Quest Software Audits: Unauthorized or Pirated License Keys
Since the relaunch of Quest Software, a large amount of software audits has been performed and are still taking place. We started a series of article to explain the most common compliance issues seen for Quest software programs. In a previous article, we covered the most important parts of the standard Compliance Verification clause as part of the old Dell Software Transaction Agreement and the current Quest Software Transaction Agreement. This article will focus on the ins and outs related to Un-authorized or Pirated License Keys for Quest software programs.
How to identify them?
Since there are software programs with license keys, there have also been people creating their own (pirated) license keys. A pirated license key is created and distributed by an individual, other than the software publisher itself. The pirated license key does make sure that the software can be used, but the right to make use of the software program has not been granted/authorized by the software publisher itself. A pirated or “cracked” license key is typically made available on the internet, so that as many individuals can make use of the software. This without paying a license and/or support fee for such use towards the software publisher that developed and owns the software. Due to the distribution via the internet, it is typically difficult to find out who (initially) created the pirated license key. Typically, this may include ex-employees of the software publisher, in this case Quest or Dell software (with the objective to get back towards their former employee), individuals that just like to avoid paying license and/or support fees for the use of proprietary owned software or individuals that would just like to test the software functionality without obtaining a (trial or freeware) license from Quest software.
Many organizations have troubles in determining the difference between a pirated license key or an official license key provisioned by Dell or Quest. During the course of an audit, Quest software looks at the gathered license keys by using its own internal “License Key Analysis” tool. However, you do not have access to such tool. End users should therefore have a complete and accurate license entitlement administration in which the license key(s) as provided by Dell, Quest or any of its resellers are administered correctly. It may not sound very appealing, but this is the only way you can keep track of the license keys provided and the license keys installed, to reconcile your specific situation.
You should keep the following situations in mind to identify a pirated license key:
The “Toad for Oracle Product Licensing Console” or easier said “License File” shows in the “site message” field the name of the end user organization that obtained the license key. If and when the site message reflects a name that is not referring to your end user organization (and typically includes a strange site message) then that license key is most likely a pirated license key.
The following site messages are real examples of pirated license keys we identified at customers we worked with “Legends Never Die”, “Oracle”, “Shit”, “Quest” and ”Danceboy”.
The “Toad for Oracle Product Licensing Console” shows in the “quantity” field the number of licenses (users) that can be used through the license key itself. If you for example bought a license for 5 Seat User licenses for Toad for Oracle Base Edition, then this field will reflect “5”. In case this fields reflects a large (or strange) quantity, then this is most likely a pirated license key. A typical quantity as being used for pirated license keys includes “65.535”.
As a rule of thumb, if and when the quantity exceeds more than a relative low number (let’s say 10 or a number that you do not recognize within your license entitlement administration), then you should start looking into the license key itself to determine if it is indeed a pirated license key.
If and when an unauthorized or pirated license key is identified (during the course of an audit), Quest software treats this very seriously.
- claim three times the value of the individual license for an individual installed (pirated) license key and
- claim such “tripled” license, support and back support fee for each individual (Toad) module you could have used as a result of the pirated license key.
Let’s look at an example:
- You have installed one installation of Toad for Oracle software in 2016
- You have installed one single pirated license key for Toad for Oracle software in 2017
- You have the software only installed on one single laptop
- You have only granted one single individual access to the Toad for Oracle software
- You have only made use of the Toad for Oracle Base Edition
In this scenario, Quest will require you to pay the price for:
- 3 Seat User licenses + (back) support maintenance – Toad for Oracle Xpert Edition w/ DB Admin Module
- 3 Seat User licenses + (back) support maintenance – Toad for Oracle Base Edition
- 3 Seat User licenses + (back) support maintenance – Toad for Oracle Professional Edition
The (back) support maintenance fees are typically calculated back from the date on which the license key was installed on the server (“KeySaveDate”); in this example 2017. Nevertheless, there are known cases in which Quest claimed (back) support maintenance fees from the date on which the software was installed as well. This since the license metric definition for a Seat User states:
Seat is a User, except for Desktop Authority, for which a Seat is a Device. For Software licensed by this License Type, a license is required for (a) each User who uses the Software on a shared device or in a virtualized or cloud environment and (b) for every single-user device on which the Software is installed. [..]
Dell software did not perform a lot of software audits related to the use of its programs. Many end users did as such not prioritize the management of its Quest software licenses. Quest is performing (either themselves or through KPMG or Deloitte) many software compliance audits in EMEA and NAMER. You are highly recommended to perform an internal Quest audit on a short term, to identify your compliance position first before Quest starts an audit. The question is not if you are going to be audited, but when this will happen. If you are in the need of in-depth knowledge and expertise with regards to the execution of such audit, don’t hesitate to reach out to us.
This article was published on 20-02-2019