How Do You Deal With Pirated Programs At Work? 958
LoneAdminOK writes "I started working for a small company in the middle of January as their IT Manager. I am the first actual 'IT Guy' that they have had; before me it was someone that performed another job within the company and just handled the IT on the side. The problem that I am running into is that most of the software I am finding on the network and on people's computers isn't owned by the company. The person before me would just get it from 'somewhere' and install it on the computers as needed. This is putting me in a bad position when I have to reinstall the program or find it to install on someone else's computer. Often, I am telling people that we don't have it or we have to buy another license, and they get mad at me because the other guy said that we had it. I can't even tell where the versions of Windows Server that they are running came from. The only one I know is legit is the one that is installed on an HP server with the OEM sticker on it. How have any of you handled a situation like this? I don't install 'borrowed programs' in a production environment because I know that if the BSA got wind of this, it would all fall on me when they stormed in."
Your choice (Score:5, Insightful)
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
Re:Your choice (Score:5, Funny)
How we deal with pirated programs? (Score:5, Funny)
Re:How we deal with pirated programs? (Score:5, Informative)
Along with a heavy dose of virus/trojan/malware scanning and removal, no doubt. Seems these days about 70-80% of keygens on The Pirate Bay are infected with something. People install this crap and they call me in to clean up the mess. ;)
Re:How we deal with pirated programs? (Score:4, Interesting)
Re:How we deal with pirated programs? (Score:5, Informative)
Please, download VMWare or Virtual PC or something and use rollbacks (always go back to the previous snapshot after running a keygen/crack) and ALWAYS run these keygens and/or cracks in a virtual machine. They are responsible for a large number of really insidious back door infections.
I know people copying software is a fact of life, but people are getting nailed on the keygens.
devil's advocate (Score:5, Interesting)
I think BSA gives bounties to whistleblowers, and the size varies on how much stolen software they discover... Depending on the size of your company it could run to years worth of salary.
If the company won't correct the problem, and you think the blame will fall on you...
Re:devil's advocate (Score:5, Funny)
-1, Evil.
Re:devil's advocate (Score:5, Funny)
Re:devil's advocate (Score:5, Insightful)
I'd say that reporting knowledge of wrongdoing, when you know there's a bounty and have given them an opportunity to reform, is:
+1 ethical
(and we hope +1 lucrative also. It's also probably -1 Bad Career Choice, though.)
Doing it right off the bat isn't very nice, but if the management insists on unethical (and illegal?) behavior being company policy, then you're in the clear.
Re:devil's advocate (Score:4, Informative)
AFAIK, NDAs can't be used to cover up illegal behavior. Contract law, I believe; you can't bind to contract something that's illegal. It's kind of like getting someone to sign a form to provide you contract killing for a given rate. Won't wash in court.
Re:devil's advocate (Score:4, Insightful)
Yea....good advice. Just send out a memo that basically condemns the last guy doing IT (who is likely still there doing other tasks), and freak out the management with "we need $25,000 in new software" in a memo you just broadcast to the personel without management position. Be sure to upgrade your resume as well, since management will consider you a troublemaker and find it easier to replace you than fix the problem.
Only a dumbass would just do this without going to management first. They don't want, or need, someone to stir up the pot in public that can fixed over a period of a few months, while you beef up policies in a more orderly fashion.
Re:Your choice (Score:4, Insightful)
All you can do is go to the higher ups and lay out the entire situation. If they don't care about the consequences, have them put it in writing to CYA, and then decide whether you want to trust that YA is truly C'd, and whether you want to add "Installer of Illegal Software" on to your CV. That's all you can do.
In my experience, the smaller the company, the more pirated software you find. If it's one guy working out of his house, it'll be lucky if he's actually using his own internet connection, more less software that he actually owns.
Now queue 500 posts saying, "ZOMG, replace it all with OSS."
In summary, you're screwed.
Re:Your choice (Score:4, Informative)
Re:Your choice (Score:5, Informative)
While it might not be a choice for OS, you probably should consider OFFERING FOSS to your employers when you go speak to them.
Remember going with FOSS doesn't mean going whole hog linux and software vegan.
You can offer things like Open Office as an alternative to shilling out huge $ for MS Office licences.
There are a lot of good FOSS programs for windows. Offering them as an alternative will help to balance the argument that the company needs to be legal in its software usage, esp if they complain that their people don't know how to use the FOSS, because you can tell them to choose between training time or spending money.
It basically helps kill the argument/rational of "We have to pirate there is no other way."
Re:Your choice (Score:5, Funny)
whole hog *AND* vegan
I'd like to sign up for _your_ newsletter!
CYA = cover your ass (Score:5, Informative)
CYA = cover your ass
in case some of our international readers missed it ;)
Re:CYA = cover your ass (Score:4, Funny)
tks. Thought it meant Caramel Yak Association and I was getting all confuzed.
Re:CYA = cover your ass (Score:5, Funny)
Caramel Yak Association
Splitters!
Re:CYA = cover your ass (Score:5, Funny)
CYA = cover your ass
in case some of our international readers missed it ;)
The international readers would like to point out that we will not miss your bare arses.
Had you been french or italian ladies, things would have been different.
