How Do You Deal With Pirated Programs At Work?
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
Jeff Bezos once said to me 'you can't take something away from someone without giving something back of equivalent value without them being pissed off'. Obviously you have to take the software away but try to give them an open source equivalent for the time being. They may actually even start using it longterm and save the company money from having to purhcase licenses of the other software.
This is my sig. There are many like it but this one is mine.
I actually remember being told by management in a much previouser place to hook up our internet to the unsecured cafe wireless below us because no one could work until the ISP reconnected us (didn't pay the bills). They must've got one hell of a shock as 20 or so machines all started connecting out to the mail server through their wireless via one tablet PC dangling down below through an office window via the Ethernet to get the best connection possible.
And yeah, "management" (far too classy a word for these people) knew exactly what they were doing.
Happy days :)
throw new NoSignatureException();
I realize that's true from a pure copyright standpoint, but in the real world it's sometimes useful to say, install a copy of a tool for evaluation in your workflow before deciding to spend $600 on a license for that tool.
Or do you know of a merchant that will accept opened software package for return, should I decide that $600 isn't worth the cost for deployment, or doesn't do what I need? Because I'd be happy buy a license if I had the right to terminate the license and return the product for refund, and even to pay some reasonable fee for my trial usage -- I'm just not willing to pay full price with no opportunity for refund for a product that I've never had the opportunity to test. I wouldn't do it for a car or a DVD player and I won't do it for software either.
same situation two years ago. Last month I cleared out the last of the questionable software. It has taken 2 years, much hard work, and more than a few shouting matches, but we are fully licenced here at last. Much of what I replaced was replaced with OSS.
Since simply licencing everything would have bankrupted the company, and inertia prevents a switch to Linux on the desktop, the bosses want outlook. I got a policy stating that all new laptops would be purchased with a copy of Office.
One day without notice I blocked access to the update server for the pirated antivirus software, and just waited. Two days later there was a panic, and the next day I had a site licence for the antivirus I wanted instead of the crap I was stuck with by the person I replaced.
In a nutshell, here is my advice:
Document everything. What you found, when you found it, and your plan to get rid of it.
Think creatively about ways to get what you want.
Take your time. Cleaning up a mess like this is a long process.
If I were God, wouldn't I protect my churches from acts of me?
Better yet wait for the next virus hits and then blame it on a lack of security updates caused by all of the pirated windows versions they are running.
I ran into this kind of situation in my first job. When I included a license for WordPerfect on a PO I wrote for a new system, the exec who had to sign off on it crossed that line item out, with the note "We already have this." Fortunately, a short time after I started they hired an IT manager who'd previously worked for a software developer, so I got his support. What we did at first was, rather than trying to bring the whole company into compliance all at once (which would have been a large chunk of money), he insisted on including software with every new hardware purchase, and we got that. In those days software came with manuals, so we were able to use that as a selling point to the execs who didn't grasp licensing or legal vulnerability. The next step was to offer existing users an upgrade to the latest version... which they had to pay for by buying a full license. After a while of this, the cost of fixing all of the remaining unlicensed software got small enough (and the execs had been educated enough) that we got approval to make it all (or at least mostly) legit.
http://alternatives.rzero.com/
You make a good point... I guess I would modify the roadmap to include things like:
Option A: Buy license for MS Server, $2K/yr but no disruption
Option B: Obtain and test CentOS + Samba, 2 weeks of my time testing and deploying
That way you give them a choice. People like to choose.
First of all, don't worry about people getting upset with you. All you have to do is locate all the licenses you do have. If your servers pass a WGA check then they are probably ok, but make sure you have a backup system in place in case WGA kills that server.
Next you need to start transitioning people off the illegal software. OSS is a very good choice to implement in office environments.
Don't make a federal case out of it. But don't contribute to the problem either. If you start getting allot of negative feedback you need to simply explain, sans-drama, that the previous IT Admin wasn't keeping track of licensing and even if the software they installed is legit you can't prove it. You can however provide them with software that will meet their needs without costing the company any more money, but they will need to give a tiny bit of cooperation in order to make it happen.
