01-04-2015 04:38 AM
60 123
tools
  1. spaulagain's Avatar
    I'm pretty sure that will never be the case- that's a dystopian fear fueled dream. First and foremost Microsoft has their corporate customers, then the end user. Backwards compatibility is king, kernel level development is REQUIRED for any hardware devices you might put in your PC, and lower level development is key in embedded devices which Microsoft has always been a strong benefactor of.



    One day, we will use the modernUI apps primarily, however the desktop will never be phased out, simply because the scope of modernUI apps cannot extend to lower level development and still retain its inherent security benefits.

    Ya, I kind of agree, at least for a subset of users. I think for the majority of users, even for businesses, the new app environment will eventually house all the apps they use.

    But there will always be a niche user base that needs to more integrated and modifiable legacy application environment.
    a5cent likes this.
    12-28-2014 03:20 PM
  2. Bagzton's Avatar
    Phones = ARM architecture, which are completely different from what viruses and desktop software require: x86/x64 architecture. There's no way to get anything developed for the latter running on an ARM powered device. And even if someone would invest time and effort to code ARM specific viruses - like they do for Android powered platforms - it wouldn't make any sense at all. WP has all its apps running sandboxed and in isolated storages. There's just no way for these viruses to gain access to other apps or even the OS itself. People may complain about the walled gardens that iOS and WP are as they want, but it's the perfect symbiosis of security and functionality. Android is open and can be customized to death. For an unbearable price: a security nightmare and utter mess.
    I have a question. We all know all apps can only be installed on our phones through the store (which is sandboxed) therefore eliminating the chances of getting a virus through installed apps. But what about email attachments? To the best of my knowledge, I know we can't run .exe files on WPs (or am I wrong?) but I'm talking about attachments with legitimate file extensions like PDF but contain scripts that are malicious.
    12-28-2014 03:42 PM
  3. dKp1977's Avatar
    I have a question. We all know all apps can only be installed on our phones through the store (which is sandboxed) therefore eliminating the chances of getting a virus through installed apps. But what about email attachments? To the best of my knowledge, I know we can't run .exe files on WPs (or am I wrong?) but I'm talking about attachments with legitimate file extensions like PDF but contain scripts that are malicious.

    I'm not even sure if these scripts could even be executed, tbh. I seriously doubt it. But even if, they would only be able to perform actions in the very sandbox they're executed from with access to only the according isolated storage. Which means they're potentially useless.
    Bagzton likes this.
    12-28-2014 03:51 PM
  4. Bagzton's Avatar
    I'm not even sure if these scripts could even be executed, tbh. I seriously doubt it. But even if, they would only be able to perform actions in the very sandbox they're executed from with access to only the according isolated storage. Which means they're potentially useless.
    All right then. Thanks.
    12-28-2014 04:08 PM
  5. Reflexx's Avatar
    Think of it like this.

    There is one OS, but it has two sides. Think of those sides like countries that are separated by an ocean and the residents both speak different languages. They also are built on two very different philosophies and governments.

    The countries are Modern and Legacy.
    Legacy is built on the foundation of a very free and open government. Anyone could do anything. Everyone who creates something in Legacy has access to anything else in Legacy. This includes government systems and other peoples creations.

    In Modern, things are much more strict. It's built on the foundation that a creator is only given access to certain things. Every creation must be approved by the government before the populace is allowed to use it. And every creation is restricted in what it can affect, so even if a rogue creation goes crazy it can't affect anything it was never given access to.

    People who live in Legacy live the freedom. They feel empowered because their creations are only limited by their imagination. But they also understand that they need to protect themselves because bad people can do the same.

    People who live in Modern love the security. Bad creations are stuck in the homes of the people that made them. They can also safely be deleted without harming other systems.

    The planet is Windows 10. As a super user of Windows 10 you can go from Legacy to Modern at your whim. Switching back and forth is a cinch. But you know that any time you're in Legacy you have to be careful that you don't blow up the world.

    You also have a mobile version of your planet. This is like a space station that you can take with you. (your phone) In this mobile version you have Windows 10, but the country of Legacy cannot be accessed. You can only bring Modern along with you.
    a5cent, jmshub and Xabier Granja like this.
    12-28-2014 04:43 PM
  6. a5cent's Avatar
    Interesting, I was under the impression that Windows 10 would be one operating system that will run all devices, desktop and mobile. That seemed to be the message Microsoft was conveying. Didn't know that there would be Windows 10 and Windows 10 Mobile.

