Microsoft decision puts public libraries at risk

Topic

New Reply

	TOP STORY[/size][/font] Microsoft decision puts public libraries at risk[/size]
	By Yardena Arar Millions of Americans depend on libraries, Internet cafes, and other public locations for their connection to the Internet, and keeping these access points safe from hackers is especially difficult. Recently, however, Microsoft has made that challenge even more difficult for many public libraries.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2010/04/08/01 (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

I’m the IT Consultant for a public library in New Jersey. Although it’s disappointing to see Microsoft SteadyState, which I use on all of our Windows XP public workstations, not being upgraded I’d like to laud Microsoft for all they do for libraries (and non-profit organizations). Through their partnership with http://www.TechSoup.org libraries are able to get their software at 95% off retail or more. Windows 7 Enterprise Upgrade for a $9 admin fee or Office 2007 Professional for a $20 admin fee keeps the libraries humming along. These same savings go for server software, development software, etc.

Reply | Quote

If it is really getting so risky to continue to use Microsoft products, then perhaps the time has come to consider alternatives?
The public library at my home town, for instance, uses Ubuntu nowadays–but I’m sure that other, equally valid, alternatives are available.

Reply | Quote

One option to replace Steady State is VHD boot (unfortunately only available for Win 7 Ultimate). But then you can use differential disks, that will be resetteable.

Also virtualisation will be an option to solve this issue – but this isn’t free of charge.

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

Reply | Quote

In the public library of Gent, Vlaanderen, the computer restarts every time another person tries to log in. The only safe way. Steady State still alows for skunks to put in anything and the next user doesn’t know he’s vulnerable if he doesn’t restart!

Reply | Quote

Comodo Time Machine is a free solution to completely resetting the system at the end of each session. Quoting from their feature list: “Libraries, Internet cafes and other publicly shared networks can schedule a total system restore at the end of each session”.

Reply | Quote

Oh skunks, I am getting too old for this stuff…

What was the name of that FREE little Linux based puppy of a gem that I did test about four years ago?
Once installed from the live CD it was a complete kiosk solution, rebooting at every log-on (or log-off?) without the CD!

With Google docs one wouldn’t even need a flash drive.

In a public library in this country I would not fret about key loggers because that admin would be up for jail time, right?

If I only could remember the name… Ohh, but Google IS my friend. I believe it was called LiveKiosk.

I am almost certain that further digging will turn up other solutions as well.

Reply | Quote

Good

M$ greed will finally allow linux to be the public os.

Reply | Quote

Good

M$ greed will finally allow linux to be the public os.

Exactly what “greed” are we talking about? Microsoft gives away SteadyState for free and offers public libraries software for free with a small administrative fee from TechSoup. The Bill and Melinda Gates Foundation has been a huge financial supporter of the public libraries as well. Boy, I really wish people would get some facts before posting.

Also, I find the headline extremely misleading and sensationalistic. Microsoft is not putting libraries at risk. If the public library is using Windows XP or Vista they’re fine. If they upgrade to Windows 7 without a lockdown solution that’s the fault of the library; not Microsoft. Library patrons like consistency. They are there to surf the Internet, check E-mail, or use Microsoft Office for the most part along with printing. If Windows 7 was suddenly introduced to the environment our staff, which is quite lean to begin with, doesn’t have the time for the flurry of questions that would ensue.

Our library has a Linux server with some Debian Linux thin clients. I’m migrating them to Windows. Whenever a user comes in with a Microsoft Office 2007 document and attempts to use it on OpenOffice the support goes up because there are formatting differences in conversion.

The link below shows that libraries have much more important things to worry about right now then moving from Windows XP to Windows 7 and not having a lockdown solution. They’re more concerned with actually existing at the moment.

http://www.savemynjlibrary.org/

Reply | Quote

Bob, Thank you for being the voice of reason as well as giving great info. Maybe you should be writing articles.

Also, would SandboxIE work in this situation? It’s free. I use it for my everyday internet use. I have a purchased copy, it wasn’t very expensive. Steve Gibson, of Security Now recommended it also.

Reply | Quote

Exactly what “greed” are we talking about? Microsoft gives away SteadyState for free and offers public libraries software for free with a small administrative fee from TechSoup. The Bill and Melinda Gates Foundation has been a huge financial supporter of the public libraries as well. Boy, I really wish people would get some facts before posting.
————————-

That’s a good question. Bill and Melinda may indeed love libraries. Unfortunately, due to the proprietary nature of MS products, and the anti-competitive strategies of the company, their gift of any MS product becomes an example of “Microsoft greed”, since those products are carefully designed to lock users in.

