Software + Services. A Modern Approach. Part 2
Part 2 – The idea
Contents:
- A little more Live Mesh (CTP)
- The Actors
- The Modern Approach
1. A little more Live Mesh (CTP)
Today, online and offline tend to be two different approaches for building software. Most software companies offer either online or offline versions of their software.
If they somehow offer both then mostly sure one is a limited (reduced functionality) version of the other. Moreover companies tend to create a gap between the time when the offline and the online version gets updated. You always hear thing like “the online version does not yet support feature X that is available in the desktop version. Will be available soon”. The bad thing is the soon might mean a couple of months.
Creating software that works the same way both online and offline is not a new idea but until not it would require a lot of overhead. There was the need to simulate either the offline environment online or the reverse.
Now, with Live Mesh, the online environment is simulated on the local machine with no overhead for the developer. The guys from Microsoft resolved this problem and they’ve simplified our lives.
There are some aspects that need to be clarified as pointed in Part 1 about online services and applications:
- The user experience: this problems was somehow resolved by enabling applications to be based on Silverlight. This technology enables web applications to deliver an improved experience compared to the classical web apps. It is client-side technology.
- The need of permanent connectivity: just like smart clients, Mesh Enabled Applications can run with no network connectivity, persist offline what needs to be processed online and continue the process when connectivity is available. In other words what can be done offline is done anytime and if Internet access is required the task is queued.
2. The Actors
Lets consider a company named InvoiceGuys which offers a service called InvoiceService that exposes functionality for processing invoices. Anyone can subscribe the this service – for the sake of simplicity we’ll just ignore authorization and authentication; just don’t do this in real life!
Panda Cloud Antivirus Beta Review
As we emerge more and more is a Software + Services world, Panda took advantage of this new wave and released the World’s first cloud antivirus solution.
The protection model based on a thin-client agent and server architecture which services malware protection as opposed to locally installed products. By combining local detection technologies with cloud-scanning capabilities and applying non-intrusive interception techniques on the client architecture, Panda Cloud Antivirus provides some of the best protection with a lightweight antivirus thin-client agent that barely consumes any PC resources.
Of course this S+S approach has advantages and drawbacks.
Advantages:
- Always using the latest version of software and protection
- Minimum impact on local resources
- Detection of threats in less than 6 minutes (this is what Panda announced on the official blog)
Drawbacks:
- Need of permanent Internet connection
- Without Internet connection the protection is reduced
Panda Cloud Antivirus takes advantage of the cloud world and combines the information from all users in order to detect and stop malware. Using the so called Panda Collective Intelligence, a cloud-based test lab for malicious software, samples are collected, analyzed, categorized and, if needed, disinfection routines are created. Therefore the community becomes the lab. In this way there is no need for software updates, there is no virus definition database on the client computer and everyone has access to the latest protection.
Compared to other antivirus solutions, Panda categorizes local files from “real security risk” to “minimum security risk” and by this criteria the scanning engine prioritizes it’s tasks. There are three types of automatic scanning (as mentioned on the official blog):
- On-Access Scan. This is the maximum priority resident scan that is applied only to objects which are truly a security risk in a specific point in time: files which are being executed or used. The file is intercepted, prevented from running and disinfected if found to be malicious.
- Prefetch Scan. There are other elements such as files downloaded from the Internet which, while not being executed at a specific point in time, have a much higher risk and probability of being executed at any time. These files should be watched more closely than files which have barely any activity, as we can expect them to be executed, unpacked, copied or moved shortly. A Prefetch Scan basically launches an asynchronous local & cloud query on the file to scan it “as soon as possible” without impacting performance. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.
- Background Scan. Lastly a normal PC has hundreds of thousands of files in its hard drive. Most of these files are not executing normally and simply just “sit there” until either the use double-clicks on them or they are called upon by another process. These are considered the least dangerous files from a security perspective. Panda Cloud Antivirus will continuously run Background Scans on these in an asynchronous manner while the PC is idle, without impacting performance at all. Of course if any of these files is called to be executed, the file will be intercepted and an on-access scan will be applied to it.
In my opinion Read the rest of this entry »
Software + Services. A Modern Approach. Part 1
Part 1 – Intro
Contents:
- What is Software + Services
- Azure Services Platform
- Live Mesh
1. What is Software + Services
Over the past decade, the world we live in has been transformed by the Web. More and more people gain Internet access, services become more accessible and the experience is improving. There are a lot of advantages of using Internet services:
- Low hardware requirements: services use the resources provided by the vendor and not the local ones. We only need devices capable of displaying the information that the service is sending. Most of the time no processing is done locally.
- Device independence: a service can be accessed from any device connected the Internet. It does not require special privileges on the local machine and no installation is required.
- No maintenance: services are maintained and updated by the service provider, the client must do nothing to configure it. The service is an out of the box solution.
- Flexibility: we can change the service provider whenever we want. This capability creates new opportunities for businesses that can dynamically swap services and choose the one that matches their needs.
However there are still some limitations for which running local software is preferred instead of a web application/service:
- User experience: browsers are not yet capable of delivering the same user experience as a local running application.
- Privacy: there are situations when a company chooses the keep all its data within its controlled/trusted borders. There are many privacy concerns when using 3rd party services because there is no control over the security and must rely on the provider’s security. Some complex federation problems might occur.
- Offline experience: even though the Internet is now available most of the time there are still situation when network access is not available (maybe some technical problems) and the service cannot be accessed.
What do we do when we want to power of local running applications and the flexibility and ease-of-use of the Internet services? Simple: we take the best part of each, create an architecture that combines them and use it for application that work both online and offline. Ray Ozzie (Microsoft Chief Software Architect) mentioned that “when you combine the ever-growing power of devices and the increasing ubiquity of the Web, you come up with a sum that is greater than its parts. … Software-plus-Services is the next logical step in the evolution of computing. It represents an industry shift toward a design approach that is neither exclusively software-centric nor browser-centric” [1].