Protecting computer software

Now panicked himself, Martin looked feverishly for the software's master diskettes. He checked the stacks of stray disks and piles of loose paper that littered his office.

He went through every hanging folder in his filing cabinet. Where could those disks be? In a last ditch effort, he even called the local computer store to see if they could help. They politely told him that he'd have to repurchase the software unless he could produce a valid user license number--which could be found on the packaging of the master diskettes. That wasn't any help. In the end, Martin didn't get the project to the superintendent on time. He eventually found the master diskettes at his home where he had taken all of the documentation to read one night several weeks earlier.

But because he had been accessing the electronic HELP file through the software as soon as it had been loaded onto his computer, he had never again thought about the paper documentation or the master diskettes. It was a tough lesson to learn--and it cost him some of the confidence he had worked so hard to earn from his boss. Tolerate nothing but licensed and organizationally approved software on workplace equipment: Games are fun and software from home can sometimes be useful, but they have no place on organizational equipment unless explicitly authorized.

Monitor software use and hard drive inventories to counter possible copyright infringements: Unlicensed software on organizational equipment puts the entire organization at risk for fines and other penalties stemming from copyright violations.

Software inventories should include the name of the manufacturer, version number , assigned computer as applicable , and function. Permit only authorized personnel to install software: In this way you know exactly what software is being introduced to your system and that it is being installed properly.

Train staff on software use and security policies: The best designed software for accessing and manipulating information is useless if staff are unable to use it properly. Software acquisition and development is addressed in greater detail in another National Center for Education Statistics publication, Technology Your Fingertips see Appendix C. Regulate Software Acquisition and Development: 22 Define security needs before purchasing or developing new software : After identifying your needs through a risk assessment see Chapter 2 , the findings should be used as the criteria by which you select appropriate software products.

Require written authorization before anyone tampers with software : Any changes to software requires a paper trail of what, why, and under whose auspices software was modified. Conduct design reviews throughout the development process : Continued feedback from expected users during development ensures that the product will satisfy functional specifications and security requirements. Modify archived copies of software not the copy that is up and running on the system : By doing so, you can be sure that you are not putting active applications and files at risk.

Once the modified copy passes testing and is certified as operational, then and only then should it be loaded onto the system for use with "live" data. Require that all software developed or modified by a programmer be reviewed by a second, independent programmer: This review should verify that all code is appropriate and correct.

Maintain master files of all developed software independent of the programmer : Software belongs to the organization, not the programmer. By controlling all original copies, the organization clearly guarantees this ownership. Require documentation for all new or revised programming : Requisite documentation includes the name of the developer, the name of the programming language, the development date, the revision number, and the location of the master copy i.

Verify authenticity of public programs : If software downloaded from the Internet must be used with sensitive information , be sure that it has not been tampered with by checking for a digital signature to verify its authenticity. While the vast majority of staff are probably completely trustworthy, they are not impervious to accidents or other events that could keep them from showing up for work some day. The organization is entitled to, and should, keep updated copies of everyone's work files.

The management team had finally had enough of Lou the programmer. They might have been able to over-look his daily late arrivals and early departures rumor had that even the airlines kept to their schedules better than Lou , but when he started his own computer consulting business on district time, they'd had enough. As his direct supervisor, Charlotte accepted the responsibility of informing Lou that he was being dismissed.

Charlotte and the Director of Personnel called Lou to the conference room to break the news. We informed you that they were unsatisfactory and that things would need to change. At that time you agreed to try to improve your performance. Unfortunately, it has become clear through this whole business of you leaving work during office hours to attend to your personal consulting that your performance has not improved.

Therefore, I must inform you that your contract is being terminated. I've been working on the programming for the School Report Cards for the last six months. You need it if you are to have any chance of getting them out this year. It really would be a mistake to get rid of me at this point. Lou sensed the trap. I'd never do that. But I can tell you that I've had a tough time keeping things organized on my hard drive, so I've had to store a lot of my programs on diskettes.

Suddenly I'm having difficulty remembering where I've put them all. And if I'm having problems figuring it all out, I seriously doubt that you'd ever be able to find those files if you hired someone to replace me. Now, maybe it's time that we talk about a raise. Thoroughly Test Newly Acquired and Developed Software: Specifically search for common types of computer viruses : Have technical staff check for common viruses such as Trojan Horses and worms.