Kind regards,
The International Readers
Re:Your choice (Score:5, Interesting)
I actually remember being told by management in a much previouser place to hook up our internet to the unsecured cafe wireless below us because no one could work until the ISP reconnected us (didn't pay the bills). They must've got one hell of a shock as 20 or so machines all started connecting out to the mail server through their wireless via one tablet PC dangling down below through an office window via the Ethernet to get the best connection possible.
And yeah, "management" (far too classy a word for these people) knew exactly what they were doing.
Happy days :)
Re:Your choice (Score:5, Informative)
I was in a similar situation long ago... I wrote up a memo outlining the software we had installed, an estimated budget to get everyone legal with what they needed, and an approval to go ahead. (At the time there was no FOSS...)
I got my ass chewed for putting it in writing, but it got their attention. We ended up getting legal in most of the larger packages.
Today I would also do the homework and add "direct FOSS replacements" for the software in question as much as possible. MS server -> CentOS + Samba; MS OFfice -> OpenOffice, and so on. I would create a roadmap to get everyone legal and ask for approval.
Above all, be professional, curteous, and politically astute. It won't do to create a "fear reflex" where you get shitcanned and blackballed. You may want to have a closed-door conversation first and ask to see if management would like to see the roadmap you've prepared.
get shitcanned, its good for character (Score:5, Insightful)
Re:get shitcanned, its good for character (Score:5, Insightful)
"shitcanned" isn't the right word. "liberated" is the right word. Better to be free and hungry than fat and fucked up.
Re:get shitcanned, its good for character (Score:4, Interesting)
But now you get a recourse. Call the BSA and tip them off on their arse.
Got fired for that? let the BSA assrape the managers and Executives. It's a great tool for all IT workers to get back at scummy companies.
Re:get shitcanned, its good for character (Score:5, Interesting)
Obviously you have no experience with the BSA, not to mention your casual use of the word rape is offensive. The BSA wont do 'revenge' for just anyone, and certainly not the guy in this scenario.
In reality the BSA doesnt care about some small company thats using its photoshop license two or three times or that it has two windows 2003 servers it didnt pay for. They want big shops with big roll-outs who, regardless of due dilligence, missed a license or two. These are big wins for them because of PR and awarded damages.
Small company with some shenanigans? Thats common and you'll be ignored. A multi-billion dollar international corp, yes, then they might come calling. Of course at that point you wont be anonymous anymore. You'll be implicated immediately (gee, who else would have called, the old sys admin we just fired?) and you'll probably have trouble finding a job afterwards. Heck, you'll probably be blamed for some of it too! Get a lawyer.
Re:get shitcanned, its good for character (Score:5, Informative)
Ernie Ball [infoworld.com] would beg to differ.
Re:Your choice (Score:5, Informative)
You present a fairly sensible approach except for the fact that presumably the company already has a working solution for them so they just need to get it legal. With Microsoft this is easy, you just get a select agreement and based on the number of installs you get a substantial discount.
I had the exact same situation happen to me when I moved into this job. I had a closed door meeting with the owner and my boss to determine what the priorities were and what the best way to proceed was. In the end a select agreement allowed us to instantly make all of our servers legal since I had no prior documentation illustrating that we had legitimate licenses.
Server side you simply can't just drop in replacements when you already have running systems. With the Microsoft approach you can just change your license key to the new volume license key you get with your select agreement and away you go without reinstalling anything.
On the desktop a simple PDF writer is more than sufficient and free for end-user PDF creation instead of having to purchase Acrobrat in most situations, obviously not all. Of course Foxit is my preferred choice for reading PDFs.
In the end I went through department by department to determine what everyone needed to do there jobs with minimal impact, the company spent a load of money and now we're a completely legal shop. It actually feels good to provide the transition.
Also in my case I outlined the cost to get us legal and then outlined ways we could reduce costs in future by deploying Linux in places it makes sense like with our new Asterisk system. It removes the fear they have that it will keep happening so they will be less resistant to getting the company legal.
Re:Your choice (Score:5, Interesting)
You make a good point... I guess I would modify the roadmap to include things like:
Option A: Buy license for MS Server, $2K/yr but no disruption
Option B: Obtain and test CentOS + Samba, 2 weeks of my time testing and deploying
That way you give them a choice. People like to choose.
Re:Your choice (Score:5, Interesting)
If you are lucky it's only that, if not you will get all kind of problems. Murphy's law is the most prominent feature in cases like these.
You never know if there is a secondary software that is depending on the product key and will go and die if it's changed.
Re:Your choice (Score:5, Interesting)
One thing to make sure of (Score:5, Insightful)
If you offer OSS replacements, be ready to back that shit up. What I mean by that is you need to be ready to support it to do all the same things that whatever you replaced did. Saying "Well you shouldn't do that," or "You need to read the manual," isn't ok. You recommended it, you have to support it.
Now in terms of things like OpenOffice, this means doing testing before hand to make sure it does everything they need. Don't assume, do real tests. Find out what they actually do and try it. Do they do mail merge? Do they have power point presentations that integrate with Excel files (for realtime data update)? Find that out and test it. Make sure it all works. Only then should you recommend an OSS solution. Two reasons for this:
1) Your job may rely on it. If you recommend something that works poorly, they may show you the door. Goes double if it was because you were "making trouble" about their pirated software. They figure you are just going to be a problem and thus want nothing to do with you.
