Slashdot Mirror
How Do You Deal With Pirated Programs At Work?
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Replace it all with OSS.
I'd just keep me head down and swab the deck, me hearty!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Don't worry, just post your company's name and address and we will perform a free audit on all your software for you.
Signed,
BSA Auditors
Everyone is doing it. What are you afraid of?
Don't be a baby! Go on, do it!
>I don't install 'borrowed programs' in a production environment
'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.
Nuke the site from orbit. It is the only way to be sure.
For what company do you work?
I'm sure we can figure something out.
Your friend,
BSA
Jeff Bezos once said to me 'you can't take something away from someone without giving something back of equivalent value without them being pissed off'. Obviously you have to take the software away but try to give them an open source equivalent for the time being. They may actually even start using it longterm and save the company money from having to purhcase licenses of the other software.
This is my sig. There are many like it but this one is mine.
Collect the reward.
If brevity is the soul of wit, then how does one explain Twitter?
Start with auditing your network (use automatic auditing software) and then work out:
You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.
If you can't/won't do this, go find another job.
Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it.
That's not your fault, tell them to be mad at the other guy. As far as you're concerned, either the company can cough up the money for non-pirated copies of software, or you can ZOMG, replace it all with OSS.
Every employee reads and signs a conduct statement when joining and annually. Its spelled out in there. I believe company had some problems and fines in the past.
CYA = cover your ass
in case some of our international readers missed it ;)
Rules for dealing with that
1) *Never states the existence of pirated software as a fact to outside you company*.!!!
2) Ask your Boss at a cup of tea outside his office
3) Depending on your bosses answer and your morality
a) Boss says: hunt down priated software -> you do that
b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.
Easy! Keygens.
Gather the details of what is installed by using belarc's survey software. Summarize the number of computers, the unlicensed software and the steps necessary to move forward. Go to the executive privately first. This will allow him to evaluate and consider the path without cornering him.
The next step is going to be an evaluation by the managers to determine what software their people really need.
In the end, they need to get proper licenses, and no executive is going to wantonly commit federal fraud.
The more you scare people.....the more they will pay.
I had this situation with a company I was contracting to. Knowing that the IT guys were installing pirated software, I wrote the management of that company and recommended that the company established a policy that all software was legally obtained and licensed. At that point, management had only two choices, acknowledge the issue and agree, or document that they approved of piracy. Armed with the policy, I could point to that when anyone asked me to install non-legal software without fear of retribution.
CM www.cometenergysystems.com Blog: http://caribbeanrenewable.blogspot.com/
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
And those Boy Scouts are rotten little bastards.
Whale
Do what any decent pirate would do, turn 'em in to the Navy (or whoever is in charge of pirated software), collect yer bounty, and, arrr, off to more plunder matey!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
It's not my responsibility. I'm not paid enough to care. If I need software on my computer, and the IT guy gives me that software, then I will install it and use it and not ask questions.
I'm god, but it's a bit of a drag really...
Rather than presuming that it's all pirated, start by presuming that everything as it stands is legitimate. Write a memo to whoever does the accounting and ask for copies of the invoices for all of the software purchased over the past five years "so that I know what licenses we currently possess and don't end up paying for software twice over when someone asks me to install something".
When/if the accounting person/dept comes back with nothing, then take it to the bosses and explain how surprised you were when accounting were unable to find any invoices. Stress the safety issues of illegitimate software (viruses, trojans etc.) and discuss the options. Make it look like you are a contentious employee doing your best for the company and avoid looking like a self-righteous jobsworth.
Actually, it's not a ZOMG, just explain to the owner that you have certain ethical standards, and that you will not break the law for your job. Then put together an itemised list of licences needed to bring the company into compliance, with prices. If they are unwilling to pay, provide itemised list 2, which has FOSS options that can be migrated to, with an estimate of how long it would take you to do so, and how much downtime would be involved. If they are unwilling to go with either option, "You don't want to sell him death sticks. You want to go home and rethink your life."
That which is done from love exists beyond good and evil
Non-production piracy is still piracy.
Yes, and you still be hanged for it. Yarr!
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.
After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.
Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.
Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.
If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*
* Just like music piracy. Even if you want to claim it's not theft.
Ask for an indemnity in writing from your employer saying that everything they use is legitimate and legal. If they refuse to provide it, you *have* to go somewhere else, because they will blame YOU when they are reported for it (in actual fact, walking and reporting them yourself wouldn't be too bad an idea if you don't want to be party to the charges, plus it covers you if they decide to pin it on you as you walk out the door). If they provide an indemnity (which they won't, but keep reading), you have a piece of paper that says you were assured it was all genuine. The person who signed it gets the blame.
