Tag Archives: Computer Lab

Ready-Made Computer Courses for Library Patrons (and Staff!)

Carousel of LearningExpress Library modules with Computer Skills at the fore

Anytime you’re providing the public service of free and open access to internet-connected computers, it’s important to also provide training on their use. This can be particularly challenging for small and rural libraries, where extra staff may not be available to provide tutelage to patrons, or in circumstances where the library staff members or volunteers aren’t comfortable enough with the technology to feel they can provide meaningful assistance. In this post, I’ll provide an overview of LearningExpress Library’s Computer Skills Center, a resource that both patrons and staff can use to develop their computer skills.

Access to LearningExpress is funded for all libraries in North Dakota by the North Dakota State Library. Patrons can also access it from home, though probably not until they’ve mastered the basics at one of your public access computers. You can find LearningExpress on our databases page or use this direct link to connect to it from your library’s website. Continue reading

Choose Privacy Week Update and Tool Kit

ALA_ChoosePrivacy_186x292-A

The American Library Association’s new Privacy Tool Kit  made its debut on their website yesterday. This tool kit is a robust and tightly organized collection of statutory information, guidelines,  policy and procedure considerations, and statements of principle. Its the culmination of two arduous years of collaborative effort and is making its debut right as the 2014 Choose Privacy Week celebration is kicking off. Be sure to check it out and take advantage of the resources it contains. You can read more about the kit and its creation here.

If you’d like to tap into more great resources related to privacy in the library, be sure to check out the Choose Privacy Week website (great information, every week of the year!)

Finally, if anyone’s interested, here’s the slide deck for my upcoming CPW presentation, Defense Against the Digital Dark Arts: ChoosePrivacyWeek-DefenceAgainstTheDigitalDarkArts (ppt). When the webinar archive is available, I will update this post to include the link.

Revisiting 404 Day

Image of a generic HTTP 404 file not found message

One week ago today, the internet was graced by an amazing live presentation as part of a day of action against censorship in libraries. The truly amazing presentation was put on by intellectual freedom advocates and technologists (including Deborah Caldwell-Stone, director of ALA’s Office of Intellectual Freedom!), and was sponsored by the Electronic Frontier Foundation (EFF).

If you aren’t familiar with 404 Day, it is a call to action against censorship of all kinds, and a means of raising awareness of the extensive and unnecessary censorship that’s arisen since the Children Internet Protection Act’s passage (CIPA). Last week’s session went to great lengths to clarify the very limited scope of the law, explore the dangers of online censorship in all forms, illustrate the risks inherent in internet filtering, and eradicate misconceptions about CIPA. Continue reading

Privacy Primer for Public Access Computers

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” (Code of Ethics of the American Library Association)

Image from https://secure.flickr.com/photos/g4ll4is/8521624548/ used under CC BY-SA 2.0.

Image from https://secure.flickr.com/photos/g4ll4is/8521624548/ used under CC BY-SA 2.0.

In this post I’m going to detail some of the most common threats facing your patrons’ privacy when they use your public access computers, and provide guidance on how to better safeguard it, in keeping with the most vaunted code of ethics in librarydom. Continue reading

Increasing Security on Public Access Computers with EMET

EMETdownloadI’ve previously posted various steps you can take to keep your Public Access Computers safe and secure. Today I’m writing about another free and simple way you can greatly increase the security of any Windows machine: installing Microsoft’s Enhanced Mitigation Experience Toolkit.

Enhanced Mitigation Experience Toolkit is kind of a mouthful, so most people just call it EMET (like the otter). What “enhanced mitigation experience” means isn’t obvious–in essence, EMET acts to prevent rogue code from behaving badly on your computer. This is different from anti-malware software, Continue reading

Promising Practices for Public Access Computers, Part 3

This is the third in a series of posts on how libraries with limited resources can provide a reliable and safe public computing environment consistent with the tenets of Intellectual Freedom. If you missed the previous post on browser privacy or the post on setting up a guest account, you may want to check those out first.

rebootRestoreRxLogo

In this installment, we’ll learn how to install and configure Reboot Restore Rx, a freeware program that allows you to create an ideal state your computer will return to every time it’s rebooted. This helps ensure stability against anything your library patrons might do to it, and also helps protect their privacy by deleting any documents they may have inadvertently saved on one of your public access computers. This is a much more aggressive and thorough approach than the one we took using CCleaner, but it’s also a more involved setup process and makes future software updates slightly more cumbersome. As with previous posts, this is not an enterprise solution, and is best suited for smaller libraries with few public access terminals.

