How Do You Deal With Pirated Programs At Work? 958
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
CYA = cover your ass (Score:5, Informative)
CYA = cover your ass
in case some of our international readers missed it ;)
Tell the truth, plainly (Score:2, Informative)
Gather the details of what is installed by using belarc's survey software. Summarize the number of computers, the unlicensed software and the steps necessary to move forward. Go to the executive privately first. This will allow him to evaluate and consider the path without cornering him.
The next step is going to be an evaluation by the managers to determine what software their people really need.
In the end, they need to get proper licenses, and no executive is going to wantonly commit federal fraud.
Play the game (Score:3, Informative)
I had this situation with a company I was contracting to. Knowing that the IT guys were installing pirated software, I wrote the management of that company and recommended that the company established a policy that all software was legally obtained and licensed. At that point, management had only two choices, acknowledge the issue and agree, or document that they approved of piracy. Armed with the policy, I could point to that when anyone asked me to install non-legal software without fear of retribution.
ask some questions (Score:5, Informative)
Rather than presuming that it's all pirated, start by presuming that everything as it stands is legitimate. Write a memo to whoever does the accounting and ask for copies of the invoices for all of the software purchased over the past five years "so that I know what licenses we currently possess and don't end up paying for software twice over when someone asks me to install something".
When/if the accounting person/dept comes back with nothing, then take it to the bosses and explain how surprised you were when accounting were unable to find any invoices. Stress the safety issues of illegitimate software (viruses, trojans etc.) and discuss the options. Make it look like you are a contentious employee doing your best for the company and avoid looking like a self-righteous jobsworth.
Re:Your choice (Score:5, Informative)
I was in a similar situation long ago... I wrote up a memo outlining the software we had installed, an estimated budget to get everyone legal with what they needed, and an approval to go ahead. (At the time there was no FOSS...)
I got my ass chewed for putting it in writing, but it got their attention. We ended up getting legal in most of the larger packages.
Today I would also do the homework and add "direct FOSS replacements" for the software in question as much as possible. MS server -> CentOS + Samba; MS OFfice -> OpenOffice, and so on. I would create a roadmap to get everyone legal and ask for approval.
Above all, be professional, curteous, and politically astute. It won't do to create a "fear reflex" where you get shitcanned and blackballed. You may want to have a closed-door conversation first and ask to see if management would like to see the roadmap you've prepared.
Piracy (Score:3, Informative)
Ask for an indemnity in writing from your employer saying that everything they use is legitimate and legal. If they refuse to provide it, you *have* to go somewhere else, because they will blame YOU when they are reported for it (in actual fact, walking and reporting them yourself wouldn't be too bad an idea if you don't want to be party to the charges, plus it covers you if they decide to pin it on you as you walk out the door). If they provide an indemnity (which they won't, but keep reading), you have a piece of paper that says you were assured it was all genuine. The person who signed it gets the blame.
What *will* happen, if you do it right, is that when they are asked to sign a bit of paper, they will get incredibly stroppy and either get rid of you in time anyway (and you should be LONG GONE by then, if that's the case), or they will wake up and say "Okay, well, I suppose we have to do something about that, then", even if they end up hating you. It's nice earning money, and all, but they don't care about you so when the penny drops and someone does come in and audit you, at least you won't get caught up it in - short term unemployment versus police record for failing to do your job legally.
And, I *have* done this exact thing to my employers, in order to ensure that they are, and that they stay compliant with the law. Fortunately, it was somewhere where they did have all the right licenses, but were just careless about recording them - they actually bought 10% more than they needed most of the time because they knew their record-keeping was poor. They were able to chase up 99% of the licenses, or get the seller to put it in writing, or similar, and a few extra licenses they either bought or didn't care about (because they weren't using them any more). The legitimate companies will see it as an hassle, but they will happily do it if it means legal compliance. If your place won't do this, you have to ask what *else* they are doing... Not enough money in the pension fund? Spying on staff? Fiddling the accounts? Mis-selling? Sending out false references about their ex-staff? Who knows?
