Save content
Have you found this content useful? Use the button above to save it to your profile.
No Entry Symbol on pixelated background
istock_fatido_AW

Some Sage perpetual users face data shut-out

by

Users of several older Sage desktop products could lose access to their data after 30 September unless they upgrade to a subscription product or export their files.

21st Sep 2022
Save content
Have you found this content useful? Use the button above to save it to your profile.

After a cut-off date of 30 September, Sage has confirmed it will switch off access to a number of versions of its older desktop products  – a move which the developer claims will keep customers safe following a security update. 

Users of the affected products with an active service licence or support contract will maintain access to their data, but those without will have to move to a Sage subscription product, or migrate or download their data before the cut-off date.

The decision has angered users, some of whom only recently purchased copies of the affected software, who argue it is unnecessary and the move to subscription products potentially costly.

The products affected are:

  1. Sage 50 Accounts Perpetual v23.2 - 26.2 
  2. Sage 50 Accounts Subscription v20 - 26.2 
  3. Sage 50cloud Subscription - v23 - 26.2 

Users of the ‘Subscription’ products listed (2 and 3 above) can switch to an alternative for free by contacting Sage.

TLS protocol change

The move centres around the use of the Transport Layer Security (TLS) protocol, a common set of security rules designed to bolster privacy and data security for communications over the internet.

In June 2018, standard-setting body the Internet Engineering Task Force (IEFT) confirmed that the deprecation process for TLS versions 1.0 and TLS 1.1 had started - recommending that all companies or software developers use the latest versions of the standard (1.2 and 1.3).

As the products listed above use the older protocols, on 30 September 2022 Sage will switch off TLS 1.0 and 1.1 for services that integrate with Sage 50 Accounts. Once these are switched off, anyone using Sage 50 Accounts v26.2 or below will no longer be able to access their software. All customers using versions above 26.2 will not be affected.

However, the affected versions of the software are not cloud products (even the versions of Sage50cloud listed above) and the protocol is only used to perform licence checks (according to a support page on the Sage website). Users have, therefore, argued that more could be done to fix the issue rather than move them onto new products.

‘Latest industry standards’

When contacted by AccountingWEB about the issue Sage provided the following statement: 

“Transport Layer Security (TLS) v1.0 and v1.1 is an industry-wide security protocol that is used to facilitate privacy and data security for communications over the internet. IEFT formally discouraged the use of it based on cybersecurity vulnerabilities. 

“Sage communicated with its customers about this, the action they needed to take and how we could support them,” continued the statement – users of the affected software report receiving a pop-up dialogue box outlining the changes and asking them to upgrade from April 2022.

“We will always prioritise the security of our products and protect customer data in accordance with the latest industry standards,” Sage’s statement continued. “It is a simple process for all customers on the latest versions of our software, and we are ready to support all customers to make the changes, so they are secure and have the best experience.”

Sage told AccountingWEB that its customer contact team is happy to discuss the needs of affected users on an individual basis. For users with a current valid support agreement, Sage confirmed that customers with valid support contracts are entitled to free annual upgrades – although this isn’t specific to the TLS issue.

‘Not the equivalent value of the software we paid for’

Despite the recent rise of cloud software, Sage 50 desktop products remain one of the UK’s most popular small business accounting packages and are used by hundreds of thousands of people. 

Many users have voiced concerns about the changes and their potential implications for the industry – a thread on the issue on AccountingWEB’s Any Answers forum garnered more than 500 comments alone.

Users of several of the affected packages highlighted the terms of their original perpetual licences, the length of which appears to have been set at 15 years. However, AccountingWEB member teamwhatever posted that they had been told by a Sage representative that the 15-year term “represents the point when the licence will automatically expire, it does not constitute a warranty ie, we can’t guarantee that usage will be uninterrupted and error-free for this period.”

Users reported offers of refunds or short-term discounts on subscription products from Sage, but often cited the cost of moving software as prohibitive.

Any Answers member Jamesh29 stated: “Our company has … a 15-year license with over 10 years remaining for software that will soon be retired. We have reached the point that many here have, with Sage making what is frankly an insulting compensatory offer that we could purchase the subscriptions for a discounted price for a few months. This is clearly not of the equivalent value of the software we paid for that they are taking away our use of.”

Sage signals subscription strategy shift

Founded in 1981 and now one of the UK’s largest software companies, Sage has recently shifted its strategy away from licence sales and towards cloud-based subscription revenue - a transition that several posters chose to pick up on in their comments.

AccountingWEB member Martin Jones commented: “Sage wishes to move to a subscription model going forward – that's fine, we respect their right as a business to make that decision. It does not give them any entitlement to disable the product they have sold previously on different terms.”

A customer relations call?

A number of commenters, including Sparko, a forum member and stated ‘loyal Sage customer for over 15 years,’ called for the Newcastle-based developer to either tackle the affected products by disabling the licence check or move users onto similar products using TLS1.2 for licence authentication.

