共用方式為


Why do people write applets?

Since I spend so much time railing about applets, I also tend to look at applets to see what they do (after all, the first step in knowing how to defeat the enemy is to understand the enemy).

In general, applets seem to fall into several rough categories:

  • Updaters
  • Notification Area Handlers
  • Helper applications
  • Services (I did say that I lump services into the same category as applets).

Let me take them in turn...

Updaters:  I LIKE updaters.  Updaters are awesome.  IMHO, I trust applications that include updates more than those that don't (because an updater implies a commitment to further development and bug fixes).  However way too many vendors build programs that run all the time and do absolutely nothing other than wait to check for updates every week (or every month).  One other problem with updaters is that sometimes the authors of the updater use the updater to push unrelated software (at the moment, I'm particularly annoyed at the iTunes updater - if you install just Quicktime, the updater tries to get you to install Quicktime+iTunes, and there seems to be no way of shutting it up).

Notification Area Handlers:  Every application seems to want to put its own icon in the notification area.  To me, the functionality that is offered by many of these is of limited value. For example, my display driver includes an applet that allows the user to quickly switch between screen resolutions, but I almost never change my screen resolution - so why provide a easy shortcut for that functionality?  I'm not sure why, but personally I believe it's because of branding (since you get to put an icon with your notification area handler, it makes it obvious to the user that you've installed the software).  Some pieces of notification area functionality are quite useful (the "big 4" (Sound, Network, Battery, Clock) in Windows are good examples, as are things like RSSBandits' status indicator), but many of them make me wonder (which is why I suspect that branding is the real reason behind many of the notification area icons).

Helper applications: These are things like "FlashUtil9d.exe" (running on my machine right now) and other support processes.  Users often don't see these (since they don't bring up UI), but they live there nonetheless.  I have an HP 7400 printer at home, and the printer driver for that runs 2 separate processes for each user (one of which hangs during shutdown every time a user logs off).

Services: A special class of helper application, services have some significant advantages over helper applications (and some drawbacks).  Services can be centrally managed, and expose a common startup/shutdown interface.  They also can be automatically started at system boot, have strict dependencies, and can run in arbitrary user contexts (including elevated contexts).  On the other hand, it's difficult (and in many ways effectively impossible) to have services run in the context of the currently logged on user.  I'm a huge fan of services, but it's possible to totally overdo it.  In Windows Vista, there were a slew of new services introduced, and more and more applications are creating services, since the currently logged in user is no longer an administrator.  An example of a helper service is the WHSConnector service that comes with Windows Home Server (another of my current favorite products), and there are a bazillion others.

 

I'm sure that there are other categories of applets, but these 4 appear to be the biggies.

 

Tomorrow: So why are applets bad?

Comments

  • Anonymous
    August 14, 2007
    I like how Windows Vista moves the "big four" notification icons into a different area and treats them differently.

  • Anonymous
    August 14, 2007
    I don't like update craplets. Even if I do install an app, I do it for a particular purpose, and I certainly don't want to think about it beyond that purpose (unless the applet is a hobby). Example: Adobe Reader is something I install in order to view PDFs. That's it. I don't care about the bajillion new features they put in version 8.1, I certainly don't want to be reminded in $(a random period of time), I want it to open PDFs and shut up otherwise. I've sometimes had to resort to violence on this. For example, some version of the DivX codec had a tray app that would pop up every time you played a DivX movie, and offer a menu for of options, none of which I was remotely interested in. I had to rename the app's exe to stop that.

  • Anonymous
    August 14, 2007
    Jonathan, do you care when your machine gets 0wned because of a security vulnerability in Adobe Reader?  There have been at least 3 critical security holes found in Reader over the past couple of years, the updater gives Adobe's customers the ability to update those vulnerable customers. It's hideously unfortunate that Adobe and others use their updaters to upsell unrelated products - it's violates one of the tenets of trustworthy computing (you don't treat security fixes as upsell opportunities).  Apple is notorious for this because of their patch policy (they only apply patches for the current revision of the OS, customers that have older OSs need to upgrade to get the security fix, even if the older OS is vulnerable).

  • Anonymous
    August 14, 2007
    That's a risk I'm willing to take. As a mitigation, I always turn off Adobe Reader's IE intergration. I also do it since it renders 3 times slower than the standlalone reader (one of my computers is kinda old).