I refused. (Score:1, Informative)
I refused to install pirated copies of Word Perfect, etc on clone PCs we sold in the 80's-90's,
I got fired.
But frankly I'd do it again.
Re:Your choice (Score:5, Informative)
BSA (Score:5, Informative)
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
They can't. They love to pretend they can, or they try to strongarm people into letting them do surveys. It's all just evidence gathering for when they sue you later, or use it to extort you into paying massive fines.
If they show up, tell reception not to let them past the waiting room. Call the cops IMMEDIATELY if they won't follow your instructions or requests (your business is private property.) Fetch the highest person in the company, preferably an officer, and tell them the BSA has no legal ability to search without a warrant or court order (which requires a lawsuit) and they need to shoo them away. The BSA should get nothing but the phone number of your lawyer.
Now, on the second part of your question: what to do? It's very simple. Ask your boss. Explain the risk. Include some sort of plan for inventorying and an estimate of how long it'll take. OCS Inventory is a pretty good way to do this if you have more than a dozen or so systems. Possibly include some (qualified) estimates of what it is going to cost to come back in line (remember there are significant volume discounts for things like Office) based on what you've seen before; stick to the facts. Include alternatives such as OpenOffice, but don't get too crazy (ie, don't list "convert to linux" for unlicensed servers as $cost_of_MS_Server in "savings"...factor in some healthy labor estimates AND you have the time to take on such tasks. Don't forget that there is opportunity cost too.)
Lastly: you need to make sure you have BOTH purchase records (receipts/packing slips) and the license files (ie those thingies with the holograms and barcodes) for EVERY PIECE OF SOFTWARE YOU HAVE. The company accountants / office manager can help with part of that. It's going to mean going through a lot of boxes- get a big filing cabinet. If you get any electronically, PRINT THEM IMMEDIATELY, and keep them in a safe place.
Audit first, go from there (Score:3, Informative)
Get a concise audit of the software your company has installed, where it's installed, and just how much pirated software you're dealing with. http://www.open-audit.org/ [open-audit.org] does a serviceable job of software & hardware inventory, but really anything that connects to the WMI for inventory purposes should be able to tell you what license keys are in use. If you're in a small shop then XAMPP + OpenAudit will give you all the information you need in less than an hour from the time you start installing XAMPP.
Get your ducks in a row before you start making moves. You want to able to say "we have X copies of Office, Y installations for Win2k3, and Z copies of Photoshop installed against A,B, and C legitimate, verifiable licenses purchased. It'll cost us approxiamtly Q Dollars for Office, R for Win2k3, and S for Photoshop. I can have this issue resolved in two weeks and have multiple vendors willing to give us quotes" rather than "I don't think we've got enough licenses for all our stuff can I have some money?" It'll also offer you some small amount of protection should you have a less than productive meeting with management. CYA, Get it in writing, and maybe spend a few minutes updating that resume.
Re:Your choice (Score:4, Informative)
I agree. I'd go one step further though. I'd go to the big boss head honcho guy, and explain the options as far as you know as follows.
1) You are a professional, and take professional pride in your work. This means that you will not install or support pirating.
2) As professional, you'll recommend free and open source alternatives to replace all the pirated versions as quickly as you can.
3) Any software that is necessary that has been pirated will be replaced with legitimate versions ASAP, with the understanding that it is a high priority for you.
4) The cost of getting caught by the BSA holding pirated versions is much more costly than actually purchasing the software. And it only takes one disgruntled employee to make that call.
I'd present him with the scenario where someone offered to sell the business a bunch of whatevers that happened to "fall off the truck" what the boss would do. If he doesn't care, then you know exactly who you are dealing with and the kind of company you work for.
Lastly, I would DOCUMENT everything, and let the Bossman know you are documenting everything, including the conversations you have regarding your findings and the solutions you're offering. That is professional.
Education is a long hard process. And sometimes the best education is pain. But there are a few people out there that will never learn.
