Why doesn't Windows File Protection use ACLs to protect files?

The Old New Thing : Doing the best we can until time travel has been perfected

The Old New Thing : Doing the best we can until time travel has been perfected — Mon, 03 Apr 2006 18:17:05 GMT

PingBack from http://blogs.msdn.com/oldnewthing/archive/2006/04/03/567318.aspx

re: Why doesn't Windows File Protection use ACLs to protect files?

Tue, 28 Mar 2006 23:22:52 GMT

M: If all else fails ($LD_PRELOAD, $LD_LIBRARY_PATH), then there's still chroot. I haven't seen Windows installing a small version of Windows in a directory to safely install software in, seperate from the real installation. But debootstrap and yast can do that.

But if you stick to the distro package repositories, dependencies will be satisfied unless there are conflicting files. However, it's no problem for packages of the same library but different versions to coexist (for instance libxml1 and libxml2).

re: Why doesn't Windows File Protection use ACLs to protect files?

Fred — Mon, 27 Mar 2006 20:31:25 GMT

Does someone know of good articles on updating system files and keeping WPF happy, including COM servers (OCXs), and using the side-by-side sharing hack that MS introduced in 98SE?

re: Why doesn't Windows File Protection use ACLs to protect files?

Mon, 27 Mar 2006 18:10:10 GMT

Linux doesn't solve DLL Hell, it just replaces it with dependency hell instead. So the system won't let you install conflicting libraries - great - now you can't install (and therefore run) your application _at all_. Hardly a leap forward, all you did was swap one problem for another.

The approach Windows uses works absolutely fine, the problems with DLL Hell are due to its history and not any problem with the current design (in which programs can happily ship their own libraries privately).

re: Why doesn't Windows File Protection use ACLs to protect files?

Sun, 26 Mar 2006 00:42:26 GMT

They should use GetSystemDirectory.

http://blogs.msdn.com/oldnewthing/archive/2004/10/08/239767.aspx

re: Why doesn't Windows File Protection use ACLs to protect files?

dhiren — Fri, 24 Mar 2006 17:17:07 GMT

>If Vista breaks old apps by resisting those to
>write to system32, why not at the same time
>rename the system directory to system64 in
>win64?
>Wasn't the name (system32) preserved because old
>apps should be able to write to it?

Because some apps may want to read from system32 even if they don't want to install/update files there?

re: Why doesn't Windows File Protection use ACLs to protect files?

Norman Diamond — Fri, 24 Mar 2006 05:46:47 GMT

Thursday, March 23, 2006 2:27 PM by Driver Guy
> Many problems can be avoided by simply RTFM -
> the SDK docs, the API calls, etc.

In that spirit, I used to correspond with a certain famous blogger who used to solicit bug reports so that subsequent RTFM would yield more accurate information.

In that spirit I occasionally still submit bug reports directly to MSDN. Sometimes they reply that content is acquired from MSDN and who knows if it will ever get fixed. Sometimes they don't reply and who knows if it will ever get fixed. Sometimes they reply that they're fixing it but it still doesn't get fixed.

Well, yes, sometimes RTFM does avoid problems. I just wish that were true more often. Meanwhile I RTFM a lot.

Developers should read your blog

Driver Guy — Thu, 23 Mar 2006 21:36:20 GMT

BTW Raymond, your blog should be required reading for all Windows developers, cause it points out the mistakes others have made in the past. Other docs do not do that.

Developers need to be taught the hard way

Driver Guy — Thu, 23 Mar 2006 21:27:41 GMT

As long as Microsoft covers up the independent software vendor (ISV) mistakes, they won't bother to learn how to do things correctly. Simply because it makes business sense: why should the ISV waste time learning how to install their app correctly, if MS will cover up their mistake?

All the appcompat cruft makes for a better user experience but it just perpuates crappy software development. Many problems can be avoided by simply RTFM - the SDK docs, the API calls, etc. Many developers don't bother.

MS really needs to stop covering for hardware and software bugs. Of course, it would be nice if their own applications didn't try to overwrite kernel sreaming modules on Win2000 every time. :=)

re: Why doesn't Windows File Protection use ACLs to protect files?

Thu, 23 Mar 2006 15:42:35 GMT

Andreas Magnusson, I use GNU/Linux and I'm 19. Not only do I get to read TONT, I can have as much Wine as I want ;)

BTW, system files ARE in fact protected by ACL's. Just try (re)moving anything in system32. It only works when logged in as an administrator, which already pwns the box anyway.