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    I have to say I'm rather sympathetic to Jonathon's point of view. There simply has to be a better way. In an age of ubiquitous internet access, you can justify installing a dedicated updater for pretty much any application beyond the simple Windows applets (e.g., Notepad). I think a better solution is for the application to check on startup--like Paint.NET does. Or maybe Microsoft could make it easier for third-parties to use their Update service. (I thought WER had a way of distributing fixing, but only in response to crashes and hangs.) Coincidently, the IE blog published a short article on good practices for updating ActiveX controls. In my experience, most ActiveX controls are the "craplets of the web", so there may be some parallels (particularly to the first point they discuss): http://blogs.msdn.com/ie/archive/2007/08/13/good-practices-for-activex-updates.aspx

  • Anonymous
    August 14, 2007
    I also hate the Apple Updater's tendency to inflict iTunes on me, but here's what I really liked about it: it used Scheduled Tasks to perform its checks for updates. That's massively superior to running a background process of its own at all times. It's just a shame it updates the wrong product, really. What I'd really like though (and this is getting off-topic) is a website listing updates, with a nice ATOM feed to which I could subscribe. That'd help me for apps that don't have updaters or which have updaters that I don't trust. Some applications actually ship security fixes as unsigned blobs over http!

  • Anonymous
    August 14, 2007
    Jim, you're right, that's one of the things I'm planning on pointing out in post #4 (mitigations).

  • Anonymous
    August 14, 2007
    I believe many of the "helper applications" exist merely to pre-load DLLs on log-in, in the hopes that the application which uses those DLLs will load faster when the user starts it. Aside from being pushy marketing tools, updaters give developers too much reassurance that they can ship now and patch it later.  I also don't like the state of my machine to be in constant flux.  Security holes are important, but so is stability.   Nothing like a bug in a non-essential update to consumer your entire morning. Updaters are also beacons, telling vendors more about our systems and habits than they need to know. Sometimes our IT remote management tools badger me to install updates to applications I've uninstalled! BTW, Foxit Software makes a nice alternative to Adobe Reader.

  • Anonymous
    August 14, 2007
    As someone who has created a program that allows people to remove the unwanted startups I love your topic this week. I'm not a big fan of auto-updates although I like your thinking about the publishers commitment. I've had a number of apps and new machines come with a single updater from InstallShield. I don't use InstallShield myself anymore but having a single program for multiple apps makes sense. Unfortunately, I keep seeing to many things break after an update is installed. The biggest complaint I hear is about applications like QuickTime that stick themselves back into the Startup list anytime they just run.  Apple also annoyed a number of people by installing their "Apple Mobile Device Service" with the last iTunes update. This was released the same week as the iPhone and unless you have an iPhone it's useless. Bill

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    ulric, I don't think that Acrobat Reader does that.  I know that QT does.

  • Anonymous
    August 14, 2007
    So, maybe this is a dumb question about these various updater applets.  Why do they have to install an always-running program?  They only check for updates once a week, or once a day, or whatever. Windows has Scheduled Tasks.  Why not just setup a scheduled task?  You updater applet could just check for the update, and then exit.  Schedule it in Windows to run once a week or whatever. So, why don't developers do this?  I'm not a Win32 expert, but I would thinks that it is easier to create a Scheduled Task then it is to write your own scheduler in your application. It would also have the advantages of:

  1. Lower resource utilitzation.  The Windows Scheduler is already running.
  2. Centralized management. What am I missing? (Heh, as I started typing this, my JVM checked for an update, and is now nagging me.  Oh, and it triggered a UAC prompt.  Thanks Sun!)
  • Anonymous
    August 14, 2007
    Myron, to be honest, I don't know.  My guess is that they're either (a) lazy, (b) unfamiliar with the features of the platform, (c) indifferent to the desires of customers or (d) need to support OS versions without the task scheduler service. In all honesty, it's easier to write an app that runs all the time than it is to author a job - no matter how much more polite it is.

  • Anonymous
    August 14, 2007
    I've actually never understood why the volume control should be part of the notification area. I thought the notification area was supposed to be for notifications rather than used as a quick access toolbar. The only time I want to see a volume icon in the notification area is when I've done a "Mute all". Similarly with the network icon, I only want to see it when a network connection that I regularly use has become disconnected. Of course most people refer to that area as the system tray, in which case providing quick access to "system" functions like screen resolution, volume control, OneCare status blah blah blah becomes perfectly understandable. I'm so glad the "Always hide" function is available to me!

  • Anonymous
    August 14, 2007
    Why is the date&time in the notification area?  By your logic it shouldn't be there either. The volume control actually has visual indicators that reflect the actual hardware volume (at least as far as the sound card knows).  If your keyboard has volume HID controls, then the volume control will reflect the state of those HID controls.

