Application security and deployment

Key Takeaways

[Music] hello everyone I'm John vince'll I'm a program manager lead at Microsoft work on the MSI X team and today I'm here to talk to you about application security and deployment first let's look at some of the challenges we have today with software distribution one of the things is there's no mandatory code signing required for applications also many apps need to run as administrator' and are not isolated on the device this results in users worrying about installing applications and must run antivirus or malware detection on their devices so with Windows 10 X we tried to bring balance instead of going for a extremely lockdown policy we're trying to bring some level of security combined with application compatibility and we do this through a couple of different ways first off we allow Microsoft apps and uwp apps to run in a host and all other apps to run into a container making sure that we have the fidelity of apps running on the system and give you that application compatibility by doing so we don't run any AV on the product because we run in what we call a signed in reputable mode so how does the sign in reputable application execution control work we do this with what we call a circle of trust the circle of trust starts with a baseline that we used in Windows 10 and s mode we build upon that by running any signed code that trusts up two certificates on Windows and then lastly we leverage the intelligent security graph for reputation of apps this is the same graph that powers Windows Defender AV and smart screen for app reputation so how do you go and build reputation for your apps well first off we say don't rely on reputation for your app you should code sign all your app that runs on the system likewise migrating to MSI X will make it easier for you to code sign your apps for anything else you can actually go and submit your app for analysis but the best way is to increase their apps prevalence and adoption and then it will be known through the intelligent security graph so let's talk a little bit more about MSI X MSI X is designed to reuse your existing assets we're here to provide an integrity reliability for your applications so bringing a better installation model to your app for Windows we really just want to simplify the application deployment and ensure that you have a model that makes it easy to keep your apps always up to date so MSI X isn't just a different deployment technology it's really growing upon our existing as all our technologies things that click ones Windows application virtualization or MSI we went back to the fundamentals of those and learned about all the things that customers liked and likewise looked looked at the things that customers didn't like and then evolved this into a modern deployment technology which is MSI X so let's go over some of the top level benefits that at MSI X first off it's just a simplified packaging and deployment technology we've moved to a declarative model where everything you need to know about the installation is defined in a manifest file which allows Windows to kind of control the installation we also implemented a formal identity and versioning system to make it really easy to identify what an app is and the lineage of the app for app updates as I said the Windows OS will go and manage the lifecycle of the app we install it we update it we remove it without the need for custom installers to go and do that all the apps are installed per user allowing you know they only need to be seen by the users that need it and then we formalize the app data state so it allows the app data to be redirected to the users app data folder and prevent it from being kind of stored all over the Windows operating system I mean the last thing we do is we bring integrity to the app we offer levels of tamper protection on the application so that if the app files have been changed we can prevent the app from running and exposing the users to any kind of vulnerabilities that might be out there likewise for enterprises we also give them the ability to limit the sources the apps are coming from so if they don't want certain apps on their devices they can go and limit those installations so let's take a look at the MSX file and what's contained in an MSI X file so first off everything self contained in the MSI X package it's kind of composed of two parts the package payload and the footprint files the package payload is everything that is your application it your XE it's your dll's it's your con - it's everything you as a developer build the footprint files are the things that we need to drive the lifecycle management of the application so if we kind of dive deeper into that first off we have the manifest file and again that has my identity that drives all the installation parameters that I need it sets my file type associations and things like that there's the app signature that's what we use to know that the app is trusted by something in the trusted root certification authority on the device making sure that it's just not a random app being installed and it has some level of trust and then lastly we have the block map and that allows us to go and verify the files that are being installed on the system the block map contains a hash of all your payload files so that when were deploying the app on the system we can validate the app that files being put on the system are the ones actually the developer intended and then lastly again the the manifest allows us to kind of manage the removal in the updates of the applications so let's take a quick look at an app manifest file here and I'm going to call it a few key elements that we use that'll help us build the identity out and understand the targeting of the app to Windows first off there's the version of your app and then there's the publisher what's unique about the publisher is the publisher here actually identifies the subject name of your signing certificate we use this for uniqueness of your app and I'll talk a little bit more about the identity on the next slide but the the the subject name of your cert is a key component for the lineage of your application we also have the name of your app which in this case would be like the Photos app something that the user would go and see and then lastly if you want to target specific architectures we give you the ability to target specific architectures or specific versions of Windows so let's dive a little bit into this package identity and what it really means the package identity has two components the first part we'll talk about is the package family name and this is composed of the name of your package combined with a hash of that publisher now again that publisher is the subject name of your signing star which gives us a bit of uniqueness so taking that and hashing it and combining it with your package name gives us a unique identity on the system for your application and this is the lineage of your application so no matter what version you're being deployed the family name stays consistent now we know for developers or even users alike they want to know a little bit more information about what might be on their device making sure they're at the latest and greatest application and that's where the package full name comes into play it takes the package name combined with the version the architecture and again the hash of that publisher name and that defines the exact version of the application installed on the device so as you're going from version to version the lineage of those packages tie to the package family name we'll just take care of the updates for you and when you want to see the version that's installed on your device that's where the package full name comes into play so when we think about distributing applications on Windows 10x there really is no limits to how you can distribute we have the ability for you to easily distribute through the Microsoft Store or you can distribute from any server or location to your Windows 10x dual screen device likewise you can use that same application package and target any other windows Edition whether it be