downloading

Charles Bearden - Cataloging cbearden at sparc.hpl.lib.tx.us
Wed Mar 19 15:21:09 EST 1997 

To Bill's always sound advice about PC security in downloading I would 
add that there is a MS Word Viewer available for free download 

	http://www.microsoft.com/msword/internet/viewer/

that supposedly does not execute Word macros, and is therefore _supposed_
to be safe for viewing Word documents (though neither I nor HPL warrant
this).  You can configure it as a helper in Netscape.  Somehow, I don't
think you can in MSIE without associating it with all files of the .doc
extension with it in the registry (which may not be a problem in public
workstations). 

Best wishes,

Chuck
-------------------------------------------------------------
Chuck Bearden			email: cbearden at hpl.lib.tx.us
Catalog Department		voice: 713/247-3499
Houston Public Library		fax:   713/247-3158
500 McKinney Ave.
Houston, TX  77002		-=> NOT SPEAKING FOR HPL <=- 
-------------------------------------------------------------
      -=>HPL's Homepage: http://sparc.hpl.lib.tx.us<=-



On Wed, 19 Mar 1997, Bill Moseley wrote:

> At 09:26 AM 3/19/97 -0800, JULIE LEVANG wrote:
> >Our library is about to offer public internet access and would appreciate
> >advice from other libraries about the pros and cons of allowing  patrons
> >to download information to floppy discs.  I have searched the archives
> >already and found some good information but am looking for specifics
> >about things like virus problems and ways to prevent them, whether to
> >allow patrons to bring in own discs or have the library provide/sell them,
> >etc. Thank you.
> 
> Sorry if I'm repeating:
> 
> You won't get a virus from downloading to a floppy, or from reading a data
> file from a floppy (except for Word viruses, which I'll comment on later).
> 
> The danger is allowing execution of programs from a floppy (or of a
> downloaded file on the hard disk).  This is quite easy to prevent using
> Windows 3.1, but special protections are required for Windows 95, as
> programs may be run from the File/Open dialogs.  For Windows 95 I would
> recommend a security program such as Fortres or Foolproof.  Foolproof, for
> example, prevents saving files to the hard disk, and prevents running
> programs from the floppy drive.
> 
> Probably the most common way to get a virus is by rebooting the computer
> with a diskette in the A: drive.  Even "data only" diskettes contain a boot
> program, which can transport a virus to your hard disk.  To protect against
> this, check your computer's manual and see if you can disable booting from
> A: drive.  This may be called the "Boot Sequence" or look under "Security".
> 
> If your computer doesn't have this feature, then I would recommend using
> the boot password feature and ask your staff to always check for a floppy
> in the A: drive before entering the password into the computer.
> 
> If you prevent booting from floppy disks, and control what programs can be
> executed then you are safe from viruses (he bravely states).
> 
> Word viruses are different.  A Word document can contain macros that
> execute when the document is opened.  The Word macro language is powerful
> enough to do damage (e.g. delete files and spread the virus to other
> documents).  So caution must be used when opening Word documents from
> unknown sources.  I believe all you need to do is hold down the shift key
> when opening these documents in Word to prevent the start-up macro from
> running.  Then you can look at Tools/Macros to see if there any macros are
> included with the document.
> 
> I understand there are other macro and script-like files that can cause
> damage (postscript files?), but I haven't seen many reports of these.
> 
> I don't think it matters if you limit to diskettes you supply or if you
> allow the patron to use their own disks.  I don't know how one would
> control that only your "pure" disks were used.  Also, what if the patron
> finds a virus on the diskette that you issue?
> 
> I think it is important to warn your patrons of the dangers of downloading
> files, especially programs, from unknowns sources and using them on their
> own computers.
> 
> Finally, the obvious: Have a good backup system - and test it.
> 
> 
> Bill Moseley
> mailto:moseley at netcom.com
>

More information about the Web4lib mailing list