    So in essence, does that mean that there is no major change from the current situation with Windows 10? Currently, we have Windows 8 and Windows Phone 8. With Windows 10 we will pretty much have the same situation, except that Microsoft will be calling its phone operating system also as Windows 10.
    I guess that depends on what you would consider to be a major change.

    It seems to me that Microsoft is trying to send two conflicting messages at the same time. To consumers they are trying to say "it's all one OS". This statement is what most of the technically illiterate tech-press jumped on, which is why many understandably have that misconception. That's just not the case. What MS means is that both W10 and W10M will offer, as far as Store/Modern apps are concerned, a very similar experience. That similar experience doesn't extend to the Windows desktop however (or more technically, anything Win32 related), which currently constitutes over 90% of what we currently call Windows. None of that will be available on mobile devices.

    Technically, the correct way to think about W10 and W10M are as two separate OSes that share a set of identical components. W10M is pretty much a wholly contained subset of W10. That identical subset is what is responsible for the similar experience, which is limited to Modern apps and the Modern runtime environment.

    When communicating with developers and investors, MS tends to put a bit more weight on technical correctness rather than just the marketing message. That is where they've confirmed it's not actually all one and the same. Still, WP being extended with all the tablet specific features from Windows RT, and the WinRT APIs finally becoming identical across all versions of Windows, rather than just similar (a path MS started down about four years ago), does seem like a big deal to me.

    On the other hand, like many others on this site, I'm not a typical consumer. That means I can get excited about things that are only of technical importance that otherwise have no impact whatsoever on consumer facing features. Obviously, what type of consumer you are will determine whether you think any of this constitutes a "major change" or not.
    Ordeith, jmshub and Xabier Granja like this.
    12-28-2014 04:54 PM
  7. J Bryan's Avatar
    I disagree. There are far too many companies that depend on in-house application development to just axe the exe,msi,.setup etc types of files.
    It might be a more high-tech version of UAC in the mid term future, but you will still be able to code your own apps and distribute them.
    12-28-2014 05:56 PM
  8. a5cent's Avatar
    I disagree. There are far too many companies that depend on in-house application development to just axe the exe,msi,.setup etc types of files.
    It might be a more high-tech version of UAC in the mid term future, but you will still be able to code your own apps and distribute them.
    Who said otherwise?
    12-28-2014 06:19 PM
  9. spaulagain's Avatar
    Interesting, I was under the impression that Windows 10 would be one operating system that will run all devices, desktop and mobile. That seemed to be the message Microsoft was conveying. Didn't know that there would be Windows 10 and Windows 10 Mobile.

    So in essence, does that mean that there is no major change from the current situation with Windows 10? Currently, we have Windows 8 and Windows Phone 8. With Windows 10 we will pretty much have the same situation, except that Microsoft will be calling its phone operating system also as Windows 10.
    One OS doesn't mean the features will be identical across all devices.

    The OS would simply share many similarities but turn on or off various elements dependent on the installed device type.

    However, from what we've heard, there will be a separate SKU for the mobile version. That doesn't mean it won't share much of the core OS. As the difference between Windows 7 Home and Windows 7 Professional is just a matter of a few features turned off. But they are separate SKUs.

    That being said, it doesn't matter if the OS is identical on phones and desktops. If the legacy apps aren't recompiled for ARM processors then they won't install on phones anyways.
    12-28-2014 06:56 PM
  10. a5cent's Avatar
    The OS would simply share many similarities but turn on or off various elements dependent on the installed device type.
    Could you give me an example of what you're thinking of when you say "turn on or off". I can't think of anything which I think would fit that description. The desktop/Win32 environment on mobile devices isn't just turned off. It literally doesn't exist there.
    12-28-2014 07:03 PM
  11. mathsisbest's Avatar
    It seems to me that Microsoft is trying to send two conflicting messages at the same time. To consumers they are trying to say "it's all one OS". This statement is what most of the technically illiterate tech-press jumped on, which is why many understandably have that misconception.
    This poor marketing sounds similar to Windows RT - the belief that the surface RT could run legacy apps. I fear that Windows 10 will turn out like the surface RT with consumers expecting phones to run PhotoShop and being upset, simply due to bad marketing.
    12-28-2014 07:07 PM
  12. spaulagain's Avatar
    Could you give me an example of what you're thinking of when you say "turn on or off". I can't think of anything which I think would fit that description. The desktop/Win32 environment on mobile devices isn't just turned off. It literally doesn't exist there.



