I have to salute the Baseshields for their imagination. Originally the virtualization sw was going to be the product. Might still be. But then they realized that, having built it, they could basically take over the delivery of software on Windows. I was blown away when Patrick came by YC to give me a demo. I thought I was going to be seeing a demo of virtualization sw, which, frankly, is not that interesting, and instead they'd built the Windows App Store.
They could turn it into even more than delivering software on Windows. I'd pay to have a virtualization layer that transports settings/environments across my computers. For example, I like to set up custom keyboard shortcuts in my text editor, but every time I set up a new computer I have to reconfigure all of those settings. That shouldn't be necessary.
BTW I feel like the TC article didn't communicate the key point very well. They didn't mention virtualization until eight sentences in.
Hmm, combine BaseShield with DropBox and you might have a winner...
You should also add a way for developers to bundle their software directly with the BaseShield so they can distribute the bundle as a single package on their website. This will save small developers a ton of effort in writing an automatic software updater, they'll be able to simply rely on your mechanism.
This would be a lot easier if EVERYTHING that you've ever done is stored in your home directory because you can't write anywhere else (and neither can apps you're running) as your own user. On Windows this is a problem because sometimes apps write to the application folder in Program Files, then there are registry changes, sometimes stuff is stored in Application Data, and some stuff is stored in hidden directories that are, by default, invisible.
I've moved the entire home directory between installs of different versions of linux distributions and between entirely different distributions with only minor issues (related mostly to an old format of a config file not being recognized by the newer application). I've had the same .opera directory for years.
Running applications in their own VM is a good idea for security. It's a good idea to work around system and file management deficiencies in the operating system and the application itself also.
> I don't understand the purpose of a virtualization layer on top of Windows.
To maintain the integrity of your computer in the face of potentially untrustworthy third party applications. You could compare BaseShield to a dating service (app store) that enforces the use of condoms (virtualization). Not that I'm recommending the BS'ers use that analogy though.
Why would anyone need or want this? Running Windows as a standard user and/or Vista's UAC mechanism seems to provide the same functionality.
I can see that the virtualization layer is more beneficial if you were trying to make it so applications behaved the same when running on Windows, Mac, or Linux. In this case, you'd be expanding on existing things like Apache's Portable Runtime, Wine or Parallels. However, the business case for your Windows sand boxing system is not something that makes sense to me.
"Running Windows as a standard user and/or Vista's UAC mechanism seems to provide the same functionality."
This isn't true under Windows. It's not true under Linux or OSX either.
Think of your software security boundaries as an onion. In the middle you have kernel mode, then system services, then the administrator user land, followed by a common user. Application virtualization adds one more layer to the onion. Not only are applications insulated from your system, but they are also insulated from other applications.
The ultimate model is much closer to that of a web browser with domain restrictions on cookies and the like. This is the next logical step in fighting malware.
There are a number of companies offering this Windows app virtualization layer today in different ways (they actually have a lot of patents on this). Softricity did this and was acquired by Microsoft. Citrix also has their own app virtualization technologies. Symantec acquired AppStream which does this, too. There are some large existing markets for this, though it's vastly enterprise-based.
Streaming apps to your company desktops instead of worrying about what they have installed and how it might conflict is extremely compelling to large corporations, governments, etc.
Baseshield is aiming at the consumer side, probably, but the technology seems very similar to what these other companies provide for the enterprise.
Installing an app on Vista/XP almost always requires administrative privileges even if the only need stems from writing into the C:\program files\ directory.
And frankly once you give an application Admin privileges once, it doesn't matter anymore it can do whatever the hell it wants. Sandboxing is a much better mechanism from a security perspective
Plus uninstalling a program is always problematic under the existing Windows mechanisms, basically it is every programmers duty to write an uninstaller for his own software, many of which are buggy, leave trash on the computer and so on. Sandboxing an installation makes the uninstall automatically easy & fool proof.
We'd like to especially encourage any news.yc readers who write windows apps to distribute them via BaseShield. Just get in touch with me at my personal email: pat (at) baseshield.com -- if you want to list it for free we'll get it up right away, if you'd like to charge you'll be at the top of the list once we get payments going.
Not sure if you have this on your radar, but this would be useful in the corporate world.
