Posted by Lori Ayre on April 29, 2004

I was recently told the story of a library that uses a highly-regarded Internet filter (even I think highly of it) and yet were stunned to find child pornography stashed on one of their public access computers.

"How could this happen???" the library staff cried.

Well, the thing is...Internet filters ONLY filter the stuff that comes in over the Internet via Web browsing. That's one thing. And the other thing is....patron's files should NEVER be saved on a public access computer!

Think of the browser as the door to your library. Your library also has some big windows that can be used to bringing in lots of nasty stuff. Examples of "windows" include:

floppy drive
CD drive
DVD drive

Floppy, CD and DVD drives can be used to bring in files to your system. Once that file comes in, you have to control where it gets saved and for how long. As far as things you can't control....if email and IM are made available to patrons, users can attach files from their CD or floppy and send them off to their friends (or enemies).

Here are some things you CAN and SHOULD do with your Public Access Computers:

1. Always delete all user files, cookies, history and cache files between each user's session. This is the best way to protect yourself and your patrons. Any nasties that are saved or downloaded get blown away at the end of the session and the next user arrives to a pristine environment. Check out Public Web Browser for help with this.

2. Use a program that ends the session after a certain amount of time or after a period of inactivity to ensure that sessions do end. This way n'er do wells can't come in, load an alarming page into the browser, walk away and enjoy the reaction. Setting the timer to restart the session after some number of minutes of inactivity will spoil their fun. (Be sure to warn patrons this feature is enabled so they don't leave work on the screen and expect it to be there in 10 minutes after they return from the stacks!) Check out Public Web Browser for help with this, too.

3. Only allow programs to run that you've predefined. In other words, you know the programs you've installed for your patrons: Word, Excel, Paint, Waldo....using a product like WinSelect, you can define which .exe files can be run on your computer. Once implemented, no other executable files will be allowed to run. This means that even if someone copies an executable file to the hard drive, gets one via an attachment or tries to run an executable from their ain't gonna work. It takes some work upfront to do this, but it's worth it.

4. Ensure your virus scanner is up-to-date and active all the time AND that it scans any exernal drives such as floppies, CDs and DVDs as soon as they are accessed.

5. Using your firewall, router or Internet filter (not all Internet filters have this ability), make sure you have control over who can use protocols such as telnet, FTP and IRC. Chances are there are only a few PCs that need to use one or more of these protocols so you should be able to close these windows. You should certainly be able to close them off to patrons.

And hey, be careful out there.