Microsoft has had a series of logo programs over the years for hardware and software products to use to display compatibility and other requirements for Microsoft platforms. Recently Microsoft released a document detailing the requirements for the Windows 7 Client Software Logo (see below). Many of the requirements are security-oriented, but in general they should help a program provide a good experience.
Here are some of them:
- Applications must conform to the guidelines of the Anti-Spyware Coalition, an industry coalition with broad membership. "Any application found to be malware or spyware as defined by the Anti-Spyware Coalition will lose its logo eligibility and any related benefits. "
- Clean, reversible installation. "A clean, reversible, installation allows users to successfully manage (deploy and remove) applications on their systems."
- Digitally sign files and drivers. "All executable files must be signed with an Authenticode certificate. All kernel mode drivers installed by the application must have a Microsoft signature obtained through the WHQL (Windows Hardware Quality Labs) or DRS [I have no idea what this is] program."
- Support x64 versions of Windows . "To maintain compatibility with 64-bit versions of Windows, applications must natively support 64-bit or, at a minimum, 32-bit Windows-based applications must run seamlessly on 64-bit systems."
- Follow User Account Control (UAC) Guidelines. "Most applications do not require administrator privileges at run time, and should be just fine running as a standard-user." This is perhaps the most important of the guidelines.
- Support Multiuser Sessions. "Application settings and data files should not persist across users. A user's privacy and preferences should be isolated to the user's session. "
- Applications should take full advantage of defense mechanisms for them built into the operating system, including:
- /GS Stack buffer overrun detection
- /SafeSEH exception handling protection
- No eXecute (NX) / Data Execution Prevention (DEP) / eXecute Disable (XD)
- Address space layout randomization (ASLR)
- Heap randomization
- Stack randomization
- Heap corruption detection
If only all programs followed these guidelines! I wonder how well Microsoft's own hold up to them. The logo programs have probably lost some of their prominence in recent years and it's a shame, because these are good rules. If you restrict your system to programs like these you could feel pretty safe.
No comments:
Post a Comment