If you have to manage public Internet access computers, you know that web browsers can be a source of regular headaches. Web browsers can open up security holes, allowing viruses and other malware to wreak havoc on your computer's operating system and supporting network. Poorly designed interfaces can cause frustration for users. Interfaces loaded with unnecessary functionality can distract users and allow them to make interface changes that will confuse other users and frustrate those who have to support the browser. In this environment, the web browser that can provide a secure and consistent interface is worth its weight in gold.
As someone who has had to secure web browsers in these environments, I've been searching for the perfect kiosk browser since Netscape 3. In the past couple of years, several strong contenders, K-Meleon and Public Web Browser, have emerged that allow one to provide a high-quality web browser to users without compromising the integrity of the browser or the underlying operating system. Still, I'm always looking for alternatives that can provide a safe and secure browsing experience with a minimum amount of hassle to setup and maintain.
One of the most important steps in creating a kiosk browser is deciding how secure the browser must be. In a true kiosk situation, you may not want to allow any changes to the browser interface or behavior. In other situations, you may want to allow a limited amount of functionality while still retaining control over interface elements. In any case, you'll want to think through the what interface elements and functions you do and do not want to allow. This will make the process of creating the kiosk browser much easier when we get down to the nitty-gritty of editing the code.
The goal of this tutorial is to create a very secure browser interface that has only very limited functionality. This browser would be well suited for locations like a library online catalog where a user is limited to a defined set of functions on a defined set of web sites. Another goal is to ensure that the user can not use the browser to access or interact with the underlying operating system. While this alone can not protect the operating system from the malicious or unintentional hacker, it does eliminate the browser as a potential source of trouble. In securing the browser, you'll see the range of features and functions that can be controlled. Adapt the changes that we make in the tutorial to suit the needs of your browser.
My latest contender for a kiosk browser is the Firebird browser from Mozilla. Firebird is a web browser-only program that is built on the Mozilla codebase. While similar in concept to programs like K-Meleon in Windows and Galeon in Linux, Firebird differs in three significant ways. First, Firebird utilizes the same cross-platform XUL interface language that Mozilla uses. By comparison, both K-Meleon and Galeon use operating system specific interface elements. Second, because Firebird uses XUL, it is cross-platform compatible. This means, in theory, that changes we make in Firebird should be supported in both Windows and Linux platforms. Finally, Firebird is directly supported by the Mozilla organization. Firebird also utilizes the latest code from Mozilla, at least in pre-1.0 releases.
When I first wrote this tutorial, even though the most recent Firebird (Phoenix) browser release was only version 0.5, I decided to experiment with turning Firebird (Phoenix) into a kiosk browser. I did this for several reasons. First, from what I understood about XUL, conceptually, it should have been very easy to customize the web browser interface exactly the way I wanted. Second, because I had not done much work with XUL, the effort to turn the Firebird (Phoenix) browser into a kiosk browser was an opportunity to work with and learn about XUL with a program that I could use in an environment I was familiar to me. Finally, Firebird (Phoenix) utilized the current Mozilla code, which adheres to most of the current web standards.
I was relatively pleased with the first draft of this tutorial. It had the level of detail that I thought was required to be able to turn Firebird (Phoenix) into a kiosk browser even if the reader had never done that level of coding before. I also heard back from a number of people who had followed the tutorial to create kiosk browsers. However, I didn't resolve all of the issues that I wanted to work out. Also, it's been about a year since I last updated the tutorial. I think was mainly because I didn't implement Firebird (Phoenix) in an environment where I would have to maintain it. Like my first effort at a Firebird (Phoenix) tutorial, we are using a pre 1.0 release and the browser and underlying code is subject to rapid changes that will require constant revisions to keep up with new releases.
Firebird is an ideal candidate for a kiosk browser. Because it only includes a web browser component, you don't have to waste time trying to disable unnecessary components like mail or web editing. Also, its interface has fewer numbers of elements that need to be secured. This combination allows us to create a more secure browser with less work as compared to alternatives like Netscape 7 and Mozilla.
Last updated: December 31, 2003
Created: November 30, 2002
If you are reading this, your browser probably doesn't support current HTML and CSS standards. While the site looks much better in a browser that supports web standards, you can still access all of the information that is here with any browser or Internet device.