controlling desktop software expenditures

Controlling Desktop Software

Expenditures

For Windows®-based Workstations and Servers

Written By:

John T. McCann Chief SofTrack Architect Integrity Software, Inc.

http://www.softwaremetering.com/

Copyright © 2004 Integrity Software, Inc. All Rights Reserved.

http://www.softwaremetering.com/

Corporate Background Integrity Software has been continuously developing SofTrack since its initial creation in December 1987. Our first release in April 1988 was under the name SiteLock and was later renamed SofTrack in 1993. Through the years SiteLock and SofTrack have been marketed by various publishers included Brightwork Development, ON Technology and Elron Software. Initially, SiteLock and SofTrack both exclusively performed software metering. In July of 2002, SofTrack’s Software Usage Billing or Timekeeping functionality was first released. In April of 2003, SofTrack’s Quick Inventory was released, it added software and hardware inventorying for Windows®-based workstations and servers. In October of 2003, SofTrack’s Smart Inventory feature was introduced, it accurately details usage of inventoried software. Integrity Software has applied for a patent to protect its advanced software inventorying and usage detection methods. Throughout its existence, SofTrack has been developed and updated by the same core programming team. Over its lifetime, SofTrack has cumulatively saved 14,000+ organizations worldwide over $1 Billion dollars in software related expenses. Copyright © 2004 Integrity Software, Inc. All rights reserved. This document is for informational purposes only. Integrity Software makes no warranties, express or implied in this document. SofTrack is a trademark of Integrity Software, Inc. Microsoft and Windows are either registered trademarks or trademarks of Microsoft, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners.


Controlling Desktop Software Expenditures

Overview Managing the abundance of software installed throughout your organization is a demanding and challenging task. Being able to determine how often software is used increases the complexity of the task. Perhaps one of the most difficult feats faced by IT Administrators is preventing the installation of unapproved and/or unlicensed software. Bringing your organization’s software abundance into focus requires a determined effort. An effort well rewarded with reduced software expenditures. By controlling software abundance your organization will realize savings during software upgrades and maintenance renewals. Further, your organization will be protected from prosecution for improperly licensed software. This document has been prepared to clearly show the benefits of using SofTrack’s Enterprise Software Audit and Control Platform throughout your organization to control software abundance on Windows®-based workstations, servers and thin clients with the goal of reducing desktop software expenditures.


Introduction

Software helps drive your organization’s function. It provides numerous benefits and without its use your organization would likely suffer. Most software in use by your organization is only offered under a usage agreement such as an End User License Agreement or EULA. The EULA is a binding legal agreement that governs how the software can be used. The design of software allows for its rapid distribution and installation. Furthermore, copying of software is quick and easy. These are wonderful attributes of software that create many problems for organizations wanting to maintain their legitimacy. Proving where software is installed and how it is used within your organization is a task to be faced and solved. Solving this problem may involve a physical inventory of all software installed on all workstations throughout your organization. If this were not arduous enough, the need to continuously update the status of all software installations and usage surely is! There are two main benefits to maintaining an accurate accounting of all software installed and how it is used: (a) Controlling costs related to upgrading and maintaining of software:

Knowing how many copies of software are installed throughout your organization allows you to spend only what is required to upgrade and maintain it. Having an accurate software inventory helps your organization save money by eliminating over purchasing of upgrades and maintenance renewals to “ensure enough licenses are purchased”. Historically, organizations that do not possess an accurate inventory will over-buy software licenses (new, upgrades and maintenance licenses) to defend from having too few licenses and therefore risk litigation due to copyright infringement. Additional cost savings can be introduced if actual use of the installed software is reportable. Combining the “where software is installed” inventory with the “is it ever used” reports can yield a greater cost savings by revealing where software can safely be uninstalled/removed. For instance, if, via a software inventory report, you find 50 copies of Adobe® Acrobat® have been installed, but, via a usage report, discover in the past 30 days only 40 copies have been used, you can then query the users of those specific workstations if they ever use Acrobat®. If you find


that those users never use Acrobat® (and may not even realize it is installed!) you can safely remove its installation.