Make the consequences clear (Score:2, Informative)
When possible, I switched to open source software (openoffice, gimp, etc.), but when some employees had difficulty switching, I went to management. Eventually, management decided that the increased productivity that we get out of using M$ products was worth spending about $2000 on licenses. I then set up a schedule and got management to agree to budget for 3 copies of office per month. We're finally up to date on licenses.
It was a difficult process, particularly because the median age at the company is fairly low, and because young people tend to believe that software should be free. Still, when management realized that the fines for using pirated software could literally bankrupt the company (and that if we ever fired an employee, he or she might report us to the BSA out of spite), they decided to give me a reasonable budget to buy software.
I think one of the most important things for small companies to realize is that if you use pirated software, you probably shouldn't fire anyone or make any of your employees unhappy. If you do, they can bring you down by reporting you to the BSA.
Re:Same as you deal with pirated music (Score:5, Informative)
Probably because there is no Slashdot groupthink - it's just paranoia on part of people like yourself. I see plenty of anti-piracy and pro-MS posts here personally. And it isn't theft it's unlicensed use. Adobe still have the source and binaries to Photoshop.
which $600 package? (Score:5, Informative)
most large commercial software do have free trials
what $600 purchase are you alluding to that does not?
Photoshop http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=39 [adobe.com]
autocad http://usa.autodesk.com/adsk/servlet/mform?id=9106363&siteID=123112 [autodesk.com]
Sony Vegas http://www.sonycreativesoftware.com/download/trials/vegaspro [sonycreativesoftware.com]
MS office- http://us20.trymicrosoftoffice.com/default.aspx [trymicrosoftoffice.com]
you can in fact with a tech net subscription-
trial EVERYTHING Microsoft produces for $349 a year--
which is a worthwhile investment and negligable sum for ANY company large enough to have a full time IT person on staff
not an unreasonable purchase amount at all.
Re:Keep your mouth shut (Score:3, Informative)
It is also good advice to bring up the issue with your boss to let them know. OSS is perhaps a good route where possible to replace these programs. It is true, something to keep in mind, that there are other employees who might report it. So bring it up with your boss, but dont call the BSA, software companies, or start talking about it with other people.
ANother poster also mentioned some important information about how to handle the situation if the BSA ever did show up. As they said they have no right to enter the premises dont let them get past the reception desk and let the higher ups know they have no authority to enter the premises and they should be told to leave.
Re:It doesn't have to be production to be piracy.. (Score:2, Informative)
Ways to try before you buy in the real world:
1) Go to SW Vendor website, see if a demo is available
2) Call SW Vendor directly, request a trial version or sales presentation
3) Do some research before buying software - review competitors features, price, support structure, and make the best decision. If your business does not have a software budget where you can afford the rare $600 mistake, you probably don't really need $600 software.
If the first thought to statement in #3 is "but I might really need software X", then you either do or you don't. Do #1-3, especially 3, and determine if you need it. If you don't need all the bells and whistles that software X provides, buy a competing product, find an OSS alternative, or make do without.
Generally speaking, if it's worth your time to find a $600 (or $60,000 or $6,000,000) piece of software, you should make up for it in time saved or increased revenue. Return on investment.
Most (if not all) of that determination on whether to purchase a product must be made upfront. Just because it isn't a car doesn't mean you can't research it and do a "test-drive".
Re:Turn them in. (Score:3, Informative)
Collect the reward
And have your house raided and computer siezed the next week.
Re:Your choice (Score:5, Informative)
You present a fairly sensible approach except for the fact that presumably the company already has a working solution for them so they just need to get it legal. With Microsoft this is easy, you just get a select agreement and based on the number of installs you get a substantial discount.
I had the exact same situation happen to me when I moved into this job. I had a closed door meeting with the owner and my boss to determine what the priorities were and what the best way to proceed was. In the end a select agreement allowed us to instantly make all of our servers legal since I had no prior documentation illustrating that we had legitimate licenses.
Server side you simply can't just drop in replacements when you already have running systems. With the Microsoft approach you can just change your license key to the new volume license key you get with your select agreement and away you go without reinstalling anything.
