It recently emerged that con artists in Argentina were selling ferrets dosed with steroids as toy poodles, to gullible dog lovers.
They were taking advantage of the large demand for toy poodles, from people who don't know much about poodles.
Of course, we'd like to think that we're immune to that kind of thing. But, the hype around a new technology can also create a lot of demand, and where there's demand for something hot, new, and expensive, fakes will start to appear.
But, for every vendor producing a high quality web-based SaaS offering, there are many others trying to disguise legacy software packages as web-based solutions.
Just as the Argentinian ferrets came with unexpected costs, like high vet's bills, these "steroid ferret" systems come with unexpected costs. They don't follow current standards or best practice, which makes them expensive to test, debug, and extend. They'll generally also refuse to work in unfamiliar situations (with screen readers, unfamiliar browsers, newer operating systems, and mobile devices).
So, how can you spot these "steroid ferrets"? There are a few tell-tale signs:
- They only work with Internet Explorer. One of the cheapest ways to disguise a legacy app as a web app is to wrap it in an ActiveX control. ActiveX is an Internet Explorer only technology, and is largely deprecated nowadays, as it has been the source of numerous security incidents in the past. Be doubly worried if the app only works with an older version of Internet Explorer, as these older versions had nasty security problems. Decent web applications should work with all modern browsers.
- They need you to modify your security settings, or security questions pop up when you use them. Web security is a bit of a nightmare to get right. The standards are far too restrictive in some areas, but far too lenient in others. That said, if you design a web app from the ground up, it's perfectly possible to create a secure, workable system, within these limitations. But trying to shoehorn a legacy app into these limitations is nigh-on impossible, so legacy software vendors just fudge it instead. Decent web applications should work fine with the default security settings.
- They need you to install extra software. This extra software is probably a browser plugin. Plugins like Java, Silverlight and Citrix represent a cheap way of making apps run in a web browser. However, plugins have been the cause of major virus outbreaks in the past, and don't work on mobile devices, so are usually best avoided. Most decent web apps don't need browser plugins to work, although there are a handful of technologies that are currently hard to support without them (most obviously video), so don't worry too much if your app uses video and needs Adobe Flash.
Often at TrustIV, we end up playing the role of the vet in this little analogy. A client comes to us because their "poodle" has a mystery illness. Fortunately, we know the difference between a ferret and a poodle, and are up-to-speed on the latest advances in ferret medicine.
Personally, I rather enjoy that kind of work. It's challenging, but it's a great opportunity to show off my skills, and add value for clients.
I'm not going to name any of the clients we've done this work for, or the vendors they bought their software from. Some of the vendors selling "steroid ferrets" are FTSE 100 companies, and they have much better lawyers than we do.
Hopefully, I've given you a better idea what to look for when buying your shiny new web app. But, if you got that shiny new poodle home, and it started dancing, give us a call, and we'll see if we can help you out.