I don’t fault Microsoft. As a corporation it is simply doing what its charter tells it to do: Maximize shareholder value, regardless of the social costs i.e., be greedy.

So, if Bill and Melinda really love libraries and want to be generous, they could simply give them money, to spend as they wish.

For their part, librarians might want retire to the stacks for a few moments and re-read Virgil’s famous caution (in the Aeneid) about trusting Greeks, or should we say, Geeks, bearing gifts.

Reply | Quote

Exactly what “greed” are we talking about? Microsoft gives away SteadyState for free and offers public libraries software for free with a small administrative fee from TechSoup. The Bill and Melinda Gates Foundation has been a huge financial supporter of the public libraries as well. Boy, I really wish people would get some facts before posting.
————————-

So, if Bill and Melinda really love libraries and want to be generous, they could simply give them money, to spend as they wish.

I’m amazed by the lack of research before people post. The Bill and Melinda Gates Foundation does give money to libraries, both globally and within the United States, in the form of grants.

http://www.gatesfoundation.org/libraries/Pages/united-states-libraries.aspx#

““Being ignorant is not so much a shame, as being unwilling to learn.” ~Benjamin Franklin

Reply | Quote

As a former director of IT for a Library District I have found the products at Centurion Technologies (http://www.centuriontech.com/) to be very useful. I even recommend them for business users who have a second hard disk on which to keep all their data.

Reply | Quote

Some already eluded to it, but Microsoft already has several good virtualization products that will do the same and more. Utilizing their virtual desktop solution would be cost effective, easier to manage, and cheaper to maintain. With the right scripts and setup, one server could serve a number of desktops that reset immediately. If the library wanted, they could even create a base image and stream a differential setup allowing users to see the exact same desktop including anything they saved (though the storeage costs would likely prove prohibitive in many cases, even with quotas used). Moreover, using this method would, or at least could (depending on implimentation method), make upgrades painless by upgrading the base image once and that automatically would propogate to all desktops. Likewise, backups would be a breeze and any computer hardware issues would be completely isolated and no data would be lost. Killing SteadyState is not a bad idea, it just forces administrators to consider alternatives that are at least as effective.

And if costs are the only reason you care, then why are you using other Microsoft systems that you must buy? Linux systems have been free for decades now. Wouldn’t that be “cheaper”? The costs for the virtualization is likely already included in the cost of the server software, but if not, would, or at least should, pay for itself in the lower administrative costs.

Reply | Quote

A totally non issue imo,
Libraries will adapt with other up in coming freeware choices. It’s not like they’re gonna drop XP for 7 anytime soon.

Reply | Quote

One of our engineers provided me with the following contradictory information:

Steady State is not gone. This is just DeepFreez propaganda. It’s now built into Windows 7 and has been re-branded PC-Safeguard a feature that can be easily implemented through Group Policy in key areas.

Features of Windows 7 PC Safeguard

1. Prevents system setting changes
2. Prevents the installation of applications and other software
3. Prevents the user from writing to the disk outside of their user profile
4. Data saved inside of the user profile is deleted when the user logs off

http://www.blogsdna.com/2558/how-to-enable-disable-and-configure-windows-7-pc-safeguard.htm

Reply | Quote

One of our engineers provided me with the following contradictory information:

Steady State is not gone. This is just DeepFreez propaganda. It’s now built into Windows 7 and has been re-branded PC-Safeguard …

Your engineer is behind the curve. PC Safeguard was dropped from Windows 7 before release. Check it: http://www.google.com/search?q=Windows+7+PC+Safeguard

Reply | Quote

There’s a product that is becoming very popular in security circles – Returnil. It has free versions for home use and very inexpensive licensing (around $10 a license in bulk) for other uses. I have found Returnil far easier to use than Deep Freeze, lighter on system resources and overall an excellent application. It’s a set-it and forget-it application that restores to a perfect state on reboot.
http://www.returnilvirtualsystem.com/rvs-enterprise-classic

The point of my post is that there ARE options and some are either free or very inexpensive.

ON EDIT: If this helps any, I just noticed on their website that they ask for libraries to request their non-profits discount.

Reply | Quote

This column is below the usual high standards of Windows Secrets. The “logic” is flawed, and it is really nothing more than whining from those who want Microsoft to do their heavy lifting.

1- Who makes these decisions? It is library IT who may choose to implement Windows 7, not Microsoft. If the library IT insists on deploying Win7 without knowing how it will deal with the problems solved by SteadyState, it is they who put the library at risk.