On the desktop a simple PDF writer is more than sufficient and free for end-user PDF creation instead of having to purchase Acrobrat in most situations, obviously not all. Of course Foxit is my preferred choice for reading PDFs.
In the end I went through department by department to determine what everyone needed to do there jobs with minimal impact, the company spent a load of money and now we're a completely legal shop. It actually feels good to provide the transition.
Also in my case I outlined the cost to get us legal and then outlined ways we could reduce costs in future by deploying Linux in places it makes sense like with our new Asterisk system. It removes the fear they have that it will keep happening so they will be less resistant to getting the company legal.
Re:Same as you deal with pirated music (Score:3, Informative)
Spiceworks IT management (Score:5, Informative)
Re:Your choice (Score:4, Informative)
Whatever you do will be unappreciated (Score:4, Informative)
Do note that nobody will like this. Management will get mad that you are "rocking the boat" and spending money that they hadn't budgeted because the previous guy didn't tell them that they were such a situation. The employees will get mad because there is a chance that what they were using may go away or be replaced with something else. Change is bad to a lot of people.
To give you an idea of how crazy this fear is, my best friend is an attorney. His practice includes his wife (also an attorney) and at any given time 2 or 3 employees. He doesn't retain people well because the jobs he has don't pay well, so there's a lot of turnover in his staff. He lives in fear that a former employee will sic the BSA on him, so he makes sure that everything he has on all the PCs is legit. In fact, he will not use FOSS at all because he is afraid that somehow this will run afoul of the BSA (I have tried and failed to convince him otherwise). He also tends to pay full price for everything he buys because he is afraid too that if buys something at a discount, it might not be legal and he'll be screwed. Heck, he's been known to even buy multiple copies of a program that he may only need 1 copy of just to be absolutely sure that he's in compliance and with all of this, he is still worried that somehow, someway, the BSA will one day come calling and arbitrarily decide that he's out of compliance and screw him over. While I know that this is an extreme example, it does illustrate that some people, including small businesses, take software compliance very seriously.
Private vs Profit (Score:3, Informative)
Re:It doesn't have to be production to be piracy.. (Score:4, Informative)
Stop calling it "piracy"! Installing software you haven't licensed is breach of contract, or something like that.
Piracy, on the other hand, isn't some little look-the-other-way offense that gets you in trouble with the BSA and sends you to court. It's a brutal, nasty, bloody, violent, and sometimes deadly crime committed against a vessel (aircraft or ship) and the people and property on board People get hurt from piracy. People die from piracy.
And you know what the punishment for piracy traditionally was?
Death, usually by hanging.
It's not something that's just a storybook tale made for Disney movies. Piracy still happens, only now the pirates operate from fast boats, use radar and GPS to track their prey, and arm themselves with rocket launchers and machine guns. They still hold ships for ransom, steal the valuable cargo, and sometimes mutilate or kill their victims.
Piracy and copying software aren't even on the same level.
Re:which $600 package? (Score:1, Informative)
I second that Technet subscription. That has to be the best bang for the buck on any product we've purchased.
Many of the Technet licenses do not expire. There are all the various OSes such as XP and Vista with valid keys that you can install perpetually for testing. It's not legal to use these in a production environment. I build Zen bundles and write software to deploy to all our PC's. Technet a cheap way to get many licenses to test my Zen bundles on various OSes in a non production environment prior to deployment.
Sharepoint, MOM, SMS, Visio, Office, and just about everything you can think of is included. Some expire, some don't.
One word of caution, stay away from the *very* good deals on "Sponsored Links" when searching Google for these products. Many of these which are extremely cheap are pirated. You'll end up spending money for a key that Microsoft will eventually disable.
The RIGHT answer (Score:2, Informative)
Finding the Licenses (Score:4, Informative)
One thing you might try is use a software product to find the license numbers.
http://www.magicaljellybean.com/ [magicaljellybean.com] has a utility that will print out all the Microsoft license number for all the MS programs installed on the computer.
Now I am not suggesting you do that for all the computers but certainly taking a sample of machines and seeing if they're using the same license on them could help determine the true nature of the situation.
