 Hello and welcome to Encompass Live, I'm your host, Krista Burns. Encompass Live is Nebraska Library Commission's weekly event that we do via the Centra online software. We cover also to NLC activities, library topics you may be interested in, presented by NLC staff, and we do have guest speakers come in sometimes with a few developers. We do this every Wednesday, 10 a.m. central time. It is for an hour or however long it lasts, and it is free. So you can watch it live here for free and you can watch the recordings for free as well. This morning we have a session on studying up your public access computers. Michael Southerd and Danielle Wells are going to go through that, so I will turn things over to you guys to take it away. This is Michael Southerd, so I need technology, innovation librarian here at the commission. Many of you have taken classes from me or heard me on our podcast or various things like that, and I'll let Diane introduce herself. Hello. I can't see our camera operators having issues. Anyway, I'm Diane Wells, I'm part of the library commission's computer team. We did one of these sessions a few weeks ago talking about purchasing computer stuff, and I remember at the end we got a question or two about some security issues, and so we just decided, hey, why don't we do one of those? So we kind of put together a PowerPoint here for you. We've got some opinions, we don't always agree, and that's half the fun, I think, in many kinds. And so we're going to kind of go through the material we have. We have no control over this camera at the moment for those of you watching the live session. It's getting a little drunk in there. Are you sure you're not on the medication, Kristen? No. Okay, all right. Some of the rest of us are here, we're feeling a little under the weather. Anyways, so we're going to go through kind of our material, the PowerPoints here. If you've got questions at any point, just go ahead and give a hand raised there, and then we're hoping to leave kind of plenty of time at the end, because some of you may have some situations that we either hadn't thought of or we hadn't covered, and we will do our best to answer your questions. So let's start out with here. Both Diane and I deal with security kind of at different levels. I usually look at it from the end user point of view. Diane usually looks at it from kind of the behind the scenes server stuff, and managing the desktops and things like that. But what we can both agree on is that ultimately it is all about balance. You have to balance security with usability. You can have a completely usable computer that does everything you could possibly want it to do, but it's highly insecure. You can also have severely secure computers that unfortunately are not usable. I was told once a completely secure computer is one that is unplugged, not connected to a network, locked in a closet, no lights on, and a key has been lost. It's a perfectly secure computer, but not exactly usable. So for example, it is possible to kind of overdo your security, I would argue. I think you love this photo. Yes, I've seen this photo used in many different presentations over the years. So I went out and found it. So like we said, it's a balance. There are not necessarily any right or wrong answers. We have some strategies, we have some suggestions, but they might not all apply to you in particular or your scenario. So let's go ahead and just talk about some general strategies. Diane, do you want to run through these? Sure. Basically, you want to be sure that your whole access computers don't allow, aren't set up to boot from anything except the hard drive. That's sat in the BIOS. It's a really quick, to get into the BIOS, it's a really quick keystroke before you actually, before the operating system loads. And then there's, the menus vary and how they look, but they're basically always like white tests on a black screen kind of thing. And you page through and it allows you to choose what things can and can't be, like can it boot from the hard drive? Yes, that's what you want. Do you want it to boot from a network? Probably not. Most public access computers are not networked in a way that would make that make any sense. Do you want to boot from a flash drive? No. Or a floppy? No. You don't want to do those things because that would allow people to basically boot your computer from some other way. Probably do want to have some sort of a boot order in case you have a really horrible crash and maybe want to be able to boot to a CDS at some point, but the next point kind of keeps you covered there. You want to set up BIOS to password. Now it's not something that you generally do, but in these cases it seems like a pretty reasonable thing to do so that once you hit that key that it says F2, F whatever, depending on what kind of computer you have it's going to be different. Once you hit that it's going to ask you for a password and you want to keep that password in a place where people know where it is because you know where a safe place that your predecessor will, not your predecessor, but your successor. Your successor, yeah. Allergy Medicine is really doing enough for me today. Anyway, so they will know where that is. So basically that's the thing about the BIOS is that you want to be able to set that up so that you know how it is, but it's possible to change it, but that you're the only ones who can change it. Yeah, I'll throw in here for those of you not familiar with BIOS, you mentioned a key press. Usually it's when you first turn on the computer it will say something like press F2 for setup. That's the BIOS. That's where you're going in there. Now it might not be F2. It might be another key stroke. It varies from really maker to maker. Also, what typically the BIOS will allow you to do, I've seen some BIOSes that do the allow from boot, yes or no. A lot of BIOSes will also set what's called the boot order. And you want to make sure that the hard drive is first. Now for security purposes that's great. That way I or somebody else can't come up, stick in my flash drive and boot a completely different operating system on your computer. But that can cause a problem eventually when you go to use your Windows recovery disk and you need to boot from the CD-ROM. Well you'll have to remember that you listed the hard drive first, go back in, change it so that the CD-ROM is first and then you can boot from say a recovery disk or something like that. And the setting of the BIOS password just basically prevents somebody else from changing your boot order. That used to be that. Okay Michael, this public shouldn't run as it meant. Now this is your, I mean this is sort of the place where we get to talk about the things that we don't always agree on. And because there is no real right and steadfast wrong to this kind of thing, generally I say that you don't want your public running as administrator. You don't want to be able to install