(b) Defending against legal action due to use of unlicensed software:

When an organization has more copies of software installed than it has purchased licenses for it has violated the copyright of the software producer. While having too few software licenses may save your organization money in the short term, it can cost hundreds of thousands of dollars or more in the long term through fines and legal expenses. Due to the strength copyright laws convey upon their owners, these extra expenses include the threat of jail time for the organization’s directors. For instance, if, via a software inventory report, you find 85 copies of Adobe® Acrobat® have been installed, but, discover only 50 licenses have been purchased you can determine, via a usage report, how many copies/licenses are actually needed. Once determined you can then remove unneeded copies and/or purchase additional licenses to maintain your organization’s legitimate software use status.

Once you have initially determined where software is installed and whether or not it is used you will need to maintain the status quo. Preventing unauthorized software installations is a top priority in maintaining the status quo. If your users are able to freely install software your organization will continue to be at risk for software copyright infringement.


Gathering Software Inventory There are many products available to gather software inventory data for Windows®-based workstations. Many of these products are available as freeware or shareware and require little if any cost. Of course there are benefits to acquiring a commercial software inventory product. With purchase you receive technical support, maintenance and product upgrades. Inventorying products operate in two basic methods. The first method uses an executable file that runs directly on each workstation. The second method uses the Windows Management Instrumentation Interface (WMI) plus other remote scanning methods to retrieve inventory data without requiring an executable file to be directly used at each workstation. Those using the second method sometimes require an administrator login on the workstations being inventoried. The following sections will further describe these two basic software inventorying methods and how SofTrack’s method differs. Locally Gathered Software Inventory Before the creation of WMI (see next section) almost all software inventorying / scanning products relied upon running an inventorying application directly at each workstation. And, upon the conclusion of the inventorying process, sending the results directly to a central repository for reporting. The inventorying process is usually started within a logon script or other startup activity file / registry command. Many current products still implement this tried and true approach. This is especially true for inventorying of non-Microsoft® Windows workstations. Please note: products that run directly at the workstation can incorporate the use of WMI. For some products, performing a locally gathered software (and hardware) inventory can be a time consuming process that can take several minutes or longer and may interrupt the work of your users. Further, many local scanning products that do spend several minutes inventorying often present the user with a message window that includes a Cancel button which allows the user to disrupt the inventorying process! Many products that perform a locally gathered inventory incorporate the use a brute force file scan to discover all executable files present. For each executable file found a pattern recognition procedure is performed to identify the origin and details of the file scanned. Inventorying products that perform a brute force file scan incorporate file signature libraries/databases that are


constantly changing and may include millions of file signatures. Often these libraries are stored at the server rather than at each workstation. When libraries are stored at the server, the inventorying process will create varying amounts of network traffic and will require server-processing time to complete the identification profile of each executable file found. According to Microsoft1, the average workstation includes over 1700 executable files. Via the brute force scan, resolving the identity of 1700+ executable files will likely require a substantial amount of network bandwidth. Performing a software inventory can be a very time consuming process for those products utilizing a brute force scan and file signature pattern matching process. And for nearly all such products the resulting software inventory report will only be useful in identifying which software is installed and where, without revealing if the software is actually ever used. Remotely Gathered Software Inventory The general benefit of remotely gathering software inventory is to avoid running an “inventorying application” directly at each workstation. This method assumes certain prerequisites at each workstation:

(a) Existence of a user account that has sufficient logon privileges to perform the inventory whose account name and password are known by the individual who will be conducting the inventory;

(b) For Windows®-based workstations not using Windows 2000 or XP will require specific “remotely-enabled” software to have be previously installed.

In general, products that perform a remote software inventory of Windows®-based workstations do so by implementing the Microsoft Windows Management Instrumentation interface (WMI). The WMI interface allows remote access to workstations from a central Windows®-based workstation and/or server. The WMI interface is capable of performing a full software inventory of all software that was installed with a Microsoft Windows Installer (MSI) ‘package’. Software installed via other means can also be inventoried, however, to do so usually requires use of specific scripting. Many products that use the WMI interface include the necessary scripts to perform a full software inventory. If you have ever seen a software/hardware inventory performed by visiting a web page via Microsoft’s Internet Explorer it is likely to have been assisted by WMI in either a Visual Basic script or ActiveX control. To function remotely, the WMI interface requires appropriate logon credentials. Each workstation being inventoried must be authenticated to with a user id possessing sufficient security credentials to perform the inventory. Further, WMI is only available for Windows®-based workstations and

