Classic Shell: Forum

Hi

First I want to say thanks for creating a very nice application. I've used it for quite some time now and it's one of the best I've tried for this sort of tasks.

We're considering using Classic Shell on our Windows 2012 servers in our company. We've got lots of servers, and more and more of them will become Windows 2012 from this point and forward.

The biggest issue are our security concerns because it's created by a third party developer and not Microsoft. I'm not totally trusting Microsoft either after the NSA stuff going on, but let's not get there. Are there ANYTHING you guys can give us to ease our skepticism at all here? Is there any way to make sure this app does not include back doors, or phone home abilities? Like blocking the app in Windows FW would probably be one possibility. But it will not cover anything. I do certainly not believe you would add such things to the app, but I promise my boss that you don't either.

The second biggest issue are stability. Could this app give us problems on production servers? Have there been issues with stability? And if there are issues, is it likely just to be problems with the Classic Shell program only, or underlaying components that could potentially bring the server to it's knees? I'm sure the older 3.6.8 version would be pretty stable, but even this one could create some problems perhaps?


I'd appreciate any help you can give us!

To the best of my knowledge, Ivo (the developer) hasn't coded any backdoors in Classic Shell. You can check out the source yourself of the current stable version to check for yourself. The new beta version's source isn't open for reasons mentioned here: http://www.classicshell.net/faq/#general_oss Disabling it in the firewall will only cause it to be unable to check for updates, no other functionality should be affected.

As for stability, except for a rare crash which any software can have due to some incompatibility with other software or rare software/hardware configuration, Classic Shell is extremely stable. On production servers, it is recommended of course that you download the stable version which is used by millions daily. For extra stability on the server, you can install only the components you need.
The Start Menu EXE hooks into the Explorer.exe process, so if ever Explorer crashes become a problem in a very rare event, you can simply open the menu with a shortcut to ClassicStartMenu.exe and the -nohook parameter pinned to the taskbar. Although -nohook is really intended for troubleshooting, not for regular usage, do not use it. For regular usage, it's safe to run the Start Menu and allow it to hook into Explorer.exe (that is the only way it can integrate well with the system). It is extremely stable.

_________________
Links to some general topics:

● Compare Start Menus

● Read the Search box usage guide.

I am a Windows enthusiast and helped a little with Classic Shell's testing and usability/UX feedback.

Here's the official privacy policy: http://www.classicshell.net/privacy/
The only "phone home" feature is the auto-update and it can be disabled (or not installed in the first place).

Versions 3.9.0 and later are digitally signed. You can at least trust that nobody has tampered with the installer since I made it. Versions 3.9.0 and later also don't use a service, so all pieces of Classic Shell (aside from the installer) run at normal integrity level, which improves security.

Do not use the "-nohook" switch, particularly after version 3.9.0. It does not work in all cases and can cause performance issues.

Also as the FAQ says if you have a legitimate need to a peek at the source code it can be arranged.