downloading

[Bill Moseley]

At 09:26 AM 3/19/97 -0800, JULIE LEVANG wrote:
>Our library is about to offer public internet access and would appreciate
>advice from other libraries about the pros and cons of allowing  patrons
>to download information to floppy discs.  I have searched the archives
>already and found some good information but am looking for specifics
>about things like virus problems and ways to prevent them, whether to
>allow patrons to bring in own discs or have the library provide/sell them,
>etc. Thank you.

Sorry if I'm repeating:

You won't get a virus from downloading to a floppy, or from reading a data
file from a floppy (except for Word viruses, which I'll comment on later).

The danger is allowing execution of programs from a floppy (or of a
downloaded file on the hard disk).  This is quite easy to prevent using
Windows 3.1, but special protections are required for Windows 95, as
programs may be run from the File/Open dialogs.  For Windows 95 I would
recommend a security program such as Fortres or Foolproof.  Foolproof, for
example, prevents saving files to the hard disk, and prevents running
programs from the floppy drive.

Probably the most common way to get a virus is by rebooting the computer
with a diskette in the A: drive.  Even "data only" diskettes contain a boot
program, which can transport a virus to your hard disk.  To protect against
this, check your computer's manual and see if you can disable booting from
A: drive.  This may be called the "Boot Sequence" or look under "Security".

If your computer doesn't have this feature, then I would recommend using
the boot password feature and ask your staff to always check for a floppy
in the A: drive before entering the password into the computer.

If you prevent booting from floppy disks, and control what programs can be
executed then you are safe from viruses (he bravely states).

Word viruses are different.  A Word document can contain macros that
execute when the document is opened.  The Word macro language is powerful
enough to do damage (e.g. delete files and spread the virus to other
documents).  So caution must be used when opening Word documents from
unknown sources.  I believe all you need to do is hold down the shift key
when opening these documents in Word to prevent the start-up macro from
running.  Then you can look at Tools/Macros to see if there any macros are
included with the document.

I understand there are other macro and script-like files that can cause
damage (postscript files?), but I haven't seen many reports of these.

I don't think it matters if you limit to diskettes you supply or if you
allow the patron to use their own disks.  I don't know how one would
control that only your "pure" disks were used.  Also, what if the patron
finds a virus on the diskette that you issue?

I think it is important to warn your patrons of the dangers of downloading
files, especially programs, from unknowns sources and using them on their
own computers.

Finally, the obvious: Have a good backup system - and test it.


Bill Moseley
mailto:moseley at netcom.com