Understanding Application Compatibility
Application compatibility bugs occur in applications for many different reasons. Sometimes a feature that an application relied on is simply retired from Windows. In Windows Vista®, several applications exhibited bugs simply because developers had hard-coded the Windows version that the applications were compatible with and the application failed when the version changed. Any time operating system behavior is changed there is a possibility that an application has taken a dependency on the previously implemented behavior.
Overall, Windows 7 compatibility is high with common applications, and Microsoft is continuously striving to achieve the best possible compatibility for existing applications for Windows Vista and Windows Server® 2008.
For detailed information, see the Application Compatibility Cookbook.
With the introduction of the User Account Control feature in Windows Vista, Microsoft demonstrated its commitment to enabling organizations to configure their users with standard user accounts thus offering the industry a desktop configuration with greater security and reduced total cost of operation (TCO). Windows Vista includes features, such as the ability for standard users to change the time zone when traveling, that dramatically improve the user experience for standard users accounts. Windows 7 makes the user experience even better. When running with standard user accounts, organizations will also realize improved resiliency against malicious software, better control over what users install on their computer, and a higher degree of management over what users can configure on their computers (including security settings).
Prior to Windows Vista, many developers had been developing software that positioned users as members of the Administrators group, and the software inadvertently required administrator privileges. When Administrator privileges were removed for standard users in Windows Vista, the application compatibility impact was significant. User Account Control does offer a variety of features to improve application compatibility, such as File and Registry Virtualization and Installer Detection. Also, as the industry continues to move toward standard user desktops, many of these application compatibility bugs are being addressed by independent software vendors (ISVs) and fixed in their most recent products.
User Account Control is one of many features designed to increase the reliability of Windows. Another feature is Windows Resource Protection (WRP), which increases system stability, predictability, and reliability. WRP safeguards Windows read-only resources—specifically operating system files, folders, and registry keys that are non-configurable by design. WRP enforces this safeguard using Windows Security by specifying special security descriptors on the resource. Any process, including those running as administrator or system, that does not have rights to make changes to WRP resources can only read and execute the resources. Full access to WRP resources is restricted to Windows Modules Installer service.
When new features are added to enhance the security of the operating system the features generally affect application compatibility. In many cases this occurs because the feature is designed to limit behavior of malware by changing behavior in the operating system or an application platform technology, such as Internet Explorer®. As previously mentioned, applications are built to use a wide variety of platform functionality, and any change has the potential for application compatibility issues.
The following features enhance Windows 7 security and represent important advancements:
Internet Explorer Protected Mode. Included in Windows 7, Internet Explorer 8 runs in Protected Mode, which can help protect users from attack by running the Internet Explorer process with greatly restricted privileges. Protected Mode significantly reduces the ability of an attack to write, alter, or destroy data on the user's machine or to install malicious code. It can help protect a user from malicious code installing itself without authorization. This mode is the default for Internet Explorer 8 when Windows 7 is installed.
Internet Explorer 8 - Data Execution Protection (DEP)/NX. Internet Explorer 8 will enable DEP/NX protection when run on an operating system with the latest service pack. Windows XP SP3, Windows Server 2003 SP3, Windows Vista SP1, and Windows Server 2008 all have DEP/NX enabled by default in Internet Explorer 8. Typically, any application that runs in Internet Explorer and is not compatible with DEP/NX will crash on startup and will not function. Internet Explorer may crash on startup if add-ons not compatible with DEP/NX are installed.
Session 0 Isolation. In Windows XP and earlier versions of Windows, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels. The Windows Vista and Windows 7 operating systems mitigate this security risk by isolating services in Session 0 and making Session 0 non-interactive. In this case, only system processes and services run in Session 0. The first user logs on to Session 1, and subsequent users log on to subsequent sessions. This approach means that services never run in the same session as users' applications and are therefore safeguarded from attacks that originate in application code.
Improving operating system performance was a key focus during the development cycle of Windows 7. This focus has resulted in overall operating system improvements and the further development of features that originated with Windows Vista. Some of the performance features that may have an application compatibility impact include:
Windows Vista and Windows 7 64-bit. Windows 7 fully supports the 64-bit architecture processors from AMD and Intel. The 64-bit version of Windows 7 can run all 32-bit applications with the help of the WOW64 emulator. However, the kernel does not support 16-bit applications, 32-bit installers, and 32-bit kernel mode drivers. All 64-bit drivers have to be digitally signed for Windows Vista and Windows Server 2008 64-bit editions. Unsigned drivers are not supported and cannot be installed on 64-bit Windows Vista and Windows Server 2008. The digital signature check is done during both installation and driver load time.
Networking: TCP/IP Stack and the Windows Filtering Platform. The networking stack was completely rewritten for Windows Vista. Instead of the dual-stack model that exists in Windows XP (to support IPv4 and IPv6), the networking stack in Windows Vista implements a new architecture in which there is a single transport and framing layer that supports multiple IP layers. The new stack is modular, flexible, and extensible. While all attempts have been made to maintain application compatibility with the existing applications that interface with the stack at various layers, there are nevertheless changes (that are mostly side effects of the improvements) that might cause potential application-compatibility issues.