Once you’ve downloaded the program’s installer, the obvious next step is to run it. The installation process is pretty familiar until you get to this screen:

installPartitionSelectScreen

Note that your screen will look different, depending on how many hard drives you have and how they are partitioned.

You can select any or all of your partitions at this point, but in most cases you’ll simply want to select C: (checked by default) and any other lettered drives before clicking Next.

At the end of the install process, you’ll need to reboot.

Pretty painless, right? Well, there is a bit more to it than that. First, you’ll want to take steps to prevent your more savvy and mischievous patrons from disabling it. To ensure that the following changes will stick, we want to disable Reboot Restore Rx from the Shield Tray. Right click the following icon from your icon tray:

shieldTrayIcon

Then uncheck Restore on Reboot. Excellent! Now we need to prevent Shield Tray from loading at startup. An easy way to do this is using autoruns (previously discussed here). You’ll want to run Autoruns as administrator (right click it then select Run as administrator). Next, click on the binoculars and search for shield tray (or scroll through the list until you find it). Uncheck the box next to Shield Tray and then close out of Autoruns.

uncheckShieldTray

Now there won’t be a tantalizing switch for miscreant or curious patrons to toggle.

The path to the switch will still be open to them, though, so you’ll have to take extra precautions against the particularly tenacious (or those who’ve read this article). What we want to do next is lock off the Guest account’s access to the RestoreRebootRx folder. Here’s how to proceed (note: you should be signed in as an administrator). Here’s how to proceed:

  1. Open up your file tree (click the folder icon; if you don’t have one, click the Start orb, then documents)
  2. Navigate to Computer -> Local Disk (C:)
  3. Right click the RebootRestoreRx folder (you may have to scroll down to find it) then click Properties
  4. Click on the Security tabsecurityTab
  5. Click Edit
  6. Click Add
  7. In the Enter the object names to select text box, type in guest and then click Check NamescheckNames
  8. You should now see the proper path for the guest user account in the text box (something like COMPUTER-NAME\Guest); click OK
  9. Now, select the Guest account on the Permissions for RebootRestoreRx screen
  10. Check Read & execute in the Deny column (this will automatically deny List folder contents and Read, as well) guestPermissions
  11. Double check that it says Permissions for Guest above the selection box before proceeding, then click Apply
  12. Click Yes
  13. Click OK

Voila! The guest account can no longer deactivate Reboot Restore Rx without an administrative password. Good stuff. Finally, we want to reactivate Reboot Restore Rx. This is a bit trickier, since we likely no longer have Shield Tray in our icon tray (it will still be there if you haven’t rebooted since changing the autoruns. To get it back (for the current session), click on the Start orb, then type shieldtray into the search box. Execute the shieldtray program this discovers and it will be back in the tray. Now simply right click its icon from the tray, and click Restore on Reboot. This will give you the following notification:

updatedBaseline

Click OK (as though you had a choice). That’s it! I do wish you had the option to reject changes at this point, but presently you’ll have to rely on a system restore point for that.

Now you also know how to make any future changes (re: software updates) stick, so that you won’t waste time restoring to an outdated state: load the Shield Tray, deactivate the service, make the changes, reactivate the service, reboot).

Reboot Restore Rx is not a bulletproof means of preventing computer tampering, but it will alleviate a huge percentage of your routine computer lab problems. Reboot Restore Rx is easy to install and manage, allows easy updates to other software and the restore baseline, and it’s freeware. Of the free solutions I’ve tested, this is by far the most user-friendly and the least prone to crashing (I never managed to break it). Hat tip to the How To Geek for his excellent article on this program.