What *will* happen, if you do it right, is that when they are asked to sign a bit of paper, they will get incredibly stroppy and either get rid of you in time anyway (and you should be LONG GONE by then, if that's the case), or they will wake up and say "Okay, well, I suppose we have to do something about that, then", even if they end up hating you. It's nice earning money, and all, but they don't care about you so when the penny drops and someone does come in and audit you, at least you won't get caught up it in - short term unemployment versus police record for failing to do your job legally.
And, I *have* done this exact thing to my employers, in order to ensure that they are, and that they stay compliant with the law. Fortunately, it was somewhere where they did have all the right licenses, but were just careless about recording them - they actually bought 10% more than they needed most of the time because they knew their record-keeping was poor. They were able to chase up 99% of the licenses, or get the seller to put it in writing, or similar, and a few extra licenses they either bought or didn't care about (because they weren't using them any more). The legitimate companies will see it as an hassle, but they will happily do it if it means legal compliance. If your place won't do this, you have to ask what *else* they are doing... Not enough money in the pension fund? Spying on staff? Fiddling the accounts? Mis-selling? Sending out false references about their ex-staff? Who knows?
This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.
There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.
This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.
Your first step is to dig through all of the documentation you have to find any and all software purchases. This included going through the previous guy's email (hopefully it's still available) and digging out the license cards from those boxes stashed in the corner. If you are lucky, someone in accounting can start pulling invoices from you. Also, go to the resellers your company has been using to see if they can pull a purchase history or license report (CDW is great for this). Don't forget to try sites like Microsoft's eOpen (eopen.microsoft.com) or Adobe's license site (licensing.adobe.com).
The next step is to audit your workstations and servers to see exactly what commercial software they are running. Try to match that up with what documentation you found to start with. My rule of thumb is that if I don't have a PO/invoice, license key or box, then I don't own the software. Then go and get quotes from your favorite reseller to see what the costs are to "true-up".
Take all of this to your manager (or the owner) and show them the situation. Be sure to explain the consequences of not licensing the software you are using, and leave the decision up to him whether to true-up, stop using the software, or use it unlicensed. I would personally document this meeting just to cover your own ass, especially if the last option is chosen.
In order to prevent this situation in the future, make sure all software purchases come through your department. Then keep all license documentation in a single physical or electronic location. Be prepared to dig your heels in when someone tries to bypass IT to install illegal/unlicense software.
ÕÕ
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
They can't. They love to pretend they can, or they try to strongarm people into letting them do surveys. It's all just evidence gathering for when they sue you later, or use it to extort you into paying massive fines.
If they show up, tell reception not to let them past the waiting room. Call the cops IMMEDIATELY if they won't follow your instructions or requests (your business is private property.) Fetch the highest person in the company, preferably an officer, and tell them the BSA has no legal ability to search without a warrant or court order (which requires a lawsuit) and they need to shoo them away. The BSA should get nothing but the phone number of your lawyer.
Now, on the second part of your question: what to do? It's very simple. Ask your boss. Explain the risk. Include some sort of plan for inventorying and an estimate of how long it'll take. OCS Inventory is a pretty good way to do this if you have more than a dozen or so systems. Possibly include some (qualified) estimates of what it is going to cost to come back in line (remember there are significant volume discounts for things like Office) based on what you've seen before; stick to the facts. Include alternatives such as OpenOffice, but don't get too crazy (ie, don't list "convert to linux" for unlicensed servers as $cost_of_MS_Server in "savings"...factor in some healthy labor estimates AND you have the time to take on such tasks. Don't forget that there is opportunity cost too.)
Lastly: you need to make sure you have BOTH purchase records (receipts/packing slips) and the license files (ie those thingies with the holograms and barcodes) for EVERY PIECE OF SOFTWARE YOU HAVE. The company accountants / office manager can help with part of that. It's going to mean going through a lot of boxes- get a big filing cabinet. If you get any electronically, PRINT THEM IMMEDIATELY, and keep them in a safe place.
Please help metamoderate.
Get a concise audit of the software your company has installed, where it's installed, and just how much pirated software you're dealing with. http://www.open-audit.org/ does a serviceable job of software & hardware inventory, but really anything that connects to the WMI for inventory purposes should be able to tell you what license keys are in use. If you're in a small shop then XAMPP + OpenAudit will give you all the information you need in less than an hour from the time you start installing XAMPP.
