Windows Vista Security Considerations for Developers

Submitted by jbreland on Fri, 06/22/2007 - 10:52

I'm sure that everyone reading this site is aware of the fact that Windows Vista has made some rather drastic changes to the underlying OS in the name of security. Some of these are good and overdue changes; some, however, are freakin' brain dead (you can see my last post for a very brief summary of my feelings about Vista from a user's perspective). Regardless of my personal feelings, the fact is Vista is here and it's install base is only going to grow as people purchase new PCs. Given that I maintain a few applications for Windows, I have to take Vista into consideration and make sure that my apps continue to play nicely on Microsoft's current and future operation systems.

Unfortunately, I'm rather late to this party. Until just recently I have had no direct exposure with Vista; I even managed to go through the entire alpha, beta, and release candidate stages of Vista without seeing a Vista system a single time. Needless to say, once it was released I began receiving notices that Universal Extractor has Vista compatibility issues. I'm sure AutoFLAC does as well, but I guess those users are a bit less demanding. :-) (I say that in jest, of course - the UniExtract community over on the MSFN forum has been fantastic!)

The good news is that I finally do have access to a Vista system. I can't stand using it (again, see my last post if you want to know how I really feel about it), but it can at least serve as a test box for UniExtract and AutoFLAC. The next couple revisions of each will focus on Vista compatibility, and in anticipation of this I've begun doing some research into the Vista changes that most affect applications and installers. I'm post some of the more useful links I've found both for my own reference and for anyone else that may benefit from this information.

New ACLs Improve Security in Windows Vista - detailed article about many of the changes to user and administrator privileges, file system and registry permissions, etc.; very informative, though highly technical

File and Registry Virtualization – the good, the bad, and the ugly - discussion about the compatibility features provided by Vista to allow older "non-compliant" applications to install and function properly

Vista considerations - small write-up on the Inno Setup Knowledge Base discussing Inno-specific considerations

Vista FAQ and INNO Vista and XP questions - two Inno Setup newsgroup discussion threads concerning Vista compatibility

I know there's a lot more information out there, and I'll probably update this post as I come across it, but this will get me started. Do you know of any other good resources? Please post a comment!