    That's what I mean by turned off. I imagine some features will turn on/off dynamically just depending on how you use it, kind of like the Start Screen/Menu which they've already shown in Continuum.





    Other things like Desktop wouldn't even be installed on devices like phones. Whether that means the OS install is the same file and it just detects the device, or if it's separate file/SKU that actually has separate install packages.





    Either way, the OS will mostly be the same except for various features deemed unnecessary for that device type.





    IMO, the features should always be there and just turned off dynamically. For example, desktop makes no sense on a phone UNLESS I "dock" it into a desktop setup (keyboard, mouse, and monitor). In that case, the desktop should appear because I'll want to use the device as a desktop computer.





    If they go that route, which is pretty easy really, I think they would have a killer OS. It basically mirrors how Responsive websites work.
    Ordeith likes this.
    12-28-2014 07:21 PM
  13. MaxyBley's Avatar
    This is a very legit question. I'm very curious too.
    12-28-2014 07:29 PM
  14. a5cent's Avatar
    IMO, the features should always be there and just turned off dynamically. For example, desktop makes no sense on a phone UNLESS I "dock" it into a desktop setup (keyboard, mouse, and monitor). In that case, the desktop should appear because I'll want to use the device as a desktop computer.

    If they go that route, which is pretty easy really, I think they would have a killer OS. It basically mirrors how Responsive websites work.
    I see what you're thinking, but that's not where this is headed. It could very well be that the Modern runtime environment will support some kind of docking mechanism (completely speculation on my part). Besides allowing your phone to easily interface with all sorts of desktop peripherals, this could also cause Touch-Office to slightly reconfigure itself to be more suitable for keyboard/mouse based input. However, under no circumstances will this give you access to the desktop environment, because like I said, it literally won't exist on mobile devices.

    The statement that "the OS will mostly be the same" falls somewhat short after realizing that W10 for mobile devices will have an installation size below 1GB, while W10 will clock in at the usual 13 GB. Just that difference makes it quite clear that things aren't being turned on/off dynamically based on what is required, but that W10M is only a small subset of W10. The rest is missing and can't be turned on.
    link68759 likes this.
    12-28-2014 07:44 PM
  15. realwarder's Avatar
    I disagree. There are far too many companies that depend on in-house application development to just axe the exe,msi,.setup etc types of files.
    It might be a more high-tech version of UAC in the mid term future, but you will still be able to code your own apps and distribute them.
    With each update to Windows 8 the Store apps are becoming increasingly open to install. Would not surprise me if a mode exists for non store metro apps to exist in Windows 10 enabling developers to target both store and standalone using common tools.
    12-28-2014 07:51 PM
  16. a5cent's Avatar
    With each update to Windows 8 the Store apps are becoming increasingly open to install. Would not surprise me if a mode exists for non store metro apps to exist in Windows 10 enabling developers to target both store and standalone using common tools.
    This would allow users to install anything they found on the internet, thereby taking MS out of the loop and removing their ability to test apps for malicious content before making them accessible to users. I think this would be diametrically opposed to the goals MS has set themselves for the Modern environment. Considering free apps can be distributed via the Windows Store at essentially no cost, and corporations can setup their own app store, there is very little to gain by introducing non-store apps, but a lot to lose.

    I'd be very surprised if MS did anything like that.
    12-28-2014 08:00 PM
  17. realwarder's Avatar
    This would allow users to install anything they found on the internet, thereby taking MS out of the loop and removing their ability to test apps for malicious content before making them accessible to users. I think this would be diametrically opposed to the goals MS has set themselves for the Modern environment. Considering free apps can be distributed via the Windows Store at essentially no cost, and corporations can setup their own app store, there is very little to gain by introducing non-store apps, but a lot to lose.

    I'd be very surprised if MS did anything like that.
    People who want to get their app out mass market would still use the store as it will always be the easy way for users to find, buy and or download apps.

