How Do You Deal With Pirated Programs At Work? 958
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
Replace with Open Source (Score:5, Interesting)
If I need it, I install it (Score:3, Interesting)
It's not my responsibility. I'm not paid enough to care. If I need software on my computer, and the IT guy gives me that software, then I will install it and use it and not ask questions.
Yes, it's a horrible situation I've faced too (Score:1, Interesting)
1. Grab everything "IT" (install disks, licences, purchase invoices etc.) for hardware and software and get them to a single secure location.
2. Thoroughly audit the whole lot.
3. Refuse point blank to (re-)install stuff you're not sure about. You'd be surprised how much influence you have as the first (only) "real" IT guy.
4. Push FOSS as a solution.
Re:Your choice (Score:5, Interesting)
I actually remember being told by management in a much previouser place to hook up our internet to the unsecured cafe wireless below us because no one could work until the ISP reconnected us (didn't pay the bills). They must've got one hell of a shock as 20 or so machines all started connecting out to the mail server through their wireless via one tablet PC dangling down below through an office window via the Ethernet to get the best connection possible.
And yeah, "management" (far too classy a word for these people) knew exactly what they were doing.
Happy days :)
Re:Your choice (Score:4, Interesting)
Well, I managed to convince my management that OpenOffice was more than adequate for certain departments. We still (sadly) have to use Outlook and Exchange in a number of areas, but I'm already looking at dispensing with that and going with some open source groupware, as well as contact management software. Still, it's a move forward. Right now the phrase "no licensing costs" is like magic.
Re:It doesn't have to be production to be piracy.. (Score:5, Interesting)
Or do you know of a merchant that will accept opened software package for return, should I decide that $600 isn't worth the cost for deployment, or doesn't do what I need? Because I'd be happy buy a license if I had the right to terminate the license and return the product for refund, and even to pay some reasonable fee for my trial usage -- I'm just not willing to pay full price with no opportunity for refund for a product that I've never had the opportunity to test. I wouldn't do it for a car or a DVD player and I won't do it for software either.
User Ownership (Score:2, Interesting)
Re:Same as you deal with pirated music (Score:1, Interesting)
Does that mean it's okay if it's just me, but wrong if my company is doing it?
Small scale non-commercial copying isn't a criminal offense. Using unlicensed software in a business is a criminal offense. Since the law treats the two cases differently, it doesn't seem unreasonable that anyone on slashdot should. Regardless of the ethics, you should take the latter much more seriously if you're in the firing line.
I walked into this (Score:5, Interesting)
Since simply licencing everything would have bankrupted the company, and inertia prevents a switch to Linux on the desktop, the bosses want outlook. I got a policy stating that all new laptops would be purchased with a copy of Office.
One day without notice I blocked access to the update server for the pirated antivirus software, and just waited. Two days later there was a panic, and the next day I had a site licence for the antivirus I wanted instead of the crap I was stuck with by the person I replaced.
In a nutshell, here is my advice:
Document everything. What you found, when you found it, and your plan to get rid of it.
Think creatively about ways to get what you want.
Take your time. Cleaning up a mess like this is a long process.
Re:ZOMG (Score:3, Interesting)
Yea, but the resistance you will run against trying to force everyone to use OSS equivalents may end up with an involuntary 3 anyway. Some proprietary software is qualitatively superior, and trying to take away the "better" product and substituting a "worse" product will breed a lot of user anger.
I've been in a lot of situations where it's one way or the other. I worked at a shop where the licenses were really tight, and I installed OO.org for all the people who didn't rate an Office license, and they LOVED me. And when those people moved on, their replacements screamed bloody murder because they wanted Office instead.
I also ran part of a full-blown everything to OSS migration. It was that times about a million, except no-one was happy.
I've had a lot more success converting home users, though there as well there is a lot of pressure to get the semi-legal stuff (I am the keeper of the corporate site licenses, so there is a lot of pressure to slip 'em a key). Once I have conveyed that the "free key" option isn't ever going to be a reality, however, the "free software" thing gains a lot of traction.
In the business world, however, all the employees look at it as "someone else's money."
