Will Linux distros run on Windows 10 S?


windows10s

Will Linux distros run on Windows 10 S?

Many people have asked "You just announced that Linux distro's are coming to the Windows Store - will they run on Windows 10 S?"

The answer is No!

Just because an "app" comes from the Windows Store does NOT automatically mean that it's safe & suitable for running in Windows 10 S. There are some apps that are not allowed to run on Windows 10 S, including all command-line apps, shells and Consoles.

Read on for more background & info:

What is Windows 10 S?

A couple of weeks ago, Microsoft announced Windows 10 S - a new SKU of Windows which is "Streamlined for security and superior performance".

Windows 10 S is primarily aimed at non-technical users - teachers & grade-school children, non-technical students, content creators, artists, etc. - people who don't typically want to spend time & effort futzing with their PC - people who just expect their computer to work safely, quickly, reliably and efficiently.

To deliver this experience, Windows 10 S users can only install apps from the Windows Store. This enables Microsoft to help ensure a safe, predictable, easy-to-use experience by preventing malicious and/or inefficient apps from getting onto users' machines and wreaking havoc with their data and resources.

Therefore...

Windows 10 S is not well-suited for many app developers/hackers, admins & IT pro's!

  • App developers often need to use tools that have access to low-level features of the local machine, e.g. debuggers, registry access, filesystem access, hardware access, etc.
  • Admins & IT Pro's need to write and run scripts & tools that deploy apps, configure users' accounts, modify security settings, configure firewalls & anti-malware systems, etc.

These needs are not well met by an operating system that has been deliberately constrained to prevent just these types of apps and tasks from running!

This said, Windows 10 S can be used for building code that runs elsewhere - on the web, on IoT devices, on a remote VM via ssh, etc. Such scenarios don't require the user access/modify a local machine's system, settings/registry, filesystem, etc.

And of specific interest to readers of this blog, Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software:

Why?

Windows 10 S primarily runs apps downloaded & installed via the Windows Store.

Modern Universal Windows Platform (UWP) store apps run within a secure & constrained sandbox, with explicitly controlled access to system resources, devices, and capabilities like file storage devices, cameras, ability to run in the background, etc.

Another class of Windows Store app, called Desktop Bridge (or "Centennial") apps, are given much broader access to the OS. However, Desktop Bridge apps are only published by organizations which have a direct engagement with Microsoft, and which have been vetted and are well supported by the publisher. Examples of Desktop Bridge apps include Evernote, Arduino IDE, doubleTwist, PhotoScape, Virtual Robotics Kit, etc.

Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app.

Once installed, however, distro's should be treated as command-line tools that run outside the UWP sandbox & secure runtime infrastructure. They run with the capabilities granted to the local user - in the same way as Cmd and PowerShell do.

This is why Linux distro's don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can.

So what should I use?

If you want to run all your dev tools, distros, shells, etc. on a machine running Windows 10 S - like the sweeet new Surface Laptop - then upgrade it to full Windows 10 You'll then be able to run Linux distro's, Cmd/PowerShell, install dev tools, debuggers, profilers, packet sniffers, etc.

 

I hope this helps clear-up the question as to whether Windows 10 S - an operating system environment "Streamlined for security and superior performance" - can run Linux distro's (and other command-line tools).

Rich Turner (@richturn_ms)

Comments (31)

  1. Ezhik says:

    Back in 2016 I remember MS demoed the ability to install .appx programs by double clicking and not from the store. Will Windows 10 S have this ability - is the limitation based on "Appx only" or "Store only"?

    1. No - that requires Developer Mode & "side-loading" to be enabled, which would explicitly break the goal of providing a safe environment because users could install any arbitrary APPX they build or (worse) download from teh interwebs 😉

  2. Eric Pellegrini says:

    How can W10-S develop remotely via SSH? Will it have an ssh client?

    1. The store already has several Putty/ssh client apps – some of which may run on Win10S – let me know if you find one that does!

  3. Vadim says:

    Hi Rich,

    You're saying ssh works, but consoles don't. Putty comes to my mind. Does it work? If not, please describe an ssh scenario you'd recommend on Windows 10 S.

    Thanks,
    Vadim

    1. The store already has several Putty/ssh client apps - some of which may run on Win10S - let me know if you find one that does!

      1. Vadim says:

        Rich, I asked for your recommendation, but sounds like you just did a quick search in Store for 'ssh' and found something. Let me interpret the results then: there's only one free SSH app that hasn't been updated for a couple of years.

        1. You didn't specify "free", nor how frequently you expect something to be updated.

  4. PastorGL says:

    For a former university IT staff member, that's looks for me like a mistake on product marketing side, and a classic example of artificial restriction.