Get your ducks in a row before you start making moves. You want to able to say "we have X copies of Office, Y installations for Win2k3, and Z copies of Photoshop installed against A,B, and C legitimate, verifiable licenses purchased. It'll cost us approxiamtly Q Dollars for Office, R for Win2k3, and S for Photoshop. I can have this issue resolved in two weeks and have multiple vendors willing to give us quotes" rather than "I don't think we've got enough licenses for all our stuff can I have some money?" It'll also offer you some small amount of protection should you have a less than productive meeting with management. CYA, Get it in writing, and maybe spend a few minutes updating that resume.
There are some people that if they don't know, you can't tell 'em.
As the first post mentioned, please DO bring this matter up with your higher-ups and get something in writing. Even then, getting it in writing doesn't give you a golden ticket out. If you are knowingly doing something wrong, then you are just as responsible as those who authorized it.
I don't care how small your company is; the smaller, the easier to get hit with a huge bill after an audit. I don't know how trustworthy your bosses are, but what you don't want is for the authorities to catch wind of what's going on, and for your superiors to turn you into the scape goat.
"What, we didn't know there was any pirated software being used...he's the guy who handles this stuff. We hired him to take care of this. It's his fault..."
Best "String" Ever!
Hooray for blackmail!
I prefer extortion. The X makes it sound cool.
I realize that's true from a pure copyright standpoint, but in the real world it's sometimes useful to say, install a copy of a tool for evaluation in your workflow before deciding to spend $600 on a license for that tool.
Or do you know of a merchant that will accept opened software package for return, should I decide that $600 isn't worth the cost for deployment, or doesn't do what I need? Because I'd be happy buy a license if I had the right to terminate the license and return the product for refund, and even to pay some reasonable fee for my trial usage -- I'm just not willing to pay full price with no opportunity for refund for a product that I've never had the opportunity to test. I wouldn't do it for a car or a DVD player and I won't do it for software either.
Non-production piracy is still piracy.
I will never, ever buy a program until I've vetted it first. Some companies have worthwhile demos, and I'll use those if available, but if not... fire up the keygen. If this makes me evil in your eyes, so be it - but I sleep comfortably at night.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I'm in a similar situation, and it's taken months to get all of our licenses in order. My strategy has been to move slowly, as tight budgets didn't allow us to upgrade everything right away, but forcefully, as the consequences running pirated software can be pretty substantial in the long run.
When possible, I switched to open source software (openoffice, gimp, etc.), but when some employees had difficulty switching, I went to management. Eventually, management decided that the increased productivity that we get out of using M$ products was worth spending about $2000 on licenses. I then set up a schedule and got management to agree to budget for 3 copies of office per month. We're finally up to date on licenses.
It was a difficult process, particularly because the median age at the company is fairly low, and because young people tend to believe that software should be free. Still, when management realized that the fines for using pirated software could literally bankrupt the company (and that if we ever fired an employee, he or she might report us to the BSA out of spite), they decided to give me a reasonable budget to buy software.
I think one of the most important things for small companies to realize is that if you use pirated software, you probably shouldn't fire anyone or make any of your employees unhappy. If you do, they can bring you down by reporting you to the BSA.
Facts have a liberal bias.
I ran into this at one company. It caused lots of issues. Managment did agree that they needed to fix the problem and was prepared to start buying licenses, until I came back with a count of what people "needed", and told him the cost. Once he quit clutching his heart, he had a look at the "needed" software list. We then looked at OSS and found that would cover some of our needs and then cut the "needed" list down to the software people required to do their jobs. When I told the employees what was going to happen, they staged a revolt. Talking about the P in PC meaning personal. I thought about that and said "Your right!" So back to the boss. Here was my idea. Charge everyone with doing their job. Take away ALL of their sofware and give everyone a raise to buy their own PC and software, and make every sign the CYA agreement that they are personally responsible for the software on their computer and that at any time the company can invite and external audit. Everyone loved the raise and promptly bought a PC and Licensed versions of their software. This resulted in a direct write off for the company in stead of an amortized one. Because people were spending money on their Own PC many spent extra. so we gained with some having even better hardware and software. Only one person bought the "minimum" to save some cash. The other cool thing was watching people get together to pool their money to purchase things like Symantec Enterprise. One person did quit right away and tried to take their new PC, which they did. However he forgot to read the 6 month clause in actually getting paid for the PC. It might not work for everyone, It took a lot of communication and hard work. In the end when I left, everything other than some music was licensed. (but as an IT guy you can only push so hard)
There are several solutions, and which one is adopted depends a lot more on corporate culture than technical merit.
