Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scanner Spots Open Source Installations

Posted by kdawson on from the toward-what-end dept.

Mike writes "Information security firm OpenLogic has begun letting users download 'Discovery,' an application that scans Windows, Linux, and Solaris machines and attempts to identify open source software. The Discovery application claims to identify more than 5,000 versions of the top 900 open source packages. The scanning engine is able to detect open source installations whether they were installed explicitly or bundled with other software products. Kim Weins, vice president of marketing, says 'We developed it in response to customers not knowing what open source programs they were using.' I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."

14 of 275 comments (clear)

  1. Two options by h2oliu · · Score: 3, Insightful

    1) It can be used to help companies ensure that they are being compliant with the various licenses [good].

    2) It can be used to "root out" those 'evil' open source applications [bad].

    Unfortunately I agree that option 2 is most likely as it is really used to search for applications and not code. Why you would want to search for explicitly open source, vs. just knowing what is on a corporate PC doesn't make a lot of sense to me.

    --
    Ok, I give up, why you?
    1. Re:Two options by freeweed · · Score: 4, Insightful

      Why you would want to search for explicitly open source, vs. just knowing what is on a corporate PC doesn't make a lot of sense to me.

      Because many companies have explicit policies forbidding open source, period.

      I've seen it get so stupid as to call it "shareware", ie: unlicensed software. The lack of a vendor really freaks out a lot of PHBs, and heck, a LOT of older IT folks who still are scared by open source. Don't forget, OSS is less secure because everyone can see the source code, and it's less reliable because you don't have a multi-billion dollar vendor backing you when things go wrong. (not sure if I really need the sarcasm tag with that last sentence or if it's obvious enough)

      --
      Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
    2. Re:Two options by noSignal · · Score: 2, Insightful

      You're absolutely right: to most companies OSS == shareware. Those who make policy have little or no understanding of the connotation in the title "Open Source" and don't care.

  2. Inventorying OSS can help OSS by MSTCrow5429 · · Score: 5, Insightful
    "I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."

    Looks to me that this is just a simple inventory tool so business has an idea of what's on their machines, and perhaps if they see that people, having appropriate account permissions on the PC, are voluntarily installing open source alternatives, say OpenOffice instead of MS Office, businesses may be more conducive to migrating to OSS, or at least openly accepting it.

    Business have no clue what's on their machines. That's why you have staff workers running around as admin all the time, and picking up literally thousands of instances of spyware/adware/malware. They just can't get enough toolbars and cute fluffy pointers.

    --
    Slashdot: Playing Favorites Since 1997
  3. What's with the paranoia? by The+Iso · · Score: 3, Insightful

    Why the accusatory last sentence? Open Logic is a company that provides services for open source products, and the impression I get from this tool is that it shows managers how much they already depend on open source.

    --
    "You don't need a weatherman to know which way the wind blows." - Bob Dylan
    1. Re:What's with the paranoia? by Anonymous Coward · · Score: 1, Insightful

      Yeah - I thought it was a bit of a knee-jerk reaction myself. If anything, it could show open-source penetration into one's business, rather than treating OSS as spyware.

  4. On the more useful side by IPFreely · · Score: 3, Insightful

    It could also scan for and find Open Source software that was installed by a third party without proper compliance with the GPL. Install as much third party junk as you can, then scan to see who is using GPL software without compliance.

    --
    There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
  5. Re:Doh by jshriverWVU · · Score: 4, Insightful
    3) home basic edition. Considering that the bulk of sales are home basic edition, that is why it leaves an overall bad taste in the consumers mouth. How many computers can you buy from BB, Target, Walmart, Circuit City that has Vista Ultra Super Server edition loaded vs Home edition. As the name alone implies it's used for the home user and that is the biggest buyer.

    So if it sucks, then the bulk of Vista users are going to think it sucks.

  6. Could be a Good Thing by yancey · · Score: 3, Insightful

    I know in my own organization that management barely knows what the proprietary software does for them, much less the open source software. So this could be a really good thing if it causes IT managers, CIOs, CTOs, etc. to wake up and realize just how much of their business really runs on open source software. They might start treating it with a little more respect, even though much of it does not appear on their budget reports.

    --
    Ouch! The truth hurts!
  7. Why not .... by PPH · · Score: 4, Insightful

    ... build a scanner that inventories ALL software and catagorized it as OSS, unknown or proprietary/licensed? Odds are its the latter two that will come back and bite corporate IT departments in the *ss if not properly licensed.

    --
    Have gnu, will travel.
  8. Re:Doh by smittyoneeach · · Score: 2, Insightful

    everyone hated it for a few days and then got used to it.
    s/got used to it/reverted to 'classic' interface/
    Objectively, if you had never used any prior version, the new stuff might make more sense.
    However, the switching cost of figuring out where they, for example, they squirreled away the interface for changing an environment variable, is too high. "Retro or NO!," say I.
    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  9. An interesting point by benhocking · · Score: 1, Insightful

    A lot of people have talked about easing people into Linux via Wine, etc. I've often thought that the reverse process might actually be easier. That is, install OpenOffice on their Windows machine and let them get used to that. It's really just as easy to use as MS Office, IMO. Once they've gotten used to that, find other open source alternatives that they can use without leaving Windows. Then, once Windows is the only non-open source thing they're using - they're ready to switch to Linux. I'm not claiming this is the "only path", but I think for many people it might be an easier path.

    --
    Ben Hocking
    Need a professional organizer?
  10. Next steps by Anonymous Coward · · Score: 1, Insightful

    Let's assume a company runs the scanner, and it picks up a huge list of FOSS products. What happens then? People have been speculating that the intent of the program is to identify FOSS products for the purpose of getting rid of them. That might be the intended purpose. However, unless this program prints the money to buy commercial replacements, the most likely outcome is begrudging tolerance of FOSS followed by genuine appreciation for all of the work it does.

    Question 1: How are we going to get rid of all these open source products?
    Answer: Not easily

    Question 2: Why get rid of it all?
    Answer: We're not sure, and oh by the way, we have no budget to buy replacement products anyway

    Question 3: What happens if we leave it alone?
    Answer: Probably nothing.

    If the people marketing this program care anything at all about the issues of "risk" and "compliance", they will announce a new version that includes a database of commercial EULA agreements for the user's legal department to review, and then scans for products whose EULA is not on the legal departments approved list. Unless, of course, the real purpose of the scanner is FUD about FOSS, in which case, the scanner will remain as-is.

    Any serious analysis of FOSS vs. commercial software for risk and EULA compliance is a good day for FOSS. This scanner starts off as a FOSS elimination tool, but it could easily work in reverse.

  11. Silly by Saint · · Score: 2, Insightful

    This is more than a bit silly. Scanning for just open source software makes about as much sense as an email service that scans just email from mailing lists. While there may be reasons to scan for non-compliant software, there doesn't appear to be any compelling reason for this to exist as a product. If a company is going to scan for software, just scanning for open source software has no business case.

    Perhaps I am dense, but this just doesn't seem to make any sense, even as a direct attack on the open source community at large....