2- There is no pressing reason to go to Win7. XP Pro SP3 will be supported for at least 2 more years, and most likely until 2014 or so.

3- There are alternatives, as discussed in other responses.

Reply | Quote

This column is below the usual high standards of Windows Secrets. The “logic” is flawed, and it is really nothing more than whining from those who want Microsoft to do their heavy lifting.

There might have been some merit to the rest of what you had to say, but the comment above (“whining from those who want Microsoft to do their heavy lifting”) overshadowed it. All I can say is that from my perspective, you’ve missed the point.

Windows SteadyState was a product that Microsoft introduced and marketed on their own initiative and it’s a product that a number of businesses and institutions in public access computing environment implemented, relied on and counted on continuing. Microsoft does itself no favors by pulling the plug on this sort of product, especially when there was not only no advance notice but when in fact the capabilities of SteadyState appeared to be on track for inclusion in the Win 7 OS itself (as evidenced by the presence of PC Safeguard cum Windows 7 Guest Mode in development releases.)

SteadyState is a product that I myself promoted and used as a tool to help sell MS products at various levels ranging from local government offices to internet cafes to home and family networks where kids had regular access to the PC.

It was a kick in the teeth for MS to just drop development of Steady State, but as with any number of MS initiatives from days gone by, it shouldn’t have been surprising. The difference in this case is that SteadyState actually worked very, very well and seemed to be a product that Microsoft was serious about. As long as MS keeps doing dumb things like this, they’ll continue to get bad press and continue on being viewed with some suspicion by both end users and IT pros.

The codebase to implement SteadtState on Win 7 is obviously largely already in place and complete even if it isn’t perfect. (Just check the aforementioned PC Safeguard/Guest Mode feature that was dropped from Win 7.) I still hope to see MS bring SteadyState back and have made that clear (along with my displeasure at seeing it effectively dropped) over at the MS forums. Repeatedly.

Anyway, the point here is that MS put out a product and talked a number of IT pros into using it. And then MS without warning pulled the rug out from under them,

Are there alternatives? Sure there are. But that is not the point. Just because you don’t agree with others that the loss of this tool is an issue doesn’t mean that their opinion it is a loss is “nothing more than whining from those who want Microsoft to do their heavy lifting.”

Reply | Quote

There might have been some merit to the rest of what you had to say, but the comment above (“whining from those who want Microsoft to do their heavy lifting”) overshadowed it. All I can say is that from my perspective, you’ve missed the point.
…

Are there alternatives? Sure there are. But that is not the point. Just because you don’t agree with others that the loss of this tool is an issue doesn’t mean that their opinion it is a loss is “nothing more than whining from those who want Microsoft to do their heavy lifting.”

My issue is as much with the tone of the article as with the substance. It was hyperbolic (“puts public libraries at risk”) and one-sided. It discounted alternatives to SteadyState, and ignored the possibility that IT might have made some bad choices here as well. It treats the subject as black and white when it is in fact quite grey.

I don’t know enough to say whether Microsoft is acting wisely here or not. And they have back-pedaled similar kinds of decisions a few times in the past. But rather than wailing and gnashing teeth, how about just telling Microsoft what is wanted and why their choice is bad.

Reply | Quote

I don’t think it is beyond their (MS) scope to rethink a potentially hasty decision, given enough vocal dissonance, [or whine].
It’s not like they have never recanted before [usually under pressure]. Perhaps deep in the bowels of Redmond, someone is
working on an alternative as we speek, but one hand didn’t know what the other is up to so they pulled their usual? Usual?

some light sarcasm

Reply | Quote

First, most public libraries are not upgrading to Windows 7, and they did not upgrade to Vista. It will be mid-2012 or later before most institutions upgrade.

Second, of the two public libraries where I use their computers, one uses DeepFreeze (offered at a discount to public institutions). The other got Symantec Enterprise at a steep discount, and continues to use it. Both use the Solid Oak Firewall for added filtering and protections. And the computers are locked down pretty tightly, to prevent accidental infections. The CD writers are even disabled, to prevent copyright violations.

Third, Microsoft has been known to end one free product or service, only to rework it and release it as a “new” product or service. I suspect that this is what the ultimate fate of Steady State will be.

As for public networks, I would be using my own laptop, as soon as I see a little price movement in the Core i5 laptops with Windows 7 preinstalled. When connecting to a network away from home, I would probably go with some sort of end to end encryption, such as TOR or Comodo Trust Connect. This means it wouldn’t matter what sort of keylogging is used, my data stream would be fully encrypted and kept away from prying eyes. BTW, under the Patriot Act, all public libraries must save certain types of session information, so there is a keylogger somewhere inside of every patron network in the USA. The same goes for airports.

