Just as a note – I’ve been quiet because I’ve been recovering from a fairly nasty fall down my basement steps that resulted in no broken bones (yeah!) but a fair number of bruises and 14 stitches on the top of my head (boo!). I’m back in the saddle, though…
One of the biggest drawbacks to providing public access computing in a library is the fact that the public has access to the computers. I was in a web demo the other day (for the new Centurion product – we were wowed…) and the salesman asked us if we had heard of USB wireless managers. Apparently the trend to use these started in IL (at least for Centurion hearing about it) with someone putting a wireless manager coupled with a keylogger that recorded every keystroke subsequent patrons made on the computer and wirelessly sent them to the bad guy via the wireless manager. Centurion has a setting that will disable those, which is why it came up. I’d never heard of people doing this – but within a week of that demo, I’ve seen 2 stories now on similar hacks to public library computers.
The story I linked to above talks about USB keyloggers, which have been around for a while and which we have given our computers a quick once-over for at least once a day, when we are starting up the machines in the lab. This, however, includes a wireless component that means that even if we take the USB stick and confiscate it, the bad guy still gets the data, since it was sent wirelessly. This means that keeping an eye on your network logs is doubly important – any strange activity or unknown networks accessing your computers should be checked out.
Inviting the public into your network and allowing them physical access to your machines means that you have to be both aware of current trends and vigilant about keeping an eye on the computers. I remember when the major issue we had to look out for was teenagers stealing mouse balls to use as jewelry… Now we have to make sure that patron privacy and security are not compromised just because they are using our machines!