Photo Kiosks Infecting Customers' USB Devices
The Risky Biz blog brings news that Big W, a subsidiary of Woolworths, has Windows-based Fuji photo kiosks in at least some of its stores that don't run antivirus software, and are therefore spreading infections, such as Trojan-Poison-36, via customers' USB storage devices. Here is the account of the original reporter. "It's not just the lack of AV that's the problem... it appears there's been zero thought put into the problem of malware spreading via these kiosks. Why not just treat customers' USB devices as read-only? Why allow the kiosks to write to them at all? It would be interesting to find out which company — Fuji, Big W, or even some other third party — is responsible for the maintenance of the machines. It would also be interesting to find out if there are any liability issues here for Big W in light of its boneheaded lack of security planning."
For things like Kiosks, there really is no excuse for not running Linux. The software is free and even if you were to pay to license certain things (say, video codecs) you would still come out ahead as in Windows you'd theoretically be paying the same things. The same amount of work should go into making a stable kiosk under Windows as under Linux... but then again, perhaps they didn't put in enough work under Windows which is why this story came out in the first place... nevermind.