  • Anonymous
    August 14, 2007
    I like the new startup class of services in Vista.  Being able to delay some of the startups is convenient and spreads out the process grinding.   Of course, getting people to use it is another thing.  PunkBuster's services barely installed properly in the first place, and then after I fixed them, I set them to delay start.  I don't need to make sure any video game cheats are running during Vista startup.

  • Anonymous
    August 14, 2007
    I have never seen the use for update applets? What's wrong with just checking for updates when your application actually runs? Another important thing for updaters is that they shouldwork for limited users. Even if it's just letting you know the update is there and leaves the installing to you.

  • Anonymous
    August 14, 2007
    Sven, I actually have no problems with them, IF they're done right. For instance, modulo the upsell thingy, iTunes handles it correctly - the applet runs as a scheduled task, it only runs once every few days and should be silent (but of course it isn't).

  • Anonymous
    August 14, 2007
    Larry, thanks for bringing this series up. I appreciate it. What bothers me most are some newer applications (PerfectDisk 8.x, StuffIt 11.x) which register with Windows Installer and as soon as you delete or rename any of their files, Windows Installer kindly pops up and repairs the installation. There is only one problem with that idea -- if the original MSI setup cache is deleted or damaged then the repair doesn't work and the machine almost hangs, not to mention that you MUST resolve this before trying to install any other application. Otherwise you will get the message "Setup for XYZ has been suspended, you cannot install ABC until you finish with XYZ". The reason why you would want to delete files by hand can be for example if uninstall information somehow got corrupted, Add/Remove doesn't work, and you want to remove the application anyway. In my case I wanted to prevent StuffIt from starting ArcNameService.exe each time I right click in Explorer and select "Create StuffIt Archive" because that stupid service starts roaring through all my hard-drives in an attempt to index all archive files so I could search for them quickly(!) -- I haven't seen anything more stupid in my whole life. Not only it brings my Raptor and RAID0 made of other two drives to their knees, it completely ignores OS indexing capabilities and it doesn't give me the option of not using that stupid search. So I renamed that file and of course it got restored immediately. Talk about being 0wned. Since I couldn't figure out which mechanism it used to start the installer I finally resolved it by patching ArcNameService.exe entry point with XOR EAX, EAX / RET. Luckily Windows Installer still doesn't compare checksum (shh, don't tell anyone!). I got in dispute with PerfectDisk because it insists on running its own scheduler like Task Scheduler is not good enough. I recently got rid of Sun's Java permanently when I realized what kind of bloat in the registry it created, plus it was annoying me with all those pesky updates -- jre1.6.0 update 1, jre1.6.0 update 2, jre1.6.0 update 3, jre1.6.0 update 4, ... , jre1.6.0 update 79, jre1.6.0.1, jre1.6.0.1 update 1, ... and they never heard of differential updates but instead it downloaded whole package each time. Lamers. Did you know that each new version however minor has its own CLSID which points to the same DLL file?!? Oh and don't forget to mention those app helpers which (like TV tuner remote controls for example) poll dozens of registry keys in 2 second intervals. And how could I leave out Acrobat Reader speed launch?!? Man, that thing is annoying. But Microsoft is guilty of that one too, they gave them the idea with Office startup. Oh and Acrobat Reader setup which defragments your drive without asking!!! Luckily I know how to use Orca tool to edit MSI databases. Can't wait to read the rest of the series.

  • Anonymous
    August 14, 2007
    "One other problem with updaters is that sometimes the authors of the updater use the updater to push unrelated software (at the moment, I'm particularly annoyed at the iTunes updater - if you install just Quicktime, the updater tries to get you to install Quicktime+iTunes, and there seems to be no way of shutting it up)." Larry Osterman probably can't do anything about this, but Microsoft itself is guilty of this. They use Windows Update to push WGA Notifications. But as I said, Larry Osterman probably can't do anything about this. All Larry Osterman can to is to complain to the WGA team.

  • Anonymous
    August 14, 2007
    I think at least with the updaters it is as much MSs fault. Why, oh why is there no option to specifiy an update url in a MSI package and then have the Windows Update engine check for patches at the url and apply them when something is found? I think these days almost every software needs an auto update mechanism, and yet the lack of some platform service for that on Windows really forces ISVs to roll out their own. That is bad from so many perspectives: A lot will have bugs, it is just a huge waste of effort, all these updaters waste system resources and I could go on and on and on. I take it that you will write about each of these applets in turn, so I'll wait for your post on those and what you think!

