The Bloor Perspective: Trojan horses, legacy systems and IBM's new clients

This week Robin Bloor and team discuss a new way to defeat Trojan horses, reviving legacy systems and how IBM is using the best of both thin and thick clients...

Trojan horses threaten to defraud home PCs users when accessing online bank accounts and e-tail sites, or simply to steal their identities. The actual level of such activity is unknown and probably very high if the level of identity theft is anything to go by. Trojans, as you probably already know, are spyware - they open back doors into PC and can send what they discover direct to a hacker.

Trojans can be put on a PC by viruses or attached to dubious downloads, such as those you might get through file-sharing network Kazaa or be tempted to take from interactions in chat rooms. Some PC games and stolen software come with Trojans attached, too.

Maybe up to 8 percent of all home computers are infected, which means tens if not hundreds of millions of PCs. Apart from the obvious risk to the home PC user, levels of infection this high are severely damaging to online business. And, because home PCs are often used to dial in to the corporate network, they are also a threat to corporate IT security.

What can be done? Antivirus and PC firewalls are useful defences, but do not deliver 100 per cent protection. One company that has a solution - and it's the only one we know of at the moment - is Whole Security. It sells its services to banks and online retail companies. It works like this:

When you log on to a website to order goods or make payments through your bank account, a small program downloads to your PC and checks for any Trojans. The Whole Security software that controls this app sits on a server at the other end of the web connection.

The software looks for typical Trojan behaviour, such as recording keystrokes, listening in on communications, or accessing a network. When it finds a Trojan, it quarantines it, stops it functioning and then removes it.

It would be nice if Whole Security's software were used widely, but it is in place only on a few banks and e-tail sites. In fact it would be nice if the capability were used by ISPs to keep the vast population of home PCs clean of this kind of threat.

However right now there seems to be no enthusiasm amongst ISPs to deploy such software. The problem, of course, is who would be willing to bear the cost. Not the ISPs who screw costs down to the ground and need to keep them low for the sake of profitability. Probably not the home PC users either, who may already have paid for antivirus and PC firewall protection and most of whom don't really understand the nature of the threat until they get to be victims.

New life for legacy systems

The main problem with legacy systems, roughly stated, is that on the one hand they are difficult and expensive to maintain while on the other they are very valuable and even more expensive to replace. A good number of companies sorted out their legacy systems before the year 2000.

The leader in the field of legacy code rescue is Trinity Millennium, whose products have a remarkably broad capability. They are able to read, understand and transform source code in just under 90 programming languages, including Assembler, eight distinct versions of COBOL, various versions of and derivatives of C and a host of 4GLs. They are also able to process nine different database schemas and file formats. The company has done about 100 legacy rescue assignments itself and licenses the use of its technology to other legacy rescue companies and consultancies.

Bill Cody, Trinity's CTO, says that on many assignments they quickly discover that the rescue job is bigger than the customer ever realized because of the existence of shadow systems - systems that depend on, interact with and are, to all intents and purposes, part of the target system. The general rule of thumb is that a legacy system will have 20 percent more code than the customer thinks it has.

How automatic is the process? Naturally this depends on how badly organized the code is, but Trinity's experience suggests that 90 to 95 per cent of even very poorly written systems can be transformed to work in another environment, with full documentation from the top down.

One of Trinity's most compelling capabilities is called 'rules harvesting', or identifying and extracting business rules that are buried in a system. Cody says: "A surprising number of companies simply do not know what a legacy system actually does."

For organizations that are plagued by legacy problems, now is probably a good time to investigate what can be done. The possibility is arising of being able to combine the rescue of legacy systems with development initiatives based on reengineering business processes. If they market their capabilities effectively, the legacy rescue companies will do well out of this.

Thick and thin clients bad - IBM good?

Thick clients are bad because of the challenges with distributing code, the high cost both to IT and the end user of management and maintenance and the fact that the solution is limited to PCs. Thin clients are bad because they do not provide the rich user experience that can be developed on a thick client. Add to this conundrum the fact that more and more business users want to move between different client types during a work day and you can understand the logic behind IBM's latest strategy announcement.

The key to the announcement is the concept of server-managed clients - the idea being that any application, data, user interface, transaction or message on the client can be managed from the server. This means that the user does not have to worry about anything but doing their job.

It is an appealing vision: the TCO of a thin client, the richness of a thick client and flexibility to run across any client.

Can IBM deliver on the vision?

Hard to say, but the company's announced a strategy and products - including new versions of Workplace Client - that starts them on the journey.