In large businesses (10,000+ employees), I see two common approaches. The first is lock-down.
Lock down.
* Centralize everything and lock down the workstations. All software comes from one department, is distributed by SMS or Altiris, and (sometimes) workstations are monitored for compliance. Businesses like this often go with Dell for their hardware provider and have only about 5 or so workstation configurations in active use. Patches and install requests can take months to fulfill, and if the software isn't on their list, chances are good that you'll never see it. These businesses have security weaknesses in their network due to this centralization -- typically using flat topology models with very little or no firewalling between various business units. USB ports are typically fiddled with so flash drives cannot be used. For some reason, DVD/CD drives always do though. Go figure. Everything is vanilla-flavored, stock, and the same. If you find a weakness on one workstation, chances are good they all have it. Standardization is great! The servers are backed up. The workstations, where all the real data is, is ignored.
Multiple IT departments
* You'll see this with businesses that absorb other businesses -- financial companies in particular. Each business unit has its own IT, distribution schema, and enforcement of IT policies vary wildly. You won't be able to change your desktop wallpaper, but regedit still works with full admin rights. Firewalling between various business units is more common, but the policies are often out-of-date, and multiple routes exist. VPNs are commonly stacked over them, and if you know where to look, you can usually find a way through. The upshot is that the hardware is much more diverse, users are sometimes "left to their own devices" (literally and figuratively), and homebrew software solutions are more common. Nobody really knows what Server X does, but it has a sticker on it saying "Do not touch, Very Important." Often, hardware inventory and diagnostics in such environments consists of unplugging it and waiting to see who complains. If nobody complains, pack it up and ship it to Corporate. Nobody really knows what the company owns, but by god, we've got a lot of it. The good news is, if you can find your IT guys, they'll usually have your software loaded in a few hours. They won't care as much about software licensing either (I just gotta make my 8 hours, man)... Contractors typically run the show, and they have no idea what they're doing (because nobody wants to tell them anything). Servers are backed up, sometimes workstations are too. Sometimes. Maybe.
Mid-size businesses (less than 100,000 employees)
Sometimes you'll see centralization, but more often it's the scenario above, but with only one IT department. The network topology is generally laid out better though, hardware is more consistent, and the helpdesk is actually (le gasp) helpful, typically being a stone's throw away from the admins who maintain the servers. This is a good deal for you users -- they're too busy to be making many software policies and auditing, but not too monolithic that they're inaccessible. Your USB flash drive will work, even though you're told not to. Hello iTunes! Don't download pr0n though... For some reason, medium-sized corporate IT departments know everything you do on the internet, even though they don't know where the database server is. There is one rack of equipment... somewhere... and if it dies the entire business will collapse. But nobody knows. The servers are sometimes backed up, and so are the workstations. We're not sure... What's a "backup policy"? Can I use MMC to set one up?
Small business (less than 10,000 employees)
There is one guy or a small team and they are zyzzy GOD on the network. They don't care what you are running on your workstation... There's a pile of install CDs at his desk. Help yourself. Talk to the pimply-face
#fuckbeta #iamslashdot #dicemustdie
most large commercial software do have free trials
what $600 purchase are you alluding to that does not?
Photoshop http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=39
autocad http://usa.autodesk.com/adsk/servlet/mform?id=9106363&siteID=123112
Sony Vegas http://www.sonycreativesoftware.com/download/trials/vegaspro
MS office- http://us20.trymicrosoftoffice.com/default.aspx
you can in fact with a tech net subscription-
trial EVERYTHING Microsoft produces for $349 a year--
which is a worthwhile investment and negligable sum for ANY company large enough to have a full time IT person on staff
not an unreasonable purchase amount at all.
every day http://en.wikipedia.org/wiki/Special:Random
"The answer is easy if you take it logically..."
1) Start looking for a new job.
2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
5) See #1.
same situation two years ago. Last month I cleared out the last of the questionable software. It has taken 2 years, much hard work, and more than a few shouting matches, but we are fully licenced here at last. Much of what I replaced was replaced with OSS.
Since simply licencing everything would have bankrupted the company, and inertia prevents a switch to Linux on the desktop, the bosses want outlook. I got a policy stating that all new laptops would be purchased with a copy of Office.
One day without notice I blocked access to the update server for the pirated antivirus software, and just waited. Two days later there was a panic, and the next day I had a site licence for the antivirus I wanted instead of the crap I was stuck with by the person I replaced.
In a nutshell, here is my advice:
Document everything. What you found, when you found it, and your plan to get rid of it.
