Downloading

[dburt at nypl.org]

     At NYPL in our public access PCs we use a four-pronged approach to 
     protect against virus and hacking:
     
     1) The BIOS is secured.  We set the system password on so that users 
     cannot access it.  This requires that the librarians know the system 
     password when they turn on the machine each morning.  The boot option 
     is also set so that the machine will not boot from the floppy drives.
     
     2) We have an anti-virus program, Central Point Anti-Virus, which 
     loads at start-up.
     
     3) We have a security program called Integrity for Windows.  This 
     program is sometimes awkward to work with but it is very powerful.  
     Integrity allows us to block access to any directory or sub-directory 
     we select.  Integrity also blocks access to the Windows file options.  
     Users cannot delete or change files or directories outside of the 
     groups we allow them to.  They can, however, fill up the hard drive 
     with junk, which is not too serious.
     
     Most importantly for hacking and viruses, Integrity blocks the 
     execution of executable files from the floppy drives.
     
     4)  Finally, all important system files, such as .exe's and .ini's  in 
     the directories not blocked by Integrity have the Read Only attribute 
     turned on.
     
     
     So far, this system has worked very well, although I'm sure it's only 
     a matter of time before some clever hacker with nothing better to do 
     figures out a way to screw things up.  When that happens, we'll just 
     plug in one of our ZIP drives with a mirror of the default setup and 
     reset the thing.
     
     
     David Burt, The New York Public Library