Verify that all software user functions are working properly before putting the software into operation : Check that new software meets anticipated user needs, current system requirements, and all organizational security standards. This recommendation is also applicable when upgrading software. A copyright grants you specific rights in terms of your software. When you hold the copyright to software code, you can:. An official copyright registration is easy to get and doesn't cost you much.

Copyrights last for the lifetime of the person who created the work, plus 70 years after that person's death. If you're copyrighting something you bought from a person you hired to create it, the copyright lasts for 95 years after you first publish that work, or years after the work is created, whichever comes first. Some programmers worry about sending the code to the U.

Copyright Office. If it's at the Copyright Office, you might worry competitors can look it up and take copies. However, you only have to send the first 25 pages and the last 25 pages, to identify your software.

If you have trade secrets in the software, you can black those out. Stealing from the software is more complicated than just plagiarizing because the software is more than just code. Software is an invention or an idea. Copyright law only protects how that idea is written down. Because a software program does something specific, protecting against copying might not be enough. Someone could use different code but still steal your invention.

To protect a process, like the function of software, you need a patent. A patent will protect things like:. You can use two types of patents to protect software: utility and design.

Utility protects what the software does. Design protects any decorative part of your software. Unlike copyright law, patent law protects the invention itself. That way, someone can't create a software program with different code that does the exact same thing your software does. But the patent doesn't protect your specific lines of code against plagiarism the way copyright does.

Keep in mind: you register your copyright, so you aren't applying for anything. You do apply for a patent, which means you might not receive the patent. If you include information in your published patent application, that information is no longer a trade secret. Getting a software patent has been the subject of lots of legislation, including Supreme Court cases. The precedence for software patents isn't always clear, making getting a software patent even more difficult.

A patent in the U. If you need a patent in other countries, you have to apply in each of those countries. Because patent law is different in every country, what gets you a software patent in the U. A trade secret is information you or your company has that other people don't have. You use this information in business, and it gives you a leg-up over your competition. You don't file any documents or apply with an office to get a trade secret.

Instead, the way you treat your software can make it a trade secret. You have to take "reasonable measures" to keep the software a secret:. You can maintain a trade secret for as long as you want. Unless someone discovers your secret by what the law calls "fair means," your trade secret will last forever. If someone else discovers, on their own, a trade secret similar to yours, you can't take legal action. Sometimes companies and individuals don't see trade secrets as secure enough protection for valuable software inventions.

One difficulty with copyright and software comes from companies who hire software developers. Usually, copyright law says that whoever creates the work owns the copyright.

However, the law also contains language to cover work-for-hire. If you are an employee of a company, and you create software for that company, the company owns the copyright.

That gives the company copyright ownership of the code, not the individual who created it. Some other work you might hire independent contractors to do automatically falls under "work-for-hire":.

If you work as an independent contractor, you own the copyright to your work even if you create it for a company. You and the company have to sign a contract stating they own the copyright to change that, or you can license your software to the company instead of handing over the copyright.

Whether you're a business or an independent contractor, it's best to get these details out of the way before work starts. Many of these sites install malware on the fly or offer downloads that contain malware. Use a modern browser like Microsoft Edge , which can help block malicious websites and prevent malicious code from running on your computer.

Stay away from pirated material Avoid streaming or downloading movies, music, books, or applications that do not come from trusted sources. They may contain malware. Don't use USBs or other external devices unless you own them To avoid infection by malware and viruses, ensure that all external devices either belong to you or come from a reliable source. Your privacy on the internet depends on your ability to control both the amount of personal information that you provide and who has access to that information.

Find out how to protect your privacy on the internet. When you read email, use social media, or browse the web, you should be wary of scams that try to steal your personal information also known as identity theft , your money, or both.

Many of these scams are known as "phishing scams" because they "fish" for your information. Find out how to protect yourself from phishing scams and avoid tech support scams. One important step toward greater workplace security is to protect your computer against malware. Windows Security or Windows Defender Security Center in Windows 8 or early versions of Windows 10 is built in to Windows and provides real-time malware detection, prevention, and removal with cloud-delivered protection.

It is intended for home, small business, and enterprise customers. For more info, see Help protect my computer with Windows Security. Microsoft Defender Offline runs outside of Windows to remove rootkits and other threats that hide from the Windows operating system.

This tool uses a small, separate operating environment, where evasive threats are unable to hide from antimalware scanners.