How to guard File (extension) association from being vulnerably overwritten by Desktop or Metro?

Question

If one Metro App manifest file declares association with certain file extension, would it possibly be overwritten by subsequent of other Metro apps, and/or Desktop apps?

How to guard Registry keys from being unauthorized tampered:

1. HKCR\SystemFileAssociations\.myext
2. HKCU\Software\Classes\.myext
3. HKCR\.myext
4. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.myext
5. HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\<my_metro_app>\<my_metro_app>.App\Capabilities\<my_metro_app>\.myext

Thank you!

Answer 1

Are you perceiving this problem is new with Metro?  Conceptually it seems like kind of an old issue to me...

Is file extension managment something that's been advertised as updated in the brave new Metro world?  I must have missed it if so.

If not, you may be thinking about this in slightly the wrong way...  Your app is not in charge - the user is.

I can think of two scenarios:

1.  Another app that does something unrelated to what your app does happens to come after you and associate itself with the same extension.  It's possible you chose the extension badly in this case, or are just unlucky.  Your recourse might be to have the software check for associations being taken away from your app, either when your app is run or maybe in a service or applet that runs in the background.  You should still let the user know about the problem and have the final decision what to do about it.  But beware, users sometimes hate being bothered.  Longer term, you would want to consider using a different file extension for your new releases.

2.  Another app that does something similar to what your app does overwrites the file extension associations.  This is the kind of thing you might see with .jpg for example.  In that case it seems entirely possible that the user has decided to use a different app than yours to handle those files by default.  It is up to the user what app he/she wants associated with a particular file extension.  If you locked them out of doing that, you'd be hated in a hurry.  In this case your recourse would simply be to make the best app for the job, so every user would install yours and not the competition's.

-Noel

Answer 2

Totally agree, this is historical problem for desktop apps.

I'm thinking of a malicious attack use case where one desktop app tampers file association, another desktop unknowingly launches the 'bad apple'.

This situation could have been limited and stop spreading into Metro style space if Win8 sandbox lay some kinda registration and overwriting restrictions of file association in place to guard unauthorized tampering by other desktop apps or Metro apps.

Just a thoughts for MSFT Win8 team.

Thanks for your time.

Answer 3

I admit to being completely unfamiliar with the new sandbox mechanism, so it may well handle this.  I'd love to hear from someone more knowledgeable about this.

 

-Noel

---

My new eBook: Configure The Windows 7 "To Work" Options