Think creatively about ways to get what you want.
Take your time. Cleaning up a mess like this is a long process.
If I were God, wouldn't I protect my churches from acts of me?
It is also good advice to bring up the issue with your boss to let them know. OSS is perhaps a good route where possible to replace these programs. It is true, something to keep in mind, that there are other employees who might report it. So bring it up with your boss, but dont call the BSA, software companies, or start talking about it with other people.
ANother poster also mentioned some important information about how to handle the situation if the BSA ever did show up. As they said they have no right to enter the premises dont let them get past the reception desk and let the higher ups know they have no authority to enter the premises and they should be told to leave.
some of the finest people in history have been shitcanned and blackballed for simply saying the truth, no matter how politely, professionally, or curteously they did it.
I download all my software from BitTorrent. Why pay for something you can get for free? It doesn't hurt anyone...it's not like the programmers are making the bulk of the money off the software sales...Microsoft is a billion dollar company but do you think they pay their programmers even millions of dollars a year? Pssht.
The day programmers start making even 50% of the profit from their labors is the day I start buying software.
Software? Oh, I meant music. :-)
Disclaimer: Outside of the Slashdot Virtual Reaility, I do purchase CDs, AACs, MP3s. I use licensed MS software at work and home and even buy video games now and then. I do NOT, however, pay for bottled water at the movie theater. Preposterous!
My rule as an IT professional is that if you are making money using the software, you are obligated to reimburse the developer.
I take a more lenient approach for software used for personal training at home for two reasons:
1) Those people tend not to purchase the software and would just not use it as an alternative.
2) Familiarity with the software inspires purchases in a professional environment.
So personal piracy is freeloading with little/no negative effects on the developer. Profiting from software is a removal of a sale from the developer.
I was a big pirate in my youth, though I become the biggest hard ass regarding licensing in the professional sphere. Cover your own ass in an email stating that you won't pirate software without a direct order/authorization from above you. In my experience though, small/medium business owners will tend to be on the 'pro-piracy' side of things, so you may want to update your resume if it's a moral issue to you.
Personally I had pretty good experience just stonewalling them, which caused the staff to put pressure on the higher ups to get licenses purchased. If worse comes to worst, you can always lie and tell them that the license is node locked and calls home.
Ways to try before you buy in the real world:
1) Go to SW Vendor website, see if a demo is available
2) Call SW Vendor directly, request a trial version or sales presentation
3) Do some research before buying software - review competitors features, price, support structure, and make the best decision. If your business does not have a software budget where you can afford the rare $600 mistake, you probably don't really need $600 software.
If the first thought to statement in #3 is "but I might really need software X", then you either do or you don't. Do #1-3, especially 3, and determine if you need it. If you don't need all the bells and whistles that software X provides, buy a competing product, find an OSS alternative, or make do without.
Generally speaking, if it's worth your time to find a $600 (or $60,000 or $6,000,000) piece of software, you should make up for it in time saved or increased revenue. Return on investment.
Most (if not all) of that determination on whether to purchase a product must be made upfront. Just because it isn't a car doesn't mean you can't research it and do a "test-drive".
Ah, yes, the ivory tower scenario. Here's how it works in real life:
1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.
2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.
3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.
4. Maybe you can push FOSS as a solution at the unemployment office.
The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.
First thing you need to do here is get the CFO and company attorney involved. The CFO because getting all those licenses is going to cost money, the company attorney because lack of licenses is a legal problem for the company. You also want the leverage: the CFO's not going to want to spend that much money if the company doesn't have to, the attorney is someone with authority to tell the CFO that the company does have to if it wants to keep the software available. You might also want to research news reports and have a few articles in hand less than a year old reporting on BSA raids of companies (to help convince the CFO that no, this isn't just a theoretical risk).
Before you go in, look over the F/OSS alternatives to the software in question. Ideally, have a laptop with it installed so you can show the CFO that no, it's not particularly inferior to the pirated commercial software. If he's already used OpenOffice to type up a memo and seen that it's just as easy to use and produces just as good a results as Word, he's going to be less sympathetic to spending lots of money on Word or to risking a BSA raid over it. This tends to look good to CxOs: you're identifying a real problem and presenting them with solutions to it that work while avoiding having to spend heart-attack-inducing amounts of money in the process. You'll still get screams from the users, but it'll go a lot smoother if you've got the executives on your side first.
Spiceworks is a spiffy tool. It'll get all the software and hardware info you need for your network. Borrow it on their website - it's free!
