MS Suggests Using Shims For XP-To-Win7 Transition 316
eldavojohn writes "Windows XP (and a lot of MS OS code before that) had a fundamental security flaw whereby the default setting made the ordinary user run as the superuser. Vista & Windows 7 have fixed that and implemented The Correct Paradigm. But what about the pre-Vista applications written to utilize superuser privileges? How do you migrate them forward? Well, running a virtualized instance of XP in Windows 7 is an option we've talked about. But Microsoft is pushing the idea of using 'shims,' which are a way to bypass or trick the code into thinking it's still running as user/superuser mode in Windows XP. This is an old trick that Microsoft has often employed, and it has brought the Windows kernel a long ways, in a duct-tape sort of fashion. At the TechEd conference in LA, Microsoft associate software architect Chris Jackson joked, 'If you walk too loudly down the hall near the [Windows] kernel developers, you'll break 20 to 30 apps.' So for you enterprise developers fretting about transitioning to Windows 7, shims are your suggested solution."
Well (Score:2, Interesting)
If you were really shafted, then the shims is worth a go.
In many many cases, applications can be fixed to run without admin rights. By checking using regmon, filemon, and similar, you can get a handle on what an app is opening and where the permissions issue lies.
This is a bit time consuming, and its a negative, but it is do-able.
There are four things that proceed the problem.
Lazy users
Very lazy developers. -- The prime cause of security failures in Windows.
People only too happy to simply run as admin -- Bad practice
MS setting users as admin to fit point 1,2,3
Windows is not insecure, not any level worse than anything else, but developers, users, and vendor run it insecurely, and worse, have an encouraging attitude for doing so.
MS have gone about the UAC thing very badly, but overall the step and move towards a UAC alike structure is long overdue, and is badly needed.
Re:Well (Score:4, Interesting)
Everyone always cites lazy developers ... but I have to ask, is it really the programmers fault?
Assume that some database program will only run as an administrator. Is this because the developer couldn't be assed to write proper code, or is it the result of a very tight schedule imposed by management, who needs to ship their product before Q4 so they can meet their debt obligations, thus forcing the programmer is take the quick and dirty route for this bug so he can focus on show-stopping bugs?
Really, I think that this practice is a symptom of a much larger problem.
Re:I know you slashdotters hate to hear it (Score:3, Interesting)
It's certainly not the ONLY reason.
Solaris has great backwards compatibility. Better than Windows, even, and not by a small margin, either. I am running a copy of xemacs today I compiled in 1997 or 1998... 5 major OS revisions back. You can even run third-part device drivers meant for 2.4 on 10 with a reasonable expectation that they will work, and work well. You can even run applications built for SunOS 4 and expect many to work. And SunOS 4 -> Solaris 2 was a major leap. About the same sized leap as MacOS 9 -> X.... in Sun's case they changed from BSD to SVR4 underpinnings.
We all know that Solaris doesn't own the desktop. Hell, I'm a Solaris fan as AFAIC they don't even HAVE a desktop.
BTW, Solaris accomplishes this mostly with "shims", in the form of a well-thought-out dynamic linker with built-in versioning.
Re:I know you slashdotters hate to hear it (Score:5, Interesting)
"The argument is that it's ridiculous to suggest that backwards compatibility is "THE REASON" for MS's success"
I don't think the word 'the' was meant to be taken as a literal definite article, sometimes people exagerate to demonstrate their point as a shorthand way of explaining that the actual extent of their point is large enough to warrent exageration. It's something I personally prefer to not do, but I don't think it's too much of a problem when people do.
I don't think anyone's going to suggest that MS OS's are perfectly backward compatible; sometimes things do need to change, and sometimes things rely on bugs that shouldn't be left open, but in all my own personal experience, they do win hands down next to Linux and Apple (I can't comment outside the scope of those three). Say what you want about "having the source code", but when things need certain versions of libraries for certain APIs, or relied on the way a particular version of GCC compiled their code that's now no longer the case, things don't stay so black and white. Yes I've been able to update a lot of old code myself to reflect changes and get it to compile, but there's still an awful lot I can't.
Re:Meh, this isn't the issue 90% of the time... (Score:2, Interesting)
I'm just curious ... what's the difference between having to shim ENTERPRISE CLASS SOFTWARE and, oh, say, just switching to Linux? Seriously, is this less work?
Comment removed (Score:3, Interesting)
Re:I know you slashdotters hate to hear it (Score:3, Interesting)
I'd agree that the backwards compatibility has been a huge factor in their dominance, especially in enterprise installs. But I would also say that the same backwards compatibility has been a curse as well as a blessing in some ways.
A blessing, in that you could with a reasonable degree of certitude run custom in-house apps dating from the Win 3.1 era on later versions of the OS. This meant companies were free to upgrade to later versions of Windows without having to rewrite all their in-house code. This meant they'd stick with Windows; if you have to rewrite your code for a newer OS, you're free to examine other options ("Would Linux serve us better? A Mac? Sun boxes?") you would not otherwise look into. By ensuring the enterprise users didn't have to do that, Microsoft kept them on Windows.
But this is also a curse, however, inasmuch as they now have to maintain that backwards compatibility or risk losing that same market. And that means you have to strike a careful balance; improve your security model, remove old and insecure APIs (or change them to be more secure) and you run the risk of breaking all of that software. Microsoft wants/needs to move forward, modernize the OS. But in order to do so, they likely will break older things. When even /rumors/ of incompatibility with Vista hit, you notice many companies didn't bother to test whether or not their stuff would run. They simply assumed that it would not, and did not upgrade.
So the backwards compatibility that helped them capture and hold the desktop market is *also* what drags them down a bit and prevents them from moving forward as much as they would like.
I think in some ways this makes the biggest competitor to Vista (and presumably Windows 7) not Mac OS X or Linux, but Windows XP. Simply because of that same 'backwards compatibility is important to the market' factor.
That's my $0.02 + state sales tax, anyway.
Re:Meh, this isn't the issue 90% of the time... (Score:3, Interesting)
Re:I know you slashdotters hate to hear it (Score:2, Interesting)
Competing unfairly in ways like only offering discounts to companies that don't stock competing products - discounts so large that anyone who wanted to stock a competing product basically could not hope to sell anything by Microsoft at a competitive price.
That, I say, was a lucky gamble on Microsoft's part. If there had been a viable alternative that didn't cost anything, it would have been naturally cheaper than Microsoft Windows on the same hardware, and I imagine that Microsoft wouldn't have risen to the imperial power that it is today if it had had to deal with that kind of competition. Maybe Microsoft would still be a competitor, if this alternate universe had happened, but for that to be true, Microsoftware would have to have been a lot more focused on stability.
Given that Windows 3.0 was 1990 and Windows 3.1 was 1992, Linux was just a little late to the party. MS was just in the right place at the right time. And people are now so ingrained in Windows that viruses, license costs, IE, and daily application crashing are simply realities of computers, rather than shortcomings of Microsoft; these users who refuse to search for other options or learn different systems are the only reason that Microsoft still holds its power today. If the market were still a competition, instead of just ignorant users listening for a select few words, there would be a lot more pressure on Microsoft to deliver stable Microsoftware.
What part of history am I missing here? I'm sure that companies tried to compete with Microsoft back in the late '80s and early '90s, but what went wrong? Why was Microsoft, specifically, so appealing to sell?