software, you don't want to be able to make major changes to your machine. So the, maybe unless we'll cover in a little bit, there are some programs that make it possible for you to go ahead and lecture public runners and men and then none of their changes will be saved. So that's what the maybe unless is all about. Yeah, but I would agree a general rule of thumb unless you've got some additional software would be don't let the public run as it had been. I mean that is perfectly acceptable unless you've taken additional steps. A lot of additional steps, right? All right, so Patch Tuesday, I love my little pirate guy here. I want to do a quick yes or no here. Let's make this a little interactive. Check your yes or no if you know what I'm talking about when I say Patch Tuesday. Okay, we got one yes, one no. Okay, there's nine of you out there. Okay, there's eight of you out there and there's a room full of NLC staff somewhere in this building. So most of them maybe, I don't know if we can find out what their answer was. Okay, we've got NLC is saying yes, good. I know some of the computer people are in the room. Okay, it's about a 50-50 split. The point of this slide is the following. You need to run your software updates. You need to install the security patches. If you're running Windows, if you're running Mac, even Mac's have security patches. Much of the other software, Java has been updating a lot lately. Firefox has had a security update lately. There's a new version of Internet Explorer, which you may or may not want to be updating lately. But Patch Tuesday is Microsoft's day every month. It's the second Tuesday in a month where they release all of their updates and security patches. Now, they will periodically release them on other days, but you can pretty much bet that the second Tuesday of every month there's going to be a bunch of updates for your computer. So what I generally recommend is mark that on your calendar and then sometime later in that week, you know, you might need to wait until the weekend, you might need to wait until Friday, something like that. But make sure that if your computers aren't automatically updating, which is a whole other issue, which you may or may not be, that you go and you get those patches. So it's the best thing you can do for any system. And honestly, at this point, I haven't heard of a patch screwing up a machine lately. It's been a while. Yeah, you pretty much can get those patches and it's not going to cause problems. There's always exceptions to everything. Right. But percentage-wise, you're much more likely to have a problem if you haven't patched anything. Right, exactly. The other one we like to talk about is reducing temptation. I usually talk to libraries where they have a public login and they have an admin login, which makes complete sense. And then they go and they name their admin login, admin. Staff. Yeah, staff. Although I will admit I've named them staff before if anybody got any of some of the gates machines. But maybe you should have your username be something other than the obvious admin or staff. You're 15-year-old. You're not necessarily malicious, but you sit down in front of that computer and you see a thing that says, click here to log in as administrator. What are you going to click on? You're going to give it a shot. You've got to spend at least 35 minutes trying to figure it out. Trying? It might work, might not. I had one library suggest they called it for children only or something like that. And none of the teenagers would go near that login. So because, you know, how cool were that basically. So, you know, it's just reducing the temptation for people to play around with your system. They're going to do it. You know, it's not necessarily malicious, but, you know, people are curious and they're going to try that it's a computer, so why not? All right, what's next? Oh, passwords. We love passwords. This is where I, in my security workshop, said we're going to have the talk. We're going to have the password talk. Many of you have had the password talk. A slide I didn't throw in here was like the most popular passwords. And I just, you know, usually the most popular password is the word password. I love that one. What is the username again? The username again, ADC123, that sort of thing. Question, let's do this interactive again. Yes or no. Do you use the same password for everything or a lot of your things? Or are you sure you have a different password for everything? Okay, so we got one person saying, yes, he's using the same password for everything. Two noses. Three noses. All right, some of you are really, really good. Five noses. Oh, we're doing great. Okay. This is good news. I can't say who's saying what, what name names, but the person who's using the same password for everything, stop. Or at least have a different password for your bank account. At a minimum. I mean, completely have a different password. They were strictly talking about, you know, work and life or whatever. Yeah, exactly. So let's do the little thing here. I don't know if you can read that, but that says passwords are like pants. It's a British sign. You shouldn't leave them hanging around where anybody can see them. You shouldn't share them. You shouldn't, and you should change them regularly. We'll get to the change regularly in a minute where we might have another slight disadvantage. But we'll say password size does matter in this case. The longer the password, the better. Of course, the longer the password, the harder it is to remember. We'll talk about that. But on average, my passwords run about 10 characters long. Yeah, 10 to 15. And for those of you thinking, but how do I remember that? We'll get to that. Almost everywhere passwords are case sensitive. So mixed up or more case. Definitely a good idea. Mixed in some numbers. Mixed in punctuation and symbols. You know, throw in shift and those number keys in there. You can do that. And spaces are usually allowed in many places, especially like the windows login and various things. I have a password on my Wi-Fi at home that is 63 random characters long. Chris has given me a look. What does one of the teenagers have to mess them with enough? Yeah, well... I guess I'm just guessing, Michael. It's overkill. I did it because I could. But, so then I keep that password on my flash drive. So you don't have to type it in? No, oh no. But I did have to type it in once, twice. I hooked up my iPod touch to my Wi-Fi network at home and you can't copy and paste into that. I see that more and more. Well, the new iPod company out you will be able to copy and paste. Oh, really? Yeah, they've added that. But anyways, so I did have to type in those 63 completely random characters and I got it right on the first try. I figured I was going to try it once and if it didn't work. Can we have an applause button? Yes, we do. We have an applause button, okay? Please, applause! So anyways, I will