I found decent support for popular JavaScript libraries, including Dojo (which now also supports AIR) and Adobe's own Spry kit, allowing developers to make use of familiar tools. The resulting AIR application can look and feel like a native app, using the operating system's "chrome" for menus and so on, or can be customized to your designer's heart's content. For the end-user, an initial 11MB download is necessary to get started, but subsequent application installs and updates are far more seamless.

The Bottom Line Adobe AIR 1.0 Adobe Systems, adobe.com Excellent  8.7 criteria score weight Capability 9 30% Ease of development 9 30% Documentation 7 15% Performance 8 15% Value 10 10% Cost: Free Platforms: Runtime and SDK: Windows 2000 SP4, Windows XP SP2, Vista, Mac OS X 10.4.910 or 10.5.1 (PowerPC or Intel); Linux version in alpha. H.264 video requires Intel processor. Plug-ins available for Adobe Flash CS3 and Dreamweaver CS3. AIR fully supported in Adobe Flex Builder 3.0. Bottom Line: A slam-dunk debut release, Adobe AIR 1.0 lowers the skills requirements and costs for desktop deployment by leveraging a cross-platform runtime (from a single code base) and familiar Web technologies. Developers can take advantage of streamlined interfaces and a persistent local data store to give rich Web apps a native look and feel – including offline functionality. About our Reviews and Scoring Methodology

Going native
Clipboard access and drag-and-drop interaction with the file system notwhithstanding, AIR's access to native code libraries and the underlying OS could be deeper. For example, AIR lacks a USB API, and although printing is supported, printing of images is limited to raster renderings versus full vector support.

AIR'sindependence from native libraries provides a cleaner experience, but access to native code could provide not only better performance (particularly for calculation-intensive processes), but also a richer set of pathways to existing code/routines and the ability to launch local apps for specific file types.

Similarly, although security is thoughtfully addressed, it too could go further. First the good news. Local storage is protected by 128-bit encryption. AIR apps can be digitally signed and verified at runtime (via VeriSign or Thawte certificates). Administrators can control (via OS registry key) which AIR apps may be installed on a local system (trusted source only, for example, or none at all), and whether they can be updated automatically or uninstalled. And because AIR apps are treated as native, personal firewalls can examine and block AIR applications on an individual basis (versus merely identifying the AIR runtime).

However, given the level of potential exposure – AIR can write to any location on the hard disk and gain immediate network access – I would like to see Adobe tighten the controls over system access. Although self-signed apps alert users with an "unknown signature" warning, these unverifiable apps, if installed, gain the same permissions and unfettered access to the underlying OS as verified apps.

Because AIR is essentially a proxy, Adobe could implement ways to control, say, whether a cookie may be written outside the local directory, or when an existing file may be overwritten. Let the user decide what level of control to apply, but we could use something better than the existing open door policy. I hope Adobe will see fit in a future version to allow users to fine-tune permissions for each app during install.

Adobe does offer best-practice guidelines for developers. Nevertheless, I submit that many Web developers lack the technical savvy to effectively safeguard security. It's only a matter of time before some clever ne'er-do-wells begin exploiting remote data sources through local access vulnerabilities unknowingly left open to attack.

That said, AIR does fortify against malicious code injections. The two-level sandbox framework, which restricts the access of untrusted application routines to AIR's APIs, does help protect developers from themselves.

Grab some AIR
AIR will not be suitable for every application. Personally, I'm quite content to use a browser for most things. But for enterprise dashboards and occasionally connected apps, as well as for many consumer-facing and marketing sites (watch out Webkinz!), breaking free of browser-badging and Web constraints makes a lot of sense.

On the enterprise front, companies such as Model Metrics (for Salesforce.com) and Business Objects are busy breathing AIR into their systems. There are also a number of projects under way to let AIR eventually tap native code via cross-compilation with ActionScript (for example, to migrate existing C++ or .Net applications).

Easy migration of legacy apps running on a freely available distribution of Linux (assuming Adobe follows through on the port) will be irresistible to many companies, and Adobe AIR's ability to reduce hurdles to desktop application deployment makes it a must-see. Still, I think we're seeing only the first hint of turbulence in a coming wave of disruption.

Adobe is far from the only company clamoring for a piece of the RIA action. But I find Adobe AIR 1.0 well ahead of the pack today, in functionality, ease of execution, and overall efficacy of the final product. AIR blurs the distinction between Web, desktop, and user devices in ways that we've only begun to explore. Oh, and did I mention that it's free?