This isn't the most digital signage or kiosk-focused article that I've
written, but I think it's very important, especially given the amount
of traffic coming to this site from people using Internet Explorer in
Windows. Over the past several weeks, basically everybody on the Internet has been writing about an extremely severe security problem in Internet Explorer that can allow a virus or spyware program to take over your computer
with hardly any action on your part. All you would have to do is
surf to a website infected by the virus using IE in any version of
Windows.
The bug/virus/loophole is called Download.Ject,
and basically works like this: A website running Microsoft's IIS
gets infected by a virus, hacked, or otherwise compromised.
According to different news sources, a lot of big, famous sites got hit
by this (along with a lot of smaller, not-so-famous sites as
well). IIS is an attractive target because of its large installed
base and notoriously poor security history.
Once
the site is infected, anybody browsing with Internet Explorer is
subject to the bug, which uses ActiveX to transfer arbitrary data to
your computer, and then (presumably) execute it. I don't know
exactly what payloads have been used, but obviously things like
keystroke loggers and other spyware, spam email servers, viruses and
all sorts of other nasties are likely.
Microsoft has issued a
number of patches to (sort of) fix this problem, and recommend that you
turn your security settings up to "high." If you haven't done so
already, use windows update to update your system with the latest fixes.
Personally, I've stopped using IE altogether in favor of Mozilla. I use the Mozilla Suite for both web browsing and email, but if you're just in the market for a browser, I'd try Firefox.
It's very small, easy to install, will use all of your IE preferences
and bookmarks, and has other neat features like pop-up blocking and
tabbed windows. Oh, and it's free, so if you don't like it, you
can toss it with no guilt :) If you run into problems with some
sites that don't like Mozilla, you might also want to give Opera
a try. It's extremely fast and seems to work better in pages that
render poorly in Mozilla. Neither of these browsers is totally
free of security problems, but they have much better and more secure
underpinnings than IE, and since they represent a smaller user base,
they're a less interesting target for hackers.
Finally, if
you're running digital signage systems based on Windows, you should
seriously think about enabling Microsoft's automatic windows update
features, or use a patch management program
to make sure you can deliver new security updates remotely so that you
don't inadvertently create a network of zombie machines for malicious
coders to take advantage of. Because WireSpring's kiosk and digital signage software products
all use Linux, we have much lower risk of running into a problem like
this (for the time being, anyway), but we still actively patch as new
security warnings come about. I would suspect that if you're
using a Windows-based vendor they would do this as well, but you should
probably call and check.