Are USB drives a security risk?

Michael Sauers has posted a summary of some of the interesting discussion happening on web4lib. The upshot? Michael’s opinion “[T]here’s no security risk from USB drives that can’t be solved in ways that won’t also hurt the other 99% of your patrons.” He offers two pieces of advice to make risks lower still: 1) alter the BIOS of the computer to disallow booting from USB drives and password protect it and 2) use Deep Freeze or some other software that will return your computer to it’s default settings on reboot (good for many other reasons). See? Problem solved. How about letting patrons use their USB drives now?