Tuesday 31 January 2012

Another form of Compatibility: Application Eco-systems


A little while ago I was asked to present on the topic of application compatibility in a future multi-platform, multi-user, multi-device world. I agreed and started thinking about the "multi-multi-multi" problem that we are starting to enjoy the benefits from (think tables, mobile and desktop versions of the same application) and then about the technical challenges and getting things working across the the new "multi-multi-multi" or M3 reality. 

And, by getting things working, I raise the bar somewhat and consider the following requirements for "getting things working" which includes;

     - Deployment: automated, secure deployments with update and uninstall support
     - Management: reporting, telemetry and access control
     - Cohabitation: multiplatform support, application co-existence, services/data access and integration

This in effect means that applications install properly, work well on each platform and more challengingly (is this a word?) work well together. Interestingly, while I was treading around my RSS feeds, I found the following image describing the new battle ground in the multi-multi-multi universe;


I thought that this image was pretty apt - Not because it was accurate, more rather it represents a very narrow view of the coming challenges of multiple platforms and more importantly the increasing importance of multiple application eco-systems. 

It's now all about ;
     1) multiple platforms (hardware)
     2) multiple devices (desktop, mobile, tablet)

and 3) multiple eco-systems. Yes, we have seen the spectacular rise of the Apple App store and with Microsoft strategically aping this approach, we will have at least a few distinct and most like non-compatibile application eco-systems. 

As a final note on this, don't count Microsoft out yet as they has developed THE LARGEST application ecosystem over the past few decades and the Microsoft App store is very likely to build on that huge momentum for some time to come.


Tuesday 24 January 2012

Windows 8: Some ARM Twisting for Legacy Applications

As we have have heard for the last long while from Microsoft, application compatibility is key to their product development and a key feature of the Windows ecosystem (extended franchise model?) This was a huge issue for the release of Windows 7 (as evidenced by the creation of several companies successfully built on identifying and solving compatibility issues for clients) and will likely continue to be an issue for the release of Windows 8; for both versions. Meaning for separate platforms; INTEL and ARM. 

This is the first time that Microsoft has released a version of their operating system for use on a non-Intel architecture and this move asks a number of questions;
  1. Which applications will run on the new ARM platform?
  2. Which applications will run on both?
  3. Will the build and application deployment techniques and technology differ for each platform?

We are coming up to a big fork in the road for Microsoft: How is Microsoft going to ship and provide application support for the ARM Windows platform?  

And, it already looks like we are seeing these two roads differ with the three nominated ARM-based Windows 8 vendors (Nvidia, Qualcomm and Texas Instruments)  indicating that their customized versions would not be compatible with each other.


In addition, Renee James from Intel said about application compatibility and legacy support on ARM based Windows 8 system;
"upcoming versions of Windows that Microsoft will provide for ARM-based systems will not run "legacy" applications. "Our competitors will not be running legacy applications. Not now. Not ever,"
In addition, Renee added;
"There will be four Windows 8 SoCs for ARM. Each one will run for that specific ARM environment, and they will run new applications or cloud-based applications," "They are neither forward- nor backward-compatible between their own architecture – different generations of a single vendor – nor are they compatible across different vendors. Each one is a unique stack."
Wow! And I thought having to worry about deprecated API's, new file-systems and old middle-ware dependencies would be enough to keep interested Windows 8 application compatibility issues. 

Having multiple platforms, multiple stacks, new input hardware (touch) and potentially zero support for legacy applications on some versions of Windows 8 will definitely increase the complexity number of compatibility issues for Windows 8.

Application Compatibility Experts - Don't quit now, Windows 8 is coming!

And, for further interesting further reading:

Will Windows 8 on ARM be an OEM-only product?