    Given that the validation check can still run as a centralized function, that side of concerns are mute.

    Microsoft is all about opening up their tools and .net at the moment. Constraining developers to only use the store doesn't work in standalone or offline terminals etc. Sure its easy to say use older tools, but the current focus is definitely WinRT, and the store doesn't support every end use.

    I really don't think standalone apps would under mine the store. Windows has been open forever and in some ways WinRT needs to be a little more open too.
    12-28-2014 08:15 PM
  18. Elitis's Avatar
    As everyone has already said: no, viruses won't be able to run on Windows 10 for Phones. This is because of the different file types (.exe vs .appx), different Instruction Sets (x86-64 vs ARM) , as well as due to the fact that there are several things simply not available on phones (like the entirety of the desktop and it's various components). There's also the fact that like on both Android and iOS apps are sandboxed and isolated. The fact that Android also sandboxes its applications is a point everyone missed. Though, iOS and WP severely limit what sandboxed apps can access while it's possible to work around limitations on Android pretty easily.

    ?Security Tips | Android Developers
    Android has security features built into the operating system that significantly reduce the frequency and impact of application security issues.
    • The Android Application Sandbox, which isolates your app data and code execution from other apps.
    • User-granted permissions to restrict access to system features and user data.
    • Application-defined permissions to control application data on a per-app basis.
    The whole sandboxing/isolation thing has more to do with the underlying programming languages used more so than the OS anyway. Java (Android), and C# (WP) need a runtime (a virtual machine) to compile the bytecode and CIL respectively into native commands the CPU actually understand. The Runtimes are what actually provide the isolation and sandboxing. It has nothing to do with the OS. Anyway, WP also makes use of UEFI Secure Boot, further preventing viruses from causing any harm.
    12-28-2014 09:44 PM
  19. a5cent's Avatar
    The Runtimes are what actually provide the isolation and sandboxing. It has nothing to do with the OS. Anyway, WP also makes use of UEFI Secure Boot, further preventing viruses from causing any harm.
    A typical Windows .NET application also executes within a runtime environment, just as a WP .NET app does, yet apps of the former type are neither sandboxed nor isolated from each other. Wouldn't that suggest that it's not the VM (called CLR for .NET applications) which provides the sandboxing?

    AFAIK the CLR is one of those components that W10 and W10M will share, but they will not share security models. That too suggests that most security issues will be handled outside the CLR, because otherwise the CLR could not be the same.

    I'd argue that the sandboxing/isolation is rather a direct result of the APIs which are made available to the applications running in each environment. When running on Windows, .NET applications have access to everything accessible via Win32. When running on WP, .NET applications have access only to what is accessible via WinRT, which represents a much more limited set of features. It's that limited functionality of WinRT, which enforces sandboxing, as it doesn't provide unrestricted access to the file system, or anything else for that matter. I'd say that both Win32 and WinRT are the public API surfaces of the underlying OS, and that neither are directly related to the CLR, which is why I'd conclude that is in fact the OS that provides WinRT's, and hence also WP's, security features.
    12-28-2014 10:21 PM
  20. a5cent's Avatar
    Microsoft is all about opening up their tools and .net at the moment. Constraining developers to only use the store doesn't work in standalone or offline terminals etc. Sure its easy to say use older tools, but the current focus is definitely WinRT, and the store doesn't support every end use.

    I really don't think standalone apps would under mine the store. Windows has been open forever and in some ways WinRT needs to be a little more open too.
    Such an approach would circumvent the store, and therefore also skip the security screenings that apps must currently undergo. In that sense it would undermine security. It may also undermine the store in terms of sales, but I don't think anybody cares about that except MS, and possibly also those interested in piracy.

    I also disagree that MS is looking to open up or relax anything related to WinRT security. The fact that MS couldn't sufficiently secure Windows is one of the main reasons WinRT exists in the first place. Sacrificing such a major part of the security system calls WinRT's primary reason for existing into question. If MS now really wants to do that, then surely it would have been far better to just slap a touch friendly UI on top of Win32 and be done with it. That would have been much cheaper and faster, and then we'd already have the openness you desire.