Above all, your first job is to show how this is THEIR problem. You need to show the management how this issue is THEIR issue, will bite them in the ass, and that their best course of action will be to pony up the money. Politely, of course. You don't need to be an ass. The second thing that you need is an ally. That's your boss. You need his help. You need him working the money/politics side for you. If not him, then you need someone who knows the money politics side. Don't point fingers. Your job is to come in, straighten things out, and bring the shop up to a PROFESSIONAL level. Keep that as your attitude, and make sure that everyone knows it.
If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.
Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:
1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.
2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."
So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.
You've actually been given some good advice on what to do from a CYA standpoint. You can try those suggestions. The odds are that nobody will fink on your company, but if your company has a disgruntled former employee, those odds will suddenly increase.
Do note that nobody will like this. Management will get mad that you are "rocking the boat" and spending money that they hadn't budgeted because the previous guy didn't tell them that they were such a situation. The employees will get mad because there is a chance that what they were using may go away or be replaced with something else. Change is bad to a lot of people.
To give you an idea of how crazy this fear is, my best friend is an attorney. His practice includes his wife (also an attorney) and at any given time 2 or 3 employees. He doesn't retain people well because the jobs he has don't pay well, so there's a lot of turnover in his staff. He lives in fear that a former employee will sic the BSA on him, so he makes sure that everything he has on all the PCs is legit. In fact, he will not use FOSS at all because he is afraid that somehow this will run afoul of the BSA (I have tried and failed to convince him otherwise). He also tends to pay full price for everything he buys because he is afraid too that if buys something at a discount, it might not be legal and he'll be screwed. Heck, he's been known to even buy multiple copies of a program that he may only need 1 copy of just to be absolutely sure that he's in compliance and with all of this, he is still worried that somehow, someway, the BSA will one day come calling and arbitrarily decide that he's out of compliance and screw him over. While I know that this is an extreme example, it does illustrate that some people, including small businesses, take software compliance very seriously.
Neither is theft. Both are illegal. I think most people however would agree that there is a substantial difference between downloading a song and putting it on your portable player vs. downloading that same song and using it in a product you sell. The introduction of profit motive makes a pretty big ethical difference.
Stop calling it "piracy"! Installing software you haven't licensed is breach of contract, or something like that.
Piracy, on the other hand, isn't some little look-the-other-way offense that gets you in trouble with the BSA and sends you to court. It's a brutal, nasty, bloody, violent, and sometimes deadly crime committed against a vessel (aircraft or ship) and the people and property on board People get hurt from piracy. People die from piracy.
And you know what the punishment for piracy traditionally was?
Death, usually by hanging.
It's not something that's just a storybook tale made for Disney movies. Piracy still happens, only now the pirates operate from fast boats, use radar and GPS to track their prey, and arm themselves with rocket launchers and machine guns. They still hold ships for ransom, steal the valuable cargo, and sometimes mutilate or kill their victims.
Piracy and copying software aren't even on the same level.
The meek may inherit the earth, but the strong shall take the stars.
> How Do You Deal With Pirated Programs At Work?
Well, I usually use BitTorrent or eMule myself.
Not even my own story. Several years ago, my father was working for Perot Enterprises (that didn't last long), and one of his jobs was to "do whatever was necessary" to get the local office software licenses legal, without impacting their ability to do the work. He ended up spending tens of thousands of dollars purchasing licenses for the software that everybody depended on, AFTER getting them to identify the stuff they didn't really use and removing it from the machines. But, that's the rub. You can either do it cheap, and change how the business actually works, generating animosity about your evil practices, or you can do it expensive. Ask the boss. He needs to decides which expense he would rather pay. And the risk of getting caught is a viable option for him to choose . . .. You might not want to hang around if he picks that one, but it is an option from his seat.
Spooner always knew what he was trying to say.
...have you considered a career change into piracy?
You could set the place up with even nicer warez than they've already stolen. Everyone would think you're da bomb.
Just be careful everyone knows what not to mention when writing your LinkedIn recommendations.
It's important to avoid being adversarial, so start by assuming that the previous guy was doing everything on the level.
1. Ask for documentation that supports the fact that you own licenses for all the software you have. (CYA)
2. In the absence of #1, ask someone to state for the record, in writing, that you own licenses for all the software you have. (CYA)
3. If they provide #1 or #2, carry on with business as usual, and buy new stuff as you need it.
4. If they cannot or will not provide #1 or #2, you need to outline what it will take to bring their operation into legal compliance and appeal for funds to do so. If there's no money, that may include removing software or shutting off machines, so work out how that can be done with the least disruption possible.