More Coding Club Resources for Your Library

Hosting a Coding Club at your library or in your computer lab is a great way to get teens into your building and foster their knowledge and interest in STEM fields. They also provide an opportunity for you to partner with schools and tech companies in your community. Previously, we’ve discussed how to start a Coding Club using Codecademy. Today I wanted to inform you of some other resources you can make use of.

CoderDojo logo

CoderDojo has some great guidance and resources on how to start a more formalized coding club with designated coding mentors. The Bismarck Veterans Memorial Library recently started a CoderDojo (the only one so far in our state)–kudos to them!

Kodu Game Lab

Kodu facilitates the creation of games for the PC (free) and XBox ($5 through the Indie Games channel) using a simple visual programming language. In addition to programming skills, it cultivates creativity, problem solving, and storytelling. They have an education kit you can download to help you get started. The platform is geared towards a younger audience, but can provide an excellent introduction to programming for middle school-aged youths and even pre-teens.

CodeEd's logoCodeEd is dedicated to teaching computer science to girls from under-served communities, starting in middle school. They partner with schools and programs serving low-income girls and provide them with volunteer teachers, computer science course offerings, and computers. CodeEd does make their curriculum available under a Creative Commons Attribution license, so you can make use of it even if you don’t enter into a more formal partnership with them.

Bootstrap iconBootstrap is a formal curriculum for students age 12-16. It teaches solid program design skills and applies algebra and geometry to video game design. The flexible course runs 20-25 hours. While Bootstrap is best suited for a school or school library media center, it has plenty to offer anyone interested in fostering a learning environment for computer programming. The curriculum is free and aligned with Common Core standards for algebra. All course materials, including unit guides, workbooks, password-protected teacher materials, and the standards matrix are available free of charge.

Code Club World logoCode Club World is another great resource for guidance on how to start your club, promote it, and keep it running smoothly. In addition, they provide teaching materials in an assortment of languages (here’s the English one). Their focus is on clubs for children aged 9-11, but their recommendations are pretty universally applicable.

Know of any other great coding club resources? Please share them in the comments!

Spring Cleaning Computers (of Malware)

If you’re like me, when you visit (or are visited by relatives), you’re asked about computer problems. If you’re like me, this can be ridiculously fun and entertaining for you. As luck would have it, family visited this past weekend and brought with them two machines profoundly besieged by malware, hoping I might restore them to proper working order. One of the machines would crash dump into the fabled blue screen of death within five minutes of boot up, the other had well over 4,000 infections and was unable to function at a super-glacial pace. Good times.

win8BSoD

Why bring this up here? If your public access computers aren’t well secured, you will inevitably need to go through a similar process, so I thought I’d share it with you (also: once they are clean, take steps to secure them and your patrons, by gum!) While the following routine will only be necessary in its entirety for deeply compromised machines, you may find parts of it useful for handling more mundane encounters with software malfeasance.

As a matter of self-preservation, it is common for malware to disable anti-virus software and your ability to download or update it. Subsequently, I use a portable toolkit (executable from a USB stick) to mitigate infections of this nature. Obviously, you’ll have to build and update this kit using a clean machine. Here’s the part of my kit I made use of for this round of cleaning and the order I employed it in:

1. SUPER AntiSpyware (can be run in Safe Mode) – A few notes about this gem of a program before I begin. One: it finds spyware like nobody’s business. Two: it has an embarrassingly stupid name. Three: it is portable, but it tries hard not to be–here’s what you have to do in order to have a USB-executable version of it: download the installer from the link above (do this on a clean machine shortly before you need it, as you won’t be able to use the native updater without rendering it non-portable) and save it to your USB-drive. Run the installer and select a folder on the USB-drive as the install destination (this is not the default behavior). Do not agree to update it at any time or it will senselessly install itself in non-portable fashion. Admittedly obnoxious, but this program rooted out some hardcore infections, improving machine performance all on it’s lonesome, so it is definitely worth the extra effort (it removed over 3,000 infections from one of the computers).