Microsoft embraces ARM with Windows 8 Breaks Wintel fidelity

In case you have not heard about the ARM architecture and/or just need to know more, read here: http://en.wikipedia.org/wiki/ARM_architecture



Thursday 19 January 2012

Windows 8 - A New Filesystem is born - ReFS


Microsoft has recently announced that Windows 8 Server and then Windows 8 (desktop?) will support a new file system called ReFS or Resilient File System. This will be the first low-level update of the desktop and server platform file systems for just over 10 years with the introduction of NTFS (New Technology File System) in 2000.

Some of the key benefits of this new FileSystem will include;
  • Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint.
  • Verify and auto-correct data. 
  • Optimize for extreme scale. 
  • Never take the file system offline.
  • Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature, 
Some great ideas and once again,  Microsoft has a strong focus on backward compatibility, and so compatibility deserves a space at the top of the new system's feature list.

You can read more about this new filesystem in the reference linked below, but I thought it was key to highlight some of the features that will not be supported by ReFS;
  • Named streams
  • Object IDs,
  • Short names
  • Compression
  • File level encryption (EFS)
  • User Data Transactions
  • Hard-linking, 
  • Extended attributes, and quotas
I am sure as we learn more about these new filesystems and storage service offerings from Microsoft, we find to what extend deprecating these features and functionality will impact users and developers. To address some of these compatibility concerns Microsoft has offered an architectural diagram of how applications and services will operate with the ReFS compatibility layer.


Could the next compatibility challenge be related to how applications work with the underlying filesystem? I wonder how some virtualization vendors will be affected with their filesystem redirectors and virtual drivers. 


References:

Building Windows 8

Check out Mary Jo Foley's view on this topic here:

Wednesday 11 January 2012

Patch Tuesday - Jan 2012


With this January Microsoft Patch Tuesday update, we see a set of 7 updates; 1 with the rating of Critical and 6 with the rating of Important. This is a moderately sized update from Microsoft and the potential impact for the updates is likely to be low.
As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen a small number of potential compatibility issues, including some which were caused by the fifth update in this release, MS12-005, where vulnerabilities in Microsoft Windows could allow Remote Code Execution.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this January Patch Tuesday release cycle.
Here is a sample of the results for two applications tested for compatibility with these updates:
Top: MS12-005: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution.
Bottom: MS12-006: Vulnerabilities in SSL/TLS Could Allow Information Disclosure.




Testing Summary
  • MS12-001 : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
  • MS12-002 : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
  • MS12-003 : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
  • MS12-004 : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
  • MS12-005 : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
  • MS12-006 : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
  • MS12-007 : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS12-001<1%<1%YESGreen
Microsoft Security Bulletin MS12-002<1%<1%YESGreen
Microsoft Security Bulletin MS12-003<1%<1%YESGreen
Microsoft Security Bulletin MS12-004<1%<1%YESAmber
Microsoft Security Bulletin MS12-005<1%<1%YESAmber
Microsoft Security Bulletin MS12-006<1%<1%YESAmber
Microsoft Security Bulletin MS12-007<1%<1%YESGreen

Legend:
No IssueNo Issues Detected
Applications flagged as GREEN have no issues identified against them.
FixablePotentially fixable application Impact
An AMBER issue is one that pertains to the installation routine. A packager can change things in the installation routine and so can AOK Workbench. Anywhere an issue is found and a change can be made to the installation routine to get rid of it we will flag it as amber. AOK Workbench fixes almost all of the issues it flags as amber. For the few issues that require a decision to be made, a packager can manually remediate these using the issue data provided by AOK Workbench.
SeriousSerious Compatibility Issue
A RED issue is generally one that pertains to how the code or actual program works. In this case we will flag as Red issues where a package tries to use objects or functions that have been deprecated from the OS or where their use has been restricted. In this case there are no changes that a packager (or AOK Workbench) can make to the install routine to fix the problem. The problem needs to be dealt with at the program code level by the programmer that wrote it or by providing a more up to date driver. However it is reasonably straightforward once a programmer has the information provided by AOK Workbench to make these changes. For vendor MSIs an upgrade may be required.

