Nail Your Boss: Don't Get Caught Out Due to Lack of Desktop Inventories

Enterprise Networks & Servers, Oct 2004 by Patterson, Michael

Several years ago, I received a postcard entitled "Nail your boss." It came from the Business Software Alliance (BSA), a group formed by the big software companies as a means of adding real teeth to their license policing efforts. The post card showed the determination of this outfit to hurt companies that may lack complete licensing coverage. I thought it implied that if I ever I had the urge to get back at my company or past company or even my boss, I could call the number on the card and the BSA would give me a hand. Wow, I thought that was aggressive marketing.

Interestingly, the campaign may have been a huge success. Hundreds of companies throughout the land were hit with unannounced audits, big fines and public embarrassment. A press release from July, for example, announced that Harry's Fresh Foods, a fresh food preparer, headquartered in Portland, Ore., paid BSA $54,151.25 after an audit revealed more copies of Adobe, Microsoft and Symantec software programs on its computers than it had licenses to support. In addition to making its payment, Harry's Fresh Foods agreed to delete any unlicensed copies, purchase replacement software and strengthen its software management practices.

While the strongarm tactics remain, the BSA Web site has softened its tone. They are now "Promoting a safe and legal digital world." The face of a middle aged woman reassures me that they are nice people to work with. But go to the newsroom and you see they continue to go for the jugular and have not changed their audits or aggression.

In truth, I think most people actually agree with their mission and purpose. We just don't want to be the ones getting nailed. But the sad part of all this is the profile of the ones publicized on their site. You might expect shady back street operations, mafia-linked bootleggers or perhaps one-legged pirates with patches over their eyes.

While a small percentage of violators did have criminal intent, most simply failed to keep accurate track and let software distribution get out of control. Typically, they employed manual means of tracking inventory and Excel spreadsheets to keep records of license usage. Unfortunately, sloppy administration is no defense. So with federal copyright laws allowing for up to $150,000 in damages for each work infringed, many enterprises are investigating better ways to manage their software.

The solution is to keep regular accurate hardware and software inventories of what is installed on all of the company's computers. Fortunately, this is not nearly as difficult as it once was. Just go to any search engine and search on "computer inventory" and look at all the software packages that show up. How do you choose the right one?

First, before I look at software I write down some notes about what I really need. I do this because sales people have a habit of trying to sell me on a feature they want me to believe is important. I can be pretty gullible, so 1 try to be on guard for this.

Second, compare multiple vendors and build a matrix of features. Put an importance of 1-10 next to each item to determine how important it is to your team. Always share what is important to you with vendors as they will inevitably tell you a lot (in their opinion) as to why a feature is or is not important. Sometimes they make some very good points. This can be especially true if they don't support it.

Third, consider price in this industry. Most people looking for this type of software only need a Ford or a Chevy. A Mercedes or BMW price tag may not get you features you really need and may load you up with features you would never have any use for. But they sure sound good!

Fourth, consider how the software integrates with other third party tools. I know of one third party package that allows you to click on the MAC address and it will display the switch and port the user is plugged in on.

A few other features include the following.

* Canned reporting in various formats and an open database with a published schema (ask for the schema before the purchase).

* A Web interface enabling you to gain access from anywhere.

* WMI scanning, this allows for the scanning of most Microsoft operating systems without installing agents on all the end systems.

Perhaps one of the most important things to keep in mind is what you are going to use the system for after you resolve your software piracy issues. Here are a few things to look for.

A change log that auto updates every time the computer is scanned. It will tell you if someone installed a patch, if the IP address changed, etc. Basically, this is a log of any changes the scan finds on the system since the last scan and it can become very important when trying to trace a problem back several weeks or months. I sometimes refer to it as an automated notes ability.

The system should have the ability to not only alert for software piracy, but it should also notify you if a system is low on hard drive space or any other variable you want to be notified for.

Finally, make sure the vendor allows you to evaluate the software on a limited basis. This will enable you to make sure the system will be able to scan your company's computers. Five to ten computers is fine, however many companies allow several more.