« Five Things People Don't Know About Me | Main | Microsoft's Content syndication platform Patent »

Wednesday, December 20, 2006


Feed You can follow this conversation by subscribing to the comment feed for this post.

Actually, it is not just inexperienced users who hesitate to install programs on Windows. Many experienced users do too, because they know from painful experience that installing a new application can easily make their system start malfunctioning in strange and creative ways. In addition to this, they also know that it may be impossible to really remove the application.

This situation is partly the fault of Microsoft for making Windows the way it is and partly (possibly even more) the fault of the armies of lazy, slovenly programmers out there who think they can do anything they like on users' computers. They abuse the Windows Registry as their own private database, overwrite system DLLs with their own dubiously patched versions, patch the Windows kernel without asking for permission and almost never clean up after themselves when they leave -- i.e. their uninstallers leave an unholy mess of cruft throughout the system.

What these slobs do is the digital equivalent of breaking and entering and causing physical damage to property. The only reason we don't have lawsuits for this damage is because neither users nor the courts really understand what is happening here.

On the face of their behavior one would have to say that the majority of Windows programmers have no respect whatsoever for their users' property or home environment. It's as though a salesman were to come into your home, rearrange all your furniture without asking you (replacing some of it in the process), empty the ashtrays and all his own garbage onto your living room floor and then just leave.

Not only that, IE7 won't even let you download and install some programs, even after you've paid for them. I recently purchased an upgrade to Adobe Acrobat, and after shelling out $100 for my upgrade and going to the download page, IE7 simply threw up a message saying something like "For your protection, Internet Explorer has blocked this software from downloading to your computer." It gave me no options to bypass the warning and accept the download, no window above where I could accept an ActiveX control, nothing. Fortunately I also had Firefox on my machine and that worked, but what a headache!

Shouldn't code-signing help here, at least a little bit on the downloading side?

Hi Nick, this fear you mention -- of letting strangers tap into your operating system -- is one of the driving factors behind the Adobe Apollo project. It provides a sandbox environment in which network applications can be safely and easily used.

Production methods are HTML/JS/CSS or SWF. User experience parallels that of desktop apps (windowing, app name, system tray, etc). Platform support is recent Windows and Macintosh, with popular Linux distributions on the way.

(Brad, other people using IE7 can still install software... I've got to confess though that I haven't kept up-to-date on its latest security options and so can't offer tips on what might need to be changed in that configuration, sorry.)


Nick, you may be right about people moving to the web, given enough speed and bandwidth. The prime reason for this behavior, in my opinion, in addition to access from one location, is the fear of data loss, at least in applications that help create content, rather than readers or browsers. If there's one thing that is driving people to the web, it is the managed data on service provider's servers.


I understand your position as I am also a developer of desktop software, as well as the positions of the previous commenters. My question is, with all of the above, have you seen an increase in sales of your desktop software? If so, it means that (some) users are still willing to download software, given all of the potential risks, because of the advantages that desktop apps have over web apps.


To the Adobe poster above who's download failed, thats more-so Adobe's problem. They are using an antiquated download link in the auto-refresh tag of the web page (like too many download sites still too aka download.com)instead of a simple direct download a href link.

Every user I've talked to does not want their personal files online, even letters. Once you upload something to Google Docs, "they" can have a copy of it and access to it, whether you like it or not. Go back two posts and reread what everyone wants: POWER. And control is the ultimate power.

However, the motivation for Web 2.0 is not fear, but the almighty dollar. Selling you software that you can use forever (relatively) is not profitable. You yourself with newsgator initially put FeedDemon into a subscription license model. But "software as a service," where a user has to PAY to access their own data just like they have to pay for cable TV service, is what is driving companies toward the web.

Sadly, the browser isn't built for most tasks. But that doesn't seem to stop the inevitable march in that direction. Fortunately, Open Source has an entirely different course from megacorp, inc.

If more software were written for a managed platform (eg .NET or Java) I wouldn´t mind so much about installing them. Both platforms have a "good" uninstall-behaviour and could (within limits) provide a good sandbox for litte programms in which i´m sure they can´t interfer with other programms.

It´s quite sad that neither platform has any momentum for desktop apps.

Btw I just reinstalled my XP after 1,5 years, and I´m amazed at how much garbage I collected in that time. And i´m not even a big collector of shareware / freeware / trials etc...

Bravo Nick, great post. I don't think trackbacks are working for us at ZDNet, but I wrote up a response - http://blogs.zdnet.com/Stewart/?p=206

I believe this is exactly what ClickOnce deployment and .NET Framework with code access security is designed to solve.


I haven't looked at it recently, but having used some of these applications internally at Microsoft, they don't prompt the user at all before the app is launched under certain circumstances (the app doesn't need disk access, access to the registry, etc.) And when the app needs to do those things, it then prompts.

But there's no installer, etc. so it's much lighter weight.

virtual machines is the new way to deploy software. If Microsoft were not that bunch of crooks, making it illegal in Home Vista to run a virtual machine, perhaps that would give an incentive to software vendors out there to start giving away ready-to-use virtual machines.