Windows Driver Display Model (WDDM). In Windows Vista, WDDM) introduced a completely new display driver model that improves display driver stability in Windows. While most of the applications from earlier versions of Windows should not be impacted by WDDM, some risks include:
DX games compatibility, resulting in DX run-time, IHV driver, or core graphics stack issues.
Mobile functionality such as keyboard shortcut, clone view, brightness, and zoom due to stricter Advanced Configuration and Power Interface (ACPI) requirements.
Accessibility, specifically screen-magnification applications designed by Windows XP, will not work on Windows Vista or Windows Server 2008.
New Low-Level Binaries. To improve engineering efficiencies and foundations for future work, Microsoft has relocated some functionality to new low-level binaries. This refactoring will make it possible for future installs of Windows to provide subsets of functionality to reduce surface area (disk and memory requirements, servicing, and attack surface).
While many of the features previously mentioned are focused on the underpinnings that enable applications to work better, there are also features that change the actual user experience of Windows. Because these features change how users and applications interact with Windows, there is the possibility of associated application compatibility issues. Some of the improvements to the user experience include:
File Library Replacing Document Folder. Libraries provide a centralized folder-like experience for file storage, search, and access across multiple locations—both local and remote. The default locations used by common file dialogs (for example, Open and Save) have been changed from the Document Folder to the Documents Library.
The user interface is unchanged, but the user will now be able to view, browse, and search the Library using various arrangement views. Files are saved into the Library default save location unless the user changes the default save location or chooses a different folder.
User Interface - High DPI Awareness. The goal is to encourage end users to set their displays to native resolution and use DPI rather than screen resolution to change the size of displayed text and images. Windows 7 can auto-detect and configure a default DPI on clean installs on machines configured by their original equipment manufacturers (OEMs) using DPI settings. There are tools you can use to help design applications that are high-DPI aware in order to ensure the most readable results.
Removing Legacy Components
Given the continual focus on progressing and modernizing the Windows operating system, over time features will be retired from the Windows operating system. In certain cases, there are successors that better satisfy the needs of developers and users. In other cases, the technology has simply reached the end of life and is deprecated.
The following components from earlier Windows releases are not present in Windows Vista or Windows 7:
Kernel-mode printer driver support. Printer drivers implement two components: user interface and rendering components. In Windows NT® 4.0, the rendering components had to run in kernel mode. Windows 2000 introduced user mode rendering components; Windows XP required it for new printer installations but supported kernel-mode rendering components for existing printers. Beginning with Windows Vista, all printer drivers must now implement user-mode rendering components.
Windows Help for 32-bit applications (WinHlp32.exe). Support for Windows Help files (.hlp) is no longer provided by the operating system. To view Windows Help files in Windows Vista, Windows Server 2008, and Windows 7, you must download and install Windows Help from the Microsoft Download Center. (A Windows 7–compatible download will be available by RTM of Windows 7.) HTML help files (.chm) are still supported.
Microsoft FrontPage server extensions. Support for FrontPage® Server Extensions 2002 is no longer provided with the operating system. For customers who still require FrontPage Server Extensions (such as web hosting companies), Ready to Run software has partnered with Microsoft to provide Internet Information Services (IIS) compatible versions of the FrontPage Server Extensions 2002.
Direct 3D Retained Mode (D3DRM). D3DRM, a technology introduced in DirectX® 3 to provide a higher-level programming interface on top of Direct 3D Immediate Mode, has been deprecated beginning with Windows Vista because of security concerns.
Web Publishing Wizard. The Web Publishing Wizard, an applet initially designed to simplify the web publishing experience, never saw any significant adoption and was deprecated beginning with Windows Vista.
Windows NT LAN Manager Security Support Provider (NTLMSSSP) Service. The NTLMSSSP Service was removed beginning with Windows Vista and has been replaced by Kerberos authentication.
Network Dynamic Data Exchange (NetDDE). NetDDE was removed from Windows XP, but was still available on the installation CD. For security reasons, beginning with Windows Vista and Windows Server 2008, Windows no longer supports NetDDE at all.
Microsoft Graphical Identification and Authentication (GINA). To simplify the process of developing authentication providers, as well as to simplify combining authentication providers (including biometric authentication), Windows Vista replaced the GINA model for authentication providers and replaced it with a new Credential Provider model. The new model significantly reduces the effort required to create authentication packages.
Windows Gallery applications. Windows 7 deprecates the Windows Mail utility and disables the CoStartOutlookExpress application programming interface (API). Other removals include Messenger, Address Book, Photo Gallery, and Movie Maker. The other e-mail APIs have been marked as deprecated and are slated for removal in a later Windows version. However, publicly documented APIs that are not marked as deprecated or obsolete will continue to function in Windows 7. Binaries will remain on users' systems and will continue to be accessible via the APIs, specifically in the cases mentioned earlier. In addition, the users' e-mail (.eml), news (.nws) and other Windows Gallery–created files will remain on the system.
Windows registry reflection. The registry reflection process copies registry keys and values between two registry views, to keep them synchronized. In earlier 64-bit installations of Windows, the process reflected a subset of the redirected registry keys between the 32-bit and 64-bit views. However, this implementation caused some inconsistencies in the state of the registry. As COM was the only known consumer of the feature, COM was updated to no longer depend on the functionality.