Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

As we prepare for the main development phase of theĀ Secure Password Storage project, the primary purpose of which is to serve as a guide for Windows logo testing, an excellent question was raised: what exactly does logo testing entail?

Mainly, logo testing is a question of designing and implementing the target software, as well as its installer package, so that it passes a list of official test cases. We’ll be pursuing the Certified for Windows Vista logo for this project. The test case list for that logo is here. There’s a higher-level rationale document here.

If you write software for Windows, and you read nothing else about the logo program, I recommend at least skimming that test case list, because it raises several important points. These are points that apply to all Windows software and can have a considerable effect on usability.

For example, test case 3, “Verify Least-Privilege user is not able to save files to Windows System directory.” In other words, does your software introduce a potential elevation of privilege security bug? Lots of products use a thin client application to interface with the user, mated with an NT service to perform heavy lifting. But does the service expose functionality that might allow regular user accounts to do things that they wouldn’t be able to do directly (after all, that’s generally why the service is introduced in the first place)?

Another example - test caseĀ 23 - “Verify the application rolls back the install and restores machine back to previous state.” Don’t you hate it when you un-install a software package and it leaves behind data in the registry and files on disk?

In the Vista list linked above, there are 32 test cases total, each of which includes detailed instructions on how to perform the test. Again, it’s a useful document, and once you give it a quick scan, you’ll know exactly what you’re getting into. But, more importantly, you’ll have a better idea of the bar for the highest quality software.

Back to the other original question - what does Windows logo testing entail - the certification process is actually more than just the test cases. In order to obtain the “Certified” logo, you have to engage with a 3rd party test lab, and you have to follow the WHQL submission process. But if you’ve confirmed in advance that you pass all of the test cases (which you should do if you want to save time and money), then the rest is really just a question of waiting for the gears to turn.

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment