zlacker

[parent] [thread] 6 comments
1. orra+(OP)[view] [source] 2023-05-24 16:22:36
Windows 8 and UWP weren't ever popular, but Microsoft is having a little more success parcelling up UWP:

* .appx became .msix; the latter also works for Win32 apps

* UWP XAML/GUI evolved into WinUI, v3 of which doesn't target UWP

* Win32 app isolation—this news—grew out of AppContainers, which were used by UWP apps

That said, what's new here? You could package (.msix) Win32 apps with partial trust, IIRC. Does this remove the need for packaging?

replies(3): >>mike_h+U7 >>pjmlp+ei >>within+a51
2. mike_h+U7[view] [source] 2023-05-24 16:53:08
>>orra+(OP)
The new stuff are basically new package (msix) capabilities that trigger new codepaths in classical Win32 APIs. Microsoft's previous app sandbox required the use of WinRT APIs that not many people have adopted.
replies(1): >>Avery3+Ya
◧◩
3. Avery3+Ya[view] [source] [discussion] 2023-05-24 17:04:54
>>mike_h+U7
AppContainers have supported win32 from the start, not just WinRT.

See:

https://learn.microsoft.com/en-us/windows/win32/secauthz/app...

https://learn.microsoft.com/en-us/windows/win32/api/userenv/...

https://scorpiosoftware.net/2019/01/15/fun-with-appcontainer...

replies(1): >>mike_h+Sc
◧◩◪
4. mike_h+Sc[view] [source] [discussion] 2023-05-24 17:11:14
>>Avery3+Ya
There are different kinds of app containers. The low level container tech doesn't care what high level APIs you use, it just blocks or redirects stuff, but if you want things like file brokering, implicit grants based on powerboxes and stuff like that then it wasn't previously available. That's what this project is adding to Windows.

edit: To clarify, all MSIX packaged apps run in an app container called Helium, but it's a very soft one that isn't meant to sandbox anything. It just redirects file IO to a special directory so installs/uninstalls are clean. You can make app containers stricter. The Chrome sandbox does that, UWP sandboxed apps do that, and now they're adding support for more strictly sandboxing ordinary Win32 apps which would otherwise break when they tried to open a file in the user's home directory.

5. pjmlp+ei[view] [source] 2023-05-24 17:33:13
>>orra+(OP)
I wouldn't call WinUI 3 a success.

What is new here, is that this is the continuation to make all Win32 apps sandboxed.

replies(1): >>orra+TN2
6. within+a51[view] [source] 2023-05-24 22:14:15
>>orra+(OP)
You are correct that Win32 apps were already supported in AppContainer. What's new here is that a handful of Win32 APIs are now slowly getting plumbed into the capability system. This means Win32 apps that currently ship packaged as needing "full trust" can, if supported, reduce the requested capabilities to those that are supported by Win32 App Isolation (e.g., "system tray access").
◧◩
7. orra+TN2[view] [source] [discussion] 2023-05-25 14:25:03
>>pjmlp+ei
> I wouldn't call WinUI 3 a success.

Fair, I would say it's somewhat actively developed, for now... Which is maybe a step above UWP XAML.

Microsoft promised to open source WinUI 3 years ago, but it keeps getting pushed back in favour of other priorities. This isn't good for a healthy community, who can only report bugs, and never fix them.

[go to top]