The 9 Suggestions

At MLA 2011, I presented on what a small library should be doing to keep its PCs running. I gave 9 suggestions for what a library should do. Here they are.

1. Microsoft Updates: Do Microsoft updates, not just Windows updates. The second Tuesday of the month is when Microsoft releases many updates, but they also occasionally come at other times of the month too.
2. Also keep your other applications current. Pay particular attention to Firefox, and Adobe Reader and Flash. But try to keep all your applications up to date. I agree with you though that it is a royal pain in the neck. Larry, our new IT guy at the Missoula Public Library, has some good ideas on that front. I hope to be posting about how to make this easier in a couple months.
3. Use Firewalls. XP, ME, Vista, Windows 7 all have firewalls built in. Use them. Also use a firewall at your perimeter device. That's the device in the phone closet that connects to your ISP.
4. Block SPAM. If a malicious email never shows up in your mailbox, it can't infect you. Most email clients have some kind of SPAM blocking feature. Also many ISP's provide a SPAM blocking service that will usually cost a little bit but will keep your mailbox cleaner.
5. Protect your Browser: Al the major browsers have a variety of tools built into the application to protect you from a variety of malicious activities. For example, IE has the pop-up and active-x blockers, protected mode, and a variety of other things. Another useful tool is something called the WOT. It's a 3rd party app. Find it by googling "web-of-trust".
6. PC Restrictions: This is something you would consider mostly for your public PCs. The primary product for this is Group Policies. It you had a week long class on this product you would just be scratching the surface. But there are much more user-friendly products such as SteadyState from Microsoft (It's free but it doesn't work on Windows 7) or Winselect from Faronics.
7. Antivirus and antispyware: As time goes by, this genre of tools becomes less and less useful because the malware is getting too clever. But they are still useful. Use them. Keep them updated.
8. Separate Public, Staff, and Hotspot PCs: Your staff will at least try to not get infected. The public doesn't care and so you can assume the public PCs are infected not long after a patron touches it. On the hotspot, patrons can use their own tools to hack into your environment. Stop all this by disallowing any communication between your staff, public, and hotspot users. See a previous post on ARP poisoning to learn how to do this easily.
9. Passwords: Never leave a device with its default password, or no password, or "password", or any of dozens of silly selections. You have good locks on your doors? You should also have good locks on your software. This applies to both your vocation and your personal life. Don't always use the same password. Can someone watch you logon to your PC every morning and then know how to get into your online banking?

So there is a lot of stuff here. You are not going to go home and do all this right away, if at all. So people ask me for the short list. What three things from this list should they do?

If I had to say only three, I would say 1&2 first. Do the Microsoft and application updates regularly. Then 8, because you can always safely assume that your public PCs are infected, and you don't want that to spread to your staff PCs. Finally 9, passwords are locks, use good ones and use them correctly. There is a lot of good info about how to use passwords well.

But I would also put antivirus and antispyware in the top 3 as well. I know there are 4 items in the top 3 but they all need to be there. AV and AS are less important on public PCs if they are using Deep Freeze, but definitely important on PCs not running Deep Freeze.

Be careful out there.

The Web of Trust – A Useful Tool.

I have had a couple incidents recently that highlight the usefulness of a tool I have been using of late and I thought I would pass on the name. The tool is called “Web of Trust”. You can download and install it from www.mywot.com. It is a tool you would use on your own PC, either at home or work. I don’t think it’s worth the effort to put it on a public surfing PC.

It's an add-on for your browser and you can install it on IE, Firefox, or Chrome. If you run all three browsers, you will have to do an install for each one. Then, of course, you have your staff PC, your staff notebook, your home PC, your spouses’ PC, and so it goes. There could be a lot of installing.

The idea with the Web of Trust is that you and I and the other users of the web have opinions about the reliability of various sites. Sites are rated based on these opinions and your browser will show you the results of these combined opinions with a red, yellow, or green circle on a site.

For example, I did a Google search for free music. A portion of the results are posted below.There are two red circles, and two green circles. I wouldn't go to the sites indicated by the red circles but I would go to the sites indicated by the green circles. If there were any yellow circles, I may have a look at them, but I would be pretty wary.

There is more to the Web of Trust than just colored circles. It can pop up warnings for risky sites, and you can get more information on a given site by clicking on the circle associated with that site. It is a useful tool that can help you stay away from risky sites. This would not be useful on Public PC though because patrons on our PCs don't care whether a site is risky or not.

Let me give you a couple examples how this was useful for the two incidents I mentioned earlier.

One of the staff here received the email shown below. Now there are a lot of reasons why this would look suspicious at first glance, and so she got suspicious and asked me about it. Well the “click here” phrase is a link. You know that you can put your cursor over a link in your email program and it will show you the link before you click on it. When you’re doing this make sure you DO NOT CLICK on the link. So this link had a URL, the domain of which I Googled. The hits that came back had a lot of red circles, just confirming her suspicions.

**************************

From: Smith, John [mailto:[email protected]]
Sent: Thursday, March 04, 2010 9:13 AM
To: [email protected]
Subject: Your E-mailbox Has Exceeded Its storage Limit.

Your mailbox has exceeded the storage limit which is 20GB as set by your
administrator, you are currently running on 20.9GB, you may not be able to
send or receive new mail until you re-validate your mailbox.
To re-validate your mailbox please
CLICK HERE

Thank you for your cooperation.
Webmail Help Desk.
System Administrator.

**********************************

Another user here had discovered a database on the web look at every driver’s license in the US. She was appalled by this and sent an incredulous email with the URL to me and some others. Well, I’m sad to say, I bit. But as soon as the site came up in my browser, along with the red circle, I knew it was bad and just closed out the browser. Then I Googled again and found a comment about the bad site at Snopes. The bad site is probably nothing more than a prank site, but we really don’t know.

Snopes keeps track of urban legends and rumors. Find out about the drivers license site by going to snopes and use their search tool for “driver’s license look-up”. I am not going to give you the link to the driver’s license site itself.

You should have a look at snopes if you haven’t yet. It’s at www.snopes.com and it gets a green circle. Also try out WOT. Be careful out there, and may all your hits be green.