I work in a photo-shop, and most photo-kiosk machines don't work like that. They're simply windows-boxes with software running *on top* of it. So if windows auto-runs it, you're already too late depending on the exploit used.
Of course, they could be linux-boxen, but the chain I work at really can't afford to train the minimum-wage personel how to use linux properly, as they have trouble enough using windows. Also, we use various software (one to run the passportphoto-camera for example) and some of those programs are available only on windows.
We do have AV however after earlier viruses really messed up productivity, but we can't afford to have internet at every store as margins in photography have become really slim since the introduction of digital photography.