SAS

If you’re at the point where you’re running anti-malware programs from a USB-drive, you’ll probably want to select Complete Scan and Enable Rescue Scan, as shown above. Then click Scan Your Computer and start catching up with your relatives (it will take some time to complete). Note that you may want to change Windows’ power settings so that the computer won’t go to sleep on you while the scan was running…

2. Emisoft Emergency Kit (can be run in Safe Mode) – The Emergency Kit Scanner bundled here is a robust seeker of all manner of nastiness.

emisoft

Before running a Deep Scan (this is another time consuming operation) I changed the On scan end setting to Quarantine detected objects (note that if you plan on kipping out after you start the scan, you may as well check Shut down PC, too).

emisoftConfig

Once SAS and EEK had done their thing, a handful of critical infections had been removed from each machines as had hundreds to thousands of less serious ones. Great headway had been made, but I believe in being thorough, so…

3. Bitdefender Rootkit Remover – This scan only takes a few seconds and will snag known Rootkit/Boot-kit infections that persistently reinstall themselves from the Master Boot Record during start up. Note that I was unable to run this program from Safe Mode.

rootkitRemover

I didn’t find anything with it, but I can’t say those scant seconds were ill-spent.

4. Autoruns – Autoruns is a great little program from Microsoft technicians that lets you see EVERYTHING that gets run during your computer’s start up and log in cycle and allows you to toggle off any you wish to remove from these proceedings.

autoruns

If you know what you’re doing, you can both speed up your boot process and identify nefarious programs, preventing them from running automatically.

5. Geek Uninstaller – Geek is a brilliant little program that truly works wonders. It’s the best uninstaller I’ve ever encountered and I’m yet to meet a program it can’t remove.

geek

Geek also does some nice tidying up after each uninstall completes. You may be asking yourself, “why did he need an uninstaller?” Well, sometimes someone you love will download a free games platform that happens to be a notorious browser-hijacking malware delivery service (here are 39 million articles about one of the programs I removed in seconds with Geek). Sometimes people won’t pay attention while installing things and will inadvertently install additional bloatware that they never intended to and really don’t want or need. Sometimes you just want to ensure that Java isn’t installed. Another thing to be aware of: you really do not want to have more than one active Anti-virus program on any given machine, as they’ll often get into conflicts, degrading performance and security. If you have more than one, uninstall all but your favorite and most trusted (definitely uninstall any trial versions). I’m partial to Microsoft Security Essentials, but there are other fine free options out there. Note that you may need to restart your computer after some uninstalls.

6. Avast! Browser Cleanup – Many of your browser-based woes should already be hashed out, but those that remain can likely be remedied with this tool.

avastBC

Avast!’s Browser Cleanup will allow you to reset browser homepages and search providers (these are frequently hijacked) and will also help identify malicious toolbars and extensions, enabling you to remove them. Keep in mind that not everything it identifies is dangerous or undesirable, some may simply be unknown or uncommon.

7. CCleaner Portable – CCleaner is a powerful and much beloved temporary file and registry cleaning utility (and so much more!) Some people use Task Scheduler to automate sweeps with its non-portable form, and I like those people just fine. For our purposes, we’ll want to do two things with it now:

Thing One: Cleaner.

CCleaner

This sweeps away all your temporary files. You may wish to look over everything that’s set to be wiped under both Windows and Applications to ensure you don’t accidentally toast something you fancy. If you’re cleaning Public Access Computers, I would encourage you to err on the side of thoroughness. Once you’re prepared, click Run Cleaner.

Thing Two: Registry.

CCleanerRegistry

Normally you don’t need to do much in the way of preventive registry maintenance, but if you’ve just mopped the floor with a bunch of malware, bloatware, and nogoodniks, you may have some malingering remnants that you’d be better off without (especially if you’ve been seeing crash dumps). Click on Registry and then click Scan for Issues. Next click Fix selected issues… When prompted, make sure you backup changes to the registry, just in case things go pants up (for the record, I’ve never had that happen, but I’m not one to take chances). Finally, click Fix All Selected Issues.

