Unlike a normal PC application, a kiosk application has to run unattended and reliably for extended periods of time, it will also be exposed to users who will try very hard to break into the OS and crash your application.
Generally speaking, the kiosk is vulnerable to two threats. The first is when it boots. The very brief time from when the autologon is executed but before KioWare Lite executes is an opportunity for a hacker to have access to the kiosk's desktop. It is very important to de-clutter the desktop and taskbar, and do everything possible to minimize the chance of a hacker stopping execution of KioWare Lite before it has a chance to load and execute. Using KioWare Lite as the Shell also mitigates this risk.
The second vulnerability presents itself by any action that causes a secondary process to kick off that may preempt KioWare Lite. The secondary process may be generated locally or externally to the kiosk, so it is a very good idea to disable all unnecessary services or processes that may interfere with your kiosk application. Using KioWare Lite Service helps to ensure that even if an external process kills KioWare Lite, the service will restart KioWare Lite.
The following is a list of best practices that address the issues of long term reliability and thwarting hackers:
- Make a special kiosk user account with limited permissions.
- Have the kiosk user run with a KioWare shell.
- Add backdoor administrator account.
- Set up recommended blocked keys.
- Prevent users from plugging in their own keyboard.
- Do not allow users to use a keyboard that has F8. F8 will access Windows safe mode when PC is booting.
- Make sure the system BIOS cannot be accessed. The best way to do this is to password protect it. The next best way is to use a keyboard that does not have the system BIOS key. The BIOS key could be F10, Del, Esc, and so on.
- From the BIOS, either disable all boot devices except the local hard drive, or make it the first boot device. This is important because the CD-Rom or USB ports are usually the first boot devices. If users can boot from their own device, they will be able to do ANYTHING they want.
- Set passwords to never expire.
- Set passwords to NOT require user to change password on next logon.
- Set Windows to not display error pop-up messages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\ErrorMode – set to 2 (0 will display all).
- Set Windows to not display pop-up messages during boot:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\NoPopUpsOnBoot – set to 1 (0 will display all).
- Set Autologon KioWare Lite (General Tab) so that the PC restarts without needing logon.
Note: If you are using the KioWare Lite shell there is no need to use Start on Boot because KioWare Lite is the shell.
- Disable ClickOnce.
These ONLY apply if you're not using / can't use the KioWare Lite shell:
Warning: If you are using Windows 7 or Vista the only secure option is using the KioWare shell as spoken of above. This is because Microsoft removed the ability to not keep the taskbar on top.
- Disable the Task Manager for the kiosk user.
- Set Start on Boot, so KioWare Lite automatically starts after PC restarts.
- Remove all unnecessary screen icons
- Remove all Task Bar items
- Task Bar Properties – uncheck ‘Always on Top'
- In Vista and Windows 7 you should disable AutoPlay so that a dialog will not show when someone plugs in a USB drive or Cd-Rom. To do so:
From the user account that will be running KioWare Lite
open the Control Panel.
View in Classic Mode (in Win 7 select "View by Small icons").
Uncheck "Use AutoPlay for all media and devices".
Make sure that all of the dropdowns are set to either "Choose a default" or "Take no action".
Also see Security Audit Tool.
Start on Boot and the KioWare Shell
One of the minor benefits of using the KioWare shell is that you will not need Start on Boot because KioWare is the shell, and therefore will always run when you log in as your kiosk user. When you log in as any other user (such as your admin), KioWare will not run, saving you time and effort.
It is highly recommended that you run KioWare in production as the shell because it eliminates MANY security problems that you would have otherwise. To list a few: taskbar showing, Start menu access, random popups from external applications... Simply put, always run a production kiosk in the KioWare shell.
Normally, we do not encourage the use of other applications when running KioWare Lite, however there are some situations where this is unavoidable, and can be safe to do. Normally it is safe to allow the use of the applications listed below as long as you are using a KioWare browsing access list that allows only sites that you trust and are not allowing users to run external files from devices such as removable thumb drives. Below are some common applications used on kiosks along with their known vulnerabilities and security measures you can take to protect your kiosk from attack.
- Adobe Acrobat Reader: Acrobat Reader opens one of the most common file formats on the Internet; PDF files. A known security flaw is that it can run executables, and is set up to allow this functionality by default. We highly suggest disabling this "feature". To do so, open the Adobe Reader application and go to
Preferences - Trust Manager.
Uncheck "Allow opening of non-PDF file attachments with external applications".
- Java: Java is very powerful and will enable users to run any Java application they can get to. It is best not to install Java on the kiosk.
- Microsoft Office (Word,Excel,Power Point): Office documents have the ability to run Macros and even embedded executables. The only known work around is to install software that will not allow foreign code to run on the kiosk, such as McAfee Solidifier.
- Anti-Virus Software: Beware of your anti-virus software. Most anti-virus software will show a dialog when a threat is detected and can expose parts of the system. This can happen when you click on a link in a web page that is a virus, even if you are blocking downloads in KioWare, because some virus software installs itself lower than the web browser.
- Windows Media Player: Even when embedded in the browser, WMP can stop the ability for the allow display sleep and power options features to work. To stop this interference, open WMP and go to Tools - Options and check Allow screen saver during playback.
- Uncheck Windows Tips screen
- Disable screen savers
- If possible, BIOS setup and set AC Power Recovery = On ; i.e., restart PC after power resumes
- Disable Telnet service
- Disable FTP service
- Disable Message service (can be done within KioWare Lite)
- Disable Networking: File & Print Services
- Disable Networking: Client for Microsoft Networks
- If using Dialup Networking, disable progress and phone number display while dialing