Wednesday 2 January 2008

Licensing and AVG "Free" Edition in a corporate setting?

We just received an email from a company that contained the following at the bottom of their email:

AVG Free Edition Signature

So, what do we do?

Not say anything? Let it slide?

Since we receive email from around the world, the motive to inform a client, or non-client, would be one of principle versus one of "getting the sale".

We believe in operating our business and working with our clients' businesses above board. This means making sure that our client's licensing and our own licensing are in proper order for any software product installed on any system or device.

Here is how we would possibly respond to above situation:
As a professional I.T. company, the following AVG antivirus message at the bottom of your email caught our eye:

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.13/1207 - Release Date: 1/2/2008
11:29 AM

Please note AVG's Web site states clearly that the Free Edition of AVG is for personal or non-commercial use only.

We strongly suggest that Insert Company Name Here look into properly licensing a corporate level Antivirus solution. A proper solution would preferably be centrally (server) managed and not rely on the user to initiate updates or run scans. The proper solution would also be very difficult to circumvent ... which the free edition of AVG may not be.

As a commercial enterprise, Insert Company Name Here would be liable for any virus spreading itself from within the Insert Company Name Here corporate network. There are organizations that track the source of all virus and Spam infections via IP and provide that data publicly. Thus, it may not be too difficult to trace back to the original sending organization.

Also, a software audit by CAAST of Insert Company Name Here would turn any system the "free" software was installed on into a very significant monetary liability via fines and more.
In most cases, we get "Oh ... we did not realize that" or "Thanks for pointing that out".

We carry this policy into any prospective client relationship as well. If we are assessing a prospect's network and there are licensing issues, we make a point of documenting them and then discussing the issues with the contact there.

If there is a firm and in writing commitment to address those issues within a fixed time frame then we will continue working with them.

For those instances where cooperation is not forthcoming, the Microsoft Partner Site has some great legal resources and people to talk to. Consulting with them will make it clear where we would stand as far as our culpability and possible complicity in a prospective client's licensing quagmire and how we should proceed.

For those who live and work in countries where litigation is flung about like a big stick, it is even more important to be absolutely clear where one's company stands legally.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.


Anonymous said...

I really appreciate this article - and cannot agree more that AVG Free edition is used quite too often also for commercial purposes. However, I do not agree with your statement that it is sufficient to protect servers and have the workstations unprotected. This is a mistake that many admins had done and then regretted it. Most security experts would agree that for networks, it is really a good idea to protect both servers _and_ workstations.
And by the way - there IS obviously a commercial product from AVG and there is a network edition, too. So anybody using AVG Free edition in business environment should really go for the professional one (network or single) - more on the home page of AVG

Philip Elder Cluster MVP said...

I mentioned centrally managed Antivirus solution.

For clarity sake: This means that the A/V client on the workstations has its settings and updates managed by the server. This makes it more difficult for a threat to circumvent the A/V protection. Both server and workstations will have an A/V client on them.

And finally, on a network scale, AVG has never really appeard on the radar for us. Perhaps that is due to our experiences with the consumer purchased products.