zlacker

[return to "Win32 App Isolation"]
1. mike_h+8i[view] [source] 2023-05-24 17:08:40
>>pjmlp+(OP)
This feature depends on MSIX. My company makes Conveyor which amongst other things generates/signs MSIX files without using Microsoft's toolchain so you can ship apps from your developer laptop or Linux CI. As almost all modern/maintained Win32 apps are actually built on cross platform frameworks, being able to cross-build packages using a tool that understands Electron/JVM/Flutter build system config is quite convenient. By this point my guess is that we have more experience with MSIX in the wild than many of Microsoft's own teams do.

Surfacing this new sandbox feature looks very easy from the instructions, but before it's worth doing I'd want to talk to the product teams involved and get answers to some questions:

1. What's the purpose of this? Is it to let users install potentially malicious apps in the same way you can browse to untrusted web pages? Or is it like how Apple pitches their app sandbox on macOS, purely an opt-in security feature to reduce the blast radius of exploits? The big difference is whether permissions are surfaced in the UI.

2. If you want permissions to be visible somewhere in the UI, then presumably that would be in App Installer. Conveyor replaces App Installer with its own installer that drives MSIX via the API because App Installer is too buggy to rely on. What's the plan for fixing that?

3. Relatedly, Conveyor contains a large number of workarounds for bugs in the Windows app container and package management system, especially older versions. This has ended up being a significant part of the value the product provides, even! It seems faintly ridiculous, but the Windows package manager does actually provide a lot of useful features like silent background updates (Chrome style) and it's core to Microsoft's platform strategy. But unless Microsoft's plan is to tell everyone to buy my product (yes please) they will need to fix the bugs. Are you going to do that? Otherwise devs will bounce right off it just as they have with every other feature Microsoft adds to Windows that relies on package identity.

4. Not only fix the bugs but also, will you backport the fixes to Windows 10? I can't stress this enough. Shipping MSIX packages outside the MS store without using Conveyor is just flat out impossible if you're targeting Windows 10, because you'll quickly hit bugs that Microsoft know about but never backported the fixes for.

Microsoft people - if you want to talk, feel free to email. Address is in the profile. We can tell you what issues people hit in the wild when they ship apps this way, and maybe work together on making this a success.

◧◩
2. pjmlp+yn[view] [source] 2023-05-24 17:30:40
>>mike_h+8i
This is the continuation of bringing UWP security model into Win32, and make Windows security features all enabled by default.

See BlueHat IL talk on the matter,

https://youtu.be/8T6ClX-y2AE

There are no plans for Windows 10, beyond security fixes until 2025, it is done.

EDIT: There is a BUILD 2023 talk on the matter as well.

https://youtu.be/w6VwHGPz12w

[go to top]