1 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_cpm_qoai.asp


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_cpm_qoai.asp

servers. If the server being used to remotely gather software inventory data is not Windows®-based, then, the WMI methods described here will likely not be available. The software inventorying process can be accomplished quickly via the WMI interface as long as all software being inventoried was installed via a MSI package. However, many packages include the brute force file scanning method as described in the previous section. Local vs. Remote Software Inventorying A significant difference between local and remote software inventorying is that the remote method is generally accomplished one machine at a time (or in parallel) from a central workstation/server. This means inventorying of hundreds or thousands of workstations could conceivably take a very long time because of the one to many inventorying relationship. Because the server is physically querying the inventory of each workstation, server processing overhead constraints will contribute to the amount of time required to complete the inventorying. Generally, the local method of inventorying provides for a more efficient use of system resources by performing its actions, except for delivering the end results, within the confines of the local machine.

Server remotely querying the Workstations locally performing software inventory of each the software inventory and workstation (requires processing transmitting to server overhead at the server)

As you can see from the images above, the local software inventorying method more efficiently utilizes system resources. Substantially reduced processing overhead required at the server responsible for collection of the software inventory data contributes to the efficiency of the local method. Also contributing the local method’s efficiency is its reduced need for network bandwidth. However, if the local method incorporates file signature matching against a library/database file that is located elsewhere on the network, the local method can also consume copious amounts of network bandwidth to complete its inventorying.


A significant similarity between local and remote software inventorying is that, in many products, both methods reveal the exact “end” applications installed without identifying the suites they are actually included within. For instance, more than one inventorying product reported that Excel 2000, FrontPage 2000, Access, Outlook 2000, PowerPoint and Word 2000 were installed. There was no mention of Microsoft Office 2000 Premium being present when actually all these “individual” applications were installed as a part of Office 2000 Premium! In some cases, caution must be used in interpreting software inventory results. And, as stated earlier, nearly all software inventorying products produce a software inventory report that is only useful in identifying which software is installed and where. These reports will not reveal how the inventoried software is used. To be complete, the product you implement must identify if the software is actually ever used. The SofTrack Software Inventorying Solution SofTrack’s inventorying solution uses the local method to gather software and hardware inventory data. Per workstation, SofTrack’s Quick Inventory Agent (QIA) completes its software and hardware inventorying in less than 10 seconds. It performs so quickly that your users will not even know that an inventory has occurred! Achieving this beneficial level of performance is made possible by omitting the brute force examination of all executable files on the local machine. The resulting inventory dataset, transmitted to the SofTrack Server Agent (SSA)2, averages 20KB to 40KB per workstation. SofTrack’s (QIA) requires no formal installation as it is comprised of two tiny executable files that, together, occupy less than 100KB of disk space. These two files are all you need to conduct a software and hardware inventory of all Windows®-based machines from Windows 95 through Windows 2003. You can also easily perform an inventory of workstations not connected to your network. To do so, simply copy the SofTrack QIA files to floppy or email them with instructions on how to use. Inventorying of workstations connected to your network requires a single configuration option: the name of the Windows® or NetWare® server to receive the inventory results. The quickness of SofTrack’s QIA inventory scan combined with the small size of the resulting inventory dataset means you do not need to be concerned with scheduling its use, even in large organizations. In fact, you can run an inventory everyday without adversely affecting system performance.

2 The SSA is installed at a repository server; you may designate several such repository servers throughout your organization.


Example SofTrack Workstation Details Report:

SofTrack’s QIA was developed with the focus of controlling workstation software expenditures. The resulting patent-pending technology quickly and accurately gathers software inventory data for all commercial software packages found. Software packages are also known as applications. We believe there is no need to inventory every executable file installed (i.e., brute force method) because doing so would result in the accumulation of excessive amounts of essentially useless data. SofTrack helps you perform a software inventory quickly and provides you with the level of data you need. After all, your main focus is (1) to save money by not overbuying software, and, (2) to defend against a software audit that can result in fines, public embarrassment and possible jail time for the organization’s directors. SofTrack’s QIA’s patent-pending scanning method quickly detects all commercial software installed. Commercial software is defined as software that was installed via MSI, InstallShield® or other similar technologies. The scanning method employed by the SofTrack QIA also retrieves the executable filenames associated with each software package found. The filename(s) associated with each software package are later used to identify the software’s usage. More detail regarding usage detection is found in the next section.