-- rc primak

Reply | Quote

Why don’t you ask all Windows Secrets members to email Microsoft and ask that this be reinstated.
You could ask members to forward the email to anyone else they know who uses Microsoft email etc.
At the same time you might also ask them to ask MS to allow Outlook express as an option with Windows 7
Outlook is a bit complicated for us oldies

Reply | Quote

Why don’t you ask all Windows Secrets members to email Microsoft and ask that this be reinstated.
You could ask members to forward the email to anyone else they know who uses Microsoft email etc.
At the same time you might also ask them to ask MS to allow Outlook express as an option with Windows 7
Outlook is a bit complicated for us oldies

You mean, like the Infoworld.com “Save Windows XP” campaign? MS laughs up their sleeve at these “petitions”!

-- rc primak

Reply | Quote

Reading some of these replies shows, to my utter amazement, that some think M$ and Bill Gates are not greedy. I don’t know whether to think that’s funny or sad… or just ignorant, but it is appalling. Do you know how many competitors M$ has shut down simply because they had the money to do so? I’m not talking about inability to compete in the marketplace because of M$’s superior product or marketing. Do you know how many lawsuits M$ has been in because they thought their money would make them come out on top? Do you know how many of those cases they lost because the smaller companies weren’t intimidated by them? Do you know how many have folded because they knew they didn’t have the money to fight M$? Do you know how many companies had superior products and M$ simply bought them and shut them down? Do you remember the Justice Department’s lawsuit against M$? Did you know that M$ could have stayed in court with them for 50 years with no problem? Do you know the Justice Department dropped the case because of political reasons?

It shouldn’t take a great deal of homework to convince you that M$ isn’t heaven sent. I won’t take the time to list the many convincing and verifiable evidences for you as they can rather easily be found on the internet if you care to look for them. I always think it’s funny that people so often assume that because a business is “successful” then those in charge are ethical and people of integrity. It just ain’t so, and there is more than abundance evidence to demonstrate that.

On the other hand, it is definitely more pleasing and mentally beneficial to focus on good and not meditate on evil so perhaps you’d do better to go on pretending that Microsoft is just trying to make the world a better place and perhaps they’re just “belt-tightening” in not continuing with this publicly beneficial software. For my part, every time M$ ever gave anything away (and those times were few when one considers their deep pockets), I was surprised.

Just a couple of questions, though. Hundreds of billions of dollars in profit in no way even slightly suggests greed to you? Do you have any idea how much money that is?

I’m sorry this post is so negative. Praising good deeds is so much more edifying, but it’s hard to praise M$ when I’ve seen so many decisions made for greedy reasons.

It seems that with his foundation, Bill Gates is changing his ways and Warren Buffett has something to do with that. Unfortunately, that hasn’t changed the well established patterns of behavior throughout M$.

Reply | Quote

It seems that with his foundation, Bill Gates is changing his ways and Warren Buffett has something to do with that. Unfortunately, that hasn’t changed the well established patterns of behavior throughout M$.

“Changing his ways”? Bill and Melinda Gates setup the Foundation in December 1994. I guess he “[changed] his ways” almost 16 years ago. Warren Buffet didn’t pledge money to the Foundation until June 2006.

Once again, no facts to draw the proper conclusion.

If financially supporting global health and education and defeating poverty is what “greedy” billionaires do then I’m all for greed.

Reply | Quote

I agree with some of the posters that this article was misjudged. Instead of following Windows Secrets usual informative and unbiased articles, it gave a free platform for Ms Arar to hoist her petard with a one-sided attack at Microsoft. Profit is not a dirty word. Along with everyone else, MS has suffered during the recession and has to cut costs. It decided to stop developing a utility that it gave away for free. If it did this for Internet Explorer, Windows Media Player or a some of the other ‘free’ Windows utilities, I expect that same people knocking MS now will be shouting joy from the rooftops.

There seem to be several highly-biased classes of computer users:

Those that believe that Microsoft are the devil incarnate and that we should all use Linux
Those that blindly believe that Apple can make no bad and their computers never go wrong (just like Volvo owners)

Please get some perspective and remember “nothing in life is free”.

Terry

Reply | Quote

@Bob M:
Sorry for chiming in again, but please read what you write before you post it. You write literally “If financially supporting . . . poverty . . . is what “greedy” billionaires do then I’m all for greed.”.

