Secure Browser For Public Kiosk

By | May 18, 2024
secure browser

Secure Browser

Secure browser lockdown software has a long history, with numerous articles discussing assigned access and the challenges that arise when attempting to implement it using standard Windows tools. Unfortunately, these DIY approaches rarely yield successful results and often need to be redone with each new iteration of Windows.

Introduction to Secure Browser

Windows XP was the first commercially used version of Windows, and it still operates on many ATMs and, I suspect, some airline kiosks. Furthermore, most credit card readers today are not encrypted, which raises security concerns. Many people attempt to create their own lockdown solutions because they believe it’s cost-effective or because they feel they have the necessary resources.

However, our advice is to educate yourself on the challenges and lessons learned from industrial-strength, secure software developed over the last ten or so generations before embarking on your own project.

While it may seem less than tactful, the fact is that most attempts to cut costs often end up being much more expensive in the long run.  Nobody wants to spend an exorbitant amount of money unnecessarily.  It’s just a matter of calculating the probability of that happening based on a decision. Investing in professional solutions may seem costly upfront, but it’s a cost-effective decision in the long run.

  • Secure Browser – Kiosk Mode Recommended
  • Sitekiosk – Android and Windows lockdown, remote management and CMS for digital signage
  • Windows, Android and Linux versions

What is Kiosk Mode?

Locking down your computer so that it performs only the intended functions is typically achieved through kiosk lockdown software. The IT department might initially try to tweak settings in the Windows operating system. However, this approach rarely succeeds, especially if thebrilliant guywho implemented it is no longer available.

The “kiosk mode” solution includes features like Chrome Kiosk Mode andAssigned Accessin Windows 8.1. However, these options are seldom used in major unattended self-service deployments for good reasons. If you only have a few units in the lobby and a dedicated IT person, then kiosk mode might work for your needs. 

It is generally more effective to use a well-established lockdown solution that is supported and does not rely on any one individual for maintenance and troubleshooting. Examples include: Locking down your computer so that it performs only the functions it is intended to is typically achieved through kiosk lockdown software. Often, the IT department might initially try to tweak settings in the Windows operating system. However, this approach rarely succeeds, especially if thereally smart guywho implemented it is no longer available.

Examples include:

 Windows Lockdown Software: Ensuring Security and Privacy.

Windows Kiosk Mode

Windows 8 introduced a new feature that has effectively been dubbed “Kiosk Mode” due to it’s ability to lock down Windows to a single application that the user can run.  This kiosk mode option can be useful for a surface level of security, but does not provide the level of security needed for self service or public access computers.

Personal data is at risk as is browser history, passwords, and other private information. The integrity of the computer is also at risk, as any downloads and uploads provide access to the local file system and expose the computer to malicious files or intent.

For true protection, restrictions and security, it is recommended that kiosk software be utilized. KioWare has multiple options (from KioWare Lite to KioWare Full with Server) that will allow more control and provide true security to protect both the device and the user.  Read the full article about Windows Kiosk Mode limitations and capabilities by downloading the pdf.  Kiosk Mode Limitations

Related Articles

What is “Kiosk mode”?

Secure Browser Kiosk Mode

Generally, kiosk mode is usually meant to refer to a particular “mode” that most browsers offer.  “Kiosk Mode” is offered by browser applications (Internet Explorer, Chrome, Firefox etc) to run the application full screen without any browser user interface such as toolbars and menus.  The intent of most people setting up “kiosk mode” is to prevent the user from running anything other than the browser based content in the full screen browser window.

What kind of security does a browser’s Kiosk Mode offer and is it a viable solution for users?  If “Kiosk mode” is meant to create a “Kiosk like environment”, the kiosk mode option on your browser is likely insufficient.

Kiosks tend to be deployed in a self-service environment, which means the user is not formally associated with the kiosk. In short, the user doesn’t own the kiosk and isn’t responsible for its proper functioning. The user just wants the kiosk to provide a defined service. This can cause a problem for Kiosk Mode browsers because of the following situations not handled by Kiosk Mode browsers.