2) Even if you don't get axed (and probably if you do as well), you may ruin any chances of future OSS use. The message that'll be taken away is "OSS is broken and doesn't do what you need." It'll be seen as a cheap replacement that doesn't get the job done. Thus they won't want to use it in the future. Someone will say "free software" and they'll say "no way."
So while an OSS recommendation is a great way to legally save money, do your homework first. Make sure that it truly is a replacement for what they use now. Not a "kinda sorta works" substitute. Not a "well it does some of what you want," substitute. A true replacement for all the functions they need. Also make sure you are fully prepared to train people on it since even if the differences are small, they'll trip people up.
Re:Your choice (Score:5, Insightful)
The sad part is MOST small business don't even realize what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.
In your case I would hope asking for a CYA letter from the higher powers would at least throw up a red flag and make them realize the seriousness of the situation. I'd be interested to know what legal position that puts you in however, since you know what you are doing is illegal, CYA letter or not. If your boss said to shoot his secretary and gave you a letter saying he told you to do it... I don't think it would hold up in court (A little extreme, but still..)
Re:Your choice (Score:4, Insightful)
"The sad part is MOST small business don't even care that what they are doing is illegal. Then when you analyze what they have and what the cost of going legit is, they say "Thanks!" and show you the door.
There, fixed that right up for you.
Re:Your choice (Score:5, Insightful)
Yup. I have walked out of jobs like this and let some of my less scrupulous colleagues take them on. While no one I know of locally has ever had a visit from the BSA, they are a bit like lightning.
I have been advised by legal counsel that a "CYA" letter does not "CYA." If you run into a situation where illegitimate (I prefer not to use the term illegal) is in use, you bring it to the attention of management, and management does not care, GTFO.
Make your arguments, wait for the final word, and walk. Do not stop, do not talk, do not even say good bye... WALK AWAY. As a consultant, you have the freedom to do that. As an employee, polish up your CV.
Although, at this point they are playing a very dangerous game with themselves and with you. Another tidbit of advice given was to write up a document which essentially held them hostage in return for your reputation: you agree not to report their use of illegitimate software in return for you never being there. Shitty, yes, but those are the games we play and the chances we take.
Unless the guy's name is "Tony" and he runs a "waste management" business. Then you just say "yes, sir!" and move to another country in the middle of the night. Better yet, get off the damn planet.
Another guy here mentioned an alternative plan of attack, which is gradual compliance. If you can present that as an option, I think that would work as well. You are still on sticky legal grounds with the BSA, though. They consider unlicensed software like child porn, and if you ever THINK it is there and do nothing immediately, you are considered complicit.
This work makes me sick sometimes.
Obligatory Clerks Reference (Score:5, Insightful)
Randal: The ending of Return of the Jedi.
Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
Randal: Like when?
Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
Dante: Whose house was it?
Blue-Collar Man: Dominick Bambino's.
Randal: "Babyface" Bambino? The gangster?
Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
Dante: Based on personal politics.
Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
Randal: No way!
Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.
Re:Your choice (Score:5, Informative)
Re:Your choice (Score:4, Interesting)
Well, I managed to convince my management that OpenOffice was more than adequate for certain departments. We still (sadly) have to use Outlook and Exchange in a number of areas, but I'm already looking at dispensing with that and going with some open source groupware, as well as contact management software. Still, it's a move forward. Right now the phrase "no licensing costs" is like magic.
Re:Your choice (Score:5, Funny)
Apparently, the economic poo we are wading through has a lot of businesses (esp smaller ones) considering FOSS.
Open Source! It's the Pointy Stick that will remove the Economic Poo from your Software Licensing Shoes!
Re:Your choice (Score:4, Informative)
I agree. I'd go one step further though. I'd go to the big boss head honcho guy, and explain the options as far as you know as follows.
1) You are a professional, and take professional pride in your work. This means that you will not install or support pirating.
2) As professional, you'll recommend free and open source alternatives to replace all the pirated versions as quickly as you can.
3) Any software that is necessary that has been pirated will be replaced with legitimate versions ASAP, with the understanding that it is a high priority for you.
4) The cost of getting caught by the BSA holding pirated versions is much more costly than actually purchasing the software. And it only takes one disgruntled employee to make that call.
I'd present him with the scenario where someone offered to sell the business a bunch of whatevers that happened to "fall off the truck" what the boss would do. If he doesn't care, then you know exactly who you are dealing with and the kind of company you work for.
Lastly, I would DOCUMENT everything, and let the Bossman know you are documenting everything, including the conversations you have regarding your findings and the solutions you're offering. That is professional.
Education is a long hard process. And sometimes the best education is pain. But there are a few people out there that will never learn.
Re:Your choice (Score:5, Insightful)
including the conversations you have regarding your findings and the solutions you're offering.
You, sir, has just revealed the fastest way to get canned. I'm not saying it is the wrong thing to do, but I really believe his boss would not appreciate having his words written to stone by an employee. He may even see this as blackmail or something, which would make the case much much worse.
Re:Your choice (Score:4, Insightful)
You document everything for PERSONAL protection. You don't tell people you're documenting things, you just do it.
