By Greg DeMichillie [bio]
Posted: Jun. 19, 2006

The following is the full text of an article published by Directions on Microsoft, an independent research firm focused exclusively on Microsoft strategy & technology. More samples of our content, as well as a list of upcoming articles and reports are also available.

New application logo guidelines for Windows Vista indicate a shift in Microsoft's approach to certifying software for Windows: Building the largest possible catalog of applications is less important than the quality of those applications. Applications that qualified for previous logos may need additional work to qualify for Vista, but the more stringent program could weed out some competitors and increase the value of software that does qualify. For the program to be successful, however, Microsoft must convince customers that the new program is different and that logo-approved software will be more secure, more reliable, and easier to install and maintain.

The software logo program complements similar logo programs for hardware vendors and OEMs. For details on those programs, see "Vista Advisor and Logos Help Users Upgrade" in the July 2006 Update.

Two-Tiered Program

Microsoft's software logo program serves the following three basic goals:

• Increase the perceived value of Windows by having a large catalog of compatible applications
• Encourage ISVs to build applications that take advantage of specific Windows features that Microsoft wants to promote
• Help customers identify programs that run, or run well, on the latest version of Windows.

The logo program requirements have also traditionally served as a list of common application programming errors to avoid, useful even for custom applications intended only for internal use. Custom applications that conform to the logo requirements will often be more robust and are more likely to work on future versions of Microsoft's OSs.

ISVs and Microsoft products groups that want the logo for their products must submit their software to a third-party testing organization which verifies that the application meets a set of Microsoft-defined tests. The Windows XP logo tests, however, were something of a paper tiger. For example, although one of the primary requirements for the XP logo is to "perform primary functionality and maintain stability," the test cases are sufficiently broad that an application could crash and still receive the logo.

In recent years, customers have become more concerned about the quality of Windows applications than their total number, and the logo program has given them little guidance about product quality. To give customers more confidence that an application runs well, Microsoft is moving to a two-tiered logo program. The lower tier allows developers to self-certify that their application "Works with Windows Vista." The higher tier is for ISVs that want to label their applications as "Certified for Windows Vista." Like the XP logo, the Certified for Windows Vista logo requires certification by a third-party testing organization, but the Vista version has tighter requirements and focuses on making sure that applications work correctly with Vista's security features, such as User Account Control (UAC), which encourages users to run with the least possible account privileges.

The requirements for the Certified for Windows Vista logo are divided into three categories: security and compatibility, installation, and reliability.

Security and Compatibility

The security and compatibility requirements serve two aims: to make sure that applications support Microsoft's recommended security guidelines. These guidelines include the following:

Follow User Account Control. With Vista, Microsoft is making major changes to Windows security architecture. These changes encourage users to run without the administrative privileges that they typically use on Windows XP, but that make it easier for viruses and other malware to infect their computer. For Microsoft's efforts to succeed, developers (including Microsoft) must make sure their applications do not unnecessarily require administrative privileges. The Certified logo requires that applications come with an XML manifest that tells Windows their required privilege levels. Also, an application's main process must not require administrative privileges. In some cases, meeting the UAC requirement will require significant changes to an application's architecture. Waivers to the UAC requirement will be available for system utilities (e.g., disk recovery utilities) whose primary functions are administrative, but will not be granted for applications such as games or productivity software.

Support x64. Certified applications must run on x64 editions of Vista, either in native mode or in 32-bit emulation mode. Itanium support is not required at all. Only two types of applications are likely to run into trouble: those that include 16-bit code (either in the installer or the application itself) could fail because 16-bit code is not supported on 64-bit Windows; and applications that include kernel extensions could fail because kernel extensions must be ported to 64 bits to run on 64-bit Windows.

Sign files and drivers. Certified programs must be signed with an Authenticode digital signature.

Version check properly. Certified programs must properly check the version of Windows they are running on and work correctly even if the version is incremented. In the past, some applications have incorrectly checked the version of Windows and refused to run after a service pack is installed. Microsoft provides sample code that demonstrates the proper way to check the Windows version.

Support Terminal Services and Fast User Switching. Certified applications must be usable by multiple users at the same time. This ensures that the application runs correctly with Terminal Services, Remote Desktop Connections, and Fast User Switching. Exceptions will be granted for applications that use 3D graphics, but such applications must notify the user on startup and then exit without crashing.