Corporates spend massive amounts on deploying desktop software - and even then it's a painful, risky process. This would assist that process in a lot of ways.
(Edit: And when I say massive - I mean massive. I've seen XP deploys that were in the 10's to 100's of millions. A big chunk of this is software packaging and deploy).
It is a big marketplace with huge players (i.e. Microsoft, Symantec, Citrix, etc) already doing app virtualization/streaming. Still, since it's so large other major companies will be looking for a good platform to build upon if they can get into it, too.
> Still, since it's so large other major companies will be looking for a good platform to build upon if they can get into it, too.
Yup - And I don't think any of the big players have really "nailed it" by a long shot yet. Corps still spend a vast amount of time in packaging/testing.
Also, there is probably a neat open source niche there - take on a BaseShield style service, then simply pick up pre-packaged X-Y-Z, with all the updates/etc. Just as you would a mature distro.
If I may suggest, please change your demo video soundtrack. Looping music was very distracting, as if something went wrong. Thanks to this it was painful to watch otherwise awesome demo.
I'd like to know more about the virtualization piece-- what kind of apps can run?
Some of our apps could be a bit lower-level (services, kernel-mode drivers, etc). Does BaseShield allow those? I know most system virtualization platforms cannot handle those without a full virtualized OS.
The virtualization layer only supports user mode applications; kernel mode drivers unfortunately won't work. Services are not yet supported but support may be added in the future.
Does BaseShield manage updates the way services like Steam do? (It automatically checks for updates when you open up the service, and if they exist downloads and installs them.)
Can BaseShield run .NET apps, or just native code?
At the moment you have to go to an app's page and if there's an update you can get it with one click. There's a lot of potential for further automation.
Have you considered supporting third party "packaging" formats for Windows? Some companies, for instance, have already done the work to package up their product for U3.
I read the description, and though - that sounds pretty cool. But trying it sucks:
1. I don't know what these 'apps' are. Only baseshield apps or any applications at all?
2. I'm using Mac OS X. It offered me a .exe. Tell us that on your homepage
3. Surely you can spend a bit of money to get some proper icons and not use icons that hundreds of people are already using
4. Give me some sort of idea what apps are in there without requiring me to install a .exe. Is it worth it at all - I can't know without some idea of the apps.
In general, it's a pretty good idea, and something like this is neccessary for windows.
Thanks for your comments! (I'm one of the founders)
It works for application packages that are in the repository. Right now we have a collection of free software but we want to encourage developers to sign up and offer their apps through the store. We'll make the whole repository browseable soon so you can see what's
in the store right away. We're also working on improving the design.
Depending on how far you go with the virtualization options, this scheme could be the basis of an superior browser plugin architecture. Have you guys thought much about how you might integrate with browsers?
Every time I reformat my windows machine I have to manually download and install all the programs I use. So what about the ability to create common configurations? Or tag apps?
You could simply click "Install all apps tagged with 'X'", go make dinner, and and come back to a machine that's ready to go. For those who reformat often or are always setting up new vbox/vmware instances (like me), this would be very handy. Of course, it also depends on which apps are available.
Note: I have not yet used BaseShield, so if something like this is already in place, ignore me.
You may have a useful algorithm, but it does not determine if there is innovation left for X. It seems to be a function that determines if there is potential profit in innovating for X.
The main difference is BaseShield's secure virtualization. It's true that there are other platforms that make downloads convenient, but none of them can automatically enforce certain behavior for the applications.
This was actually something we were also going to pitch to YC recently. Glad (I guess?) we didn't-- but without the virtualization layer (but lots of automatic automated testing) so we could handle real world/common apps.
I don't really see how you can claim it makes apps safe if you provide access to 3D hardware. Anyone who has done any 3D hardware programming will know that it's easy to crash/exploit through 3D APIs.
Having said that... nice one!
I see some code I wrote on there is being offered up! So can you please send me the source ;) You should provide any source for binaries you are distributing that require such things... including diffs to changes you've made (for software with those licenses).
There's lots of these types of app stores(portals) around... but I like how you've at least attempted to make it safe. I still think a process of review and trust will help just as much, so I hope you have those ideas mixed in.
Also, are you doing anything to try and stop piracy for paid apps?
