Software Compliance Audits Only Part of Non-Compliance Risk

Eracent identifies new risk from third party software reporting over the firewall. Microsoft's automatic updates to Windows XP SP 2 and Vista systems update desktops without providing any details on what has changed are altering acceptable vendor behavior. The concern is license compliance snooping.

Ottsville, PA (PRWEB) November 20, 2007 -- Eracent identifies new risk from third party software reporting over the firewall. Microsoft's automatic updates to Windows XP SP 2 and Vista systems update desktops without providing any details on what has changed are altering acceptable vendor behavior. The concern is license compliance snooping.

Any third party software that communicates over the firewall has the potential to report outward on usage according to Eracent, a global provider of IT asset management solutions. There are other reasons to encode software to automatically update or report without asking permission, but all lead to increased risk to the organization. Eracent advises vigilant inventory as the best strategy to control the risk.

Windows Auto Update is one of the best known Microsoft applications

However, virtually all applications that are installed, with the exception of open source, are provided as binary executables. Without source code there is no choice other than to trust the vendor to inform you about all of the application's functionality, which may not be all it does.

The only things that keep vendors from imbedding their applications with spyware code are concern for the reputation of the business and ethics, which we should never take for granted

Our best defense is to stay informed about the software vendors in your environment and to maintain an accurate and thorough inventory of software.

"Windows Auto Update is one of the best known Microsoft applications," stated Artur Kornatowski, IT Asset Detection Manager. "However, virtually all applications that are installed, with the exception of open source, are provided as binary executables. Without source code there is no choice other than to trust the vendor to inform you about all of the application's functionality, which may not be all it does."

IT professionals sometimes figure out what applications are really doing by monitoring the data an application sends or receives over the internet connection. For Windows Auto Update, it is this research that led to public awareness that Windows Auto Update does more than expected. An action like this from Microsoft may impact how other vendors view unexplained spying in the near future.

"The only things that keep vendors from imbedding their applications with spyware code are concern for the reputation of the business and ethics, which we should never take for granted," added Kornatowski. "Our best defense is to stay informed about the software vendors in your environment and to maintain an accurate and thorough inventory of software."

About Eracent
Eracent, Inc. is a global provider of IT asset management solutions for organizations who require accuracy and accountability for their asset inventory while maximizing their IT investment. Eracent offers a full suite of IT Asset Management, Configuration Management Database (CMDB), Software Asset Management, Software License Management, Software Compliance, IT Compliance, IT Lifecycle Management solutions that solve tactical and strategic business goals with easy to implement technology. To learn more about Eracent, visit www.eracent.com.

Contact: Jenny Schuchert, 908-537-6520

###

Post Comment:
Trackback URL: http://www.prweb.com/pingpr.php/UGlnZy1UaGlyLVBpZ2ctSG9yci1UaGlyLVplcm8=

third party software spying software license compliance changing business ethics windows auto update asset management eracent software asset management auto update software inventory

Bookmark -  Del.icio.us | Furl It | Technorati | Ask | MyWeb | Propeller | Live Bookmarks | Newsvine | TailRank | Reddit | Slashdot | Digg | Stumbleupon | Google Bookmarks | Sphere | Blink It | Spurl