In a situation where it's this or nothing, anything looks good. If you're taking away what they want to be using, they will make your life a misery, and you're going to have to be ready for that if you push a big OSS replacement.
Piracy in the workplace (Score:2, Interesting)
My rule as an IT professional is that if you are making money using the software, you are obligated to reimburse the developer.
I take a more lenient approach for software used for personal training at home for two reasons:
1) Those people tend not to purchase the software and would just not use it as an alternative.
2) Familiarity with the software inspires purchases in a professional environment.
So personal piracy is freeloading with little/no negative effects on the developer. Profiting from software is a removal of a sale from the developer.
I was a big pirate in my youth, though I become the biggest hard ass regarding licensing in the professional sphere. Cover your own ass in an email stating that you won't pirate software without a direct order/authorization from above you. In my experience though, small/medium business owners will tend to be on the 'pro-piracy' side of things, so you may want to update your resume if it's a moral issue to you.
Personally I had pretty good experience just stonewalling them, which caused the staff to put pressure on the higher ups to get licenses purchased. If worse comes to worst, you can always lie and tell them that the license is node locked and calls home.
Re:Your choice (Score:5, Interesting)
Better yet wait for the next virus hits and then blame it on a lack of security updates caused by all of the pirated windows versions they are running.
Start at the top (Score:3, Interesting)
First thing you need to do here is get the CFO and company attorney involved. The CFO because getting all those licenses is going to cost money, the company attorney because lack of licenses is a legal problem for the company. You also want the leverage: the CFO's not going to want to spend that much money if the company doesn't have to, the attorney is someone with authority to tell the CFO that the company does have to if it wants to keep the software available. You might also want to research news reports and have a few articles in hand less than a year old reporting on BSA raids of companies (to help convince the CFO that no, this isn't just a theoretical risk).
Before you go in, look over the F/OSS alternatives to the software in question. Ideally, have a laptop with it installed so you can show the CFO that no, it's not particularly inferior to the pirated commercial software. If he's already used OpenOffice to type up a memo and seen that it's just as easy to use and produces just as good a results as Word, he's going to be less sympathetic to spending lots of money on Word or to risking a BSA raid over it. This tends to look good to CxOs: you're identifying a real problem and presenting them with solutions to it that work while avoiding having to spend heart-attack-inducing amounts of money in the process. You'll still get screams from the users, but it'll go a lot smoother if you've got the executives on your side first.
Re:Your choice (Score:5, Interesting)
Re:Your choice (Score:5, Interesting)
You make a good point... I guess I would modify the roadmap to include things like:
Option A: Buy license for MS Server, $2K/yr but no disruption
Option B: Obtain and test CentOS + Samba, 2 weeks of my time testing and deploying
That way you give them a choice. People like to choose.
They must (Score:2, Interesting)
Re:Your choice (Score:4, Interesting)
Next you need to start transitioning people off the illegal software. OSS is a very good choice to implement in office environments.
Don't make a federal case out of it. But don't contribute to the problem either. If you start getting allot of negative feedback you need to simply explain, sans-drama, that the previous IT Admin wasn't keeping track of licensing and even if the software they installed is legit you can't prove it. You can however provide them with software that will meet their needs without costing the company any more money, but they will need to give a tiny bit of cooperation in order to make it happen.
If your superiors give you any trouble about licensing explain to them, again sans-drama, that they can't expect you to break the law on a daily basis as part of your job requirements. DO NOT in any way make any statements like "I have to report this" or "you guys are running illegal software". You don't work for the BSA or anything like that it isn't your responsibility to report anyone.
there is no need to use pirated software GO OPEN SOURCE. I have 3 small businesses all owned by friends that operate entirely on Ubuntu and OpenOffice.org. My mother doesn't get computers at all, she has been using Ubuntu now for about 5 months. I never even showed her how to use it, I keep a PC in my living room for her to use, she just started using it without any help from me at all! Open source software is easier to use than ever before just run with it, it won't let you down.
Re:Your choice (Score:5, Interesting)
I had a former employer that played fast and loose with licensing rules. When I left the job I reported it to the BSA. The BSA got back to me and said "Sorry, they don't have deep enough pockets."
