Sunday 28 January 2018

Why are legacy, unsafe apps still alive?


Shouldn’t legacy apps of XP era die? Definitely YES! There is no doubt about that.
Then why are big organizations still having them deployed in production? Are they not aware of the risks? Ooh yes, they totally are! In face they incur millions of dollars to maintain a team of security experts and advanced software guarding the vulnerable apps 24*7.These previous century apps are core to their business. If the app dies, their business dies.

What’s the way forward?

Rewriting the apps? Surely yes. But the business can’t wait for years of development and test cycles. Until the time business critical apps get rewritten, the hackers will find new ways to crack security, and the OS vendors will move on to release new OS patches. Today’s modern code will soon become legacy again. Its a never ending vicious circle of technology! This very challenge gave birth to innovative techniques, ways to solve these forever.

I’ve been working on one such product for the past 4 years. I like to explain it to clients with a magician’s story…..



Once upon a time (back in late 90’s) there was a developer who was assigned a really complicated task of building a business critical app. He used the latest technology, frameworks available at that time to develop the app, wrapped it in MSI and deployed on production systems (on the latest Windows XP). Everything worked perfectly fine; the app did what it was designed for.

Over next couple of decades, hackers came up with more sophisticated attacks to crack into systems. As a result OS Vendors and security experts started releasing more restricted and secure operating systems. This went on and newer versions of OS came into the market. Today’s technologies like UWP, Apple Sandbox require developers to write code which adheres to latest security standards. This old business critical app of 90s started becoming legacy. The developer who designed it, got older too (might be enjoying his retired life somewhere on a sunny beach). Rewriting this app, will cost millions of dollars and will take around 5 years of time. Business can’t want that long!

So, one day a magician came with a small box and showed an amazing magic trick. He took the old 90’s app and put it in his magic box. When the app got deployed, it came out with its own security, compatibility wrapper in the UWP format. Within seconds, the app travelled from XP era to Win10 platform.

You might be wondering why am I telling you an imaginary story. Well, it isn’t imaginary. This is what we do every single day at Cloudhouse. The magic trick is application virtualization, the magic box is the container and the security/compatibility wrapper is our engine. We revive the legacy applications; transplanting them into newer operating systems.

One might question that we are keeping an old, unsafe app still alive and deployed on latest OS (Win10, Server2016). You are partially right, we are keeping an “old” app alive, but after removing its “unsafe” nature. There are two ways to make a legacy, unsafe app safe.


  • Rewite the code as per latest security standards
  • Wrap it in a software which nullifies its unsafe effect.

An unsafe app is dangerous when it executes on the operating system. But when someone transforms those unsafe calls before they reach the OS layer, it is safe. That’s exactly what Cloudhouse containers do. The virtualization engine, intercepts the vulnerabilities and converts it into safe calls before they reach the OS. So the app is still unsafe inside the virtual bubble, but when seen from outside the wrapper it is safe. As far as OS is concerned, that old unsafe app is converted into a safe app adhering to latest technologies (like UWP), ready for Windows Store, Win10S.

For more on the magic of virtualization, stay tuned!

Priya Saxena.

No comments:

Post a Comment