admit it was overkill. Actually, I did it mainly just because I could do it. Anything else. There we go. Thank you, Deb. Thank you very much. So really, the more of these bullet points you use, the better your password is going to be. It's really that simple. So you don't have to necessarily do all of them. But really, if you can do about three of those, I would say you're well on the right track to having good passwords. Now, the changed often. Here at the state, we have certain passwords that we need to change every, what, 90 days? There are all kinds of rules. All kinds of rules. Diane, do you have an opinion on password changing? I don't know what it is I'm asking you. Actually, my opinion is the more, just passwords in general, not specifically to your bulk access work sessions, my opinion is the more access that this person, that this account has, the more essentially the more damage that particular account could do to your system, then the more frequently the password ought to be changed and the better the password needs to be. And so levels of password protection make sense to me, strictly from that standpoint. A more limited account has access to fewer things than maybe doesn't have to be changed quite so often. And the most limited accounts for basically over an hour, that kind of thing, then I would say those maybe don't need to be changed really often. However, here we're dealing with public access computers. So you've got a large group of people using them, knowing whatever password that you might put on them. In that case, then I would think that changing passwords might be a good thing. It's as you go back to the slide too, because balance is everything. You really have to, and I probably I will say this every podcast I'm ever on, because it's what I really believe. It's balancing usability and risk and liability and you have to figure it out. And you have to figure it out in your environment with your equipment, with your software, with your public. And it's something that you don't need to do alone. There's a lot of advice out there. You can make a presentation to your board. You can come up with a policy. And I think that's what makes sense is to have done that. So that you know what you're doing and why. Sounds good. Yeah, so it boils down to it depends. Absolutely. But not in a necessarily a layered way. It basically depends on the thought for life. I agree with everything Diane just said. Being forced to change my passwords frustrates the academy. I've read studies where if you have a bad password, you tend to change it to another bad password. If you have a good password, you tend to change it to another good password. So statistically changing it doesn't necessarily mean anything. I will admit I've done the change the password and just up the number on the end was three last time. Now what's four and then it's five and then it's six. And you can see it's not really any more secure. It's just a different password. I find it really bizarre that there are places that will allow you that fortune would change your password every 30 days. All will allow you to make it the same thing plus one. Yeah, so. What? I don't get it. For those of you who are looking for good passwords but are thinking those are really hard to come up with, I just threw one piece of software here. I'm a Firefox user. I think there are standalone packages available for this. This one just adds right into Firefox. I get a menu choice. It's got a create secure password under the tools menu and it says okay, I click create. I can copy to my clipboard. I can tell it to whatever we need to one hand or both hands. We have to type the password over the settings there. I can tell it how long I want it to be. Do I want it to use letters, numbers, other characters, other certain characters I want it to exclude and how many more or less of waiting. So if I didn't need a password for something and I decided not to use the system we're going to talk about next, I would use this to create a password. For example, I had to create some passwords for other people recently. So I didn't want to use my system because that would be telling them what my system is. So I use this to generate some passwords to give to them in this case. I do want to say with this that one of the things that I do and I think it's really, I think it's a whole lot of sense, if it's a password that you're going to be typing a lot, then open up Notepad, type that password. Type it a lot of times. Change to a character that makes more sense. Put a shift in when you need a little extra time to get your other hand over. I mean, make a capital. Make it a password that's going to make it typable. Even though it's, yes, we randomly generated it and whatever, that doesn't mean you can't change it. You can adapt that randomly generated or however you generated it to the point where it's typable for you. And because I have had passwords, I actually have a password in account now that I probably mistyped half the time. Now you think I just changed it, but I haven't gotten it wrong. I just go back in and retie it because I know I must have screwed up somehow. But that is really a, making your passwords typeable is a big deal. You might as well just get out Notepad and type it a few times and say, that doesn't work very well. What if I do this? What if I change it to this number? What actually works the way that you type it? Yeah, and that happened to me. I have a password for one site that uses the carrot symbol and it shows shift sticks. It doesn't even get with keyboards in front of you. And I went to access that website on my cell phone. And so it's asking me inside my password about the cell phone keyboard doesn't have that character. So I have to press about six more buttons to find the insert symbol screen that has that character on it to be able to just type it into my password. And I realize not typical for most people, but like I really should change the password because on the phone it's really annoying. And I thought I was being creative by using a carrot in a password and then, you know, well, there we go. That's right. Oh, well, let's do one other quick point. Contrusion marks are great. They're wonderful. I would really suggest you stay away from the period in the comma. If there are passwords that anybody's going to have, that you're ever going to have to read out of anything, because it's really hard to see them. Okay. They are very difficult to see. And so then you go through and you're typing this password and you're like, well, I typed it and you didn't. And then you end up copying it somewhere and pasting it. And you know, by the time you get it in 72. You realize, oh, look, there was a period in there and I just missed it. And so I try to stay away from them because I just know if you're going to have to look it up and give it to somebody for some reason, because it's just really hard to do. Here's, you should stay on