Can you actually completely take down Vista 64 through 3D APIs, given the user-level drivers? It would be very interesting if you could. The only plausible way I know of is to repeatedly crash the driver for several minutes, and even this is uncertain (I've seen this happen with Forceware + DirectX 10).
* The installer is utterly terrible and gave me no options whatsoever like installation location or where to put icons, which is just outright obnoxious in the Windows world.
* The application installs it itself in C:\Windows\system32\BaseShield\BaseShield\Data\AppStore. This is extremely bad karma - I have /never/ used a legitimate application that did this. Hiding your application amongst the operating system is just something you outright don't do.
* The uninstall is flawed. It did not remove the applications and left data in c:\Users\Username\AppData\Local\BaseShield, c:\Users\Username\AppData\Local\BaseShield\ and c:\Windows\System32\Baseshield\Baseshield. It also did not uninstall the application I installed to test (Abiword), leaving 24 megabytes of data on my hard-disk drive, and I had to uninstall it by hand, along with removing its icon from both my desktop and start menu.
* Using an application's icon in the application stub that launches the main application is dubiously legal at best.
* The user interface is bad, and makes Steam look good, which is a scary state of affairs. Please use Windows-native widgets where possible.
Personally, I would not use, nor recommend anyone use, the application as currently designed.
This installer makes it as easy as possible to install the product without asking the user to make unnecessary decisions. The reasoning is that the few users who don't want a desktop icon are likely to be advanced users like you who can easily delete the icon.
Regarding installation in the Windows directory, flash also does this (C:\WINDOWS\system32\Macromed\Flash). For BaseShield there are technical reasons why some components need to be below the system32 directory.
Please use the one click uninstall to remove downloaded applications before uninstalling BaseShield. We need to make this more clear or automatic, sorry.
Feel free to contact me directly at sascha (at) baseshield.com with any technical issues.
Man I wish I had this for OS X apps. I know there are tons of awesome apps out there for the Mac, and I use many, but if there were some central place to find them I'm sure I'd buy more.
This could be awesome if it takes off. I've always thought the biggest barrier to desktop app adoption vs webapp adoption is the problem of finding and deploying apps. If this takes off we could witness a rejuvenation in the market for desktop apps on Windows.
As a developer who is often frustrated by how much application development these days is limited to the capabilities of the browser, something that solves the problem of safely deploying and managing application installs, really appeals.
I really do like this and if it's good and there's good software available through it I would definitely recommend it to friends and family.
But, by making it safe, easy and quick to install desktop applications again one could argue that BaseShield is really the enemy of every web application in existence. It's going to have to die.
Have you looked at Softricity and their product SoftGrid? SoftGrid was a similar app virtualization platform. It was quite mature and complete. They were acquired by Microsoft a few years ago. I think some of their tech is being used in Windows 7 with the pending Application Binary Interface break.
Exactly. This product is like a very, very early SoftGrid... which has been out for a few years now. It's now called Microsoft Application Virtualization (Softricity was purchased by Microsoft about 2 years ago).
This certainly isn't anything new -- software virtualization on Windows. VMWare has a s/w virt. product, so Does Altiris, and so does Citrix Xen. I suppose since these products are mainly enterprise focused, most people never even hear of them.
I'd LOVE to use this product. I'll be watching avidly for a release that supports 64-bit vista.
Not to be overly critical, I realize 64-bit isn't a priority for a startup, but why wouldn't it be supported? Is there really that much of a difference for an application?
You're absolutely right, no fundamental reason why it wouldn't work. It's mainly that some components need to be re-compiled for 64bit with some adjustments for Wow64. It's high up on the list of things to get done.
Well I guess there is still a long road ahead. They are a service+infrastructure provider. I would approach some ISVs to actually deploy via BaseShield and to also approach some IHVs to bundle BaseShield with new PCs perhaps.
That's the beauty of virtualization: You just find a layer to slice at below everything else, cut there, and everything above it should work. Hopefully, reguardless of language or framework if you make your cut at the right place.
We have a form linked from the front page of the App Store just below the featured apps.
You can also just get in touch with me: pat (at) baseshield.com and we'll get you going quickly. Because of our secure virtualization layer apps can run safely with no modification needed.