At this point, I was done with my portable apps and decided to move on to final precautionary measures: running the Microsoft Malware Fixit and then executing a full scan with Microsoft Security Essentials (or your AV of choice).

MSE managed to find a few more infections in one case and set my mind at ease that I’d steered the other clear from harm.

[In the unlikely event that malware has made changes to your system that the Malware Fixit cannot revert, Windows Medkit may provide the last bit of support you need. It’s capable of fixing an inability to view hidden or system files, folder options, and all drives in My Computer; it can enable Regedit, Taskmanager, Msconfig, CMD, Run, Control Panel, and Start Menu if you’ve been blocked from using them; it can fix Taskbar issues. It also has some management and system tools bundled with it.]

Once I purged my relatives’ computers of infection and tidied up, I took steps to help curtail risks of future infection. This involved making their default browser and one that self-updated (Firefox or Chrome are nice) and extending it with both Ghostery and Adblock Plus. I also removed shortcuts to other browsers and unpinned them from the Taskbar and Start Menu, to help remove the temptation to live dangerously.

Next, I ran Windows Update routine (tip: if you create a new shortcut and point it to cmd /c wuapp.exe you will have created a convenient shortcut to Windows Update!) An update was necessary as both machines had been unusable for a few weeks and infections may have been preventing security patches for much longer than that.

Finally, I generated a Ninite installer and set up Task Scheduler to automate 3rd party application updates with it, as I detailed here.

I’d love to hear your suggestions, questions, horror stories, and concerns in the comments!

Automating Updates

From a security standpoint, it is vital to keep the software on any internet-connected computer updated. Updates are routinely rolled out to patch vulnerabilities. If you’re in a Windows environment, updates for Microsoft will automatically come to you on the second Tuesday of every month and you’ll be able to go through the install with only a modicum of intervention. Modern browsers like Firefox and Chrome have become self-patching. A lot of software is not as predictable or forward-thinking, however, and requires due diligence from the user to monitor and patch it (and then there’s software like Java, which can’t be patched frequently enough to make it safe, and should not be installed on an internet-connected computer unless it absolutely has to be).

Fortunately, there’s an easy way to check and update more than 90 of the most popular programs all at once using an installer from Ninite.

Ninite prides themselves on being “The Easiest, Fastest Way to Update or Install Software” and I see no reason to quibble with them on this. It should be noted that they do offer both a Pro and a more feature-rich Updater option for modest fees if your needs exceed what I’m covering today.

The process is simple: go to their website, select all of the apps you’re interested in, and then click the big green Get Installer button.

niniteMenu

Ninite will then create a file for you to download. When executed, this file will install every application you selected, completely free from additional clicks, unwanted toolbars or bloatware, or any sort of signup process. If you already have any of the programs installed, it will check to make sure they’re up-to-date, and will automatically update them if they aren’t.

Now that you’ve downloaded your installer, it’s time to use Windows Task Scheduler to automate your updates by following these simple steps:

  1. Open your Start menu by clicking on the Windows orb.
  2. Type task scheduler into the “Search programs and files” search box.
  3. Select Task Scheduler from the results list or simply hit Enter to open Task Scheduler.taskScheduler
  4. Under Actions click Create Basic Task… (rightmost column)
  5. You will now be prompted to name and describe your task; call it something informative like Ninite Updater. Click Next.
  6. Next you get to set a trigger. Weekly would be a good time-based trigger; if this is for a machine that’s administratively locked down for guest usage, you can set the trigger for whenever you log in with your administrative account. Click Next.
  7. If necessary, finish configuring the triggering event.
  8. Next you’ll get to select the action to be triggered. Choose Start a program from the list and click Next.
  9. The program you want to run is the Ninite installer you downloaded earlier (if you don’t recall the where you saved the file, Browse for Ninite. Ignore the optional items and click Next.
  10. Click Finish. You’re done!

(This article was adapted from an article I’d originally written for this issue of The Good Stuff – PDF).