the screen on our strategy. And I've been telling people about this one for years and I've heard many people high up in the computer security world give this exact same sort of methodology for creating really good passwords. Now, I want to stress down at the bottom there, the last bullet point is I'm keeping the example simple. You then mix all that other stuff we talked about in to make it even better. But for example, come up with a phrase that you can remember and I've actually used this one in the past. I don't use it anymore, which is I don't like changing my passwords. So then what I did was I turned that into IDLCMKW. You know, trading passwords is two words in this case. And then using that as my core, then customized it to each site. So for example, for Amazon, I would add an A on the front and a Z on the end. For Facebook, I would add an F on the front and a B on the end. Or put them both on the front or both on the end or something to that effect. And then come up with a strategy for, you know, in whatever I type an L, I'm going to do it in uppercase instead of lowercase or lowercase instead of uppercase. However else you are good, you know, thinking about all the numbers and the symbols and whether it's typeable on your keyboard, things like that. And I use a strategy very similar to this and usually within two tries, if I can't remember the password, I can guess what my password is because it's based on this strategy that I've put together. Now sometimes it doesn't work because I haven't used a symbol and they require me to use a symbol. So then I have to, you know, eventually I have been known to do the I can't remember my password thing in a website. But I used a strategy very similar to what I'm describing here and it works generally well and now I have unique passwords for almost every single site I've signed up for. And they're vaguely rememberable. Rememberable? I guess this is... Rememberable. Rememberable. I will have to stay after Michael told me this. I don't know. A few months ago we've had a lot of widespread conversations over the months. I tried this and I could not remember for the life of me where the capital D went and whatever in this particular thing that I had started in. So then I have like through websites I had to have them send me the things to reset my password because I couldn't remember what I did. I personally am a past phrase person. I come up with a phrase and abbreviated it in some way not necessarily just like the... I would type the whole I don't like changing my password for example. And that works pretty well. You have to remember whether or not you use spaces and that kind of thing. And that works very well for me. And other people will say well and that's again where the typability comes in. You have to be sure that the phrase is that you choose can be typed because some things just don't type as well as others do. So I'm actually a past phrase proponent just for my personal use because it's a lot easier for me. And you can still add the... you can add numbers you can mix the case and symbols and whatever. But as you add... in some places it doesn't work very well because they have like a six character limit. So I have like two sets of... I have like two sets of password strategies I have like the past phrase which I use anytime I can and then I also have the other the liberal password strategy because I can only use six characters and it has to have a number or it has to have a number. So then there's kind of like you may end up having to have two strategies because of that. It is rare that you'll pick a password and they'll say your password is too long but it does happen. So every once in a while I actually have to have a shorter password. You know, I guess we're kind of... this is about public access computers so maybe we want to... like I guess this maybe people will wait for this. But you can't have a security talk without the password. Yeah, we're about halfway through. Does anybody have any questions at this point with anything we covered? Just go ahead. Check the chat. Look at the text chat. But it's so hard to remember them. Okay, so Judy, hopefully we would address that. I will also throw out we don't have slides for this. There is software out there that will securely store your passwords. Now, so I have one. I purchased it. It was 30 bucks. They're free ones. Okay. But the reason I purchased mine is it will stick to my phone. So as long as I have my phone with me, I have all my passwords. But all of them are stored behind a master password. So I have a completely different password that doesn't relate any way, shape, or form to my typical scenario. And so far I've really forgotten the password and I don't have time to do the email me the whole thing, whatever. I can pull out my phone and I can look up a password in my account. This is like a password in my account. As long as I remember to put it into the software, I have forgotten the area how to play. So, you know, there's software that can help you with that. Okay. So, yeah. Okay. Not seeing any other questions at this point. I raised hands. Why don't we go ahead and get kind of back to the desktop. And this is kind of going to be the, but unless I'm in an area. Do you want to start with this one? All right. There's a piece of software out there called Windows Steady States. If any of you have gotten any of the recent laptops or desktops from us to the Gates Foundation and you are familiar with this software whether you like it or not, it is free. Now, there are some non-free options we'll talk about in a moment, but Windows Steady State is completely free. It's from Microsoft. The URL is there on the screen. We'll provide bookmarks for all this after the fact as we usually do. It allows you to do several things. The main things that would be of concern in this case is the ability to lock profiles and what's called hard disk protection. Now, additionally, there are all sorts of things where you can stop certain pieces of software from running and granularly control what the user can and can't do. Generally, I don't recommend going there unless you have very specific needs. Right. You have specific need for it. Locking profiles tends to do very similar things, works a little differently. Locking profiles, so, for example, I've done this on extra machines. We do this in our lab down in the basement. We have a staff profile, staff login, and a public login. And we've locked the public login. What that means is anything anybody does when they're logged in as public will not be kept past logging out of public. So they can go in and they can change the settings. They can install software. They can do whatever they want. They can change settings. But the moment they log out, it doesn't keep. Okay. Hard disk protection does that to kind of the next stage. Hard disk protection, if it's turned on, will affect every account on the machine. And anything you do will