Example SofTrack Report detailing Executable Files for each Software Package detected:

The SofTrack QIA properly determines if a software suite is installed or if software was installed separately. For instance, SofTrack’s QIA accurately determines if Microsoft Office Premium is installed or if stand-alone copies of Excel, Access, Word, Outlook, PowerPoint and FrontPage have been installed. This distinction is critical in knowing what software is installed. Case in point: You may find that your organization has 1400 stand-alone copies of Excel and 400 copies of Microsoft Office (which includes Excel). Obviously this is different that 1800 stand-alone copies of Excel that other software inventorying products would lead you to believe exist. Example SofTrack Report detailing Software Packages found for each detected executable file:

An additional benefit of SofTrack’s QIA implementation is that it retrieves the list of installed Windows® Operating System Hotfixes. This means SofTrack’s


QIA can assist in patch management by detecting if specific Hotfixes have been applied. This critical benefit is not readily available with most other inventorying products. Example SofTrack report showing a summary of Hotfixes installed:

A related benefit of SofTrack’s QIA implementation is that there is no need to keep current with the latest library/database of executable file signatures (often used by other software inventorying products to identify executable files found during a brute force scan). The SofTrack’s QIA patent-pending technology automatically determines the executable files for each software package detected. Summarizing the benefits of SofTrack’s Quick Inventory Agent:

(1) Performs full software and hardware inventory in less than 10 seconds; (2) Eases administrative overhead by not requiring a formal installation per

machine nor formal scheduling of its use; (3) Collects data regarding all commercial software packages installed

including the executable filenames for each; (4) Detects software suites versus stand-alone installations; (5) Retrieves list of installed Windows® Operating System Hotfixes;


Determining Software Usage Gathering and reporting the software inventory of each workstation provides insight into where software is installed throughout your organization. This insight is critical in assisting in the determination of whether or not your organization owns sufficient licenses for all software installed. Based upon this knowledge you may find that additional software licenses must be purchased to ensure proper ownership. Or you may find that your organization has acquired more licenses than what has actually been installed. If you are fortunate, you will discover that the number of licenses owned exactly equals the number of copies installed. Regardless of your findings you will still not know how many copies of the software are actually required, that is, those copies that are truly being used. If your organization only requires a single application you may have a good idea of how that software is used. However, most organizations have licenses for 10 to 160 different software packages from a variety of vendors. Keeping up with how each different software package is used is essential to properly determine how many licenses for each are needed. To get the big picture of where software is installed and where it is used you must be able to correlate software inventory data with software usage data. The SofTrack Smart Inventory Solution SofTrack’s Smart Inventory solution delivers to you a comprehensive view of what software is installed and where it is used. By combining the software inventory data provided by the SofTrack Quick Inventory Agent (QIA) with software usage data provided by the SofTrack Local Workstation Agent (LWA), SofTrack supplies you with a powerful tool for determining software usage. How Smart Inventory works Building upon software inventory data collected by the SofTrack QIA, the SofTrack LWA detects each software use. The SofTrack LWA operates as a system level service. It is installed to each workstation, server and terminal server3 where you will want to determine software usage. If present, it will even automatically run the SofTrack QIA. Beyond specifying the repository server, no additional configuration is required. By merely being installed, the SofTrack LWA will, via a low overhead protocol, notify the SofTrack Server Agent (SSA) running at the designated repository server of each executable file being used. The SSA maintains a small database per workstation of all executable files ever used at each workstation

3 Includes thin client support


including how many times each has been used and the time and date of the last use. The following are example reports provided by SofTrack’s Smart Inventory: The following example shows the number of workstations where software is installed including how many workstations where the software has been used:

Figure 1.

The following example builds upon the one above by illustrating the 12 workstations where the Microsoft Office XP Portuguese User Interface Pack is installed but has not been used – this list might be used to contact users of these workstations to determine if they require the installed software – if not, remove and/or reallocate their software license:

Figure 2.

