Today I came across the certification requirements for Windows 8 desktop apps. This is the successor to the Windows 7 Logo program, and represents a set of best practices required for software to display the official Windows logo.
In practice, I am not sure how many buyers check that software is certified before buying, though it might make sense for businesses to do this as a matter of policy if they want keep Windows desktops running smoothly and safely.
The requirements are also interesting as a guide to what Microsoft considers to be well-behaved applications.
The new requirements are tougher than before. Some guidelines that were in the “Beyond Windows 7” section in the previous logo program have now moved to become full requirements. Others seem to be completely new.
Here are some highlights:
- Your app must not depend on any Windows compatibility feature, nor the VB6 runtime.
- Apps may not start automatically on startup. You may not set the “run” registry keys nor install a shortcut into a startup folder.
- Apps must use “strong and appropriate ACLs” to secure executables, directories and registry keys.
- Apps must be compiled with /SafeSEH (safe exception handling), /NXCOMPAT (no data execution) and /DYNAMICBASE (random address space layout).
- All executables must be signed with an Authenticode certificate – this was the same in Windows 7 but worth repeating.
The automatic startup prohibition is particularly intriguing. It could not be clearer:
10.2 Your app must avoid starting automatically on startup
I hate unnecessary startup applications too; but I do not object to all of them. My password manager runs on startup and sits in the notification area. Some of Microsoft’s own applications do this, for example Lync, Skype and SkyDrive. I would have thought auto-startup is acceptable if it is under the user’s control.
One factor may be that Windows 8 desktop apps do not auto-start on log-in even if you set them to do so. Instead, they start when the user clicks or taps into the Desktop. Therefore, in a sense none of the normal auto-start techniques are reliable.
There is a way round this, which is to install an autorun service.
In general, tough certification requirements are a good idea, though if they are too demanding the risk is that vendors will simply ignore them.
The desktop starting on demand is one issue. DAM in Connected Standby is another. Services are throttled but apps are hibernated. An application relying on an autostarted background app that sucks battery and may not resume before the application does will fail, and can be vulnerable to dynamic timer tick issues to.