    Especially If Windows 10 S is aimed at teachers and students. Even non-technical specialties nowadays include a small course of *NIX and console scripting in their Computer Science programs, and with Windows 10 S they will require separate hardware and software setup just to perform basic command line tasks, instead of doing that in the built-in WSL.

    I hope this is not a final decision.

    1. Microsoft is constantly adapting its products for many markets, users, use-cases, and scenarios.

      But this wasn't a marketing decision: Win10S' entire goal is to provide a safe, secure, predictable, reliable user-experience, and it cannot do so if it permits command-line applications from running. Since command-line applications are enormously powerful and generally run outside the "sandbox" that protects modern UWP applications, they can be used to modify system-wide settings & state and thus prevent the very premise that Win10S was created for.

      If you want to run command-line tools, and a broader range of apps & tools, upgrade a machine running Windows 10S to full Windows.

      1. Dave Braxton says:

        "Win10S’ entire goal is to provide a safe, secure, predictable, reliable user-experience"

        That's not the goal of Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education?

        1. Within limits, yes. But since full Windows can run practically any Windows app, script, tool, etc., it's possible that a malicious tool or script inadvertently downloaded by an enthusiastic but unsuspecting user from Microsoft.Official.Trusted.Honest.hahkkerzroolz.com could negatively affect the user's experience.

          The difference is that by severely constraining the OS to only run apps that have been successfully published through the Windows Store, and preventing things like shell scripts from running, it'll be difficult for most users to get anything malicious to run on Win10S.

          The trade-off is that Win10S users won't be able to run anything and everything: Some apps (even genuine ones) will not be able to run on Win10S.

          If you find that you want/need to run restricted apps, upgrade to full Windows.

    2. Scott says:

      Clearly this is not going to work for EE/CS students, but when you have 20,000 personal laptops on campus that ITS can't directly administer, and most of those are going to be used for non-EECS majors writing papers, it makes sense under the principal of least privilege to have people use 10S by default.

      My only concern is making sure that it's easy and cheap for EECS majors to upgrade to the version they need, once they come to college and find out that they're going to use bash.

      1. The principle you describe is precisely what drove the creation of Win10S. For the VAST majority of users who don't need to write/run scripts, command-line tools, Linux distro's, etc., Win10S will be more than enough. Should users want/need to upgrade to full Windows, they're free to do so.

  5. Patrick Dunlap says:

    Will Windows 10 S have the ability to run powershell commandlets? How about remotely from a admin machine with 10 Enterprise or a Windows Server OS?

    1. In order to run PowerShell commandlets, Windows 10 S would need to attach a Console ... which it can't, so no, it can't.

  6. Chris says:

    Windows 10 S, make Windows useless again.

    My biggest complaint of the Surface Pro 4 is the lack of app availability. For instance, there's only one decent pdt reader out there which runs well and has the features I need to study - Sumatra pdf. On Android, there's dozens.

    When Microsoft has a hint of success, they go mad. People don't buy a Surface because it's good, they buy it because it's the only half decent tablet which runs "Legacy" desktop apps.

    1. App availability doesn't have anything to do with the specific PC you use to run Windows.

      I just searched the store and there are more than 30 apps able to read PDF's. Further, Edge itself also has a pretty good PDF reader that's getting some great new features in the next version of Windows (which you can get early access to via the Insiders program), including pen & ink support.

      Surface is a great tablet - I own one of each Surface2, Surface Pro2, Surface Pro4, and a work Surface Pro4. But Dell, Alienware, Razer, HP, Lenovo, Acer, Asus, MSI, etc. also have some great lightweight, powerful, stylish, svelte and sexy laptops and convertables of various designs and price-points.

  7. hazard says:

    What a fantastic idea this Windows10 S actually is. At last.
    BUT
    1. Windows10 S needs to be fully sandboxed to stop rogue apps, iis. oracle issues occuring and introducing memory leakage and app reliability issues (causing knock-on issues with other apps) because of java runtime software issues, web based issues, development bugs and patches/updates installing in the background.
    2. There needs to be seperate network stacks. Introducing Linux subsystem for Windows10 is a fantastic idea too (well done Microsoft and Canonical/) HOWEVER, there is no way that - on a secure OS such as windows 10 or Windows 11, these 2 operating systems can access the same data, on the same hard drive. These data MUST be totally seperate and also to be able to pass Goverment Security Rules and so on.
    3. In addition, perhaps it might be best to have a windows 10 D edition. This would be for development usage. Developers may a subscription to keep these up to date with the latest Microsoft and Canonical Apps and OS.
    4. Leaving Windows 10 (Full Version) to the rest.
    What an exciting time for windows, running Linux, running Ubuntu, on Windows, not on a VM (!)
    Providing this is secure and has a way of seperating these data so that these 2 operation systems DO NOT mix (!)
    You guys are so cool. But think about the security people running around the offices screaming right now with Linux for Windows Sub System...(including GCC !) Best,
    3.

