Windows Vista Enabling Parental Controls in your Application

Windows Vista: Enabling Parental Controls in your Application Brian Trenbeath FUN 304 Program Manager Microsoft Corporation 1

Why Parental Controls On Windows? Primary gateway for kids to the Internet Parents want child safety features on their computer Governments, Parent Groups, Media, Industry are all active in this space Microsoft and Windows at heart of the discussion 2

Basic Approach Goals: Help protect kids from bad people Help protect kids from bad content Guiding Principles: Give parents tools so that they know what activities their children are doing on the computer Give parents the tools to help decide what activities their children can do on the computer Provide controls to help kids form accidentally hitting ‘bad’ content Provide an extensible platform so that 3 rd parties will be able to add value/improve upon the work we have done Non-Goals: Prevent ‘bad’ kids from doing ‘bad’ things Be the arbiter of what is appropriate content 3

Windows Parental Controls 4

Windows Parental Controls What users see Parental Controls Panel Logging and Activity Reporting Restriction Silos Time Limits Game Restrictions General Application Restrictions Web Restrictions 3 rd Party Settings 5

Windows Parental Controls Building Blocks 6

Windows Parental Controls Restriction Areas Time Limits Game Restrictions General Application Restrictions Web Restrictions API’s available to tell you if an action is restricted All settings also available through WMI 7

Windows Parental Controls Time Limits 8

Windows Parental Controls Time Limits Mechanism used to enforce is a Fast User Switch (FUS) Can subscribe to a disconnect warning event Fires at ~15 minutes before and just before the forced FUS For example, multi-user programs, or programs that use audio may want to pay attention to this 9

Windows Parental Controls Game Restrictions Working in Beta 1 10

Parental Controls – Game Restrictions 11

Windows Parental Controls Game Restrictions Closely integrated with the Games Explorer GDF’s (Game Definition Files) contain ratings information Supported titles install their own GDF Windows will find about 2000 legacy titles Enforced 3 ways File System ACL’s ‘Insta-slam’ – process termination for legacy titles Supported titles self-check (Verify. Access API) 12

Windows Parental Controls Game Restrictions – GDFs Game Definition File (GDF): An XML file, supplied by the ISV, which contains Game Explorer, Patching, and Parental Controls information for a specific title The GDF is a: Simple, easy-to-create XML file Embedded as a localizable resource Can reference other resources files Windows is planning a GDF Editor tool that will ship with Direct. X SDK Simplify creation of GDFs Allow a preview of what your Game Explorer view will look like Ease in creating proper, localizable, resource DLLs 13

Sample GDF File Will change prior to release (1/2) <? xml version="1. 0" encoding="utf-8" ? > <Game. Definition. File xmlns="urn: schemas-microsoft-com: Game. Description. v 1"> <Game. Definition game. ID="5 C 08 D 2 FF-A 48 E-43 ca-846 C-08924563 E 5 A 7"> <Name>Meltdown 2005</Name> <Description>The Penultimate Game</Description> <Release. Date>2004 -12 -30</Release. Date> <Version. File file="binMy. Game. exe" /> <!-- (or otherwise you can use) <Version four. Part. Version=“ 1. 0. 2. 3” /> --> </Version> <Icon filename="binIcon. dll" resource. ID="4337" resource. Type="blob" /> <Box. Art filename="binBox. Art. dll" resource. ID="4337“ resource. Type="blob" /> <Genres> <Genre>Action</Genre> <Genre>Adventure</Genre> <Genre>Life Simulation</Genre> <Genre>RPG</Genre> </Genres> continued…. 14

Sample GDF File Will change prior to release (2/2) <Ratings> <!-- Rating System GUIDS will Change prior to ship. --> <!-- Sample ESRB Rating --> <Rating rating. ID="5 C 08 D 2 FD-A 48 E-43 ca-846 C-08924563 E 5 A 7" rating. System. ID="5 C 08 D 2 FE-A 48 E-43 ca-846 C-08924563 E 5 A 7“> <Descriptor descriptor. ID="5 C 08 D 2 FD-A 48 E-43 ca-846 C-08924563 E 5 C 7" /> <Descriptor descriptor. ID="5 C 08 D 2 FD-A 48 E-43 ca-846 C-08924563 E 5 B 7" /> </Rating> <!-- Sample PEGI Rating --> <Rating rating. ID="3 DA 80 A 0 E-A 538 -4370 -A 144 -D 1 DEB 768 F 3 AE" rating. System. ID="3 DA 80 A 0 E-A 538 -4370 -A 144 -D 1 DEB 768 F 3 AE“> </Ratings> 15