Re:Your choice (Score:5, Interesting)
It's also worth pointing out to the higher-ups (I presume one would write up a report) that pirated software can often cause costly problems - torrents of popular software, for example, may come with viruses or back doors embedded (not speaking from personal experience *cough* *cough*). Also it's often harder to get updates for pirated software, leaving you with unfixed bugs or security holes. Sometimes pirated software can unexpectedly cause data corruption problems (3DSMAX is a classic example - random aberrant vertices). I know you can often avoid these issues if you know what you're doing, but there's always an additional cost in the time required to figure that all out etc. Definitely weigh this in, and evaluate OSS wherever it can be used.
Re:Your choice (Score:5, Interesting)
If you are lucky it's only that, if not you will get all kind of problems. Murphy's law is the most prominent feature in cases like these.
You never know if there is a secondary software that is depending on the product key and will go and die if it's changed.
cya, work with them, or leave (Score:3, Interesting)
It's important to avoid being adversarial, so start by assuming that the previous guy was doing everything on the level.
1. Ask for documentation that supports the fact that you own licenses for all the software you have. (CYA)
2. In the absence of #1, ask someone to state for the record, in writing, that you own licenses for all the software you have. (CYA)
3. If they provide #1 or #2, carry on with business as usual, and buy new stuff as you need it.
4. If they cannot or will not provide #1 or #2, you need to outline what it will take to bring their operation into legal compliance and appeal for funds to do so. If there's no money, that may include removing software or shutting off machines, so work out how that can be done with the least disruption possible.
5. If they have no interest in being in legal compliance, leave.
6. If they fire you for trying to operate legally, sue their asses. (make sure you do all of the above IN WRITING and keep copies in case
you are escorted from the building)
You will earn respect by trying to work with them and their needs, and getting the most use out of what they have while still bringing things into compliance. You will not earn respect by threatening anyone or calling anyone names.
Again, if they're not interested in coming into compliance, you need to find someplace else to work, because they are asking you to break the law.
Re:ask some questions (Score:3, Interesting)
"avoid looking like a self-righteous jobsworth."
Um, You must be new around here....
He's posting to "Ask Slashdot" so it can reasonably be assumed he is already a self-righteous jobsworth (whatever that is).
One of the things I don't like about Ask Slashdot, is there is never any "followup". What advice was taken, how it went over and the long term result.
Seriously where is the followup / debriefing?
How can we learn if the questions are never really answered?
devil's advocate (Score:5, Interesting)
I think BSA gives bounties to whistleblowers, and the size varies on how much stolen software they discover... Depending on the size of your company it could run to years worth of salary.
If the company won't correct the problem, and you think the blame will fall on you...
Sounds familiar... (Score:4, Interesting)
http://ask.slashdot.org/article.pl?sid=09/02/04/022257 [slashdot.org] is a discussion very recently about software piracy at the Beijing office of a company. While the location is different, the responses are quite similar. Basically, document your actions in writing, and be prepared to leave if the situation doesn't improve.
Re:get shitcanned, its good for character (Score:4, Interesting)
But now you get a recourse. Call the BSA and tip them off on their arse.
Got fired for that? let the BSA assrape the managers and Executives. It's a great tool for all IT workers to get back at scummy companies.
Re:What the hell? (Score:3, Interesting)
No problem it's free for you...
https://reporting.bsa.org/usa/home.aspx?pr=1&CMP=KNC-google&HBX_PK=BSA&HBX_OU=50 [bsa.org]
go there to download a copy. I dont think they will have any back doors or call home software in it.
PS. if you have isos on the server to make your admin life easy... DONT. get all install software OFF the servers. a BSA audit will flag those. And they win in that argument.. you will never win.
my successful approach (Score:5, Interesting)
I came into a job where the previous guy had installed upwards of 300 copies of MS Office 2000 Pro and a number of other programs such as terminal emulators.
I went to the management with this and got pretty much nowhere. I did win on the fact that I would not under any circumstances install software without a license so I have a solution moving forward.