Security Update Detailed Summary
MS12-001Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
PayloadNtdll.dll, Wntdll.dll, Updspapi.dll
ImpactImportant - Security Feature Bypass

MS12-002Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadNo specific files affected
ImpactImportant - Remote Code Execution

MS12-003Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
DescriptionThe vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
PayloadWinsrv.dll, Updspapi.dll
ImpactImportant - Elevation of Privilege

MS12-004Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadMciseq.dll, Winmm.dll, Updspapi.dll
ImpactCritical - Remote Code Execution

MS12-005Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadPackager.exe, Updspapi.dll
ImpactImportant - Remote Code Execution

MS12-006Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
DescriptionThis security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
PayloadSchannel.dll, Winhttp.dll, Updspapi.dll
ImpactImportant - Information Disclosure

MS12-007Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
DescriptionThis security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.
PayloadNo specific files affected
ImpactImportant - Information Disclosure


*All results are based on a ChangeBASE Application Compatibility Lab's test portfolio of over 1,000 applications.

Tuesday 10 January 2012

Windows 7 Webinar with Microsoft Quest, ChangeBase and Flexera

Join us on January 18th for an overview of available tools and solutions to assist in accelerating Windows 7 deployment. During this webcast we will cover the following topics:

  • Setting strategy for seamless and effective Windows 7 deployment
  • Solutions to aid Application Compatibility and Application Lifecycle Management 
  • Using desktop virtualization tools to further deployment efforts
  • Application virtualization strategies and tools
  • Open Discussion and Q&A

Register Today!
January 18th, 2012 – 11:00am – 12:00pm
 
Speakers:
Nishant Padhye, Optimized Desktop Specialist - Microsoft
Mike Russell, Systems Consultant – Quest
Steven Hunt, Solution Architect – Quest
Ken Hilker, Sales Engineer – Flexera Software
 
EVENT DETAILS
Date: January 18, 2012
Start Time: 11:00 AM PST
End Time: 12:00 PM PST
 
REGISTER TODAY!



Wednesday 4 January 2012

Microsoft TechReady 14 - Heck, I'm Ready!

It's that time again for the bi-annual Microsoft internal tech-fest called Tech Ready. TechReady is Microsoft's internal briefing to Microsoft staff (only). Luckily the folks from ChangeBase\Quest have been invited to present an instructor led lab to Microsoft staff on the benefits of automated assessment and remediation delivered by the ChangeBASE tool.

Here is a brief overview of we plan to cover;

During this session, Greg Lambert (that's me) , Chief Technology Architect of ChangeBASE will discuss the 3 M’s of application migration and virtualisation: multi-usage, multi-input and multi-scenario.  Using real-life illustration, documentation and testimonials this deep dive technical session will look at the mechanics of achieving the utopian within your client base. It will outline the problems you will face as you look to migrate your customers. Broken into three distinct categories, I will discuss the compatibility challenges facing each area and using technical demonstration will illustrate how these challenges can be addressed.

Taking each in turn I will discuss;

Windows 8 application compatibility including;
            1)  Desktop migrations issues including;
                        - Windows 7 Compatibility
                        - 64-bit Compatibility
                        - App-V Streaming compatibility
2)  IE8, 9 and 10 compatibility including;
                        - Presentation challenges
                        - Security
                        - HTML and Javascript

From this Instructor Led Laboratory (ILL)  session delegates will learn;

A) What areas of consideration are needed to migrate application estates to a Windows 7, App-V based platform
B) An understanding of the 3 M’s of application migration and virtualisation and how  they affect the enterprise
C) The primary hurdles facing organisations as they migrate Windows 7 and virtual desktops and how to practically address those challenge

This lab will be presented by me (Greg Lambert) and my Quest colleagues on Tuesday, January 31 in the afternoon in the Seattle convention centre. If you have any questions or would like to attend please leave a comment on this posting and I will try to get back to ASAP.