Why the PC needs a modern app platform

Microsoft isn't turning Windows into a walled garden -- but it might be a good thing if it did.
Written by Mary Branscombe, Contributor
metal garden gate

Should Microsoft erect a 'garden wall' around Windows?

Image: iStock

Last week, the co-founder of Epic Games, Tim Sweeney, wrote an angry piece about the walled garden nature of the Microsoft Windows Store, warning it was "the first apparent step towards locking down the consumer PC ecosystem".

There are many ways in which that's not really true: you can sideload Store apps, and you can build and sell Win32 programs and those programs can call WinRT APIs, so there's no need to worry about getting locked out from new features. Or you could create a Win32 program to put in other stores and to sell on your own website and also wrap it to distribute through the Windows Store using the Project Centennial bridge, so you're not losing access to any distribution channels.

And if you think Microsoft is only developing the UWP and WinRT framework for Store apps and nothing for desktop Win32 apps, what about DirectX 12 and all the non-Store games using it?

There may be some specific, technical issues that Sweeney is concerned about but didn't actually reference. He could be concerned about things like the WDDM 2.0 graphics and compositing pipeline, which includes a standardised rendering pipeline through the Windows compositing engine that reduces artefacts like tearing -- remember that it's only required for games sold through the Windows Store.

Some of the issues that gamers are concerned about sound more like bugs than deliberate changes (asked about some frame rate issues, Microsoft's Mike Ybarra noted on Twitter that "we will fix Vsync"). And while they're not speaking officially, devs from AMD's Radeon team and Intel's graphics team say the new compositing scheme makes sense and these are controls that belong in the operating system.

Less charitably to Microsoft, you could note that its grip on the Store isn't exactly tight; there are plenty of fake apps showing up there on a regular basis and app approval is almost notoriously fast and automated.

There have never been any stories about Microsoft refusing apps because they're too political (which Apple has done in the past). And if UWP is such a threat to every other type of software you can run on a PC, why is Sweeney pointing out that the Windows Store isn't as well populated as other games stores?

Modern means limits

But imagine if Sweeney is right -- that the long-term future of software on Windows was one where Microsoft could control what apps would run on it and what those apps could do, just as Apple gets to decide for iOS. Imagine that applications had to ask for permission to do things like look at the file system, or that that applications could only run in sandboxes and communicate with each other through carefully defined interfaces.

That would be a huge improvement for security, both by design and by curation; the few proof-of-concept pieces of malware that have made it into the App Store and the malicious apps written using the unofficial, subverted version of Xcode are a far cry from the range of rootkits, bookits, viruses, trojans, and other malware that you can get a PC to load if you're not security conscious.

You can get rid of bitrot and DLL Hell and all the other things that make it tempting to reinstall Windows every couple of years just to keep things clean, or that make taking system image backups so tempting, because getting your applications and all their settings back still takes a long time. You can get better battery life, because modern applications have to be well behaved; they're suspended when they're not in use, so they're not running down your battery or clocking up CPU cycles and using up your bandwidth.

You can see exactly which apps are using bandwidth -- and you can uninstall the resource hogs easily. Those are all advantages of iOS and things Windows needs to have too.

That was one of the reasons Microsoft added Store apps to Windows 8 in the first place. At the Windows 8 launch, the then-head of Windows Steven Sinofsky called them "apps that are easily acquired, easily removed if you want, that respect and protect your data and your privacy, and build on the improved security of the new Windows run time" so that "PCs will maintain great performance and reliability over time".

Without any of the legacy of powerful tools and development options that also introduce security holes, he claimed a PC running Windows RT that only ran Store apps "will be just as stable and reliable a year from now as it was on the day you turned it on".

When Sony got hacked in 2014, he wrote about the history of adding powerful options to Windows, only to discover in later years that they also added ways to attack people -- and pointed out that dealing with that is always painful. "We need the equivalent of breaking a bunch of existing solutions in order to get to a better place," he noted.

"We are on the verge of a new generation of computing that was designed from the ground up to be more secure, more robust, more manageable, more usable, and simply better." A lot of that is about security: "Architectural changes are significant barriers to bad actors. One day you can open a maliciously crafted photo attachment and have a buffer overrun that then plants some code on a PC to do whatever it wants (simplified description). And then the next day that same flow on a modern mobile OS just doesn't work," he said.

Modern application platforms aren't about doing less to be more secure, Sinofsky pointed out (leaving Microsoft doesn't seem to have changed his views of what matters in operating systems). "They're not more secure because there are few pointers in the implementation or fewer APIs, but more secure because apps run with a different notion of what they can/cannot do and there is simply no way to get apps on the device that can violate those rules (other than for developers of course)."

App permissions are part of that, but they're not enough on their own. Discussing the issue on Twitter, Sweeney said UWP has advantages like the permissions system -- but he doesn't want to go through the Store to use those.

The problem with that is that if you have apps requesting permissions but you're not getting those from a secure source, you've lost one step of the protection. And if you want a more reliable operating system, you need all the layers. If a Store app turns out to be malicious, you don't have to warn people and hope they notice; you can revoke the app centrally.

The problem is that you get all the disadvantages of iOS as well, which is why Microsoft is never going to actually turn off everything except Store apps. If that was the plan, Windows RT would be front and centre in the strategy instead of left in a corner. And it's not going to let Win32 wither away, because PCs are used for far more than even the most powerful iOS apps.

But they're not used for that by everyone.

To keep Windows relevant in the tablet and smartphone world, there has to be a way of using it as a safe, modern platform, where those people who don't want the responsibility that comes with a platform you can do anything on can just use it without worrying. Trying to tear down the Windows Store is just plain shortsighted.

More on Windows apps

Editorial standards