disappear at reboot, not at logging out. Hard disk protection can slow down the boot time of the machine. Especially if you've made changes. Yes. Because what it has to do is you go in, you turn it off, you make your changes, you reboot, and what it does is it makes all the changes permanent. And then when you start up again, it's got to make sure those changes kind of kept. And so it can be a bit of a process. But here's the benefit, regardless of which of these two methods you go with is that you can now let your users run administrator, do whatever the heck they want. And what they think they should be able to do because that's how the machine at home works. And then once you reboot or you log out, anything they've done is gone and you're back to kind of a clean state. You're back to the way you as the library set up your computers. I like this solution. It's a little bit extra work from the administration level, but I like, I think it's a great balance between usability and security. Let them do whatever the heck they want as long as it's not permanent. And I'd have to say, you know, one of the reasons we have public access computers and libraries is for those people who don't have home computers. So those people want to have we want to offer for them that would seem to me a similar experience to a home computing environment as we can. I mean, I know we've got labs with walls and little tubes and whatever would, you know, you wouldn't choose to do probably to compute like that at your house, but, you know, okay, we'd cry. I will say a little bit about how the hard disk protection works. It basically takes the whole install in copies. You have a lot it requires quite a bit of disk space. It makes a copy of your install and then every time you reboot, it goes over to that copy and copies it back. And so that's why it takes a long time, particularly if you've made changes from administratively turned off the software. Then it says, I got to make a new copy. So then it has to be copied with the changes. And so that can take a long time. We have had a couple of machines that just kind of refused to do it. They just had to upgrade up some RAMs and then we've had occasionally we've had a bit of a problem, but it still is a great it is a great solution. And whether you come down on that side of that or the lock profiles thing, either one of those to make it a lot easier to feel comfortable that your patrons are not leading things behind that are going to make it difficult for the next person to use the machine. I mean, not and it's not going to be going to be going to be and it's not even so much about malicious stuff. You know, like that's great that it offers some protection against things that they accidentally do. But, you know, they want to try out this just this lesson sort of product and so they download the demo and what does that change and the next person comes in something doesn't work there. And that's not what we want for the users. We want it to work consistently for them. And so this is this is really a solution that helps with that. Yeah. I do want to stress using software like this does kind of add a level of work when it comes to administering administering the machine. I have logged into some of the machines, done all the updates, rebooted and had forgotten to turn off steady state. And so therefore I had to start over from scratch because all my updates suddenly disappeared. But in the long run I think it's all it reduces your work because it pretty much eliminates I will never completely 100% guarantee anything but pretty much eliminates the ability of users to do serious damage to the machine which will take you even longer to fix. I have messed with these machines. I have gone in and second format the hard drive and it said hard drive format it I don't work anymore you rebooted and it came back. Now don't do that with the machine you really rely on the machine. But I've done it and the software does work. You don't have to advertise. We will throw in that there are non free options. I have had experience with deep freeze. It's basically you're going to buy it it's going to cost a couple hundred bucks easily depending on how many machines you have. I do find that it worked I think it was a little more easier to use than steady state. It was just it was turned on and off of the password you didn't have to reboot it was a little faster of a process to update things but you get what you pay for so you are going to pay for that. Centurion Guard is what's on all of those old gates machines if you have any of those gateways from the Gates Foundation and Centurion has a software version but then also the hardware version which is the physical key that some of you have on the front of your computers and that makes it easier that key I mean you literally you turn the key on a lot you do all your updates you reboot and you lock it again no passwords to remember physical key very easy but it's going to cost you even more to be able to do that so you know if you've got to spare cash look at it but I'm guessing most of us don't have to spare this instantly we have a question Judy you want to go ahead I just used just installed a new public access and put the Centurion Guard software on called Smart Shield and relatively inexpensive and so far been running for about 60 days and I'm really really pleased with it great yeah okay so so Centurion Guard software program is called I'm sorry could you say the name of it again it's called Smart Shield Smart Shield okay great thank you so and it's working so there we have a recommendation for that great thank you very much in terms of cost yeah and Krista thank you for pointing out that there was an address sometimes we miss things on the screen here so we've pretty much answered this question I really think that if you have something like this installed you can let your public run as admin you know you do want to get to share drives on the network you know right we're talking about autonomous public access computers right exactly if they're if they're in any way shared with your network then I think that's a whole different set of solutions right but yeah your machine your public access machine should not be able to access the Cirque system anyway so I think you're probably good there so yeah I think that you can and why don't we put those other packages also I do want to take the opportunity to talk about antivirus I would thought a different slide was next so that's why I'm stumbling here just a little bit that's alright we'll get to that slide in a few minutes but yeah so we need to talk about antivirus basically have antivirus software on all of your computers desktop laptop staff machines public machines you just need it I think there was a study done recently if you took a brand new Windows computer out of the box hadn't installed any updates yet put it on the internet it would be compromised in like 10 minutes or less