    1. Thanks for your thoughts, but a few of your comments are inaccurate:

      We do not need separate network stacks - distros running atop WSL share the same underlying networking stack with the rest of Windows. When an Linux app opens a network socket, it is given a handle to a Windows network socket. When it reads/writes from/to that socket, all IO operations are performed via the Windows network socket.
      Similarly, Linux shares the Windows Filesystem, routing IO calls via the Windows filesystem API's
      This approach has many benefits, not least of which that enterprises, etc. who want to prevent malware, can use the same tools used to monitor & manage Windows apps, to monitor Linux apps too!

      I'd encourage anyone interested in the security side of things to read this post more info on the anti-malware side of things and to reach out if they'd like to discuss further.

  8. Pete H says:

    Argh! Seeing that you've responded to the "distro's" laments with grace and humor, I'm going to attempt to infect you with a virus I caught long ago from Donald Knuth himself.

    You wrote: "organizations which have a direct engagement with Microsoft" (and many other examples.)

    This is an example of what Don K calls “wicked whiches”—‘which’s that should have been ‘that’s. 😀

    It's written up in a PDF from a course on Mathematical Writing, which I'm sure you can find online... a couple of money quote:

    "If it sounds all right to replace a ‘which’ by a ‘that’, then Strunk & White say replace it."

    Which and that are not in themselves very important. But tone is important, and tone consists entirely of making these tiny, tiny choices. If you make enough of them wrong—choices like which versus that—then you won’t get your maximum readership. The reader who has to read the stuff will go on reading it, but with less attention, less commitment than you want. And the reader who doesn’t have to read will stop.”

    1. Appreciate the comments, and I agree with the point you raised. Perhaps some of the issues here are further exacerbated by the differences between UK and US English. I'll take a gander at The (Real) Donald's paper and adjust accordingly 😉

  9. Gabe Jones says:

    Is there a way for developers to get their hands on Windows 10 S for testing our apps? I know that OEMs shipping machines with Win10S have it, but it would be useful for app developers to get it for testing from, say, MSDN prior to its release, rather than having to run to Fry's and buy a laptop with the OS once it starts shipping.

    Also, what does the third-party driver scene look like on Windows 10 S? Must all drivers be delivered via Windows Update?

    1. Have sent your questions to the team - will respond here once they get back to me.

    2. Hey Gabe. Got some info for you:

      1) Win10S builds are being created as we speak. Details to follow re. dev' versions.
      2) Win10S drivers have more stringent requirements than for Win10. Some details here; more to follow: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/windows10sdriverguidelines
      3) For further questions, feel free to reach out to Jeffrey Sutherland via Twitter @j3ffr3y1974.

      HTH.

      1. Gabe Jones says:

        Thanks for the response, Rich. (I apparently don't have e-mail alerts on this thread, because I just stumbled upon the response today!)

        1. No problem - glad it was helpful 🙂 Thanks for the feedback; keep it coming 😉

  10. zakius says:

    simple question: how S is for school and students if it doesn't run coding/hacking stuff?

    1. When Win10S is talked about in "school" scenarios, it's more about non-technical school scenarios, e.g. students participating in class projects to learn about history, math, geography, languages, etc.

      For students learning about computers, coding, hacking, debugging, etc., using tools that could get non-technical users & their machines into trouble, Win10S is not the right solution.

      Win10S is about providing a restricted environment in which users can only run apps from the Windows Store, and which are prevented from running apps that enables them (or malicious actors) to screw-up their machine such that their safety & security can be easily compromised.

  11. dave-570 says:

    Linux Distros are NOT apps or cmd line tools, is this article for real ????????? A microsoft engineer that doesn't know what Linux is ??????????????

    1. What you mean is that a Microsoft engineer doesn't know what GNU/Linux is, right? 😉

      Moreover, is a Linux distro that ships without a Linux kernel not just a "Distribution containing a collection of tools, daemons, and systems that are compatible with GNU/Linux" instead?

      Linux is the kernel. Many of the user-mode tools, apps, daemons, and systems that run atop the Linux kernel originated with the GNU project, but not all: Many more originated from a variety of other sources.

      How would you prefer to summarize the above situation in just a couple of words?

Skip to main content