How Do You Deal With Pirated Programs At Work?

LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."

CYA = cover your ass

[Spy+Handler]

CYA = cover your ass

in case some of our international readers missed it ;)

ask some questions

[uglyduckling]

Rather than presuming that it's all pirated, start by presuming that everything as it stands is legitimate. Write a memo to whoever does the accounting and ask for copies of the invoices for all of the software purchased over the past five years "so that I know what licenses we currently possess and don't end up paying for software twice over when someone asks me to install something".

When/if the accounting person/dept comes back with nothing, then take it to the bosses and explain how surprised you were when accounting were unable to find any invoices. Stress the safety issues of illegitimate software (viruses, trojans etc.) and discuss the options. Make it look like you are a contentious employee doing your best for the company and avoid looking like a self-righteous jobsworth.

Re:Your choice

[cptdondo]

I was in a similar situation long ago... I wrote up a memo outlining the software we had installed, an estimated budget to get everyone legal with what they needed, and an approval to go ahead. (At the time there was no FOSS...)

I got my ass chewed for putting it in writing, but it got their attention. We ended up getting legal in most of the larger packages.

Today I would also do the homework and add "direct FOSS replacements" for the software in question as much as possible. MS server -> CentOS + Samba; MS OFfice -> OpenOffice, and so on. I would create a roadmap to get everyone legal and ask for approval.

Above all, be professional, curteous, and politically astute. It won't do to create a "fear reflex" where you get shitcanned and blackballed. You may want to have a closed-door conversation first and ask to see if management would like to see the roadmap you've prepared.

BSA

[SuperBanana]

I know that if the BSA got wind of this, it would all fall on me when they stormed in.

They can't. They love to pretend they can, or they try to strongarm people into letting them do surveys. It's all just evidence gathering for when they sue you later, or use it to extort you into paying massive fines.

If they show up, tell reception not to let them past the waiting room. Call the cops IMMEDIATELY if they won't follow your instructions or requests (your business is private property.) Fetch the highest person in the company, preferably an officer, and tell them the BSA has no legal ability to search without a warrant or court order (which requires a lawsuit) and they need to shoo them away. The BSA should get nothing but the phone number of your lawyer.

Now, on the second part of your question: what to do? It's very simple. Ask your boss. Explain the risk. Include some sort of plan for inventorying and an estimate of how long it'll take. OCS Inventory is a pretty good way to do this if you have more than a dozen or so systems. Possibly include some (qualified) estimates of what it is going to cost to come back in line (remember there are significant volume discounts for things like Office) based on what you've seen before; stick to the facts. Include alternatives such as OpenOffice, but don't get too crazy (ie, don't list "convert to linux" for unlicensed servers as $cost_of_MS_Server in "savings"...factor in some healthy labor estimates AND you have the time to take on such tasks. Don't forget that there is opportunity cost too.)

Lastly: you need to make sure you have BOTH purchase records (receipts/packing slips) and the license files (ie those thingies with the holograms and barcodes) for EVERY PIECE OF SOFTWARE YOU HAVE. The company accountants / office manager can help with part of that. It's going to mean going through a lot of boxes- get a big filing cabinet. If you get any electronically, PRINT THEM IMMEDIATELY, and keep them in a safe place.

Re:Your choice

[Vancorps]

You present a fairly sensible approach except for the fact that presumably the company already has a working solution for them so they just need to get it legal. With Microsoft this is easy, you just get a select agreement and based on the number of installs you get a substantial discount.

I had the exact same situation happen to me when I moved into this job. I had a closed door meeting with the owner and my boss to determine what the priorities were and what the best way to proceed was. In the end a select agreement allowed us to instantly make all of our servers legal since I had no prior documentation illustrating that we had legitimate licenses.

Server side you simply can't just drop in replacements when you already have running systems. With the Microsoft approach you can just change your license key to the new volume license key you get with your select agreement and away you go without reinstalling anything.

On the desktop a simple PDF writer is more than sufficient and free for end-user PDF creation instead of having to purchase Acrobrat in most situations, obviously not all. Of course Foxit is my preferred choice for reading PDFs.

In the end I went through department by department to determine what everyone needed to do there jobs with minimal impact, the company spent a load of money and now we're a completely legal shop. It actually feels good to provide the transition.

Also in my case I outlined the cost to get us legal and then outlined ways we could reduce costs in future by deploying Linux in places it makes sense like with our new Asterisk system. It removes the fear they have that it will keep happening so they will be less resistant to getting the company legal.

Re:How we deal with pirated programs?

[morgan_greywolf]

Along with a heavy dose of virus/trojan/malware scanning and removal, no doubt. Seems these days about 70-80% of keygens on The Pirate Bay are infected with something. People install this crap and they call me in to clean up the mess. ;)

Re:Your choice

[Gerzel]

While it might not be a choice for OS, you probably should consider OFFERING FOSS to your employers when you go speak to them.

Remember going with FOSS doesn't mean going whole hog linux and software vegan.

You can offer things like Open Office as an alternative to shilling out huge $ for MS Office licences.

There are a lot of good FOSS programs for windows. Offering them as an alternative will help to balance the argument that the company needs to be legal in its software usage, esp if they complain that their people don't know how to use the FOSS, because you can tell them to choose between training time or spending money.

It basically helps kill the argument/rational of "We have to pirate there is no other way."