it's amazing so antivirus is not necessarily going to be perfect but you're going to want it anyways and you want to make sure it's kept up to dates absolutely no question and usually that's a weekly thing although I've seen some antivirus software practically update itself daily so you know go for it there are some free options out there I'm losing Diane you are losing me because I just knocked over my coffee cup is it have coffee with it? it did but it also had the lid okay we're not staying in the carpet anyways okay so we've got we've got three free options here and I have used all three of these and I recommend all three of these however whether you can legally use all three of these for free is also another issue okay the first one the one I am using personally on my machines is called clam win it is free it is open source which I like I like to support the open source stuff however there is kind of a catch it doesn't have what's called real time scanning so in other words I can hit a button and it will scan it I can schedule it to scan my computer at certain times however if I download something off the internet and save it it will not scan it as it's coming in but it will if you can right click and scan it yourself but right before I run it I can right click and I can scan it manually so on like my computers where I like to think I really know what I'm doing and I'm paying attention and I don't you know attachments I run clam win do you don't have have 7000 emoticon programs? no I do not have 7000 emoticon programs now the 15 year old in my house she does not have clam win she has something that will scan stuff on real time because because it will seem to be irresistible I have no idea she will download all sorts of random stuff although she's actually much better than I make it sound to me but anyways so there you go the other two are introduced and probably most of you have heard of this next one AVG free it is free for home and I will also point out Avast is listed as free for home you download it you install it you run it it updates itself it does real time scanning it does scheduled full system scanning they do everything that the expensive paid for software will do however a library is not a home but I know of libraries that have just downloaded the free version and are using it anyway because what are your chances of being caught I am not recommending this I am just saying so we leave that up to you beyond that you get into the pay for stuff your Norton's your Symantecs your McAfee there's many others out there I think some of them are not hugely expensive it's not unfathomable to pay for your virus protection it's certainly not and to go to go with something that is I don't know I tend to appreciate the more minimally invasive ones the ones that require the least amount the least amount of you know disk space the sort of lowest system requirements tend to be the ones that aren't going to run your life which and sometimes the more what would they say I don't know the bigger programs tend to have with all the whistles yet they tend to be resource hogs they slow stuff down and some stuff just won't run with them so if you look at if you have a if you look at an FAQ for a program you're installing and they'll be trouble to say well you might have to uninstall this or is your virus protection that or those kinds of things so those are things you do need to think about the two things I will say getting a little outside of the first one gets a little outside of your public desktops but there's absolutely no reason to pay for any virus software in your home use one of these three honestly there's just there's no reason to pay a subscription fee there's no reason to pay for the software just do it they make their money off of the companies that have to pay for it so really the other thing I will say is never have two different antivirus programs on the same computer you do not get double the protection what usually ends up happening is they start reporting each other as viruses and it gets really messy very quickly so if you're using something like McAfee that came with your computer you want to stop paying for it make sure you uninstall it first get rid of it then install one of the free ones because they will conflict with each other very quickly very quickly and very nastily so I've had to clean up machines that have multiple antivirus software on it and it just wasn't pretty ah this is the slide I was expecting a few minutes ago I have heard people report and I've read articles that said well if I'm running something like steady state if I catch a virus all I have to do is reboot the computer and the virus is gone so therefore I don't need to run antivirus software that is factually accurate but leaves out some important concepts in other words steady state and the like does not eliminate the need for you to run antivirus software because the idea is antivirus software will prevent you from catching it in the first place if it gets past your antivirus software then getting rid of it's easy by rebooting if you have something like steady state but unfortunately there might be hours between the time where you catch it and where you reboot your computer to get rid of it and who knows what it's doing to not just your computer but other computers maybe not even in your building it could be during that 6 hour period spamming itself out through your network connection and doing damage to completely other people other people's computers until you reboot so you really still want the antivirus software to prevent things like that from happening between the time you possibly caught it and you reboot it by preventing you from catching it in the first place it's really a thing you do to be a good citizen it's your good citizen thing that you do you make sure that your machine is not going to be doing bad things to other machines for any length of time two more slides here and then we'll open it up for questions fishing or anti-fishing fishing is those wonderful you get the email that says your bank account has been compromised click on this link to go to US Bank and log into your account to fix the problem and unfortunately us librarians and patrons will fall for this periodically please don't your bank will never provide you a hyperlink to log into your account because what ends up happening is you get to another website that isn't to your bank it just looks like it and then you type in your username and your password well this has become such a problem that most browsers have built in anti-fishing features and what we've done here on the left is we've pointed out where it is in the settings for Firefox and on the right we've pointed out where it is in the settings in Internet Explorer seven, I don't know if it's changed in eight it's going to look about the same I believe they are on by default you want to make sure they're on this will not prevent any and all fishing