Installation

Installation requirements are designed to make sure that applications install reliably for end users installing on a single system, as well as for IT administrators deploying an application across hundreds of systems.

Use Windows Installer or ClickOnce. Unlike the XP logo, which recommended only that developers use the Windows Installer, Certified applications must use the Windows Installer or ClickOnce. Numerous technical requirements also describe how ISVs must package their applications so that they properly install and roll back in the event of failure. The certification testing will simulate a failure during installation and verify that the installer rolls back properly.

Support command line and graphical interface installation. In addition to using the Windows Installer, Certified applications must support command-line installation and include an option to install silently.

Reliability

Finally, the Certified logo includes requirements designed to make applications crash less often and require fewer reboots.

Eliminate application failures. To qualify for the Certified logo, developers must sign up to receive crash data from Windows Error Reporting and must target fixing 60% of their crashes during the lifetime of the product. Any fixes created by the developer must then be supplied to Windows Update for distribution to end users. Microsoft has been encouraging developers to sign up for Windows Error Reporting for several years, but making it a requirement for the Certified logo should greatly increase third-party participation in the program. In addition, the testing program subjects an application to a variety of reliability tests, such as checking for use of "banned" Windows APIs that are known to be insecure or otherwise dangerous, and subjecting the application to stress conditions, such as simulating hardware or OS error conditions.

Eliminate unnecessary reboots. Certified programs must support the Vista Restart Manager—a new feature that will be able to identify running applications and services that are using a component that must be patched, temporarily suspend those applications, stop the component or service, patch it, and then restart the service and the application, all without requiring a reboot. The certification testing process includes sending restart manager messages to an application and verifying that it shuts down and restarts itself appropriately.

Benefits and Roadblocks

The Vista logo program confers the same kinds of benefits as previous programs, including the following:

• Participation in the Windows Marketplace Web site (Certified applications will be highlighted and appear more prominently)
• Discounted advertising in Windows Vista magazine
• Eligibility for public relations opportunities, such as mentions in Microsoft press releases
• Points in Microsoft's Partner Program, which count toward higher certification for the developer.

In addition, if Microsoft convinces potential buyers that the logo is valuable, it could become an important criterion in purchasing decisions. But for this to happen, Microsoft must overcome several roadblocks:

Establishing the value of the program. Previous logos had few teeth and customers are likely to assume, at least initially, that the Certified for Windows Vista program is more of the same. Microsoft could make changes to Windows itself to highlight Certified applications, such as checking an online database when an application is installed and informing the user if the application is certified. However, Microsoft appears reluctant to adopt such "Good Housekeeping Seal of Approval" tactics, possibly out of fear of alienating ISVs that do not qualify.

Making Certified applications easier to build. The biggest step Microsoft can take to increase the number of Certified applications is make them easier to create. Windows Installer packages, for example, are notoriously complex and difficult to create, and Microsoft's developer tools do little to make the process easier. If Microsoft's developer tools were to create certifiable applications by default, the number of Certified applications would increase dramatically.

Balancing the pain and the reward. If the logo program is too strict, developers may decide not to bother with certification. If, like previous programs, it is too lax, there will be thousands of Certified applications, but the logo will be ignored by potential buyers. While drafting the new requirements, Microsoft solicited feedback from developers, including third parties and its own Office division. In some cases, it responded to concerns by easing some proposed requirements, but in many cases it held firm, suggesting it's more concerned about making the logo program valuable to customers. Balancing the concerns of customers with those of developers will be tricky, but getting the balance right is critical to a successful program.

Being more stringent in testing Windows programs. Just because a program is distributed as a part of Windows doesn't mean it shouldn't undergo certification. Applications such as Movie Maker, Windows Media Player, and even third-party applications and add-ins such as the Adobe Flash Player or Acrobat Reader should still be Certified to ensure that they follow the same guidelines as applications that the user chooses to install. For example, an included application such as Movie Maker should properly uninstall if a user chooses to use a more full-featured third-party application to edit videos and make their own DVDs.

Resources

The Certified for Windows Vista software program is described in detail in the "Works with Windows Vista Logo Specification" document available via microsoft.mrmpslc.com/VistaPlatformAdoption/ResourcesAndTraining.aspx.

Windows Error Reporting is described in "Windows Error Reporting Tracks Down Bugs" on page 3 of the July 2003 Update.