And in this day and age, if you don't document things (journal entry) properly, you're an idiot. When the boss can fire you for doing your job, you want to be able to fire back. Self preservation.
Re:Your choice (Score:4, Informative)
You're also documenting your failure to report a crime to the police, which I believe is illegal all by itself.
The BSA's scary ads notwithstanding, I don't think that software license violation is a criminal offense that one is obligated to report to the police. As if they would even be qualified to listen to your report. And "Software Piracy" isn't really handled by the Coast Guard, either.
Re:Your choice (Score:5, Insightful)
Inventory, inventory, inventory... and make recommendations.
Also, when talking to the higher ups, make sure to consider a "transition period" where you go from illegal software to "gray software", to a fully licensed office. It makes them recognize that it doesn't all have to happen overnight.
I worked at a design firm and they had illegal versions of Adobe CS and MS Office floating around like it was their business. I basically performed an inventory of every system, created a spreadsheet highlighting the illegal software and then created a strategic timeframe/cost for how you are going to go legit.
If they don't want to go legit, you should consider a new company or push FOSS alternatives.
Re:Your choice (Score:5, Insightful)
You can even go a step further and contact some of these companies to let them know your situation ahead of time.
Call Microsoft sales/licensing and tell them your situation and tell them you're working to resolve the licensing issues. Same with Adobe and the others. Get quotes and stuff. That way, if anything bad ever did happen, you have documentation that you're in the process of shoring up the licensing.
No company is going to sue you if you're in the process of correcting the issue because that means you're going to be a future paying customer.
Re:Your choice (Score:5, Insightful)
> If they don't want to go legit, you should consider a new company or push FOSS
> alternatives.
Switching to Free Software *is* going legit.
I walked into this (Score:5, Interesting)
Since simply licencing everything would have bankrupted the company, and inertia prevents a switch to Linux on the desktop, the bosses want outlook. I got a policy stating that all new laptops would be purchased with a copy of Office.
One day without notice I blocked access to the update server for the pirated antivirus software, and just waited. Two days later there was a panic, and the next day I had a site licence for the antivirus I wanted instead of the crap I was stuck with by the person I replaced.
In a nutshell, here is my advice:
Document everything. What you found, when you found it, and your plan to get rid of it.
Think creatively about ways to get what you want.
Take your time. Cleaning up a mess like this is a long process.
Re:Your choice (Score:5, Interesting)
Better yet wait for the next virus hits and then blame it on a lack of security updates caused by all of the pirated windows versions they are running.
Re:Your choice (Score:4, Insightful)
The only other thing I can think of is to tell the individual users that you are busy covering their arses as well, since an audit may cost them all their jobs. And don't let them think it ends there, give them a ray of hope such as "well, we're examining the accounting records as well."
After all, you might get lucky and accounting might have the purchase receipts. Then you can blame it on bad bookkeeping while you untie the Gordian knot.
Re:Your choice (Score:4, Insightful)
***All you can do is go to the higher ups and lay out the entire situation.***
Not arguing. But first check the purchasing records. If some (or all, but how likely is that?) the software was actually bought, there should be Purchase Orders or paperwork reimbursing whoever bought it. There may be a cardboard box around somewhere with original copies of the disks/CDs for some of the software. Do not expect the paperwork to be especially clear about what exactly was purchased.
Re:Your choice (Score:4, Interesting)
Next you need to start transitioning people off the illegal software. OSS is a very good choice to implement in office environments.
Don't make a federal case out of it. But don't contribute to the problem either. If you start getting allot of negative feedback you need to simply explain, sans-drama, that the previous IT Admin wasn't keeping track of licensing and even if the software they installed is legit you can't prove it. You can however provide them with software that will meet their needs without costing the company any more money, but they will need to give a tiny bit of cooperation in order to make it happen.
If your superiors give you any trouble about licensing explain to them, again sans-drama, that they can't expect you to break the law on a daily basis as part of your job requirements. DO NOT in any way make any statements like "I have to report this" or "you guys are running illegal software". You don't work for the BSA or anything like that it isn't your responsibility to report anyone.
there is no need to use pirated software GO OPEN SOURCE. I have 3 small businesses all owned by friends that operate entirely on Ubuntu and OpenOffice.org. My mother doesn't get computers at all, she has been using Ubuntu now for about 5 months. I never even showed her how to use it, I keep a PC in my living room for her to use, she just started using it without any help from me at all! Open source software is easier to use than ever before just run with it, it won't let you down.
Re:Your choice (Score:5, Interesting)
I had a former employer that played fast and loose with licensing rules. When I left the job I reported it to the BSA. The BSA got back to me and said "Sorry, they don't have deep enough pockets."
Re:Your choice (Score:5, Interesting)
Re:Your choice (Score:5, Insightful)
That also tends to be an easier thing to make happen because it's a bit here and a bit there, rather than a $50,000 price tag to bring every single system in to compliance.
$1,500/mo slips in to the noise; $50K makes itself seen.
Re:Your choice (Score:5, Funny)
$1,500/mo slips in to the noise; $50K makes itself seen.
Here we have Mr. RollingThunder from The Burrows. He is proposing a $50,000 price tag to bring every single system in to compliance. Mr. RollingThunder, would you stand up, please?