Windows Parental Controls General Application Restrictions 16

Windows Parental Controls General Application Restrictions When turned on, only programs an Admin specifies are allowed to run Exceptions include: All binaries required for Windows to function All executables that register (using API) Games specified as being allowed under Games Restrictions Enforced using SRP “Software Restriction Policy” Prevents execution from all media (USB keys, floppies, etc. ) Uses ‘path’ rules to specify programs that are allowed to run NTFS ACL ‘write’ permissions revoked from anything allowed to run 17

Windows Parental Controls Web Restrictions 18

Parental Controls – Web Restrictions 19

Windows Parental Controls Web Restrictions Windows Vista will ship, in box, with a free Web Content Filter service LSP implementation 3 types of interaction “Browser” applications Application ‘uses’ HTTP but not a browser Other Web Filter applications 20

Web Restrictions “Browser” applications If you are displaying HTML, you are a ‘browser’ Minimum Bar – Don’t need to change anything. Legacy browsers should work Sites blocked by our filter will return HTTP error code 450 “Blocked by Parental Controls” and an Error Page 21

Web Restrictions “Browser” applications We are monitoring all HTTP Get and Post requests Individual parts of web pages can be blocked (images, script, controls, etc. . ) Step above min bar support is to provide UI to describe ‘partial blocks’ 22

Web Restrictions “Browser” applications 23

Web Restrictions “Browser” applications Windows Vista Supported browsers can also check a ‘Downloads allowed’ setting to allow/block file downloads Providing an API to request permission to view a blocked page Browsers can call this API to kick off a process where Toby can request access // Create the root WPC object CCom. Ptr<IWindows. Parental. Controls> spi. WPC = NULL; HRESULT hr = spi. WPC. Co. Create. Instance(__uuidof(Windows. Parental. Controls)); if (SUCCEEDED(hr )) (SUCCEEDED(hr)) { // Retrieve the Web settings object for our user SID CCom. Ptr<IWPCWeb. Settings> spi. Web; hr = spi. WPC-> Get. Web. Settings(m_pcsz. SID, , &spi. Web ); spi. WPC->Get. Web. Settings(m_pcsz. SID &spi. Web); if (SUCCEEDED(hr )) (SUCCEEDED(hr)) { // Request the URL override for our single URL (we could also include sub-URLs if needed) BOOL f. Changed; hr = spi. WPC-> Request. URLOverride(pcsz. URL, , 0, NULL, &f. Changed ); spi. WPC->Request. URLOverride(pcsz. URL &f. Changed); } } 24

Web Restrictions Applications that use HTTP Legacy apps should be potentially expecting a failure on any HTTP Get Windows Vista Supported applications can potentially special case the 450 – Parental Controls blocked error Windows Vista Supported titles can register themselves on an exception list – so that they are not filtered Take care using this option Need to install with admin privilege to get added to this list 25

Web Restrictions Other Web Filters Windows Vista supports running a single compliant Web Content filter at a time Other Web Content Filters can replace the in-box filter API called with (GUID, friendly name) to set who current filter is If your filter is not specified as the current filter, then you should not do filtering Clear setting on uninstall Parental Controls panel UI will be extensible to show who the current filter is 26

Web Restrictions Other Web Filters 27

Windows Parental Controls Panel Extensibility Will appear in the “Other parental controls” section of the control panel Information needed Launch URL Icon Display Name Secondary text 28

Windows Vista Parental Controls Logging and Activity Reports Parental Controls logs use Windows Eventing API’s Special Parental Controls channel defined Many events Windows Vista handle logging Many other events, need the application to do the logging IM events File download events Media playback events Other PC interesting events – channel is extensible 29

We Need Your Help Cannot make the computer safe without help from ISV’s Going to ask that Windows Vista supported software 1. Log all ‘Parental Controls’ interesting events Ones defined in SDK New ones specific to your software 2. 3. Respect parental controls settings relevant to your software Place entry points to your own PC settings 30

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 31