5. If they have no interest in being in legal compliance, leave.
6. If they fire you for trying to operate legally, sue their asses. (make sure you do all of the above IN WRITING and keep copies in case
you are escorted from the building)
You will earn respect by trying to work with them and their needs, and getting the most use out of what they have while still bringing things into compliance. You will not earn respect by threatening anyone or calling anyone names.
Again, if they're not interested in coming into compliance, you need to find someplace else to work, because they are asking you to break the law.
I think BSA gives bounties to whistleblowers, and the size varies on how much stolen software they discover... Depending on the size of your company it could run to years worth of salary.
If the company won't correct the problem, and you think the blame will fall on you...
http://ask.slashdot.org/article.pl?sid=09/02/04/022257 is a discussion very recently about software piracy at the Beijing office of a company. While the location is different, the responses are quite similar. Basically, document your actions in writing, and be prepared to leave if the situation doesn't improve.
This post brought to you by your friendly neighborhood MBA.
One thing you might try is use a software product to find the license numbers.
http://www.magicaljellybean.com/ has a utility that will print out all the Microsoft license number for all the MS programs installed on the computer.
Now I am not suggesting you do that for all the computers but certainly taking a sample of machines and seeing if they're using the same license on them could help determine the true nature of the situation.
First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.
Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.
Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.
Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.
Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."
Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.
Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I came into a job where the previous guy had installed upwards of 300 copies of MS Office 2000 Pro and a number of other programs such as terminal emulators.
I went to the management with this and got pretty much nowhere. I did win on the fact that I would not under any circumstances install software without a license so I have a solution moving forward.
For all those machine without proper licenses I went to the software company and explained the issue and that I would like to bring the company into compliance if they would be willing to give me their discounted upgrade rate. I replaced all of the Office 2000 installs with open office and got the vendor of a terminal emulator to make me a good deal.
We are now 100% compliant and migrating towards more open source software.
I wish that there were direct OSS replacements for everything I run but there are not. I need perfect VT400 emulation and I have not found an OSS that does that. Putty is about 95% but that other 5% doesnt allow me to have the proper keys mapped to the proper location.
Good luck and be on Buddha's side. Stick to your principals.
Do an inventory of the software and find out how much illegal software is in the company.
Set up a meeting with management, and the company lawyer if there is one, and explain to them what the last IT guy did and what will happen if they get caught using illegal copies of software, including the large fines. Explain to them their exposure. Tell them that this has to be corrected to protect the company. Tell them about the companies that have been turned in by disgruntled former employees. Get their buy-in to remove or buy any software that is of questionable origin and to put in place a software procurement process.
Then, put out a memo explaining the changes, including how this is caused by missing media and/or licenses and that any software missing licenses must either be bought or removed. State that this is an amnesty and, after a set period of time, anyone with illegal software on their computer will be subject to disciplinary action up to and including termination.
Document everything every step of the way. If at any point you are told to keep making illegal copies and using unlicensed software, find another job and quit stating you will not break the law for them. Then, turn them into the BSA.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Blue-Collar Man: Excuse me. I don't mean to interrupt, but what were you talking about?
Randal: The ending of Return of the Jedi.
Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
Randal: Like when?
Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
Dante: Whose house was it?
Blue-Collar Man: Dominick Bambino's.
Randal: "Babyface" Bambino? The gangster?
Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
Dante: Based on personal politics.
Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
Randal: No way!
Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.
Set the bar high, then bring a tall ladder.
Yes, I am a lawyer. No, I am not your lawyer. So don't rely on this as legal advice yada yada. But I do have several thoughts from an in-house counsel prospective that might be of help.
1. Avoid putting anything in writing prematurely.
As an in-house counsel, I would much prefer you to come and speak with me prior to putting anything in writing. If you come see me, I can address the issue in the way that makes the most sense from the company perspective. I'm sure management would similarly prefer being verbally informed prior to your putting things in writing.
2. If you do put something in writing, include an attorney on the distribution list.
Generally, letters or emails to the company's attorneys are presumed to be confidential -- particularly if you put ***ATTORNEY CLIENT COMMUNICATION *** in big letters across the top (don't laugh -- I do this all time, even if it seems silly). Should you ever get sued, it would be unlikely that the opposing party would be able to get access to that document. Your management should appreciate the fact that you are looking out for the company by insulating them from potential discovery.
3. If you do put something in writing, stick to the facts.
If you find yourself in the position of being required to document a potential problem (particularly where an attorney isn't available), don't draw conclusions that could be used against the company in any written document. Simply report your findings in straightforward boring terms. Don't speculate about how much trouble the company is in. Do not use words like "pirating" or "stealing." Use words like "may" or "might". Stating in any memo that "thus far I have been unable to locate the appropriate licenses" is very different than saying "we are pirating software."