<bang>
This demonstrates the value of not being seen
Re:Your choice (Score:4, Insightful)
Re:Your choice (Score:5, Interesting)
Re:Your choice (Score:5, Interesting)
It's also worth pointing out to the higher-ups (I presume one would write up a report) that pirated software can often cause costly problems - torrents of popular software, for example, may come with viruses or back doors embedded (not speaking from personal experience *cough* *cough*). Also it's often harder to get updates for pirated software, leaving you with unfixed bugs or security holes. Sometimes pirated software can unexpectedly cause data corruption problems (3DSMAX is a classic example - random aberrant vertices). I know you can often avoid these issues if you know what you're doing, but there's always an additional cost in the time required to figure that all out etc. Definitely weigh this in, and evaluate OSS wherever it can be used.
Re:Your choice (Score:5, Informative)
ZOMG (Score:3, Funny)
Replace it all with OSS.
Yarr... (Score:5, Funny)
I'd just keep me head down and swab the deck, me hearty!
Don't be a pussy (Score:5, Funny)
Everyone is doing it. What are you afraid of?
Don't be a baby! Go on, do it!
Re: (Score:3, Funny)
Flamebait? Oh come on, that's a Funny for sure.
Re:Don't be a pussy (Score:5, Funny)
Better yet:
"What's the matter, Colonel Sanders? Chicken?"
More geek appeal. :P
It doesn't have to be production to be piracy... (Score:5, Insightful)
>I don't install 'borrowed programs' in a production environment
'borrowed programs' shouldn't be installed anywhere - prod, test, uat whatever. Non-production piracy is still piracy.
Re:It doesn't have to be production to be piracy.. (Score:4, Funny)
Non-production piracy is still piracy.
Yes, and you still be hanged for it. Yarr!
Re:It doesn't have to be production to be piracy.. (Score:5, Interesting)
Or do you know of a merchant that will accept opened software package for return, should I decide that $600 isn't worth the cost for deployment, or doesn't do what I need? Because I'd be happy buy a license if I had the right to terminate the license and return the product for refund, and even to pay some reasonable fee for my trial usage -- I'm just not willing to pay full price with no opportunity for refund for a product that I've never had the opportunity to test. I wouldn't do it for a car or a DVD player and I won't do it for software either.
which $600 package? (Score:5, Informative)
most large commercial software do have free trials
what $600 purchase are you alluding to that does not?
Photoshop http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=39 [adobe.com]
autocad http://usa.autodesk.com/adsk/servlet/mform?id=9106363&siteID=123112 [autodesk.com]
Sony Vegas http://www.sonycreativesoftware.com/download/trials/vegaspro [sonycreativesoftware.com]
MS office- http://us20.trymicrosoftoffice.com/default.aspx [trymicrosoftoffice.com]
you can in fact with a tech net subscription-
trial EVERYTHING Microsoft produces for $349 a year--
which is a worthwhile investment and negligable sum for ANY company large enough to have a full time IT person on staff
not an unreasonable purchase amount at all.
Re:It doesn't have to be production to be piracy.. (Score:4, Informative)
Stop calling it "piracy"! Installing software you haven't licensed is breach of contract, or something like that.
Piracy, on the other hand, isn't some little look-the-other-way offense that gets you in trouble with the BSA and sends you to court. It's a brutal, nasty, bloody, violent, and sometimes deadly crime committed against a vessel (aircraft or ship) and the people and property on board People get hurt from piracy. People die from piracy.
And you know what the punishment for piracy traditionally was?
Death, usually by hanging.
It's not something that's just a storybook tale made for Disney movies. Piracy still happens, only now the pirates operate from fast boats, use radar and GPS to track their prey, and arm themselves with rocket launchers and machine guns. They still hold ships for ransom, steal the valuable cargo, and sometimes mutilate or kill their victims.
Piracy and copying software aren't even on the same level.
Nuke... (Score:5, Funny)
Nuke the site from orbit. It is the only way to be sure.
Where are you located? (Score:5, Funny)
For what company do you work?
I'm sure we can figure something out.
Your friend,
BSA
Replace with Open Source (Score:5, Interesting)
Turn them in. (Score:5, Funny)
What the hell? (Score:4, Insightful)
Start with auditing your network (use automatic auditing software) and then work out:
You should have already done this. Then you take it all to the board and get them to stump up the cash to fix it.
If you can't/won't do this, go find another job.
Re:What the hell? (Score:5, Funny)
So, do you know where I can "borrow" this automatic auditing software of which you speak???
Spiceworks IT management (Score:5, Informative)
That's not your fault (Score:4, Funny)
That's not your fault, tell them to be mad at the other guy. As far as you're concerned, either the company can cough up the money for non-pirated copies of software, or you can ZOMG, replace it all with OSS.
Re:That's not your fault (Score:5, Funny)
2nd incidence is cause for employee termination (Score:3, Insightful)
Are you mad? (Score:5, Insightful)
Rules for dealing with that
1) *Never states the existence of pirated software as a fact to outside you company*.!!!