One IT outsourcing firm director told AccountingWEB: “it would be trivial for Sage to patch the licence server call to support TLS 1.2 (It's been around for 14 years). Versions after v24 already use TLS 1.2 for communication other than the licence check (HMRC etc.), so the product already supports TLS 1.2 comms.”

IT industry analyst Bill Mew outlined the issue in stronger terms: “Sage could patch or disable the licence call with relative ease, but disabling it might expose Sage to widespread piracy in the use of unlicensed versions of its software. The security risk inherent in the licence call is more of a risk for Sage in having its licencing restrictions overcome, rather than to clients who run little risk of their systems being compromised. This is more of a customer relations call than a technical or cost one.”

For more information on the updates, you can visit Sage’s campaign page here.

21 September: The image for this story was changed.

Replies (14)

Please login or register to join the discussion.

avatar
By Hugo Fair
21st Sep 2022 13:15

Thanks for the round-up, Tom, however:

1. ".. a move which the developer claims will keep customers safe following a security update."
I note the word "claims", but we all know this is an entirely spurious (and deliberately misleading) claim.

2. "Users of the ‘Subscription’ products listed (2 and 3 above) can switch to an alternative for free by contacting Sage."
Of course they can (the subscription model is all that Sage wants and the sole raison d'être for this fiasco) ... but don't swallow the hook so easily ('free' applies to the switch/upgrade, not the ongoing subscription which is likely to increase in price).

3. “We will always prioritise the security of our products and protect customer data in accordance with the latest industry standards ..”
This is obfuscation of the highest order (straight out of the politician's handbook).
The use of TLS is only part of Sage's affected products in order to achieve something to their (not the client's) benefit - namely checking the licence/registration details with Sage's own database (and using the Internet to send that data from the product to Sage).
That data contains nothing that could compromise "customer data" - and the only possible danger to "security" of a stand-alone product from outside comes from Sage's insistence on using the Internet to perform their check.
Hence all the suggestions (on what must by now be Aweb's longest thread) of configuring the affected Sage product such that it cannot use the Internet - without affecting the user's ability to keep working (and retrieving their data) AND indeed without affecting their data's security!

BTW I'm intrigued by the almost gnomic "21 September: The image for this story was changed" ... what was the previous image? And who requested that it be changed?

Bottom-line?
Although it's possibly too late now for those affected (particularly those with perpetual licences), which appears to have been Sage's game-plan all along, I hope that you/Aweb will keep the pressure on Sage and not treat this as a one-off exercise.
So far they've batted you away (as they have done with so many of their own customers) ... but, a bit like the Post Office/Horizon case, the true horrors of the impact on people's businesses (and so potentially on their lives) has yet to unfold.

Thanks (6)
Replying to Hugo Fair:
Tom Herbert
By Tom Herbert
21st Sep 2022 15:01

Afternoon Hugo. To answer your question, the original image was one of the Sage for Accountants launch event and was put up in a bit of a hurry. Given that the products discussed in this article aren't related to Sage for Accountants, to avoid confusion I switched to a more generic picture.

Hope that clears things up, apologies for the gnomic prose.

All the best,

Tom

Thanks (1)
Replying to TomHerbert:
avatar
By Hugo Fair
21st Sep 2022 16:41

Fair enough (I've a naturally suspicious mind that kicks in when unplanned change occurs).

An oldie but goodie ...
"How many psychologists does it take to change a lightbulb?"
"One ... but the lightbulb has *really* got to want to change".

Thanks (1)
Replying to TomHerbert:
avatar
By Hugo Fair
22nd Sep 2022 14:47

One other thought, Tom, have you also considered following-up/researching the slightly similar story that has been burbling along for nearly a year with regard to QuickBooks?

https://www.accountingweb.co.uk/any-answers/quickbook-desktop-discontinued

Different details (and arguably less scandalous) - but still just as painful.
The common elements?
Adherence to Cloud as the 'answer to everything' + a supplier attitude of 'my way or the highway'.

Thanks (1)
avatar
By Paul Crowley
21st Sep 2022 14:45

'After a cut-off date of 30 September, Sage has confirmed it will switch off access to a number of versions of its older desktop products – a move which the developer claims will keep customers safe following a security update.'

That's gobbledegook
Remove access later but 'security risk' now?
Having no access to records is safe?

If what you are told is gobbledegook, call it out as just that
SAGE want more money because Xero have overtaken. Breaking contracts and agreements is how to do it

Thanks (8)
avatar
By Ben Alligin
22nd Sep 2022 09:51

Glad I am still using stand alone Version 16 which ticks along quite merrily without any of these problems. One client is even still using V12.

Power to the Luddites (if that is not an oxymoron)!