For all those machine without proper licenses I went to the software company and explained the issue and that I would like to bring the company into compliance if they would be willing to give me their discounted upgrade rate. I replaced all of the Office 2000 installs with open office and got the vendor of a terminal emulator to make me a good deal.
We are now 100% compliant and migrating towards more open source software.
I wish that there were direct OSS replacements for everything I run but there are not. I need perfect VT400 emulation and I have not found an OSS that does that. Putty is about 95% but that other 5% doesnt allow me to have the proper keys mapped to the proper location.
Good luck and be on Buddha's side. Stick to your principals.
Re:Same as you deal with pirated music (Score:3, Interesting)
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music?
Interestingly, one difference is this is commercial copyright infringement instead of noncommercial. Up until we had crazy laws passed in the 70's, this would have been illegal whereas downloading songs for personal use would not have been.
Well, since you used "groupthink" in your post, you're probably a troll. That said, neither is stealing, both are copyright infringement. Interestingly, depending on the software in use and the songs in question, some people justify it based upon whether or not the copyright holder is a criminal cartel or trust convicted of abuse and which donates lots of money to politicians in order to influence our laws. I'm not saying the actions of infringers are just any more than I'm saying the actions of the criminal trusts are. I'm just pointing out that there are differences.
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
To some degree, yes. Part of copyright law is supposed to include the affect upon the market and commercial (a small company using it to profit) versus noncommercial (just you for private use) is a real difference and used to be a legal difference.
Re:get shitcanned, its good for character (Score:5, Interesting)
Obviously you have no experience with the BSA, not to mention your casual use of the word rape is offensive. The BSA wont do 'revenge' for just anyone, and certainly not the guy in this scenario.
In reality the BSA doesnt care about some small company thats using its photoshop license two or three times or that it has two windows 2003 servers it didnt pay for. They want big shops with big roll-outs who, regardless of due dilligence, missed a license or two. These are big wins for them because of PR and awarded damages.
Small company with some shenanigans? Thats common and you'll be ignored. A multi-billion dollar international corp, yes, then they might come calling. Of course at that point you wont be anonymous anymore. You'll be implicated immediately (gee, who else would have called, the old sys admin we just fired?) and you'll probably have trouble finding a job afterwards. Heck, you'll probably be blamed for some of it too! Get a lawyer.
Re:get shitcanned, its good for character (Score:2, Interesting)
You have obviously never gone hungry.
Pirated software, especially in smaller companies is no big deal. If your not in the USA, you don't have to worry about shit like the BSA. People here are quite over reacting. If people had "pirated" mp3s, would you report them to the RIAA (or country specific equivilant)?
I doubt it.
Re:Your choice (Score:5, Interesting)
Re:Your choice (Score:2, Interesting)
isn't that the most saddening thought.
By saying the boss would be unnerved by the fact that someone within the company is doing his/her job, and doing it correctly and to the T.
You are right though. The boss would feel threatened that someone within the company is willing to go so far as to note and write everything down. I too did the same thing. My boss was all over my back about making sure I put everything in writing.
But even that doesn't change the fact. Once everything is written down, you can be canned, then the next person can take what you've started, and take full credit/credibility for all the hard work.
All because your attitude was too intimidating for them. I've been in this same situation before. My end result was exactly that. I brought up all the issues I found about the company, and provided solutions in my reports. Instead of being greeted and treated with respect I was laughed at, and then given hell. When I started to make sure the ball was rolling to cover my ass. I was let go.
As for the aftermath, I found out later that they indeed took what I had written down to be policy and effectively implemented everything I was trying to do. Difference. I didn't bring the right attitude. I wasn't willing to take blame for the higher ups' mistakes if things did fail. I mean, why should I take blame for failed compliance because management refused to follow the law even when I was attempting to correct the mistakes. I was given hell, and the next guy took credit for my ideas after I left.
oh well.
Re:get shitcanned, its good for character (Score:3, Interesting)
I just don't get, with all the options available, including Linux/BSD/OpenSolaris, why anyone would run pirated software. It's not like OEM windows is so extremely expensive even.
Re:Your choice (Score:3, Interesting)
I've been asked from time to time to install unlicensed software, and a couple times been asked to go out to a customer and assist them with installing cracked copies of software.
