Slashdot Mirror
Scanner Spots Open Source Installations
Mike writes "Information security firm OpenLogic has begun letting users download 'Discovery,' an application that scans Windows, Linux, and Solaris machines and attempts to identify open source software. The Discovery application claims to identify more than 5,000 versions of the top 900 open source packages. The scanning engine is able to detect open source installations whether they were installed explicitly or bundled with other software products. Kim Weins, vice president of marketing, says 'We developed it in response to customers not knowing what open source programs they were using.' I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."
The perception that open source software is not business friendly is a common, but mistaken, one. I have recently been trying to write a five minute, commercial biased presentation in order to help correct that.
Think of the Children; Sleep with your Sister
You know, the interesting thing is, so many people are trolling this, but if you are, you must have never been through VC funding.
/ALL/ open source software used ANYWHERE in the company. Yeah. Sounds like fun, right? It sure was. Either way, this app could've made my life a lot easier. :(. Too bad I see it NOW!
I had to make a list of
Jay | http://oldos.org
Alternately, if they find an unapproved Open Source application on a lot of people's machines, they might ban it and forcibly remove it from people's PCs if it's found. That happened about a year ago with Firefox where I work; fortunately they don't know to look for Seamonkey yet so I can still use that for web development instead (though I still miss out on some stuff like Firebug).
If they started using that scanning tool here, I'd probably resign; I rely on Open Source tools pretty heavily to do my job. I could probably manage without, but I'd be pretty miserable.
DNA just wants to be free...
I've never seen an open source license that controls how a person uses the software.
I have to disagree with you there. The installer for many windows versions of OSS software have a clickwrap style page where you have to agree to the conditions of the GPL before you can install the software.
As you said, the GPL (and others) only apply when you want to distribute the code. You shouldn't have to "accept" the GPL to merely use the software. At least that's how I understand it.
I work for a major security firm.
All of our stuff is designed to run on 2k, 2k3, and Redhat, which as you are aware is essentially no different from Fedora (well, strictly speaking, it's no different from CENTOS) except that you buy support for it. That support is important. Large companies who pay $100m for a contract do not want to hear you say "I'll have this issue remedied just as soon as someone replied to my post on FedoraForums.org."
I happen to think that, for instance, sourcefire has a superior IDS solution to ours. I know a lot of competent guys with that company. I like those guys. So without any malice I can tell you that when we had a bake-off with them, the deciding factor was that we knew how to deploy and manage a thousand-node sensor grid and they had not clue one.
I say this just to illustrate that for, large corporate environments, it doesn't matter that FOSS solutions are "better." A lot of them are great, and I can think of plenty of situations where some Ubuntu workstations running OOo would suffice over Vista Business and Office 2007...except then you know down the road that company is going to want something out of left field, like encrypted home directories or , only, none of the techs they can afford know anything about setting it up. But they know that 5 years from now if they want some weird solution, probably one of the big vendors will be around to sell it to them, along with a consultant to walk the Remedy monkeys through troubleshooting it.
I do not think that most of the people cheerleading for FOSS appreciate this. They just know that $DISTRO is neat, so obviously everyone who doesn't agree that it's perfect for a 10,000 seat enterprise network must be an "idiot." Le sigh!
Even among the companies that will allow just any ol' user to install applications, there are some who have policies against applications that don't come from above.
This could just as easily work in favor of Open Source applications. If typical scans reveal popular apps, and those popular apps are the ones people use with great success, and there are eyes that open to the fact that they too, use Open Source applications, that they are among their favorites, and exactly what Open Source applications are.
In the event that a corporate IT manager looks at some such report, and says to a CTO, "Look, CTO - I told you our Open Source software initiative would work". "Our users are spending 75% of their sanctioned computer time in such applications as Open Office, Thunderbird, and GAIM." "The supplemental reports I have generated show the remaining 25% divided between other Non-Open applications; iTunes, Spybot Search and Destroy, AdAware, ClickMeFun2000.exe, Solitaire.exe, and these commercial products to allow Windows users to our UNIX services."
That's a conversation I'm looking forward to having, because I'm anxious to deliver the punchline!
Persistant home folders on a SAN, with an imaged Linux Desktop! Yes, we can even have anti-virus..