Will Linux distros run on Windows 10 S?


windows10s

Will Linux distros run on Windows 10 S?

Many people have asked “You just announced that Linux distro’s are coming to the Windows Store – will they run on Windows 10 S?”

The answer is No!

Just because an “app” comes from the Windows Store does NOT automatically mean that it’s safe & suitable for running in Windows 10 S. There are some apps that are not allowed to run on Windows 10 S, including all command-line apps, shells and Consoles.

Read on for more background & info:

What is Windows 10 S?

A couple of weeks ago, Microsoft announced Windows 10 S – a new SKU of Windows which is “Streamlined for security and superior performance“.

Windows 10 S is primarily aimed at non-technical users – teachers & grade-school children, non-technical students, content creators, artists, etc. – people who don’t typically want to spend time & effort futzing with their PC – people who just expect their computer to work safely, quickly, reliably and efficiently.

To deliver this experience, Windows 10 S users can only install apps from the Windows Store. This enables Microsoft to help ensure a safe, predictable, easy-to-use experience by preventing malicious and/or inefficient apps from getting onto users’ machines and wreaking havoc with their data and resources.

Therefore…

Windows 10 S is not well-suited for many app developers/hackers, admins & IT pro’s!

  • App developers often need to use tools that have access to low-level features of the local machine, e.g. debuggers, registry access, filesystem access, hardware access, etc.
  • Admins & IT Pro’s need to write and run scripts & tools that deploy apps, configure users’ accounts, modify security settings, configure firewalls & anti-malware systems, etc.

These needs are not well met by an operating system that has been deliberately constrained to prevent just these types of apps and tasks from running!

This said, Windows 10 S can be used for building code that runs elsewhere – on the web, on IoT devices, on a remote VM via ssh, etc. Such scenarios don’t require the user access/modify a local machine’s system, settings/registry, filesystem, etc.

And of specific interest to readers of this blog, Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software:

Why?

Windows 10 S primarily runs apps downloaded & installed via the Windows Store.

Modern Universal Windows Platform (UWP) store apps run within a secure & constrained sandbox, with explicitly controlled access to system resources, devices, and capabilities like file storage devices, cameras, ability to run in the background, etc.

Another class of Windows Store app, called Desktop Bridge (or “Centennial”) apps, are given much broader access to the OS. However, Desktop Bridge apps are only published by organizations which have a direct engagement with Microsoft, and which have been vetted and are well supported by the publisher. Examples of Desktop Bridge apps include Evernote, Arduino IDE, doubleTwist, PhotoScape, Virtual Robotics Kit, etc.

Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app.

Once installed, however, distro’s should be treated as command-line tools that run outside the UWP sandbox & secure runtime infrastructure. They run with the capabilities granted to the local user – in the same way as Cmd and PowerShell do.

This is why Linux distro’s don’t run on Windows 10 S: Even though they’re delivered via the Windows Store, and installed as standard UWP APPX’s, they run as non-UWP command-line tools and this can access more of a system than a UWP can.

So what should I use?

If you want to run all your dev tools, distros, shells, etc. on a machine running Windows 10 S – like the sweeet new Surface Laptop – then upgrade it to full Windows 10.¬† You’ll then be able to run Linux distro’s, Cmd/PowerShell, install dev tools, debuggers, profilers, packet sniffers, etc.

 

I hope this helps clear-up the question as to whether Windows 10 S – an operating system environment “Streamlined for security and superior performance” – can run Linux distro’s (and other command-line tools).

Rich Turner (@richturn_ms)

Comments (16)

  1. Ezhik says:

    Back in 2016 I remember MS demoed the ability to install .appx programs by double clicking and not from the store. Will Windows 10 S have this ability – is the limitation based on “Appx only” or “Store only”?

    1. No – that requires Developer Mode & “side-loading” to be enabled, which would explicitly break the goal of providing a safe environment because users could install any arbitrary APPX they build or (worse) download from teh interwebs ūüėČ

  2. Eric Pellegrini says:

    How can W10-S develop remotely via SSH? Will it have an ssh client?

    1. The store already has several Putty/ssh client apps ‚Äď some of which may run on Win10S ‚Äď let me know if you find one that does!

  3. Vadim says:

    Hi Rich,

    You’re saying ssh works, but consoles don’t. Putty comes to my mind. Does it work? If not, please describe an ssh scenario you’d recommend on Windows 10 S.

    Thanks,
    Vadim

    1. The store already has several Putty/ssh client apps – some of which may run on Win10S – let me know if you find one that does!

      1. Vadim says:

        Rich, I asked for your recommendation, but sounds like you just did a quick search in Store for ‘ssh’ and found something. Let me interpret the results then: there’s only one free SSH app that hasn’t been updated for a couple of years.

        1. You didn’t specify “free”, nor how frequently you expect something to be updated.

  4. PastorGL says:

    For a former university IT staff member, that’s looks for me like a mistake on product marketing side, and a classic example of artificial restriction.