Session Management – User Data Security

For most applications, a self-service or public access kiosk needs to clean itself of the current user’s data when the user leaves.  How does the kiosk know a user has left?  The simplest solution is an inactivity timer, but that can be a problem if the kiosk has a queue of users, and the next user steps up and begins using the kiosk before the inactivity timer runs out.  In this case, a proximity switch or security mat is required.  Regardless, when a user’s session is finished the kiosk needs to delete all record of the user.  This means clearing cache, user session data and potentially the print queue.

It is also important for the kiosk to reset to the start page of the application when a user session has ended.  There is nothing more confusing to the next user to see the kiosk at screen #20 of the application.

Full Keyboard Blocking

Sometimes, the kiosk deployment uses the standard computer keyboard.  The standard keyboard has a long list of keys that a user should not be able to use.  In a Windows environment, the key combination of Ctrl-Alt-Del can create havoc to a device in a browser kiosk mode state.  In Windows, a sophisticated kiosk owner can change Group Policies to minimize the Ctrl-Alt-Del hazard, but the list of individual keys and key combinations which need to be blocked is extensive. The main issue with Group Policies is that they aren’t intuitive.  Group Policies are difficult to setup properly initially, and can be inadvertently and quickly undone by a future kiosk programmer/staff member.

Application Restart, Memory Management

Kiosks tend to run unattended for long periods, and many browser based applications are designed to be run once and then be closed (ex, internet websites).  This means that the application can continue to grab a larger chunk of memory with each run.  This is particularly an issue for a kiosk that runs the application repeatedly.  At some point enough memory has been used that the operating system starts to suffer and the kiosk stops functioning properly.  The kiosk needs to be smart enough to monitor its own health and when necessary restart the application or even restart the kiosk.  Browser-based Kiosk modes do not address this need.

Custom Toolbars

By definition Kiosk Mode removes all of the browser’s toolbars and menus. As such, the application needs to have navigation built-in or a navigation toolbar needs to be displayed.  Forward, Back and Home buttons are a minimum requirement with perhaps a print button and scroll buttons as necessary.

Printers and Other External Devices

For security reasons, it is critical not to show the normal OS print dialog when a user requests a print. Even more critically, for internet content that may have embedded print buttons, the device must properly handle inadvertent print button selection when the kiosk has no printer. Otherwise, OS dialogs will be displayed, which can be both confusing to the user and a serious security risk.

Internet Content, Domain “Allow” Lists

Often a kiosk provides access to a specific website or websites, and it is critical to keep the user on that specific website or websites, or even certain selected pages of that website/websites.  In addition, certain allowed website domains/pages may have links to download files.  These files can be confusing and distracting at best and serious security issues at worst.  As such, file downloading action needs to be blocked.  In addition, there may be links to enable the user to send an email using HTML’s [MailTo] tags.  Clicking this button will attempt to open an email tool which a) likely isn’t installed and will error out (again confusing to the user, potential security issue) or b) if an email tool happens to be installed, then this could almost certainly cause a huge security risk.  The kiosk needs to prevent [MailTo] tags from being clicked.


Windows, in particular, has a bad habit of popping up dialog windows, taskbars, charms bars, etc., for a variety of reasons completely unrelated to the application. These items are, at minimum, confusing to a kiosk user and serve as a potential security threat. The kiosk needs to prevent these items from being displayed to the user.

It is clear that for a majority of self-service applications, browser Kiosk Mode options have limitations that prevent it from being a viable solution.  Moving to a kiosk software solution will provide you with the security that you need.  Using kiosk software solutions, you won’t inadvertently leave open a serious security hole or confusing user experience.   The user experience will benefit while keeping user and company data secure.

Linux-based systems, which Linux geeks will always tell you are much easier to set up and have fewer issues.  Here are a few pre-packaged systems to look at:

One that is cross-platform browser based:

Editor Picks Kiosk Lockdown articles

More Kiosk Lockdown Software aka Kiosk Mode information

Author: Staff Writer

Craig Keefner -- With over 40 years in the industry and technology, Craig is widely considered to be an expert in the field. Major early career kiosk projects include Verizon Bill Pay kiosk and hundreds of others. Craig helped start kioskmarketplace and formed the KMA. Note the point of view here is not necessarily the stance of the Kiosk Association or