    Anyway, I'm quite sure this ain't happening, but we'll have to wait to see who's right.
    12-28-2014 10:59 PM
  21. Xabier Granja's Avatar
    Could you give me an example of what you're thinking of when you say "turn on or off". I can't think of anything which I think would fit that description. The desktop/Win32 environment on mobile devices isn't just turned off. It literally doesn't exist there.
    Sure, easy enough. Think about it this way: not all Windows needs to be present for us to think about it as Windows. For example, the desktop alone isn't windows. The NT kernel alone isn't windows. The APIs alone aren't windows. The Desktop, NT kernel and APIs together, that's windows. But there's also another myriad of little and big elements that conform what we think of as Windows. For example, since Windows 8, the tiles and metro apps are part of windows now, as it's part of both the x86-64 and ARM versions and works everywhere. In the same way, sandboxing is part of windows too, which was much heavier in windows 8 too.

    So, what has been referred to before as "turn on or off", which is actually not accurate, means that the mobile version for tablets and phones (which WILL actually be exactly the same code, from what we know) will include the NT kernel, the APIs, metro apps, sandboxing... but it won't include the code for the desktop as well as other desktop-related code. That doesn't make it not windows, it still have many of the elements that constitute what we would understand as Windows. So, more than turning features on or off, it would be more precise to talk about expunging or keeping code.

    That's why you can think of W10 as one Windows, yet different versions, where the phone version (version = SKU) would be, as has been mentioned earlier, a subset of big Windows. The code present on the phone will be the same present in big windows, but the latter will have many other features - among them the "freer" wild-west that is the desktop world. Finally, to circle around to the initial question, since these viruses need the extra freedom in the x86-64 desktop world to affect anything, even if you ported a virus to ARM code you wouldn't be able to run it because a) Modern environment doesn't allow such freedoms, b) if such code where to run it would be sandboxed and thus limited to just that single app and c) the Windows store would never (well, practically never, nothing is perfect) validate one such virus program, so it would never be accessible to users.

    Does this clarify things?

    EDIT: I forgot to add one thing. All of what I mentioned doesn't yet apply until Windows 10. This is an ongoing process. With WP8, phone windows and desktop windows shared about %33 of the codebase and features. With WP8.1, we were up to %77 shared code. With Win10 we should theoretically have 100% code, but the scenarios where we use that code (and subsets of it as I've mentioned) are the "differential" parts between versions/SKUs. They're all still Windows... just different. Big windows and small windows will be like 2 twins: mostly identical, but one has more skills - but is insecure - and the other twin has less skills but is perfectly secure at what he does.

    Also, as you mentioned in the last comment, no, Microsoft will indeed not loosen Modern requirements, as the whole point is to keep that stuff safe. What they will do is bring the Modern APIs and controls up to par with the x86 APIs which have enjoyed 30 years of development and refinement. That's why MS is sharing code, as it's the best way to bring more features to their new Modern platform code by replicating what is already there in the insecure platform, bringing it to the secure one. That'll get developers programming for the modern stuff - which they don't do now so much because the modern stuff is still too limiting. Once the modern environment is up to par with the legacy abilities, be sure it'll displace legacy for 99% of consumer software, as there's only gains to be had since the modern environment brings security and reliability improvements that are inherently impossible in the desktop platforms philosophy. When both have the same skills, pick the smarter platform, not the dumber one :)
    TechAbstract likes this.
    12-28-2014 11:37 PM
  22. Elitis's Avatar
    A typical Windows .NET application also executes within a runtime environment, just as a WP .NET app does, yet apps of the former type are neither sandboxed nor isolated from each other. Wouldn't that suggest that it's not the VM (called CLR for .NET applications) which provides the sandboxing?

    AFAIK the CLR is one of those components that W10 and W10M will share, but they will not share security models. That too suggests that most security issues will be handled outside the CLR, because otherwise the CLR could not be the same.

    I'd argue that the sandboxing/isolation is rather a direct result of the APIs which are made available to the applications running in each environment. When running on Windows, .NET applications have access to everything accessible via Win32. When running on WP, .NET applications have access only to what is accessible via WinRT, which represents a much more limited set of features. It's that limited functionality of WinRT, which enforces sandboxing, as it doesn't provide unrestricted access to the file system, or anything else for that matter. I'd say that both Win32 and WinRT are the public API surfaces of the underlying OS, and that neither are directly related to the CLR, which is why I'd conclude that is in fact the OS that provides WinRT's, and hence also WP's, security features.
    Of course, there are different implementations of sandboxing. Some involve intercepting system calls, some involve modifications to the kernal itself. So, you could argue that the APIs are providing the sandboxing and, in some cases, be right. By definition, a sandbox is a confined execution environment, a container.
    "Process virtual machines are designed to execute a single computer program by providing an abstracted and platform-independent program execution environment."