Re:How we deal with pirated programs? (Score:5, Informative)
Along with a heavy dose of virus/trojan/malware scanning and removal, no doubt. Seems these days about 70-80% of keygens on The Pirate Bay are infected with something. People install this crap and they call me in to clean up the mess. ;)
Re:Your choice (Score:5, Informative)
Re:CYA = cover your ass (Score:2, Informative)
Why did I read that as "Carnal Yank Association"?
Damn I'm getting old. I need glasses.
Re:devil's advocate (Score:2, Informative)
Re:Your choice (Score:5, Informative)
While it might not be a choice for OS, you probably should consider OFFERING FOSS to your employers when you go speak to them.
Remember going with FOSS doesn't mean going whole hog linux and software vegan.
You can offer things like Open Office as an alternative to shilling out huge $ for MS Office licences.
There are a lot of good FOSS programs for windows. Offering them as an alternative will help to balance the argument that the company needs to be legal in its software usage, esp if they complain that their people don't know how to use the FOSS, because you can tell them to choose between training time or spending money.
It basically helps kill the argument/rational of "We have to pirate there is no other way."
Re:Your choice (Score:3, Informative)
Copyright infringement (of this sort, which doesn't include making and selling a whole bunch of copies) is generally a civil offense, not a crime.
tohands (Score:1, Informative)
http://news.softpedia.com/news/172-000-Pirated-Software-Fine-78476.shtml
this is what I show to people who ask me for pirate stuff in the company.
Re:Your choice (Score:4, Informative)
You're also documenting your failure to report a crime to the police, which I believe is illegal all by itself.
The BSA's scary ads notwithstanding, I don't think that software license violation is a criminal offense that one is obligated to report to the police. As if they would even be qualified to listen to your report. And "Software Piracy" isn't really handled by the Coast Guard, either.
Legal Suggestions.... (Score:3, Informative)
1. Avoid putting anything in writing prematurely.
As an in-house counsel, I would much prefer you to come and speak with me prior to putting anything in writing. If you come see me, I can address the issue in the way that makes the most sense from the company perspective. I'm sure management would similarly prefer being verbally informed prior to your putting things in writing.
2. If you do put something in writing, include an attorney on the distribution list.
Generally, letters or emails to the company's attorneys are presumed to be confidential -- particularly if you put ***ATTORNEY CLIENT COMMUNICATION *** in big letters across the top (don't laugh -- I do this all time, even if it seems silly). Should you ever get sued, it would be unlikely that the opposing party would be able to get access to that document. Your management should appreciate the fact that you are looking out for the company by insulating them from potential discovery.
3. If you do put something in writing, stick to the facts.
If you find yourself in the position of being required to document a potential problem (particularly where an attorney isn't available), don't draw conclusions that could be used against the company in any written document. Simply report your findings in straightforward boring terms. Don't speculate about how much trouble the company is in. Do not use words like "pirating" or "stealing." Use words like "may" or "might". Stating in any memo that "thus far I have been unable to locate the appropriate licenses" is very different than saying "we are pirating software."
4. Always leave yourself an out and don't put management on the spot.
A key part of any cya letter is -- well -- covering your ass. You do not want to get fired over something like this. So include an open ended aspect to any letter you write. Say something like "my investigation is continuing, but the preliminary results indicate...." This gives management a chance to come to grips with the idea that what they thought was their bonus fund is instead heading to Redmond. As a last resort, it also gives you the opportunity to revise your attitude should it become necessary to save your job (at least long enough to find a new one).
5. You are not an avenging copyright angel.
This is tricky. You really have only a couple options if you are ignored by your immediate management. At my company, we have an internal compliance hotline as well as in-house auditor and access to the audit committee of the board of directors. Obviously, these avenues are not always available at smaller companies. Just remember that management has every right (and even the obligation) to do what they think is in the best interest of the company. If you report a potential copyright/licensing problem to the right people, and they conclude that it is in the best interest of shareholders to take no action, that's okay. In my view, you have fulfilled your responsibility to bring the issue to their attention. You can only do so much.