4. Always leave yourself an out and don't put management on the spot.
A key part of any cya letter is -- well -- covering your ass. You do not want to get fired over something like this. So include an open ended aspect to any letter you write. Say something like "my investigation is continuing, but the preliminary results indicate...." This gives management a chance to come to grips with the idea that what they thought was their bonus fund is instead heading to Redmond. As a last resort, it also gives you the opportunity to revise your attitude should it become necessary to save your job (at least long enough to find a new one).
5. You are not an avenging copyright angel.
This is tricky. You really have only a couple options if you are ignored by your immediate management. At my company, we have an internal compliance hotline as well as in-house auditor and access to the audit committee of the board of directors. Obviously, these avenues are not always available at smaller companies. Just remember that management has every right (and even the obligation) to do what they think is in the best interest of the company. If you report a potential copyright/licensing problem to the right people, and they conclude that it is in the best interest of shareholders to take no action, that's okay. In my view, you have fulfilled your responsibility to bring the issue to their attention. You can only do so much.
Tough situation -- but be a responsible employee, and I'm sure you can weather the storm. Good luck.
Comment removed based on user account deletion
If you're stumbling on this stuff and reporting it to upper management as you go, you're going to piss off everyone as they think you're just nickel and diming them to death. If you have been doing this piecemeal, announce immediately that you are going to do a complete audit to see where you are and then you'll work with them to decide as to how and when to update your licenses as to minimize risk while becoming legal. You'll be surprised how much better a controlled process will go over rather than the random crap you've been shotgunning them with.
That is all.
I started in a company just like you did.. as the first permanent IT support.
Previous support was a mix of lowest-bid contractors, non-techie employees, and "friends who knew stuff". It's not that the company actively sought out pirated warez, but if a contractor installed some PC's, either they used their own reseller licence or the docs dissapeared.
The first problems I found with licencing was that there was no documentation. There was no proof of purchase, no storage for original media and licence keys.
1. Make a plan for software purchasing and upkeep. Get it approved as company policy.
A. Organize past purchases. Get all previous receipts, order confirmations, and work orders. You can call some hardware vendors like dell and request purchase histories. Lock up install software.
B. Install a software inventory tool. (I went with a paid product - LOGINventory, I didnt like the foss solution) These are VERY helpful because you can verify packages, versions, serial numbers, licence keys, and patches.
C. Make it company policy that you will be the gateway for all hardware and software purchases and installations. File all new records of purchases, contracts, and work orders.
D. Remove admin rights from users on company PC's. This was politically hard for me. Be prepared for 'but I need that video player installed'.
Once you know exactly what you have you can sit down with your executives and discuss. You may not be able to attain compliance immediately, just make sure that is the goal.
I implemented compliance by attrition. New PC's were purchased with proper licenses. Unneeded software was removed or replaced by free/low cost solutions. Our exchange server was upgraded to the latest version. Our web server was replaced with a linux lamp.
More advice: Learn the company business as best you can. Take an active roll in starting projects that will save money, make money or entice or retain customers. That is how you become an asset not a burden.
oldhack: "Security is a waste of money until shit hits the fan. 5 minutes later, it becomes waste of money again. "
I've been in the tech support business for 11 years, and here is my policy with customers when I find myself in a similar situation. I changed jobs recently and I made sure my new employers were OK with it beforehand.
If the software is already installed and working, I work with it as it is. If I have to actively support software that is clearly unlicensed, I will mention it to the customer and notify them that I cannot support it properly. I won't reinstall or update the software.
If I am asked to install software, I will make sure the customer has a proper license or original media to do the installation. I will not install it on more systems than the customer can prove he has licenses for.
If the customer asks me to administer his network, and not just do spot jobs, the matter is different and closer to your situation. I'll complete a check of licenses used and paid for and deliver a report on licensing making suggestions. Those usually include: getting up to speed on everything, buying licenses as things go and systems are being replaced, or going with OSS.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
The term "pirates" to describe those who infringe copyright predates the personal computer. It even predates fucking electricity.
So how about you get your facts straight and stop complaining about how the language makes downloading free shit look worse than you feel it should be?
3laws: No freebies, no backsies, GTFO.
Piracy is a centuries-old term for breach of copyright. Daniel Defoe acknoweldged it in 1703.
from http://www.luminarium.org/editions/trueborn.htm