Research before buying web software – script security is important

We spend a good deal of time researching software before we buy it, and even then we are at time disappointed with purchases we had hoped would make web sites function better. Whether it’s server side software for web site addons, or complete web site scripts, take the time to research the piece of software and the company behind it before you try it.

Over the years we have considered hundreds of scripts and programs, a few of those have proven to be excellent choices, but many are half baked, don’t do everything you want them to, or even worse, leave huge hacker / security vulnerabilities for you, and perhaps the other web sites hosted on your web server. Our most recent consideration is one of those, if the price and features combination seems too good to be true, maybe it is?

We have been looking for new chat programs to launch on as server addons for various client web sites, and integrations with a forums or membership system is a key functionality that has been requested. After on hour of research we determined that there were 4 programs that seemed to be a good fir for our client, so we decided to big deeper and see if we could narrow it down.

It would have been easy to just choose the most expensive and well known solutions, but we try to find options that will save our clients money, and often times not every site needs all the full blown features that the most expensive and well know companies make available. Looking for more affordable options we came across a piece of chat software that seemed to have a ton of features, and a very fair price. Wondering if it was perfect for our client, or too good to be true, we decided to do further research and see what other people were saying at other web sites.

Searching for their program and company name in google brought up tons of results, and most of them were from other places that were offering the program, places like hotscripts and the tons of clones out there, none of these were very helpful as far as finding critiques of the company. After digging a few hundred search results into google, we started finding security vulnerabilities posted at about a dozen sites. That;s red flag number one – but these could all be fixed in a current release – so we had to spend more time to find out.

More research revealed some posts on a forum where a particular user was complaining that it did not work in his current server / software environment and had received no support what so ever from the programs author. Red flag number two, but I looked further, and it appears that the post in question was on a forums that was for a similar, or competing product, so not as trustworthy of a review as we would like.

I will be contacting the author of this script to see id they have been aware and fixed the security issues that have been posted online. I will also be asking for a demo of the product to make sure that it works with the membership system that our client is using. Sure it says that it works with that particular program, but which version? Do ALL features work? Better to find out before purchasing if possible.

Before purchasing scripts, or even using free scripts online it’s best to look around the web and see if you can find and security or support issues with the company. Some web sites to definitely check include:

http://www.us-cert.gov

http://insecure.org/

http://secunia.com/

http://www.securityfocus.com/

http://www.f-secure.com/vulnerabilities/SA32603#

http://www.securitytracker.com/search/search.html

This method of research has saved tons of trouble in previous new business development. Working with clients for a new business plan they were setting everything up based upon a company’s affordable piece of social networking software. It looked good, the demo was decent, the pre sales support was fast. They put their entire business plan around the use of this product. I can’t remember what it was that led us to a bad forum thread about it, but that thread led us to links that found many more horror stories about the company, and then we realized that particular script would not work, and that too-good-to-be-true price and feature combination was indeed, too good to be true.

Lessons learned, even when a demo works and pre sales support is fast, it does not mean that everything will work as you planned, and it does not mean that you will get the support you have expected, and if the program will work as it was advertised.

New chat and community portals coming to the web

We have been consulting with a client about opening a new chat portals and community web site. There are many premium options for establishing an online presence in the chat and social software arenas, and we suggest several. For clients on a tight launch budget, we recommend free and open source software to get started.

Many of our clients are in the early launch and beta test phases of new web projects, and the early steps of new online business models require at least some web presence to get started. We know that everyone wants to have a super slick, tricked out, full featured web site, but when funding is tight, getting things started is more important that getting things full blown and polished.

It doesn’t take a lot to show concepts and get options from colleagues, teammates and investors. We have found by installing basic software and apps, giving people a demo of how things will flow, and showing some rough examples of color schemes is the best way to launch a new project. Many times we have seen clients spend time and money developing the web site’s look at feel with fancy graphics, only to have them completely reworked later in the public announcement phase. This is why we suggest getting the core functionality first, and then develop the look and feel later.

With all that in mind, we have a pre-launch of the new online chat forums up and running. It’s a start, and a great skeleton for future development.