I had an odd idea for Microsoft last night - and I know, this isn't exactly the Feedback Hub, though this is a little long for that, though I decided not to include it in my "Suggestions for the Windows Store" thread. My idea was this:
Win32 apps when they come from the Windows Store are sandboxed. They run with a fake/redirected Registry area, and files they leave are cleaned up.
Currently, when Win32 programs are converted, they must go through the big "Desktop App Converter". But what does the Desktop App Converter actually do? It installs the app inside a VM (using Hyper-V), records the files it makes, and then creates an AppX from those changes.
My idea is, what if, instead of running Win32 programs through the "Desktop App Converter" and such, Win32 programs were sandboxed by the operating system by default?
Here is how it would work:
1) Every time a Win32 program is installed, the OS makes a list of every file "setup.exe" or "setup.msi" or other setup program creates. It would hook into the area of Windows responsible for creating files for a process, and actually generate a secure list of things "setup.exe" makes.
E.g. "setup.exe" creates in folder "Program Files\myWin32app"
- - myapp.exe
- - thing.exe
- - mydll.exe
2) When a program is launched, Windows finds the "Program Files" folder it is running from, and sets it up so every .exe in that folder runs in the same sandbox (so "thing.exe" runs in the same sandbox as "myapp.exe"). Technically, it isn't a sandbox per se, but a fake registry. Instead of passing the real registry, it passes the fake registry which only .exe-s in that folder can see.
3) Windows would have a setting to un-sandbox an app if the user wants, and Microsoft would maintain a list of programs that can't run in the sandbox (or the software developer requests it to be turned off). Apps on this list run unsandboxed by default. If a program fails to launch, Windows will automatically try again with the sandbox turned off.
So, I am asking the people here: Would this remotely work or be a good idea?
Win32 apps when they come from the Windows Store are sandboxed. They run with a fake/redirected Registry area, and files they leave are cleaned up.
Currently, when Win32 programs are converted, they must go through the big "Desktop App Converter". But what does the Desktop App Converter actually do? It installs the app inside a VM (using Hyper-V), records the files it makes, and then creates an AppX from those changes.
My idea is, what if, instead of running Win32 programs through the "Desktop App Converter" and such, Win32 programs were sandboxed by the operating system by default?
Here is how it would work:
1) Every time a Win32 program is installed, the OS makes a list of every file "setup.exe" or "setup.msi" or other setup program creates. It would hook into the area of Windows responsible for creating files for a process, and actually generate a secure list of things "setup.exe" makes.
E.g. "setup.exe" creates in folder "Program Files\myWin32app"
- - myapp.exe
- - thing.exe
- - mydll.exe
2) When a program is launched, Windows finds the "Program Files" folder it is running from, and sets it up so every .exe in that folder runs in the same sandbox (so "thing.exe" runs in the same sandbox as "myapp.exe"). Technically, it isn't a sandbox per se, but a fake registry. Instead of passing the real registry, it passes the fake registry which only .exe-s in that folder can see.
3) Windows would have a setting to un-sandbox an app if the user wants, and Microsoft would maintain a list of programs that can't run in the sandbox (or the software developer requests it to be turned off). Apps on this list run unsandboxed by default. If a program fails to launch, Windows will automatically try again with the sandbox turned off.
So, I am asking the people here: Would this remotely work or be a good idea?
Facebook
Twitter
Instagram