Thanks (0)
avatar
By estorry
22nd Sep 2022 09:57

Useful info thanks- this seems to confirm that my v16 copy of Sage Instant will be ok!

Thanks (0)
Replying to estorry:
avatar
By Ammie
22nd Sep 2022 10:31

Just called Sage and I have been advised that anything older than v26 will be affected.

You will have access to data but there will be no functionality.

There will be more than a few customers on their way to Xero!

Thanks (0)
Replying to Ammie:
avatar
By Hugo Fair
22nd Sep 2022 12:22

If you "have been advised that anything older than v26 will be affected" ... then that was at best misleading, and at worst a deliberate lie (to encourage giving up on the product).

As Tom correctly says near the start of the article ...
"The products affected are:
* Sage 50 Accounts Perpetual v23.2 - 26.2
* Sage 50 Accounts Subscription v20 - 26.2
* Sage 50cloud Subscription v23 - 26.2

Also I'm not sure what you mean by "You will have access to data but there will be no functionality" ... those versions listed by Tom will have NO access (including access to data).

And careful if you're considering a move to Xero, they're just more advanced at treating their customers as milk-cows (via the wonders of subscription licensing) and being in a position to abandon them at short notice (via reliance on the Cloud).

Thanks (3)
avatar
By MartinJones
04th Oct 2022 10:46

Thank you for the additional coverage of this issue. I am disappointed that there is no more challenging interview with Sage. I would like to see Steve Hare directly questioned over a number of points relating to these issues and the policy decisions from 2016 onwards relating to perpetual licenses and Sage 50 Accounts. Why do they continue to hide behind carefully crafted statements if its all so straight forward and they have such confidence in their position?

You have written that the (obsolete) protocol is only used to perform licence checks. As noted in the article Some of the more recent versions of this software retain the obsolete protocol for licence checks, but also incorporate the newer 1.2 version for other communications. This is clear evidence that Sage were aware of the later version and capable of incorporating it into the software. Why did they hold back the version specifically used for licence verification?

“For users with a current valid support agreement, Sage confirmed that customers with valid support contracts are entitled to free annual upgrades” – is anyone aware of this actually happening in reality, they may be *entitled* but are they actually being issued?

Thanks (2)
avatar
By MartinJones
06th Oct 2022 13:13

Sage are reported as stating that customers with valid support contracts are entitled to upgrades. This has been reported here and elsewhere. They also confirmed to us that there was no obligation for those customers to migrate to subscription to get those upgrades.

The tone of that statement seeks to push the responsibility back to the customer, the inference being, you didn’t take out support, you only have yourselves to blame.

There have also been reports of customers who have a Sage support contract being unable to obtain the upgrade.

We may now understand what’s going on here… Specifically, SageCover Extra included the upgrades, but there are more basic forms of support contract that do not.

The support contract doesn’t just need to be valid in terms of being in date, it needs to be this specific type of support contract which I understand is substantially more costly and therefore not so common.

Sage have only allowed such contracts to be renewed in recent years, I understand that it has not been possible to take a new one out for some time and certainly it is not possible currently.

If there is ever an opportunity to put these questions to Sage, as they have used the availability of these upgrades in their defense to demonstrate that they are supporting customers, I would like to know specifically how many customers have in response to this issue been provided with an upgrade, without cost or requirement to move to a subscription by means of having a valid support contract.

Thanks (0)
avatar
By Paul Hagen
07th Dec 2022 14:17

December '22 and they've finally pulled the plug and left many of us high and dry.
What have people done?
Struggling to find suitable alternatives with good sales order processing, together with robust back-order processing and reporting, plus stock control and multi-company.
There must now be lots of businesses with problems!

Thanks (0)
avatar
By DeeEll
19th Dec 2022 15:51

So the day dawned and indeed my "perpetual" software stopped.

I found https://www.freeagent.com/ Get FreeAgent for free if you have a business current account with NatWest, Royal Bank of Scotland, Ulster Bank NI, or a business account with Mettle, for as long as you retain your account.

Works fine for my business consultant bookkeeping requirements and I also get VAT MTD built in. Watching my RBS statement automatically load is fascinating after Sage.

Even has a global dual currency version that I'm also using.

Thanks (1)
Replying to DeeEll:
MacMillan clan crest
By Geomac
04th Jan 2023 11:02

I'm pleased to hear that you have found a satisfactory solution.
Your software didn't stop working because the TLS 1.0/1.1 server was shut down, it stopped because Sage are progressively removing licenses from the server in order to keep the inevitable waves of protest manageable. You can see the status of their TLS server at https://www.cdn77.com/tls-test/result?domain=licensing.services.sage.com which shows that it is still running at the time of this posting. Your dawning day was the day they got around to deleting your license number.
I am still up an running on V24, having implemented the legal workaround developed on the Any Answers forum sage-50-cloud-wont-work-unless-you-update?

Thanks (0)