I believe my omissions don’t change the meaning of your words at all; thus I have to agree, yes greed is likely one of many reasons for poverty

Am I the only one or this thread WAY OFF TOPIC?

Reply | Quote

Granted, Microsoft has a well-deserved reputation for business practices completely unfettered by ethics (or law), but saying that they are ‘putting public libraries at risk’ is a headline that I would more usually associate with Gizmodo… or Fox News. To be honest, I’m unaware of any libraries that have updated their public computers to Vista let alone W7, nor are intending to at any point in the near future. (Barring new computer purchases, of course) Heck, if you slap XPGnome onto a Linux distro like Ubuntu, then toss in IE4Linux and run MS Office/Works/etc. with Wine, you will have a secure, stable, easy-to-use system that will cover over 90% of the activities of a typical library kiosk. If you want to go even farther, you can use LTSP to use all of those old computers stacked in the back to run XP on Pentium 1’s! Haven’t heard of it before? Check out some success stories and see for yourself what can be done. Need more terminals/thin clients? Easy; just get something like this, this, or this, or simply put an ad in the paper asking for donations of old computers.

Going with LTSP just make sense for the bottom line: no license fees ever, no need to upgrade any hardware except the server, you can still run better than 90% of Windows software to boot, and one single command totally updates the operating system, drivers, and applications in one shot, while another will upgrade the OS itself to the latest version! What’s the catch? To save time and a lot of headaches, you should have a Linux guru on site to set it all up, then to remote in later to fix any problems, older hardware tends to use more power, and the library staff should learn some of the differences between Windows and Linux. That’s it. Really.

Thnik about it!
DeadlyDad

Reply | Quote

Granted, Microsoft has a well-deserved reputation for business practices completely unfettered by ethics (or law), but saying that they are ‘putting public libraries at risk’ is a headline that I would more usually associate with Gizmodo… or Fox News. To be honest, I’m unaware of any libraries that have updated their public computers to Vista let alone W7, nor are intending to at any point in the near future. (Barring new computer purchases, of course) Heck, if you slap XPGnome onto a Linux distro like Ubuntu, then toss in IE4Linux and run MS Office/Works/etc. with Wine, you will have a secure, stable, easy-to-use system that will cover over 90% of the activities of a typical library kiosk. If you want to go even farther, you can use LTSP to use all of those old computers stacked in the back to run XP on Pentium 1’s! Haven’t heard of it before? Check out some success stories and see for yourself what can be done. Need more terminals/thin clients? Easy; just get something like this, this, or this, or simply put an ad in the paper asking for donations of old computers.

Going with LTSP just make sense for the bottom line: no license fees ever, no need to upgrade any hardware except the server, you can still run better than 90% of Windows software to boot, and one single command totally updates the operating system, drivers, and applications in one shot, while another will upgrade the OS itself to the latest version! What’s the catch? To save time and a lot of headaches, you should have a Linux guru on site to set it all up, then to remote in later to fix any problems, older hardware tends to use more power, and the library staff should learn some of the differences between Windows and Linux. That’s it. Really.

Thnik about it!
DeadlyDad

I assure you, no public library has the budget to have a “Linux guru” on staff. And staff at my local library cannot figure out anything more technical than “reboot and place an Out of Order sign on the computer”. They simply cannot learn how to maintain Linux, let alone how to use WINE. And the Internet still won’t work with Linux. Too many sites simply do not allow access, including Yahoo and Microsoft’s sites. Just to name two.

What seems simple to you, is often totally incomprehensible to lifelong Windows addicts — er, users. No one needs the headaches of trying to maintain two operating systems on one network, especially when Linux is so poorly documented and tends to flake out for seemingly no reason whatsoever. And don’t get me started about networking, graphics cards and printers. Libraries have equipment which is sure to be unsupported by Linux. Most of the stuff is donated, and even under Windows, it is nearly impossible to keep everything up and running and connected. And Solid Oak does not run on Linux. Neither does Symantec Enterprise or DeepFreeze. All would have to be replaced.

And Linux for volume use is NOT free. Look at the Ubuntu licensing terms. For institutions there is a fee for the volume licensing which would be needed. Not to mention the need to have someone on staff who understands Linux for servers — again, with poor documentation and no on-call professional help from the vendors.

Open Source is NOT cost-free. It just costs nothing to download and install. The real cost of ownership only begins there.

If anyone were going to go the non-Windows route with older computers in a public network environment, they would probably go with Google OS when it comes out. No client-side maintenance, and so far, totally free to use. Only the initial computer purchase (if needed) costs anything or needs local administration. Think about that.

-- rc primak

Reply | Quote