- Microsoft Updates: Do Microsoft updates, not just Windows updates. The second Tuesday of the month is when Microsoft releases many updates, but they also occasionally come at other times of the month too.
- Also keep your other applications current. Pay particular attention to Firefox, and Adobe Reader and Flash. But try to keep all your applications up to date. I agree with you though that it is a royal pain in the neck. Larry, our new IT guy at the Missoula Public Library, has some good ideas on that front. I hope to be posting about how to make this easier in a couple months.
- Use Firewalls. XP, ME, Vista, Windows 7 all have firewalls built in. Use them. Also use a firewall at your perimeter device. That's the device in the phone closet that connects to your ISP.
- Block SPAM. If a malicious email never shows up in your mailbox, it can't infect you. Most email clients have some kind of SPAM blocking feature. Also many ISP's provide a SPAM blocking service that will usually cost a little bit but will keep your mailbox cleaner.
- Protect your Browser: Al the major browsers have a variety of tools built into the application to protect you from a variety of malicious activities. For example, IE has the pop-up and active-x blockers, protected mode, and a variety of other things. Another useful tool is something called the WOT. It's a 3rd party app. Find it by googling "web-of-trust".
- PC Restrictions: This is something you would consider mostly for your public PCs. The primary product for this is Group Policies. It you had a week long class on this product you would just be scratching the surface. But there are much more user-friendly products such as SteadyState from Microsoft (It's free but it doesn't work on Windows 7) or Winselect from Faronics.
- Antivirus and antispyware: As time goes by, this genre of tools becomes less and less useful because the malware is getting too clever. But they are still useful. Use them. Keep them updated.
- Separate Public, Staff, and Hotspot PCs: Your staff will at least try to not get infected. The public doesn't care and so you can assume the public PCs are infected not long after a patron touches it. On the hotspot, patrons can use their own tools to hack into your environment. Stop all this by disallowing any communication between your staff, public, and hotspot users. See a previous post on ARP poisoning to learn how to do this easily.
- Passwords: Never leave a device with its default password, or no password, or "password", or any of dozens of silly selections. You have good locks on your doors? You should also have good locks on your software. This applies to both your vocation and your personal life. Don't always use the same password. Can someone watch you logon to your PC every morning and then know how to get into your online banking?
So there is a lot of stuff here. You are not going to go home and do all this right away, if at all. So people ask me for the short list. What three things from this list should they do?
If I had to say only three, I would say 1&2 first. Do the Microsoft and application updates regularly. Then 8, because you can always safely assume that your public PCs are infected, and you don't want that to spread to your staff PCs. Finally 9, passwords are locks, use good ones and use them correctly. There is a lot of good info about how to use passwords well.
But I would also put antivirus and antispyware in the top 3 as well. I know there are 4 items in the top 3 but they all need to be there. AV and AS are less important on public PCs if they are using Deep Freeze, but definitely important on PCs not running Deep Freeze.
Be careful out there.