When you've run a virtual machine once, you don't get back. Ever.

Scary install dialogs, configuration problems, browser or third-party version support, are simply irrelevant in this virtual machine world.

How about FeedDemon for Mac? Now, that would be a great gift.

I doubt that web applications will make desktop apps obsolete. One reason are the limited features: Take Google Reader for example - where are smart folders? Where's - Google's speciality - the search?

Another reason are the governments of certain countries declaring a kind of war against their people and criminalizing internet users demanding more and more rights to get and process the users data for so-called risc profiles.

One more reason is the general lack in keeping private and sensitive data really private and secure. Think of AOL, etc...

I broke up with Google Reader, Gmail and a bunch of other services and moved back to desktop apps to do the job (better) again.


I'm not sure I agree with this. I think most casual computer users are comfortable with installing new software.

Too comfortable, in fact. That's why there's so much spyware out there!

I'd be curious to see numbers about retail vs. online software sales. I think the majority of casual home PC users still buy their software at retail, but I may be wrong.

Anyone got any numbers?

It´s quite sad that neither platform [.NET and Java] has any momentum for desktop apps.

I believe Vista will change this. XAML apps are coming and will fundamentally change the AJAX-vs-desktop conversation by incorporating the best of both worlds.

John Dowdell, I assume that the Apollo sandbox environment itself is 'trusted' and running as a maximally privileged process, yes?

So, as soon as someone figures out how to breach Apollo's security, the user's system is toast. Again.

Putting lipstick on a pig doesn't make it prettier, it just annoys the pig.

That said, I'd be *very* interested in trying this out on Linux (I use Ubuntu), where the underlying security model isn't fundamentally broken.

Nick: interesting thought, but I'm quite skeptical. As with some of the other commenters, I'd love to see some hard data. Also, remember that your software may not be very representative, e.g. compared to document creation and/or database software.

One huge downside of Web apps: the features and UI can change without notice. Some view that as a benefit: they get the latest and greatest without downloading. Others as a real drawback: they're forced to change how they work.

Also, I would guess the Mac is much different from Windows.

Chetan: have you seen surveys etc. on this? I think people tend to trust data on their own hard disk MORE than data in the cloud (regardless of which is statistically more reliable). Who knows whether the smaller companies are going to be around in the future, and even Google has (apparently) arbitrarily deleted email accounts and such. (I assume that's rare, but the fear is real.)

(Michael, true, consumers do need to make a trust decision on Adobe Systems. Once they do that, though, then any developer can play in that Apollo sandbox, without having to prove their trustworthiness to each individual audience member.)

@ JD (sorry, Nick, just need this clarified):

"... a trust decision on Adobe Systems. Once they do that, though, then any developer can play in that Apollo sandbox, without having to prove their trustworthiness to each individual audience member."

So a user has no way of choosing to accept or decline individual Apollo apps on the basis of a publisher's identity? That can't be right, surely?

John, from a security standpoint, a 'trusted component' is one that can break your security.

What I meant was that if the Apollo environment is running as a maximally privileged process, an application which can subvert Apollo has no constraints on what it can do in the system.

Whereas if the Apollo environment has few system privileges, an application that subverts it cannot harm the system much.

So, I was asking whether (as I suspect) Apollo was running under windows maximally (or highly) priviliged, or whether Apollo installed as a relatively unprivileged application, such that, even if an application subverts Apollo, it won't have complete run of the user's system.

"So a user has no way of choosing to accept or decline individual Apollo apps on the basis of a publisher's identity? That can't be right, surely?"

You're right, that can't be right. ;-)

(The presence of a protective sandbox does not mean anyone can install HTML/JS or SWF interfaces without your consent. You definitely can choose whether you want a web application to run locally or not.)

Michael, I agree, if you can get evil code onto the system to subvert a native process, then that's bad, regardless of *which* applications or OS routines it targets. (Apollo itself will run HTML/JS and SWF, not OS-native code.)

JD - so this Apollo is like the original Java Applet sandbox? Did not Java start with that premise - a sandbox virtual environment that will work in any browser and provide a rich UI experience?

Why reinvent the wheel?

John, so, assuming that neither the HTML/JS renderer (which ones are you using, BTW?) or the SWF environment have holes that allow OS-native code to be snuck onto the system, it should be reasonably safe.

That's a pretty big assumption though.

And that possibility would *still* be best ameliorated by making sure the Apollo environment was not itself running as a privileged process, which point you have not yet addressed.

So, I will ask again outright: Is the Apollo environment running as a maximally or minimally privileged process?

Nick, sorry to be hogging your entry here... folks, there are other places for Apollo info, and possible followup questions, too.

"Just-a-speck" (?), Macromedia Director used the catchphrase "author once play anywhere" before Java arrived in the browser, and what you know of clientside Java is in-the-browser work, and quite different.

Michael, you're using labels "maximally privileged" and "minimally privileged" which would need to be nailed down before any answer could be possible, but the Apollo runtime does seem to be built with native OS code (with all the implications this implies), even though the Apollo runtime itself will accept instructions in HTML/JS and SWF.

The comments to this entry are closed.