Compatibility and Interoperability Requirements. Agenda Compatibility and interoperability...
-
Upload
adelia-madison-garrett -
Category
Documents
-
view
223 -
download
0
Transcript of Compatibility and Interoperability Requirements. Agenda Compatibility and interoperability...
Compatibility and Compatibility and Interoperability RequirementsInteroperability Requirements
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Compatibility and Interoperability Requirements• Support x64 Versions • Sign files and drivers• Perform version checking properly• Support concurrent user sessions• Avoid loading services and drivers in
safe mode• Follow anti-malware policies
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Support for x64 Versions
• No 16-bit code or components• x64 versions of drivers• Application setup detects and installs
proper drivers and components• WOW64—Not necessary to run application
natively• Acceptable to remove nonessential
features • 32- and 64-bit COM servers communicate
with 64- and 32-bit clients
WOW64
• Windows-on-Windows 64-bit• Handles differences between 32-bit
and 64-bit versions of the Windows operating system
• Capable of running 32-bit applications
• Included on all 64-bit versions of the Windows operating system
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Signing Files
• Ensures files have not been tampered with
• All executable files must be signed with an Authenticode certificate
• Code-signing certificates are available from several vendors
• Use the SignTool in the Windows SDK to sign files
Signing Drivers
• Malicious software drivers affect stability and security
• Driver binaries loaded at boot time contain embedded signatures
• Microsoft signature for kernel-mode drivers through WHQL or DRS program
• 64-bit versions of Windows Vista will not load unsigned drivers
• Administrator privilege is required to install unsigned kernel-mode components
Creating Test Certificates
• Need only one MakeCert test certificate per computer
• Certificate store added to Windows managed list
• Install in test computer’s Trusted Root Certification Authorities and Trusted Publishers certificate stores
MakeCert –r –pe –ss TestCertStoreName –n “CN=CertName” CertFileName.cer
Delay Signing
• Developers require public key • Defer signing until shipping • Use delayed signing at build time
– Reserves space in PE for strong name signature
Delay Signing Process
• Obtain .snk file– Created using sn.exe
• Annotate with custom attributes:– AssemblyKeyFileAttribute– AssemblyDelaySignAttribute
• Turn off signature verification
[assembly:AssemblyKeyFileAttribute("myKey.snk")] [assembly:AssemblyDelaySignAttribute(true)]
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Version Checking
• Allows application to be used in future versions– Check for ≥ desired version number– Do not check CurrentVersion in registry– If EULA prohibits use on future operating
systems, fail gracefully
• GetVersionEx– Version-checking API
• Check for capabilities rather than version– Windows build team recommendation
• VerifyVersionInfo• Environment.Version property
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user
sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Fast User Switching
• Multiple users can log on• Switches quickly between open
accounts• Does not change application state• Uses Terminal Services technology
FUS Application Best Practices (1)
• Test application under FUS• Implement true profile separation• Register for notification of a user
switch• Be aware of other running instances
FUS Application Best Practices (2)
• Applications must allow multiple sessions unless prevented by architecture
• Includes Remote Desktop Connection sessions
• If not supported, alert user and write to Windows NT event log
• 3D graphics applications– Not required to work over RDC – User alerted on failure
• Sound in another user session inaudible in current session
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Safe Mode
• Enables users to diagnose and repair Windows configuration
• Drivers and services should not run unless needed for:– Basic operations– Diagnostic purposes– Recovery purposes
Safe Mode Registry Keys
• If set, drivers and services run in safe mode without any errors
• Minimal and network registry keys
• Any use of these keys must be listed in the logo documentation
HKLM\System\CurrentControlSet\ Control\SafeBoot\MinimalHKLM\System\CurrentControlSet\ Control\SafeBoot\Network
Safe Mode Registry Safe Mode Registry SettingsSettings
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware
policies• Compatibility and interoperability
test cases
Anti-Malware
• Applications MUST meet privacy guidelines
• You risk losing logo certification if your application is identified as malware or spyware
• Anti-Spyware Coalition– 40-plus member organizations– Includes Microsoft
Agenda
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and
interoperability test cases
Compatibility and Interoperability Test Cases (1)
• Verify application installer:– Does not have a 16-bit installer– Does not use or rely on 16-bit code or
components– Does not attempt to install any non-64-
bit drivers on x64 versions of the Windows operating system regardless of whether application is a Win32 application or is native to 64-bit
Compatibility and Interoperability Test Cases (2)• Verify executable files and other files
installed by the application are signed
• Verify all kernel-mode drivers installed by the application are signed
• Verify application properly checks for operating system version
• Verify application launches and runs properly using Fast User Switching
Compatibility and Interoperability Test Cases (3)• Verify application launches and run
properly using Remote Desktop• Verify drivers and services start in
safe mode
Summary
• Compatibility and interoperability requirements
• Support for x64 versions • Signing files and drivers• Version checking• Support for concurrent user sessions• Safe mode• Support for anti-malware policies• Compatibility and interoperability
test cases
Additional Resources
• WOW64 implementation detailshttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/win64/win64/wow64_implementation_details.asp
• Delay signinghttp://blogs.msdn.com/shawnfa/archive/2004/03/17/91575.aspx
• Fast User Switchinghttp://support.microsoft.com/kb/294737/en-us
• Anti-malwarehttp://www.antispywarecoalition.org/