home pro education enterprise etc there really is no limit in using MSI X in your distribution methods so let's go and recap some of the benefits that are msi x we like to think when we're installing msi x that the user has feeling of never regretting installing an app and it starts with a predictable safe and reliable deployment we also offer a really clean uninstall you don't have to build a custom installer because through the manifest in the lightweight container we can easily clean up the application that was installed we do things to optimize the disk space for the user so whether it's a multiple packages sharing a file or multiple users installing the same app we only ever store a file on disk one time we also give developers the ability to build resource packages resource packages allow you to compartmentalize either language parts of your code or scale resources part of your code when you put those into an MSI X bundle package and the user installs it the only pulldown the resources that are applicable so you can offer a wide range of languages but then when the user installs it they only get the languages that are applicable to their device and not have to have extra footprint and space being taking out and then lastly we offer Network optimizations when we're doing application updates I talked about that block map that's the hash of all the files we do a comparison of the existing block map to the new block map and we only download the differences between those two block maps and we do the differences within a file level at a 64k block level so you're not downloading the entire package or even the full files you're just downloading the differences to the user and we also only download files that are needed so if a file is already on the disk we'll never download that again so as we kind of go and look at updates you know windows controls the lifecycle of those updates all the updates are just based on that application family that package family name I talked about a couple slides ago you don't have to do anything else it's just built into the platform for you only the changes are downloaded and what's really cool is if the user is using the app we can actually download the file changes without having the user shut down the app and then the next time they shut down the app we can finish the update to the newer version of the app for them so let's kind of walk through a scenario and just give you a better visualization of how this update pattern works for you so I have an app and this is the first time I'm installing the app on the device so the user goes to install an app all the files are downloaded and staged on disk it's the first time so all the files come down and then a new application is available in the cloud the user goes to install it we look and we only download the differences that are needed for the application update we'll then go and link all the existing blocks over on disk and then when the app is shut down we'll go and put the new app in place so it's just a quick change of some registration information and a light a sequel light database on the device and then the user has the new app and silently in the background will clean up all the files that we don't need really making it faster easier and more reliable for the users to get app updates so a lot of developers like to know okay I'd like to understand more on how this differential update works and we give you a tool in the Windows 10 SDK to really understand what's happening with our differential update stack and you can do that through Google called compare package so I have an example of compare packages output here in within the Windows operating system we shift this app called the app installer app so here's an example of when I did an update to it at some time last year and you can see we give you a list of files and there's two key things to look at there's the impact which is the amount of change that will be downloaded over the network and then there's the size change which shows you the net growth on disk so while your app might not change a lot in size you might be making a lot of changes to the code so this allows you to understand what the real impact is so you can understand hey what are my users gonna download or maybe you're even planning for you know how much network bandwidth it's going to be consumed off my content distribution network when I'm pushing out app updates and again this tool is available today in the Windows 10 SDK you can use this with any - MSI X packages the other thing we talked about was how shared files work I kind of want to walk through a quick example here of do apps sharing files at how the deployment stack handles that first off here I have a Finance MSI X and in that I have three files for the sake of simplicity I just made some generic hashes so we understand how the kind of flow works so now the user is going to install this app and it's the very first time any of these apps are being installed on the device so all the files are going to need to be downloaded now the user goes to install another app in this case the supplier MSI X what you'll see here is there's three files one of them shares a hash with the other app package one just shares a file name but it has a different hash in this case when we go and install the application will notice that hey the one with the same hash is the exact same file but despite the other ones sharing the same filename it truly is a different and unique file so we'll go ahead and just download the two files we need and then we'll create a link over so that app has access to the file and it doesn't have to redownload it to run making it really simple and easy to install and minimizing again that footprint for your users device so let's go and recap app updates in general so if you're using the Microsoft Store Windows Update handles everything for you you don't have to do anything when you ingest the app into the store it's just ready to go if you're distributing from a website we give you a series of different options you can use all of this is driven from a file called the app installer file and we give you the ability to either configure silent updates or allow you to present you acts where the users can go and opt in or out of the update likewise we also give you the ability to downgrade your application in that rare case where you might have accidentally pushed out a breaking change you can actually push an update that takes your users backward so they can go to that last known good copy without having to rush an update out while you go and fix any problem that you might have experienced in your application people ask how hard is it to get to MSI X and creating an MSI X and Visual Studio is really easy we have the windows app packaging project that's available in Visual Studio it gives a few key things to make using MSI X really easy first off it gives you a manifest editor I showed you that XML file a few slides ago instead of having to go in and manually add an XML there's a nice lightweight UX that allows you to set a lot of the key properties from within your manifest we also give you some debugging tools so that you understand how your app is running and you can debug in the lightweight container that MSI X runs and then lastly we give you a packaging wizard making it really easy to output that MSI X package for you and this is available in Visual Studio 2019 for folks using Azure DevOps MSI X is 'le integrates with Azure DevOps just use the windows 2019 posted build agent and Azure pipelines and you're ready to go with MSI X it comes pre-installed with all the MSX build tools and you can even use a yamo file to easily configure the package creation and sign your MSI package and if you want to learn more about that we actually even have a sample out on github for you that you can get started with the MSI X and Azure DevOps and then lastly MSI X is the deployment technology moving forward we've done lots of things to make it really easy to adopt and be the technology that developers want to use when deploying to Windows 10 X or other Windows devices thanks for joining me today