2) Ask your Boss at a cup of tea outside his office
3) Depending on your bosses answer and your morality
a) Boss says: hunt down priated software -> you do that
b) Boss says: dont touch the issue and you are not too worried about the moral/legal issues: close your eyes
c) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are brave: state is explicictely in an e-mail to your boss with somebody else in the company in the CC
d) Boss says: dont touch the issue and you are worried about the moral/legal issues AND you are reasonable: leave.
Oh yeah? (Score:5, Funny)
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
And those Boy Scouts are rotten little bastards.
ask some questions (Score:5, Informative)
Rather than presuming that it's all pirated, start by presuming that everything as it stands is legitimate. Write a memo to whoever does the accounting and ask for copies of the invoices for all of the software purchased over the past five years "so that I know what licenses we currently possess and don't end up paying for software twice over when someone asks me to install something".
When/if the accounting person/dept comes back with nothing, then take it to the bosses and explain how surprised you were when accounting were unable to find any invoices. Stress the safety issues of illegitimate software (viruses, trojans etc.) and discuss the options. Make it look like you are a contentious employee doing your best for the company and avoid looking like a self-righteous jobsworth.
Reap the rewards (Score:4, Insightful)
Today in pretty much every American school from Kindergarden through 12th grade there is free training in piracy of anything digital. Want a song? Someone will show you where to download it from for free. Same for software.
After being subjected to 13 years of this sort of training we can move on to college where there is another four years of honing the art. Everyone knows how to do it by then.
Now they enter the business world and you find it odd that your fellow employees can't understand why they just can't have evertything they want? Sorry, but you are seeing the result of a nationwide (if not worldwide) program. If the people in charge at your workplace don't see anything wrong with everyone just having what they want, I think I'd run for the door. There will be consequences, someday. Someone will find out that rewards are paid to people that turn companies that pirate.
Ethics? If there are no ethics preventing people from pirating, there will be no ethics preventing them from trying to get a reward turning people in.
If someone high up at your company can't see the problem, you don't need to be working there. You will find out your bosses will see to it that it is all pinned on your predcessor and you.
Same as you deal with pirated music (Score:5, Insightful)
I'm bound to get modded a troll or flamebait or off-topic or something for this, but how is this different from pirating music? /. group-think says it's not theft and trots out a whole bunch of other self-justification about the evil RIAA and so forth, because you're "not depriving anyone of something physical", etc. It's the same, right?
Is it different in this case because it's a small company doing it rather than a whole bunch of individuals? Does that mean it's okay if it's just me, but wrong if my company is doing it?
So to answer the question at hand: go the CYA route suggested by the very first poster, and make sure you point out (nicely as you need to, given this economy and how sure you are of being able to find another job) that this is illegal.*
* Just like music piracy. Even if you want to claim it's not theft.
Re:Same as you deal with pirated music (Score:5, Informative)
Probably because there is no Slashdot groupthink - it's just paranoia on part of people like yourself. I see plenty of anti-piracy and pro-MS posts here personally. And it isn't theft it's unlicensed use. Adobe still have the source and binaries to Photoshop.
Common Problem (Score:4, Insightful)
This is a totally unsurprising situation to find at many small businesses. When a business consists of just a handful of people, it is cost prohibitive to actually BUY software.
There is a point, however, that a business has to bite the bullet and "go legit". At certain sizes, businesses show up on Microsoft's anti-piracy radar, and your business can find itself on the receiving end of a software audit. At that point, the business will be liable for not only the costs of any software installed but also fines.
This is a good way to present the situation to your bosses: It's a matter of cost-benefit analysis.
BSA (Score:5, Informative)
I know that if the BSA got wind of this, it would all fall on me when they stormed in.
They can't. They love to pretend they can, or they try to strongarm people into letting them do surveys. It's all just evidence gathering for when they sue you later, or use it to extort you into paying massive fines.
If they show up, tell reception not to let them past the waiting room. Call the cops IMMEDIATELY if they won't follow your instructions or requests (your business is private property.) Fetch the highest person in the company, preferably an officer, and tell them the BSA has no legal ability to search without a warrant or court order (which requires a lawsuit) and they need to shoo them away. The BSA should get nothing but the phone number of your lawyer.
Now, on the second part of your question: what to do? It's very simple. Ask your boss. Explain the risk. Include some sort of plan for inventorying and an estimate of how long it'll take. OCS Inventory is a pretty good way to do this if you have more than a dozen or so systems. Possibly include some (qualified) estimates of what it is going to cost to come back in line (remember there are significant volume discounts for things like Office) based on what you've seen before; stick to the facts. Include alternatives such as OpenOffice, but don't get too crazy (ie, don't list "convert to linux" for unlicensed servers as $cost_of_MS_Server in "savings"...factor in some healthy labor estimates AND you have the time to take on such tasks. Don't forget that there is opportunity cost too.)
Lastly: you need to make sure you have BOTH purchase records (receipts/packing slips) and the license files (ie those thingies with the holograms and barcodes) for EVERY PIECE OF SOFTWARE YOU HAVE. The company accountants / office manager can help with part of that. It's going to mean going through a lot of boxes- get a big filing cabinet. If you get any electronically, PRINT THEM IMMEDIATELY, and keep them in a safe place.
Standard Corporate Practices (Score:5, Funny)
There are several solutions, and which one is adopted depends a lot more on corporate culture than technical merit.