from happening but there are lists of known sites they get at quite regularly updating quite regularly and so if you get to one of these sites the screen will kind of go black and a big announcement will come up saying this is a suspected bad site are you sure you want to be here yes or no and typically you say no I'm not sure I want to be here it will take you off to like Google or something like that it will warn you of that and I think that would be a good it's a good thing to do for your patrons if nothing else because I get those reports of patrons coming in the library going it says I want a million dollars will you help me get my money you know then we get into have to explain to them that no you didn't win a million dollars from Nigeria so and then last but not least some privacy issues you may want to deal with on your computers web browsers and computers are designed for one person to one computer I mean yes you can have multiple logins and things like that but what they're not designed for is what we're making them do in a public access situation which is thousands of people using the same computer and so there are privacy concerns that are not issues in the home your browser keeps a history of where people have been your browser keeps copies of pages that people have visited called the cache and your browser by default typically remembers people's user names and passwords we highly suggest you turn these features off for privacy issues data that you don't have can't be requested by somebody whether legitimately or illegitimately and data that's not there will not be viewed by the next person who uses the machine so what we generally suggest is in your browser settings if you're using something like a steady state do this while it's turned off find the history settings set it to zero you have no reason that do you advise what okay hi Debra I see the question down there in the text chat we'll get to that in just a moment well yeah that's that's gonna be an interesting conversation anyways zero the history there is absolutely no reason a public access machine in my opinion should keep keeping a history I mean really you don't need to know your patrons don't need to know who visited what where and when useful on my desk but not in a public machine the cache now you can set the cache to zero it's kind of a downside to this however the cache is there to make sure that the browser runs a lot more smoothly because if it's the you know when you hit the back button it's not necessarily reading the page off the internet again off your hard drive it's reading about the cache so turning off the cache does actually slow down your surfing experience however you can set it really small you can set it for like 10 megabytes or something like that or 5 megabytes usually it's measuring gigabytes these days with really large hard drives you don't need to store that much information okay and then zero it so then when you do reboot if you're running something like steady state it's back to zero every time you reboot it and the password memory really there's absolutely no reason for that just turn it off then the the browser won't even ask the user if they want their password to be memorized there's just zero reason for people to on a public machine to have the browser remember their bank account password it's just not needed turn it off did I have any opinions on that one nope that's exactly why we put up that slide we agree no alright so we have a question I have a feeling this is a loaded question but we didn't ask anybody to ask this do you advise watching the public access PCs to watch for users looking at porn or other unwanted sites okay I'm just gonna my opinion absolutely not I gotta say I'm on the left end of opinion here I say it is none of the library's business to do that is not our job to be police officers it is a policy issue you do need to have some sort of written policy on this I am not saying that you shouldn't deal with issues as they arise should another patron complain or should you walk by them and notice something but I am I personally am for square against kind of an active intentional monitoring of what people are doing on the computers on the part of library staff we most of us many of us in public libraries are government entities that is not our job and I will stress again this is my personal opinion on this issue and basically I'd have to say that's probably why I was hoping this wouldn't come up because I think that it is such a horribly loaded issue and it's really it's really difficult and having a policy is important community standards are important and and no one wants people to be exposed to things that they would find offensive no one wants to promote that and on the other hand one of things we're trying to do is to allow people whose income does not allow them to have a computer in the privacy of their home the ability to do the things they would do in the privacy of their home so then again that makes it kind of none of our business so I think it is a policy issue I think that it's very that it is important that a library a librarian and the board have a policy and that you're able to demonstrate that you have this policy and abide by it and that your staff is agreeing with it but like I said I tend to be on the same page with Michael in that which is that it's filling out any of our business but then again that's my opinion and it certainly doesn't represent any advice that this agency is giving to librarians in the state so that's why it's not on a slide anywhere and it wasn't anything that we plan to talk about we have another request in the interest of time I'm not going to actually show this on the video but it's how do you we do that browser privacy stuff in internet explorer I will tell you it's very simple you go to tools and then internet options and on the general tab under browsing history there is a button labeled delete you click on that delete button it will say what do you want to delete it will give you a whole bunch of options such as the history and the cache and the whatever and that will clear it out there's also a settings button which will allow you to say how long you want to keep the memory how much disk space do you want to set aside to that basically set those to either very small numbers or to zero which would be a very very small number tools, internet options general tab and then it's right there under browsing history it's available to you to change those options Firefox very similar it's under tools, internet options and I think there's a history tab and a privacy tab you want to take a look at so those are available to you we are running short on time we've got about 2 minutes left here officially although we can go a little long we'll only record at 50 minutes okay well time does anybody else have any other questions if you want to just type into the text chat you can do that if you have the mic and want to