoft Internet Explorer® 7 (IE7) runs in what is referred to as Protected Mode, which helps protect users from attack by running with greatly restricted privileges.

Protected Mode in IE relies on three security features introduced in Windows Vista: User Account Control, Mandatory Integrity Control (MIC), and User Interface Privilege Isolation (UIPI).

UAC is discussed in the preceding section.

MIC assigns integrity levels to users and securable objects, allowing an additional security distinction beyond privilege level.

UIPI comes into effect for a user who is a member of the Administrators group that may be running applications with least privilege (sometimes referred to as a process with a filtered token), and also for processes running with full administrative privileges on the same desktop. UIPI prevents lower privilege processes from accessing higher privilege processes.

Resources:
Security and Compatibility in Internet Explorer 7 Explains how to enable applications to run in IE7 on Windows Vista.
Protected Mode API Explains how to develop extensions and add-ons for IE7 that can interact with the file system and registry and work correctly within Internet Explorer 7 in Protected Mode low integrity (Low IL) process.
Understanding and Working in Protected Mode Internet Explorer Explains Mandatory Integrity Control and UI Privilege Isolation in the context of Protected Mode.
IE Team A great source of information for all things IE–related.

Cryptography Next Generation API

Cryptographic Next Generation (CNG) provides a set of APIs that can be used to perform basic cryptographic operations, cryptographic key storage and retrieval operations, and configuration of cryptographic providers. It also enables custom cryptography algorithms to be plugged into CNG via a simple extensibility mechanism. It is the long-term replacement for the CryptoAPI and is supported in Windows Vista and later releases of the Windows operating system.

Resources:
Cryptography API: Next Generation (CNG) Any application can use Transactional NTFS (TxF) to preserve the integrity of data on disks caused by unexpected error conditions, isolate changes from others while the changes are being made, and help resolve concurrent file-system user scenarios.

Parental Controls for Windows Vista

Parental Controls is a consumer-targeted feature that provides functionality to monitor and limit exposure of selected computer users to online dangers and inappropriate content. The Parental Controls API provides access to policy and restrictions settings, and logging functionality.

Resources:
Parental Controls for Windows Vista Feature overview.
Mapping Solutions onto the Parental Controls Infrastructure A good starting place for developers building consumer applications.
IWindowsParentalControls Reference documentation.

Windows Filtering Platform API

The Windows Filtering Platform API enables developers to write code that interacts with the filtering that takes place at several layers in the networking stack and throughout the operating system. It also integrates with and provides support for firewall features—such as authenticated communication and dynamic firewall configuration—based upon applications' use of sockets API (an application-based policy).

Resources:
Windows Filtering Platform API Feature overview.
AC: Networking: TCP/IP Stack and the Windows Filtering Platform An application compatibility article about Windows Filtering Platform (WFP).

Network Address Protection API

The Network Address Protection platform provides an integrated way of detecting the state of a network client attempting to connect to a network and restricting the access of that network client until the policy requirements for connecting to the network have been met. It is an extensible platform, providing an infrastructure and an API set for adding components that verify and amend a computer's health and that enforce existing policy systems.

Resources:
Network Address Protection API Feature overview.

Certificate Enrollment API

The new Certificate Enrollment API enables developers to create client applications that can be used to request and install certificates. This new COM API replaces the ones previously provided in Xenroll.dll, which has been deprecated and is no longer included in Windows Vista.

Resources:
Certificate Enrollment API Feature overview.

BitLocker Drive Encryption Provider

Windows Vista and Windows Server 2008 offer a provider interface in Windows Mgmt Instrumentation (WMI) for managing and configuring BitLocker™ Drive Encryption (BDE). It can be used by developers writing scripts, user interface components, or other administrative tools for BitLocker Drive Encryption.

Resources:
Bitlocker Feature overview.

Trusted Platform Module Provider

The Windows Vista Trusted Platform Module (TPM) Services architecture allows a rich, competitive environment to grow on top of TPM 1.2 technologies by providing robust infrastructure for accessing hardware-based security.

Resources:
Trusted Platform Module Services in Windows Vista Overview of hardware security services.
Trusted Platform Module Provider API reference information.

Winlogon Re-architecture and Credential Providers

Previous versions of Windows allowed developers to add a custom authentication DLL (called a Graphical Identification and Authentication DLL, or GINA) that would interface with authorization hardware. Fingerprint scanners, authentication key cards, and other authorization hardware that required a custom logon could use GINA DLLs to work with Windows.

The logon architecture for Windows Vista has changed significantly. For reliability reasons, plug-ins have been moved out of the Winlogon process space as much as possible (in the past, a poorly coded GINA DLL, for example, could crash the machine this way). In addition, the logon experience has been standardized.

Credential providers now fill the GINA roll on Windows Vista. Credential providers are designed to work with the new logon architecture and to work with multi-factor authentication (for instance, a smart card and a fingerprint scan).

GINA applications need to be re-authored to use Credential Provider APIs.

Resources:
DeskTopSecurity A great article to get oriented with Windows Vista and credential providers.
AC: Microsoft Graphical Identification and Authentication (GINA) The application compatibility article about GINA and the re-architecture of Winlogon.
ICredentialProvider API reference documentation.
credprov@microsoft.com The Microsoft Shell Credential Provider alias.

Designed for Reliability and Manageability

Reliable applications behave as their users anticipate. Windows Vista offers many new developer services that make installing and running applications more predictable.

