Version 6 (modified by davea, 13 years ago) (diff)


Windows installer version 6 design



wThis document describes the design of the BOINC Windows installer for version 6. Implementation details are here.

New features

Changes to BOINC version 6 include:

  • Account-based sandboxing
  • Separate data and executable directories
  • Simplify installer experience

Account-based sandboxing

The installer offers two security modes:

  • Secure: the BOINC client and applications run under unprivileged accounts. The core client runs as a service. ??? why are these linked?
  • Graphics compatible: same as the single-user installation of v5; the core client and all applications run in the same security context as the user who logged into the system. This allows users to see graphics from older as well as newer science applications, or projects with long running tasks which won't complete for a while.

The advantages of Secure mode are:

  • It limits the damage that can be done by buggy or malicious applications
  • It limits the damage due to bugs or network security vulnerabilities in the core client.
  • By default non-administrative accounts cannot create globally named shared memory segments, therefore keyboard and mouse activity could not be monitored without setting up an account with that additional user right.

Multi-user protection policy

The installer offers two protection modes:

  • All users on the host can control BOINC (i.e. attach/detach projects) using the BOINC Manager.
  • Only the user who installed BOINC or an administrator can control BOINC. Users can be allowed to control by adding them to a 'boinc_users' group. When other users run the BOINC Manager, they'll get a dialog saying to contact the administrator to add them to the 'boinc_users' group.

Executable/Data? Separation

Previous versions of BOINC on Windows stored the data files and executable files in the same directory. This created problems on Vista ??? explain?

Having a separate data directory also allows you to use a new hard drive or network drive for data, without moving the executables. ??? so what?

The V6 installer create a new data directory and migrates existing data files to the new data directory. The default executable directory remains C:\Program Files\BOINC The default data directory is:

C:\Users\All Users\BOINC

C:\Documents and Settings\All Users\Application Data\BOINC

Simplify installer experience

Welcome Screen

Same as before.

License Screen

Same as before.

Configuration Screen

title: Installation options
subtitle: These are the current installation options

Program directory:  [...]
Data directory:  [...]

Use BOINC screensaver
Protected application execution
Allow all users on this computer to control BOINC

Click Next to use these options.
Click Advanced to customize options.
[Advanced] [Next]

Advanced goes to the advanced configuration page. Next goes to the Confirmation screen.

Advanced Configuration

title: Customize installation options
subtitle: Customize how BOINC is installed on your computer

Program directory: [...] [Browse]
Data directory: [...] [Browse]

[ ] Use BOINC Screensaver
[X] Protected application execution.
    This provides increased protection against faulty project applications.
    However, it may cause screensaver graphics to not work with older applications.
[X] Allow all users on this computer to control BOINC

Checkboxes labeled as [X] are enabled by default, otherwise they are disabled. If any values are present from previous install, use them. The "Allow users" checkbox is disabled unless the "Protected" checkbox is set.

'Next' goes to 'Confirmation' screen.

Confirmation Screen

Same as before.

Discussion Topics

  • Why was the 'Launch BOINC on startup' option removed from the installer?

The 'Launch BOINC on startup' option actually started the BOINC Manager, so on systems where BOINC was being installed as a service it was being ignored. Most people do not understand the difference between BOINC and the BOINC Manager. Most people who install BOINC want it to run whenever they are not around.

To keep things simple we decided to remove the option and set up the system so that both BOINC and the BOINC Manager are started at system startup or logon If the users want to change this behavior they can delete the BOINC Manager shortcut and/or change the service properties via the service control manager administrative tool.