  • Anonymous
    August 14, 2007
    Hi Larry, What an interesting topic you have here. I used to work for an antivirus vendor and naturally we needed an updater. I wrote one that was just a windows application with no windows and wrote another simple GUI app front-end that allowed simple creating and editing of a Windows Scheduler task to run that updater. The actual updating functionality was a COM object that was used by the windowless app and another integrated updater. Using this approach took away the unnecessary burden of duplicating the Windows Scheduler functionality and let me spent more time on the actual updating and making it better.

  • Anonymous
    August 15, 2007
    Actually I didn't mind that the sound, power, and network icons weren't enabled by default in various versions of Windows, and I didn't mind the fact that I had to set options to enable them, because each option only had to be done once per install. But I don't expect everyone else to agree with me.  If someone doesn't want the sound, power, and network icons, why can't they disable them?  Why have those options disappeared?  (Or did Vista just move those options to a place where I haven't found them yet?) I also wish the language bar weren't treated differently.  In Windows 2000, NT4, ME, and 98, and even Windows 95 if IME 97 or IME 98 were installed, the language bar minimized to a single icon in the notification area.  A right-click on that icon brought up menus that could cascade to every necessary option.  Who had the idea that Windows XP and 2003 have to use at least 4 times as much valuable real estate in the task bar, and Vista has to use at least 5 times?  One icon was right. Meanwhile, the situation I've seen with Acrobat Reader is that it checks for updates when the application starts up.  I think I've seen it put other garbage in Windows start-up, but it did the right thing when checking for updates.  Also the other other garbage (upselling) comes when you visit their web site to get the updates, but still it did the right thing when simply doing its check when you start the application.

  • Anonymous
    August 15, 2007
    I love this column; i've ranted to my mate about this over beer. The lack of consideration by software vendors for their customers' computers worries me. Also, a certain AT1 Catalyst Control whatever it is has to die! Not only do the craplets take up more than 20MB of my ram, the driver installation tops 100MB in the program files dir.

  • Anonymous
    August 15, 2007
    Norman: It's just you. Look at the "properties" settings for the taskbar and disable whatever system icons [sic] you like--clock, volume, network, or power.

  • Anonymous
    August 15, 2007
    The comment has been removed

  • Anonymous
    August 15, 2007
    The comment has been removed

  • Anonymous
    August 15, 2007
    The comment has been removed

  • Anonymous
    August 15, 2007
    "Apple is notorious for this because of their patch policy (they only apply patches for the current revision of the OS, customers that have older OSs need to upgrade to get the security fix, even if the older OS is vulnerable)." Apple isn't quite that bad -- they supply security updates for at least current and current-1, sometimes more.  I know, since I'm current-1 now and was current-2 last year. Microsoft is basically the same way: there are no security updates for pre-SP2 XP, and the only other client OS out is Vista. It's about age and support load, not upselling.

  • Anonymous
    August 15, 2007
    Random Reader: Microsoft's patching policy is far more liberal than any other commercial OS out there.  We provide patches for something like 7 years after the release of the OS, 5 years after the successor.  And if you're willing to pay for a custom support agreement, you can get support beyond the product lifecycle. You're right that only version of XP we provide patches for is XP SP2 and and not XP SP1, but honestly, that's not surprising (IMHO, anyone running XP SP1 is a total fool).  We currently provide ongoing security patches for Win2K, XP SP2 and Vista. My issue with Apple is that they essentially say "no matter how heinous our security flaw is, if you're not running a recent version of our OS, tough".  My mom was forced to buy a new Mac because of this (they stopped supporting her machine when it was only something like 4 years old (her machine didn't come with a DVD drive and none of their current OS releases came on CDs)).

  • Anonymous
    August 15, 2007
    Tiger still ships on CDs as well as on DVDs, but however Leopead will probably not.

  • Anonymous
    August 15, 2007
    Wednesday, August 15, 2007 4:34 PM by James > Norman: It's just you. Look at the "properties" settings for the > taskbar and disable whatever system icons [sic] you like > --clock, volume, network, or power. OK then, Vista moved those settings to a better place than they were before, and it's just me who overlooked it while traversing the Control Panel settings for network, power, etc.  Thank you. Thursday, August 16, 2007 1:24 AM by LarryOsterman > IMHO, anyone running XP SP1 is a total fool Agreed.  SP2 was a bugfix release for both coding bugs and design bugs, and it was priced right for a bugfix release.

  • Anonymous
    August 17, 2007
    The comment has been removed

  • Anonymous
    August 21, 2007
    The comment has been removed

  • Anonymous
    August 22, 2007
    In previous articles, I've pointed out: Programmer Hubris - He's just not that into you Programmer