Restart Manager

Windows Vista provides a Restart Manager that enables all but the most critical applications and services to be stopped and restarted at any time during application installation and updates. This feature gives installations the ability to release files that require an update without going through a complete system restart. Avoiding full system restarts dramatically speeds up installation. Additionally, the Restart Manager allows restarted applications to return to their previous state after their shared components have been updated.

Samples that demonstrate the Restart Manager are installed with the Windows Software Development Kit (SDK) at this location:

Program Files\Microsoft SDKs\Windows\v6.0\Samples\winbase\RestartManager

Resources:
Restart Manager Feature overview.
Restart Manager Development The Windows Vista Developer Story article.
What’s New in Windows Installer 4.0 A high-level description.
Guidelines for Applications and Services Installation and update guidelines for developers.
Application Recovery and Restart SDK Documentation MSDN documentation.

Event Logging System

The Event Logging System in Windows Vista has been rewritten for added performance and scalability. Windows Vista offers several new interfaces that provide programmatic access to the functionality available within the new Task Scheduler 2.0. These interfaces provide an easy way to define a task that performs an action when an event occurs. Event triggers enable users to specify an event query used to subscribe to events that are logged in an event log.

Resources:
Event Logging System MSDN Windows Vista event logging documentation.
Developing for Task Scheduler 2.0 Windows Vista Developer Story article.

Transactional File System

Any application can use the Transactional File System in Windows Vista to preserve the disk integrity problems caused by unexpected error conditions, isolate a user's changes from others while the changes are being made, and help resolve concurrent file-system user scenarios.

Resources:
Transactional File System Feature overview.
System.Transactions Reference documentation.

Windows Remote Management

Windows Remote Management (WinRM) on Windows Vista can be used to obtain management data from local and remote computers through scripting or command line utilities.

Resources:
Windows Remote Management ( Feature summary.
WS-Management Protocol Explains the protocol that WinRM uses to exchange information.

Microsoft Management Console 3.0

Microsoft Management Console (MMC) 3.0 provides a programming platform for creating and hosting applications that manage Microsoft Windows-based environments. MMC now supports writing .NET snap-ins using Windows Forms.

Resources:
Microsoft Management Console (MMC) 3.0 Reference documentation.
Developing for Microsoft Management Console (MMC 3.0) Windows Vista Developer Story article.

Functional Discovery

Functional Discovery (FD) enables applications to discover the capabilities of new hardware and software that have been added to the system.

This system is uniform and allows applications to manage lists of devices or objects sorted by functionality or class.

Users also can take advantage of Function Discovery to discover the functions that their system can perform.

Resources:
Function Discovery (FD) Reference documentation.

Task Scheduler 2.0

The Task Scheduler enables users to automatically perform routine tasks on a chosen computer. The Task Scheduler does this by monitoring whatever criteria are chosen to initiate the tasks (referred to as triggers) and then executing the tasks when the criteria is met.

The new Task Scheduler provides for the programmatic creation and scheduling of tasks.

Resources:
Task Scheduler 2.0 Windows Vista Developer Story feature summary.
Developing for Task Scheduler 2.0 Explains how to interact with the Task Scheduler using C++ code.
Task Scheduler MSDN feature summary.

Windows Power Shell

The new Windows Power Shell uses an admin-focused scripting language to control more than 130 standard command line tools and utilities. This enables an administrator to easily control system administration and accelerate automation.

Resources:
Windows Power Shell Feature summary.
Windows Power Shell SDK Documentation MSDN documentation.
Developing with the Windows Shell Windows Vista Developer Story article that briefly explains the history of the Windows Shell and the changes in Windows Vista. Links lead to many developer docs.

Establish a Customer Feedback Loop

Use the Windows Feedback Platform to research and analyze application failure via the Windows Developer Portal.

Windows Vista provides an extensible error-reporting environment, integrated with a developer portal for viewing application reports. Developers can collect the data necessary to determine the top issues experienced by users running the applications, and then use the debug data provided to implement fixes.

Windows Error Reporting

Windows Vista has vastly improved its error reporting service, Windows Error Reporting (WER).

Users can customize their error reporting to check automatically for solutions as well as to view all problem reports and solutions in a central location.

Reports can be queued for later transmission if an internet connection is not immediately available.

Developers can use the new API to create reports for many types of events, not just application crashes and hangs. Developers also can create custom reports (including custom user interfaces).

Further, errors are reported to the Windows Quality Online Services site, detailed in the following section.

Resources:
Windows Error Reporting MSDN documentation.
What’s New in Windows Error Reporting A good summary to become current with feature changes.
Windows Feedback Services Developer-oriented article about WER.
Problem Reports and Solutions App Explains how users can use the Problem Reports and Solutions tool to check for solutions to hardware and software problems.

Windows Quality Online Services

Windows Quality Online Services (Winqual) is the point of access for developers to receive behavioral information about an application and, when necessary, request more detailed information from users.

Resources:
Windows Quality Online Services The Winqual Web site.

More Information

Resources:
http://msdn.microsoft.com/windowsvista/reference/security/ Overview and compatibility information about Windows Vista Security.
http://msdn2.microsoft.com/en-us/winfx/aa663320.aspx Info about Windows CardSpace™, the Windows Vista identity metasystem.
Application Compatibility A guide to creating applications compatible with Windows Vista.