Sunday 25 February 2018

16 Million Reasons To Fail!

The plan didn’t work. Windows 10S is dead!
Quite a few of us who used Windows 10S would have predicted that it won’t survive for long time, soon after its launch (I was one among them). Most likely “S Mode” too will be gone soon! I don’t want to sound like a critique and really hope I’ll be proven wrong this time, but something doesn’t seem right in Microsoft’s current strategies. All the recent initiatives like UWP, Windows Store, Win 10S (now S Mode) have been struggling to click in the market. Ultimately all of these will have to be rethought to accommodate the market demands.

Microsoft is taking the right initiative to move towards improving security, but things aren’t working as planned. They launched UWP (similar to Apple sandbox); came up with Windows Store and launched Windows 10S for locked down OS with enhanced security. Apparently all of these products had to be refined. Soon after the launch, MS had to compromise on UWP’s security features and allow users to use Desktop Bridge Converter for porting the non-compliant apps. Windows Store is still struggling to attract commonly used apps. And Windows10S is being abandoned for an “S Mode” switch in Windows 10.

So, the million dollar question is.. what went wrong?

The problem is that although the intention is right, the timing isn’t! If these security restrictions were introduced a couple of decades earlier, it would have been adopted by many. But since many years, people have been developing windows apps without such security standards in mind. Now suddenly if the OS imposes these restrictions, apps can’t migrate to these platforms without changes in the code base.
As Microsoft’s Distinguished Engineer said at Build 2016,
There are 16 million Win32 or .NET apps in the world. When we built the Universal Windows Platform, we left them behind. And that was dumb. – John Sheehan
Which means there are 16 million reasons to fail!

When Apple introduced sandboxing technology they had initial hiccups too but managed to lock down the operating system. The point which Microsoft is missing is that Windows user base is very different when compared to Apple. Locking down of OS strategy won’t work for Microsoft customers. Windows has been used for heavy duty, multitasking applications. On the other hand, Apple apps are not designed for heavy multitasking kind of applications (except a few I suppose). That’s the underlying reason why the plan to sandbox applications or to lock down the operating system worked for Apple whereas MS is struggling with it.

Whats the solution?

The standards Microsoft is trying to move towards are much needed in today’s world. With advancements in hacking strategies, this is the right way forward in terms of security. However, attempts to restrict or lock down the operating system won’t help Microsoft users.

The solution in my view is to impose security at “Application level” instead of the “Operating System level”
Let me try to explain my view with an example.
Imagine an office building where “Workers” come in every day to do their job. The owners noticed that few “Intruders” are coming into the building to steal business critical information. As a result, the owners decided to close the gate for everyone. Although this strategy restricted the “Intruders”; it even left the “Workers” out of the building. This hampered the business massively.

That’s exactly what is going wrong with Microsoft’s strategy. To block the Intruders getting in through the “Insecure Apps”, Microsoft is imposing restrictions and locking down platforms for every app (closing the gates). This is blocking “Business critical apps” (Workers) too.

The solution to this is right in front of us, something we all do every day. Since centuries, (much before computers were invented) people had identification systems in place. When someone knocks on the door, do you open the door for everyone? You don’t. But when you recognize the person you do let them in. This works for simple cases but what will you do in the case of huge organizations with hundreds of employees, where you don’t know every person working there? ID cards are for that. No one can enter a building without a genuine ID card.

The point I am trying to convey is simple, just like we don’t treat everyone as a criminal, don’t treat every app suspiciously! This can be accomplished by moving the restrictions from operating system level to application level.
Instead of restricting or suspecting every app, restrict only those apps which don’t have an authorized identity. Instead of having “S Mode” as an operating system switch, make it an “application switch”. If each app is run within a secure bubble, something which guards the app from intruders, then this solves the whole purpose of security. Businesses will adopt newer platforms if they are given an option to run their trusted/in-house apps with full operating system capability, fewer restrictions. “S Mode” should only be imposed for apps which are not trusted by the business. I like calling it the “Micro-S Mode”.

That’s all for now. Please feel free to share your views on this. I’ll write more about possible solutions to implement Micro-S Mode in later blogs. Stay tuned!

Priya Saxena.

No comments:

Post a Comment