In large businesses (10,000+ employees), I see two common approaches. The first is lock-down.
Lock down.
* Centralize everything and lock down the workstations. All software comes from one department, is distributed by SMS or Altiris, and (sometimes) workstations are monitored for compliance. Businesses like this often go with Dell for their hardware provider and have only about 5 or so workstation configurations in active use. Patches and install requests can take months to fulfill, and if the software isn't on their list, chances are good that you'll never see it. These businesses have security weaknesses in their network due to this centralization -- typically using flat topology models with very little or no firewalling between various business units. USB ports are typically fiddled with so flash drives cannot be used. For some reason, DVD/CD drives always do though. Go figure. Everything is vanilla-flavored, stock, and the same. If you find a weakness on one workstation, chances are good they all have it. Standardization is great! The servers are backed up. The workstations, where all the real data is, is ignored.
Multiple IT departments
* You'll see this with businesses that absorb other businesses -- financial companies in particular. Each business unit has its own IT, distribution schema, and enforcement of IT policies vary wildly. You won't be able to change your desktop wallpaper, but regedit still works with full admin rights. Firewalling between various business units is more common, but the policies are often out-of-date, and multiple routes exist. VPNs are commonly stacked over them, and if you know where to look, you can usually find a way through. The upshot is that the hardware is much more diverse, users are sometimes "left to their own devices" (literally and figuratively), and homebrew software solutions are more common. Nobody really knows what Server X does, but it has a sticker on it saying "Do not touch, Very Important." Often, hardware inventory and diagnostics in such environments consists of unplugging it and waiting to see who complains. If nobody complains, pack it up and ship it to Corporate. Nobody really knows what the company owns, but by god, we've got a lot of it. The good news is, if you can find your IT guys, they'll usually have your software loaded in a few hours. They won't care as much about software licensing either (I just gotta make my 8 hours, man)... Contractors typically run the show, and they have no idea what they're doing (because nobody wants to tell them anything). Servers are backed up, sometimes workstations are too. Sometimes. Maybe.
Mid-size businesses (less than 100,000 employees)
Sometimes you'll see centralization, but more often it's the scenario above, but with only one IT department. The network topology is generally laid out better though, hardware is more consistent, and the helpdesk is actually (le gasp) helpful, typically being a stone's throw away from the admins who maintain the servers. This is a good deal for you users -- they're too busy to be making many software policies and auditing, but not too monolithic that they're inaccessible. Your USB flash drive will work, even though you're told not to. Hello iTunes! Don't download pr0n though... For some reason, medium-sized corporate IT departments know everything you do on the internet, even though they don't know where the database server is. There is one rack of equipment... somewhere... and if it dies the entire business will collapse. But nobody knows. The servers are sometimes backed up, and so are the workstations. We're not sure... What's a "backup policy"? Can I use MMC to set one up?
Small business (less than 10,000 employees)
There is one guy or a small team and they are zyzzy GOD on the network. They don't care what you are running on your workstation... There's a pile of install CDs at his desk. Help yourself. Talk to the pimply-face
In the immortal words of Paul Simon... (Score:4, Insightful)
"The answer is easy if you take it logically..."
1) Start looking for a new job.
2) Go to the CFO. Explain that while you, yourself, have no intention whatsoever of blowing the whistle, there are actual *rewards* put out by the SPA for unhappy employees to take advantage of by being whistle blowers.
3) Explain that, if he's really lucky, as an officer of the company, he could face criminal charges.
4) You don't want ANY of this to happen. So, at the very least, a concerted effort going forward -- with backing from management -- should be made to start getting valid licenses in-place.
5) See #1.
BitTorrent (Score:5, Funny)
I download all my software from BitTorrent. Why pay for something you can get for free? It doesn't hurt anyone...it's not like the programmers are making the bulk of the money off the software sales...Microsoft is a billion dollar company but do you think they pay their programmers even millions of dollars a year? Pssht.
The day programmers start making even 50% of the profit from their labors is the day I start buying software.
Software? Oh, I meant music. :-)
Disclaimer: Outside of the Slashdot Virtual Reaility, I do purchase CDs, AACs, MP3s. I use licensed MS software at work and home and even buy video games now and then. I do NOT, however, pay for bottled water at the movie theater. Preposterous!
Whatever you do will be unappreciated (Score:4, Informative)
Do note that nobody will like this. Management will get mad that you are "rocking the boat" and spending money that they hadn't budgeted because the previous guy didn't tell them that they were such a situation. The employees will get mad because there is a chance that what they were using may go away or be replaced with something else. Change is bad to a lot of people.
To give you an idea of how crazy this fear is, my best friend is an attorney. His practice includes his wife (also an attorney) and at any given time 2 or 3 employees. He doesn't retain people well because the jobs he has don't pay well, so there's a lot of turnover in his staff. He lives in fear that a former employee will sic the BSA on him, so he makes sure that everything he has on all the PCs is legit. In fact, he will not use FOSS at all because he is afraid that somehow this will run afoul of the BSA (I have tried and failed to convince him otherwise). He also tends to pay full price for everything he buys because he is afraid too that if buys something at a discount, it might not be legal and he'll be screwed. Heck, he's been known to even buy multiple copies of a program that he may only need 1 copy of just to be absolutely sure that he's in compliance and with all of this, he is still worried that somehow, someway, the BSA will one day come calling and arbitrarily decide that he's out of compliance and screw him over. While I know that this is an extreme example, it does illustrate that some people, including small businesses, take software compliance very seriously.