    Especially If Windows 10 S is aimed at teachers and students. Even non-technical specialties nowadays include a small course of *NIX and console scripting in their Computer Science programs, and with Windows 10 S they will require separate hardware and software setup just to perform basic command line tasks, instead of doing that in the built-in WSL.

    I hope this is not a final decision.

    1. Microsoft is constantly adapting its products for many markets, users, use-cases, and scenarios.

      But this wasn’t a marketing decision: Win10S’ entire goal is to provide a safe, secure, predictable, reliable user-experience, and it cannot do so if it permits command-line applications from running. Since command-line applications are enormously powerful and generally run outside the “sandbox” that protects modern UWP applications, they can be used to modify system-wide settings & state and thus prevent the very premise that Win10S was created for.

      If you want to run command-line tools, and a broader range of apps & tools, upgrade a machine running Windows 10S to full Windows.

      1. Dave Braxton says:

        “Win10S‚Äô entire goal is to provide a safe, secure, predictable, reliable user-experience”

        That’s not the goal of Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education?

        1. Within limits, yes. But since full Windows can run practically any Windows app, script, tool, etc., it’s possible that a malicious tool or script inadvertently downloaded by an enthusiastic but unsuspecting user from Microsoft.Official.Trusted.Honest.hahkkerzroolz.com could negatively¬†affect the user’s experience.

          The difference is that by severely constraining the OS to only run¬†apps that have¬†been successfully published through the Windows Store, and preventing things like shell scripts from running,¬†it’ll be difficult for most users to get anything malicious to run on Win10S.

          The trade-off is that¬†Win10S users won’t be able to run anything and everything: Some apps (even genuine ones) will not be able to run on Win10S.

          If you find that you want/need to run restricted apps, upgrade to full Windows.

  5. Chris says:

    Windows 10 S, make Windows useless again.

    My biggest complaint of the Surface Pro 4 is the lack of app availability. For instance, there’s only one decent pdt reader out there which runs well and has the features I need to study – Sumatra pdf. On Android, there’s dozens.

    When Microsoft has a hint of success, they go mad. People don’t buy a Surface because it’s good, they buy it because it’s the only half decent tablet which runs “Legacy” desktop apps.

    1. App availability doesn’t have anything to do with the specific PC you use to run Windows.

      I just searched the store and there are more than 30 apps able to read PDF’s. Further, Edge itself also has a pretty good PDF reader that’s getting some great new features in the next version of Windows (which you can get early access to via the Insiders program), including pen & ink support.

      Surface is a great tablet – I own one of each Surface2, Surface Pro2, Surface Pro4, and a work Surface Pro4. But Dell, Alienware, Razer, HP, Lenovo, Acer, Asus, MSI, etc. also have some great lightweight, powerful, stylish, svelte and sexy laptops and convertables of various designs and price-points.

  6. hazard says:

    What a fantastic idea this Windows10 S actually is. At last.
    BUT
    1. Windows10 S needs to be fully sandboxed to stop rogue apps, iis. oracle issues occuring and introducing memory leakage and app reliability issues (causing knock-on issues with other apps) because of java runtime software issues, web based issues, development bugs and patches/updates installing in the background.
    2. There needs to be seperate network stacks. Introducing Linux subsystem for Windows10 is a fantastic idea too (well done Microsoft and Canonical/) HOWEVER, there is no way that – on a secure OS such as windows 10 or Windows 11, these 2 operating systems can access the same data, on the same hard drive. These data MUST be totally seperate and also to be able to pass Goverment Security Rules and so on.
    3. In addition, perhaps it might be best to have a windows 10 D edition. This would be for development usage. Developers may a subscription to keep these up to date with the latest Microsoft and Canonical Apps and OS.
    4. Leaving Windows 10 (Full Version) to the rest.
    What an exciting time for windows, running Linux, running Ubuntu, on Windows, not on a VM (!)
    Providing this is secure and has a way of seperating these data so that these 2 operation systems DO NOT mix (!)
    You guys are so cool. But think about the security people running around the offices screaming right now with Linux for Windows Sub System…(including GCC !) Best,
    3.

    1. Thanks for your thoughts, but a few of your comments are inaccurate:

      We do not need separate network stacks – distros running atop WSL share the same underlying networking stack with the rest of Windows. When an Linux app opens a network socket, it is given a handle to a Windows network socket. When it reads/writes from/to that socket, all IO operations are performed via the Windows network socket.
      Similarly, Linux shares the Windows Filesystem, routing IO calls via the Windows filesystem API’s
      This approach has many benefits, not least of which that enterprises, etc. who want to prevent malware, can use the same tools used to monitor & manage Windows apps, to monitor Linux apps too!

      I’d encourage anyone interested in the security side of things to read this post more info on the anti-malware side of things and to reach out if they’d like to discuss further.

Skip to main content