The following details the 3 workstations from Figure 1 that have used Microsoft Publisher 2002:


Figure 3.

Denying Unauthorized Software Use Together, software inventorying and usage detection provide a substantial foundation for controlling software expenditures. However, these two technologies show what has happened in the past without providing proactive control over the future. Proactively controlling the future is designated to indicate denial of unauthorized software use, installation and modification. To achieve these controls some organizations “lock down” desktop/workstation modifications to the point where no software can be introduced or modified without prior consent of the IT administrators. Other organizations configure their workstations to automatically “rebuild” the workstation image every time the workstation is reboot or a user logs out. Both methods ensure that unauthorized software installations and modifications are automatically scrubbed. Only the lock down method prevents unauthorized software use. Denying unauthorized software use means preventing users from running specific software. For instance, users are not allowed to use any software with the filename SETUP.EXE. Or, perhaps your organization is phasing out the use of a particular software package and needs to stop users from running any old copies that may still exist. Denying unauthorized software installations means stopping users from installing software without the consent of the IT Administrator(s). Preventing unauthorized software installations is key to maintaining software license compliance. When software is installed without consent it is likely that no purchased license exists for the “new copy” installed. If audited, your organization will be exposed to possibility of hefty fines, public embarrassment and possible jail time for organization’s directors. Denying unauthorized software installations and use will benefit your organization by decreasing support costs associated with users “self-installing” software including web-downloads. Denying unauthorized software modifications means blocking changes to software. Software modifications are usually performed by hidden processes such as viruses and worms and not by directly accomplished by users or


conventional software means. Introduction of viruses and worms and similar is usually prevented by denying unauthorized software installations. For organizations desiring full proactive control over unauthorized software use, installation and modification SofTrack offers a proactive method to deny unauthorized software use, installation and modification. When you use the SofTrack Administrator Console to configure the SofTrack Local Workstation Agent (LWA) to deny renaming and creation of executable files (*.EXE and *.COM files) you will be proactively denying:

1. Creation of executable files by any means including web-download. 2. Modification of executable files by any means including viral

infection. 3. Copying of executable files.

When actively denying renaming and creation of executable files, SofTrack does offer the ability to specifically allow designated software to create executable files. For instance, those students in a computer lab using Microsoft® Visual Studio® will be allowed to generated executable files but no other process will be allowed to rename/create executable files. Additionally you can configure SofTrack via the Administrator’s Console to deny use of any specifically named file. For example, you can easily configure SofTrack to deny use of any file named SETUP.EXE, INSTALL.EXE and so on. Thus, SofTrack, via the SofTrack LWA (installed at each workstation) can proactively control software use in your organization by denying authorized software use, installation and modification.


SofTrack Administrator Console LWA Options:

Please note from the figure above: SofTrack, via use of the LWA, includes the ability to generate a report detailing all executable files created. This allows you to immediately know where software is being installed and/or modified.


Conclusion This document has been prepared to clearly show the benefits of using SofTrack’s Enterprise Software Audit and Control Platform throughout your organization to control software abundance on Windows®-based workstations, servers and thin clients with the goal of reducing desktop/workstation software expenditures. SofTrack provides the following technical benefits:

1. Installs quickly and simply 2. Provides software and hardware inventory in less than 10 seconds 3. Performs so quickly there is no need to schedule inventorying scans 4. Obtains software and hardware inventory from remote workstations 5. Detects software suites versus stand-alone installations 6. Identifies software that is not being used 7. Retrieves where Windows® Hotfixes have been installed 8. Details how inventoried software is used 9. Reports which workstations have software installed that is never used 10. Stops unauthorized software installations 11. Denies unauthorized software modification 12. Tracks creation of executable files

SofTrack provides the following business benefits:

• Reduces software expenditures by discovering exactly how many licenses of each software are owned.

• Eliminates over-buying of software licenses by accurately detailing how many licenses are actually required to cover what is being used.

• Defends against software copyright infringement by discovering how many software licenses must be owned to be compliant.

• Decreases support staff overhead by preventing unauthorized software installations and by automating delivery verification of software deployment.

• Details software and computing hardware assets owned.


controlling desktop software expenditures

Documents