If your superiors give you any trouble about licensing explain to them, again sans-drama, that they can't expect you to break the law on a daily basis as part of your job requirements. DO NOT in any way make any statements like "I have to report this" or "you guys are running illegal software". You don't work for the BSA or anything like that it isn't your responsibility to report anyone.
there is no need to use pirated software GO OPEN SOURCE. I have 3 small businesses all owned by friends that operate entirely on Ubuntu and OpenOffice.org. My mother doesn't get computers at all, she has been using Ubuntu now for about 5 months. I never even showed her how to use it, I keep a PC in my living room for her to use, she just started using it without any help from me at all! Open source software is easier to use than ever before just run with it, it won't let you down.
You are right on point. Also be aware that the BSA first looks at company financials before they initiate a case against the company.
I had a former employer that played fast and loose with licensing rules. When I left the job I reported it to the BSA. The BSA got back to me and said "Sorry, they don't have deep enough pockets."
It's also worth pointing out to the higher-ups (I presume one would write up a report) that pirated software can often cause costly problems - torrents of popular software, for example, may come with viruses or back doors embedded (not speaking from personal experience *cough* *cough*). Also it's often harder to get updates for pirated software, leaving you with unfixed bugs or security holes. Sometimes pirated software can unexpectedly cause data corruption problems (3DSMAX is a classic example - random aberrant vertices). I know you can often avoid these issues if you know what you're doing, but there's always an additional cost in the time required to figure that all out etc. Definitely weigh this in, and evaluate OSS wherever it can be used.
If you are lucky it's only that, if not you will get all kind of problems. Murphy's law is the most prominent feature in cases like these.
You never know if there is a secondary software that is depending on the product key and will go and die if it's changed.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I think BSA gives bounties to whistleblowers, and the size varies on how much stolen software they discover... Depending on the size of your company it could run to years worth of salary.
If the company won't correct the problem, and you think the blame will fall on you...
http://ask.slashdot.org/article.pl?sid=09/02/04/022257 is a discussion very recently about software piracy at the Beijing office of a company. While the location is different, the responses are quite similar. Basically, document your actions in writing, and be prepared to leave if the situation doesn't improve.
This post brought to you by your friendly neighborhood MBA.
I came into a job where the previous guy had installed upwards of 300 copies of MS Office 2000 Pro and a number of other programs such as terminal emulators.
I went to the management with this and got pretty much nowhere. I did win on the fact that I would not under any circumstances install software without a license so I have a solution moving forward.
For all those machine without proper licenses I went to the software company and explained the issue and that I would like to bring the company into compliance if they would be willing to give me their discounted upgrade rate. I replaced all of the Office 2000 installs with open office and got the vendor of a terminal emulator to make me a good deal.
We are now 100% compliant and migrating towards more open source software.
I wish that there were direct OSS replacements for everything I run but there are not. I need perfect VT400 emulation and I have not found an OSS that does that. Putty is about 95% but that other 5% doesnt allow me to have the proper keys mapped to the proper location.
Good luck and be on Buddha's side. Stick to your principals.
Obviously you have no experience with the BSA, not to mention your casual use of the word rape is offensive. The BSA wont do 'revenge' for just anyone, and certainly not the guy in this scenario.
In reality the BSA doesnt care about some small company thats using its photoshop license two or three times or that it has two windows 2003 servers it didnt pay for. They want big shops with big roll-outs who, regardless of due dilligence, missed a license or two. These are big wins for them because of PR and awarded damages.
Small company with some shenanigans? Thats common and you'll be ignored. A multi-billion dollar international corp, yes, then they might come calling. Of course at that point you wont be anonymous anymore. You'll be implicated immediately (gee, who else would have called, the old sys admin we just fired?) and you'll probably have trouble finding a job afterwards. Heck, you'll probably be blamed for some of it too! Get a lawyer.
looks pretty much like my experience, took me years to get the value of compliance into the business people. What is much harder so is keeping the employees from clamoring for all the "free" software from the internet. They just don't want to see that just because the download is free you cannot ignore the license terms (the usual "free for non-commercial use"). But after making the first guy pay for his own license when he just couldn't live without a program he liked (and for which a paid equivalent was installed) people are reevaluating how much they realllllly need their individual programs.
I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
Perhaps it is different with Server 2008 but with 2003 you cannot simply swap the license key for an OEM server key to a volume licensing key. You have to do an "upgrade" with the corp media. This is a problem when you want to migrate a physical server to a virtual one running on a different host, since OEM-licensed Microsoft server OSs are only allowed to run on the metal the license was purchased with. Silly!
A lot of the keygens are marked as malware regardless of the actual presence of malware. People need to stop writing cute little custom text display apps and just use flash apps for keygens. Goodbye malicious false positives.