O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

101
Chapter 4
CHAPTER 4
Installing, Configuring, and Maintaining
Software
4
Most modern software and game programs have automated setup processes, making
it easy to install and run your programs. Resolving problems if automated setup fails
or if a program does not run as expected is not so easy, however, which is why you
need a strong understanding of how software installation works and the techniques
you can use to diagnose and resolve any problems you encounter.
Software Installation: What’s Changed
Compared to earlier releases of Windows, the processes of installing, configuring,
and maintaining software and game programs work differently in Windows Vista.
Primarily, this is because of changes to:
The way accounts are used
The way User Account Control (UAC) works
The removal of the Add/Remove Programs utility
The way application access tokens are used
The way applications write to the system locations
Unlike earlier releases of Windows, Windows Vista has only standard user accounts
and administrator accounts. When you log on to Windows Vista, you use one type
of account or the other, removing the gray area between these two types of accounts
that was previously available through the Power Users group. In Windows Vista, the
Power Users group is included only for backward compatibility, and you should use
it only when you need to resolve compatibility issues.
In Windows Vista, software installation, configuration, and maintenance are pro-
cesses that require elevated privileges. Because of this, only administrators can
install, configure, and maintain software. As discussed in Chapter 3, elevation is a
feature of UAC. Because of UAC, Windows Vista is able to detect software installa-
tion. When Windows Vista detects a software-installation-related process, it
prompts for permission or consent prior to allowing you to install, configure, or
maintain software on your computer.
102
|
Chapter 4: Installing, Configuring, and Maintaining Software
Windows Vista does not include an Add/Remove Programs utility. Instead, it relies
completely on the software and game programs themselves to provide the necessary
installation features through a related Setup or Autorun program.
Most programs created for Windows 95, Windows 98, Windows Me,
Windows 2000, and Windows XP use setup.exe programs. Programs
created for Windows Vista and later versions of Windows can use
autorun.exe programs, particularly if those programs use current ver-
sions of Windows installers. For simplicity’s sake, I’ll refer to both
Setup and Autorun programs as Setup programs.
Windows Vista also provides new architecture guidelines for software and game pro-
grams that fundamentally change the way software access tokens are used and the
way software programs write to system locations. These changes are so far-reaching
that software not specifically designed to support the new architecture guidelines is
considered legacy software. This means there are two general categories of software
that you can use with Windows Vista:
Windows Vista-compliant applications
Legacy applications
Any software written specifically for Windows Vista’s new architecture guidelines is
considered a compliant application and can be certified as compliant with Microsoft.
Applications certified as compliant have the Windows Vista-compliant logo. Appli-
cations written for Windows Vista have access tokens that describe the privileges
required to run and perform tasks. Windows Vista-compliant applications fall into
two general categories:
Administrator user applications
If an application requires elevated privileges to run and perform tasks, it is con-
sidered an administrator user application. Administrator user applications can
write to system locations of the registry and filesystem.
Standard user applications
If an application does not require elevated privileges to run and perform tasks, it
is considered a standard user application. Standard user applications should
write only to nonsystem locations of the registry and filesystem.
Any application written for an earlier version of Windows is considered a legacy
application. Legacy applications run as standard user applications and in a special
compatibility mode that provides virtualized views of file and registry locations.
When a legacy application attempts to write a system location, Windows Vista gives
the application a private copy of the file or registry value. Any changes are then writ-
ten to the private copy, and this private copy is in turn stored in the user’s profile
data. If the application attempts to read or write to this system location again, it is
given the private copy from the user’s profile.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required