I just hold my ground on it, and so far that's been sufficient. If they don't want it that badly, it doesn't happen. If they DO want it badly enough, they do it themselves. Either way I am just going to be responsible for myself. If the BSA wants to stop in and ruin someone's day, it's not my day they'll be ruining. If someone else wants to hang their neck out like that, that's their problem and their consequence.
Sounds like you have a bigger problem where some PHB is telling you to "just do it". I don't even think getting it in writing will sufficiently "CYA". If he writes you a note demanding you go rob a bank, that doesn't mean you're OK to do it just because you got it in writing. Notes from Mom don't absolve you from criminal activity, I sure wouldn't bet my continued state of freedom on that.
If one of the other employees at your place, or other management in a parallel position where they have no direct authority over you is requesting it, be straight, honest, and helpful. "We don't have any available licenses for that installation. Please submit a request to IT or have your department purchase a license and I will install it for you. If you'd like I can email you some links to places where you can purchase it so you know what flavor you need and get a decent deal. If you request IT to install it, the cost of the software will be coming out of your department's budget. I also can suggest some free software alternatives if you're willing to try them. And before you ask, we cannot install software here you have brought from home."
It helps if you already have a good grip on your license deployment. I try to do that when I can. Get a database together with lists of software, activation codes, and have the list include any unused available licenses. It saves a lot of grief later if someone says install xxx there we still have a few installs of the bulk license available somewhere, to be able to actually list where all 10 of the licenses are installed, and to then offer the option of removing it from one of them to free it up. Very often when someone is "liberal" with installations, stuff gets installed places it doesn't need to be. You'd be surprised how many licenses you actually have to work with when you factor in the ability to get things off machines that don't need it. (does Bob REALLY need Access on BOTH of his desktop machines? Whose idea was it to install Cadd on the machine in the break room??)
Re:Your choice (Score:5, Interesting)
Re:How we deal with pirated programs? (Score:2, Interesting)
Re:Here's what you do (Score:3, Interesting)
This attitute could cost you boatloads of cash should the BSA audit.
That threat only really works against large companies and government agencies operating on a large-scale licensing agreement. In a small company, you basically tell the BSA that you respectfully decline their invitation to audit your systems. If they ever try to, which they don't.
Of course, if you're dumb enough to invite the BSA to audit your systems then you get what you deserve.
Re:devil's advocate (Score:2, Interesting)
I highly doubt this, unless they have changed their policies. Several years ago I was put in charge of license compliance at a software development firm. We were easily short about $200,000 worth of software licenses - and that was just with Microsoft, Adobe, and Macromedia. After not getting anywhere with the higher-ups, I sent an email to BSA asking them what to do, stating that I feared I would loose my job if I reported them, but at the same time knew we were grossly out of compliance. No reply other than an auto-responder.
Re:How we deal with pirated programs? (Score:4, Interesting)
Re:devil's advocate (Score:3, Interesting)
First, queue up a couple of stories on how the BSA destroyed various companies and present to the boss(es) how you'd like to avoid that, especially if some folks have left recently.
Second - show that their fileservers can easily be converted to linux boxes (no license fees)
Third, depending on the size of your company, buy a MS tech kit license (whatever that thing is) You get a full suite of small business server software and 10 CALs plus 10 licenses for all other programs. It's for evaluation purposes, which you might be able to claim since you don't have legal software. It will at least get you semi-legal until you can fix them with cash or FOSS. Which is what we did. Go all Linux/OSX and free yourself from worry about it.
Re:How we deal with pirated programs? (Score:3, Interesting)
As a consultant over the years for companies and individuals, I have definitely made the most money supporting windows systems. What does that say?
It says that 90% of the market uses Windows. If you're making more than 10% of your dough from Mac-using companies then either you're self selecting them or macs require more support. :P
(Of course it works the other way too, I've never made a cent from Mac users because I've never worked at a company that used them.)
Re:How we deal with pirated programs? (Score:3, Interesting)
That's why I run the keygens on somebody else's computer.
This is marked as funny, but I have a VMware instance with no network connections and no permanent storage set up for just this kind of purpose.