Sounds familiar... (Score:4, Interesting)
http://ask.slashdot.org/article.pl?sid=09/02/04/022257 [slashdot.org] is a discussion very recently about software piracy at the Beijing office of a company. While the location is different, the responses are quite similar. Basically, document your actions in writing, and be prepared to leave if the situation doesn't improve.
Finding the Licenses (Score:4, Informative)
One thing you might try is use a software product to find the license numbers.
http://www.magicaljellybean.com/ [magicaljellybean.com] has a utility that will print out all the Microsoft license number for all the MS programs installed on the computer.
Now I am not suggesting you do that for all the computers but certainly taking a sample of machines and seeing if they're using the same license on them could help determine the true nature of the situation.
Here's what you do (Score:5, Insightful)
First off, let the higher-ups know what's going on and that it's neither a joke nor a hassle but a serious issue of stolen property about which they have now been unambiguously advised.
Second, try to handle this in a "moving forward" manner. You'll find no support for suddenly spending hundreds of thousands of dollars on software. If you push it, you'll probably be fired for not being a "team player." Instead, make sure that any new systems you set up run correctly licensed software. You'll replace all the computers over the course of the next several years anyway, so this will get you where you need to be while spreading the cost out into something manageable.
Third, get together with the company accountant and and scrutinize the purchase receipts for the last 3 years. You probably have more licenses than you think, but they were purchased ad-hoc with poor recordkeeping.
Fourth, don't be too literal with the license details. If you have three VMs running XP on a XP host and you try to call that four licenses you'll get skewered by your boss, just as you should. Practices like refusing to let employees install Office on their home PCs because the company hasn't paid for an extra license will earn you a rep for having a stick up your tail. Get exactly one Office license for each employee and no more. And as long as you have a license for each copy of Windows, don't worry about whether the individual installations were done with a crack.
Fifth, recall that individuals often install useful software on their individual machines. This is a good thing. You think you only have two solutions: the company licenses the software or you remove the software. In fact, you have a third: the individual to which the computer is assigned can take direct responsibility for the software, and sign a form to the effect that, "The following software on my computer is provided by the company. I, the undersigned, take responsibility for the legality of any other computer software found on my machine."
Finally, do the obvious stuff... Replace Norton Antivirus with AVG Free, Secure Shell Client with Putty, etc. MS Office with OpenOffice if you dare.
Now, obviously this is not legal advice. If you want legal advice, the answer is: "Open your wallet and close your eyes 'cause if you see this it'll just make you cry." This is social advice. It'll get your company to a point where it's operating ethically without unduly annoying your boss or colleagues.
my successful approach (Score:5, Interesting)
I came into a job where the previous guy had installed upwards of 300 copies of MS Office 2000 Pro and a number of other programs such as terminal emulators.
I went to the management with this and got pretty much nowhere. I did win on the fact that I would not under any circumstances install software without a license so I have a solution moving forward.
For all those machine without proper licenses I went to the software company and explained the issue and that I would like to bring the company into compliance if they would be willing to give me their discounted upgrade rate. I replaced all of the Office 2000 installs with open office and got the vendor of a terminal emulator to make me a good deal.
We are now 100% compliant and migrating towards more open source software.
I wish that there were direct OSS replacements for everything I run but there are not. I need perfect VT400 emulation and I have not found an OSS that does that. Putty is about 95% but that other 5% doesnt allow me to have the proper keys mapped to the proper location.
Good luck and be on Buddha's side. Stick to your principals.
Re:Early retirement (Score:4, Funny)
Hooray for blackmail!
I prefer extortion. The X makes it sound cool.
Re:We will audit it for you (Score:5, Funny)
This reminds me of an occurance on a mailing list. Someone asked if they should report their employer for pirating a certain fairly expensive program, posting from their work E-mail.
Reply from someone who worked at the company, "You just did."
Re:Tell the truth, plainly (Score:5, Insightful)
and no executive is going to wantonly commit federal fraud.
Wow. Thats a naive, and highly innacurate opinion.
Re:Tell the truth, plainly (Score:4, Funny)
Re:Yes, it's a horrible situation I've faced too (Score:5, Insightful)
Ah, yes, the ivory tower scenario. Here's how it works in real life:
1. Grab everything "IT" (install disks, licenses, purchase invoices etc.) for hardware and software and get them to a single secure location. Your bosses will wonder why you're wasting time, but that's okay, you're on a mission.
2. Thoroughly audit the whole lot. Your bosses will wonder why you're wasting time auditing the lot since you already have everything in a single, secure location.
3. Refuse point blank to (re-)install stuff you're not sure about. At this point, they will fire you on the spot and hire someone willing to install pirated software like the last guy did.
4. Maybe you can push FOSS as a solution at the unemployment office.
The vast majority of small businesses don't care about pirated software, because most of these people use pirated software regularly at home too. The correct thing to do would be to raise a concern about the lack of licensing, and if you meet resistance, find another job.