    "A process virtual machine (also, language virtual machine) is designed to run a single program, which means that it supports a single process. Such virtual machines are usually closely suited to one or more programming languages and built with the purpose of providing program portability and flexibility (amongst other things). An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine—it cannot break out of its virtual environment.

    "sandbox limits, or reduces, the level of access its applications have — it is a container.
    "

    This link provides good detailed information on sandboxing
    12-28-2014 11:41 PM
  23. a5cent's Avatar
    "[I]Process virtual machines are designed to execute a single computer program by providing an abstracted and platform-independent program execution environment."

    "A process virtual machine (also, language virtual machine) is designed to run a single program, which means that it supports a single process. "

    This link provides good detailed information on sandboxing
    I think we're both pretty clear on what a sandbox is. I like the link you provided, but note that the section on "process virtual machines" or "language virtual machines" is basically describing the JVM (Java virtual machine), which in effect is a small OS in its own right, meaning it also contains all security related provisions fully within itself. Like you said though, sandboxing can also be achieved in other ways that are completely unrelated to such virtual machines... and the Windows CLR (the .NET version of the JVM) does.

    The Windows CLR shares some properties of the JVM, but not all. For example, the Windows CLR doesn't even try to make the same "write once run anywhere" promise that the Java platform makes, showing that they don't serve the same purpose. The reason the CLR can't make that promise is because it is actually not a small OS in its own right. The CLR doesn't have it's own system related security policies. It doesn't even define how a hosted process can access the underlying file system. That is all defined by the underlying OS the CLR runs on top of, and the APIs it exposes.

    The CLR certainly defines security policies specifically related to code execution (code trust, monitoring buffer overruns, etc), but it isn't really responsible for the sandbox itself. I'd think it's more accurate to attribute the sandboxing mechanisms of WP directly to the OS rather than the runtime environment.

    Anyway, I mention this only because I'd prefer people to think of security policies as being OS and API (WinRT) related, rather than attributing it to a runtime environment, which for many is a very abstract idea.
    12-29-2014 07:05 AM
  24. SteveNoza's Avatar
    Wow, great discussion, quite educational for end users like me.
    12-29-2014 12:58 PM
  25. awilliams1701's Avatar
    Backwards compatibility is the only reason windows gets viruses in the first place. Since phones use ARM processors instead of x86/x64 processors that backwards compatibility is removed right off the bat. Only the new apps have cross platform support. I don't think you could create a metro based virus and if this is true, then the phone will never get a virus.

    Interesting, I was under the impression that Windows 10 would be one operating system that will run all devices, desktop and mobile. That seemed to be the message Microsoft was conveying. Didn't know that there would be Windows 10 and Windows 10 Mobile.

    So in essence, does that mean that there is no major change from the current situation with Windows 10? Currently, we have Windows 8 and Windows Phone 8. With Windows 10 we will pretty much have the same situation, except that Microsoft will be calling its phone operating system also as Windows 10.
    12-29-2014 01:25 PM
60 123

Similar Threads

  1. How to Sync IE 11 Settings on across WP 8.1 and W8 ?
    By vipresh in forum Windows Phone 8.1
    Replies: 7
    Last Post: 01-20-2015, 09:08 AM
  2. Problem of crashing Windows Central App
    By Nay Patel in forum Windows Central for Windows Phone - App Support
    Replies: 1
    Last Post: 12-28-2014, 09:07 PM
  3. Replies: 1
    Last Post: 12-28-2014, 11:21 AM
  4. How do I turn on the typing suggestion?
    By Windows Central Question in forum Ask a Question
    Replies: 1
    Last Post: 12-28-2014, 08:38 AM
  5. Why the phone is lagging when i unlock it ?
    By Windows Central Question in forum Ask a Question
    Replies: 5
    Last Post: 12-28-2014, 07:04 AM
LINK TO POST COPIED TO CLIPBOARD