Tough situation -- but be a responsible employee, and I'm sure you can weather the storm. Good luck.
Re:How we deal with pirated programs? (Score:5, Informative)
Please, download VMWare or Virtual PC or something and use rollbacks (always go back to the previous snapshot after running a keygen/crack) and ALWAYS run these keygens and/or cracks in a virtual machine. They are responsible for a large number of really insidious back door infections.
I know people copying software is a fact of life, but people are getting nailed on the keygens.
Comment removed (Score:3, Informative)
Re:get shitcanned, its good for character (Score:5, Informative)
Ernie Ball [infoworld.com] would beg to differ.
How I did it (Score:2, Informative)
I started in a company just like you did.. as the first permanent IT support.
Previous support was a mix of lowest-bid contractors, non-techie employees, and "friends who knew stuff". It's not that the company actively sought out pirated warez, but if a contractor installed some PC's, either they used their own reseller licence or the docs dissapeared.
The first problems I found with licencing was that there was no documentation. There was no proof of purchase, no storage for original media and licence keys.
1. Make a plan for software purchasing and upkeep. Get it approved as company policy.
A. Organize past purchases. Get all previous receipts, order confirmations, and work orders. You can call some hardware vendors like dell and request purchase histories. Lock up install software.
B. Install a software inventory tool. (I went with a paid product - LOGINventory, I didnt like the foss solution) These are VERY helpful because you can verify packages, versions, serial numbers, licence keys, and patches.
C. Make it company policy that you will be the gateway for all hardware and software purchases and installations. File all new records of purchases, contracts, and work orders.
D. Remove admin rights from users on company PC's. This was politically hard for me. Be prepared for 'but I need that video player installed'.
Once you know exactly what you have you can sit down with your executives and discuss. You may not be able to attain compliance immediately, just make sure that is the goal.
I implemented compliance by attrition. New PC's were purchased with proper licenses. Unneeded software was removed or replaced by free/low cost solutions. Our exchange server was upgraded to the latest version. Our web server was replaced with a linux lamp.
More advice: Learn the company business as best you can. Take an active roll in starting projects that will save money, make money or entice or retain customers. That is how you become an asset not a burden.
As a consultant, here is my policy (Score:3, Informative)
I've been in the tech support business for 11 years, and here is my policy with customers when I find myself in a similar situation. I changed jobs recently and I made sure my new employers were OK with it beforehand.
If the software is already installed and working, I work with it as it is. If I have to actively support software that is clearly unlicensed, I will mention it to the customer and notify them that I cannot support it properly. I won't reinstall or update the software.
If I am asked to install software, I will make sure the customer has a proper license or original media to do the installation. I will not install it on more systems than the customer can prove he has licenses for.
If the customer asks me to administer his network, and not just do spot jobs, the matter is different and closer to your situation. I'll complete a check of licenses used and paid for and deliver a report on licensing making suggestions. Those usually include: getting up to speed on everything, buying licenses as things go and systems are being replaced, or going with OSS.
Re:Here's what you do (Score:2, Informative)
Re:devil's advocate (Score:4, Informative)
AFAIK, NDAs can't be used to cover up illegal behavior. Contract law, I believe; you can't bind to contract something that's illegal. It's kind of like getting someone to sign a form to provide you contract killing for a given rate. Won't wash in court.
Re:Your choice (Score:3, Informative)
I've told my MS reps that I think we're running too many copies of Windows Server on our network, so we need to get current and is there a deal we can work out to get that done?
These companies are all very responsive when you are trying to make good.
Re:It doesn't have to be production to be piracy.. (Score:3, Informative)
The term "pirates" to describe those who infringe copyright predates the personal computer. It even predates fucking electricity.
So how about you get your facts straight and stop complaining about how the language makes downloading free shit look worse than you feel it should be?
Re:It doesn't have to be production to be piracy.. (Score:2, Informative)
Piracy is a centuries-old term for breach of copyright. Daniel Defoe acknoweldged it in 1703.
from http://www.luminarium.org/editions/trueborn.htm [luminarium.org]