ask it via audio just go ahead and give a quick hand raise so we can call on you and mute our mic while you're talking I will throw in while we're waiting to see if we have any that starting in May I know there's one scheduled in North Platte I am doing some policy workshops coming up so watch the training calendar for that throughout the rest of this year and Dana you have a question so why don't we have you go first and then we'll have Deb ask her question Dana do you have a mic you just want to hold down your control key while you're talking okay Dana we're not hearing from you so why don't you go ahead and type into the text chat in the meanwhile I'm not ignoring you but Deb do you have a question via audio yes I do Michael I have been having a problem with my old Gates machine I have tried doing several updates when I try to do an update on with updating internet Explorer to go to number seven it see it I can't it really makes a mess of my machine I can't connect to the internet do you have any suggestions to what might be the problem with this simple answer no I do recall hearing that there were some problems with some older equipment going up to internet Explorer seven but okay Krista saying she had that problem at home were you able to solve it at home I bought a new computer I had a computer that was I don't mean four years old and I had the same thing every time I tried to install it it just wouldn't make the computer itself not work but Explorer would just not work I would click on the icon and it wouldn't do anything so I had to back down to six and just deal because I didn't go through trouble figuring out why I just will six works fine I'll just do that for now and then just recently I bought a new one I have two suggestions do you have a comment first I certainly can look it up and see if we can find out see if there is an answer to that out there my two suggestions suggestion number one is maybe try updating the internet Explorer eight which has been out a little less than a month to skip seven completely the default assumption would be if seven won't run why would eight run they changed a lot between seven and eight so that might be your option there IE six is pretty insecure that's really old software it was out there for years before they updated to seven it was almost six years or something like that which is why you should not be using IE six anymore the other general option I might suggest is if eight won't work install Firefox and set that as your default browser you can't get rid of IE but you could use something else instead so that when somebody clicks on a hyperlink or just wants to go to the internet in general they're not using the less secure browser which would be IE six that's true other than fact I think Firefox is a better browser anyway there's that there's fabric and check marks when you say that I think I said it twice Jan is suggesting in the chat that the problem might be with service pack two or three in my experience are you up to date on the service packs on that machine might be another thing XP which those gates machines were running is up to service pack three but honestly I think my first try right now would be to try installing internet explorer eight I think that would probably be the easiest thing to try at this point well checking your service packs first you should be up to date with your service packs also that's also a security issue that you want to make sure you're up to date there Dana if you want to ask your question if you don't have a microphone there's a text chat button in the top of your interface if you click on that a new window will pop up where you can type in your question it's a separate window from the main center interface and if we're just confused and you're having no problems we apologize yeah yeah anybody else have any other questions or comments for the benefit of the group alright I don't see any our email addresses are up there on the screen we got some applause I want to know if malware bytes rates well actually I've heard of malware bytes I have not used it but I have not heard any bad things about it so there's that we didn't really talk about malware there's also the Microsoft malicious software removal tool MSRT which is also pretty good I have used something called adware I've used spy bot search and destroy these are all free I have recently heard about malware bytes and it was a general recommendation as I recall I guess one thing I do I'm glad you brought this to our attention though because one thing is a lot of times you'll be surfing around the internet and you will see something that says you know we're sensing that your machine is infested with a spyware click here to remove the whatever and I don't ever do that please don't ever do that in fact there's a piece of if there is a piece of software if you want to know then go out and find a piece of software reviewed that has recommendations install that piece of software to check your computer don't ever just click here in fact there is a piece of malicious software out there called antivirus 2009 it markets itself as antivirus software and it itself is malicious so the blinking ads on the screen no website knows that you have malicious software installed just by going to the website every time you see something advertised or promoted or whatever go online see what people are saying about it see what the reviews are see what its limitation is for example like the free program plan when if you are expecting it to actively scan every new file that you brought in if you didn't know that you would think that that was happening but it isn't so do read about whatever it is that you're thinking about installing find out what people are saying about it you know are the comments from places that are reputable is it seen at, is it PC world places that you know so I'll just throw one last thing in case we have any seriously geeky people in the room and you really want to learn a lot of this stuff and you got some time there's a great podcast called security now however readily admit half of it is over my head but I always learn something I have pulled more stuff out of that podcast for my security workshops and presentations like this than anywhere else the guys that run it know exactly what they're talking about it's easy to understand but it is very kind of high level they talk about encryption and all these other things but I love it so you know if you want to give it a shot it's out there just Google security now I think we're going to have to wrap things up okay thank you very much for everyone for attending any other questions you guys know where to find Michael and Diane email them call the commission or whatever they can help you with anything you may be doing are you getting some applause well we'll try to help you really and hopefully you'll join us next week for Encompass Live our topic will be Nebraska memories thanks everybody bye