One countermeasure would be to run a hardware-based solution that is a non-writable, read-only file system and web browser, such as a "secure hardware browser".
The second port, the video port, is typically read-only and is dedicated to providing a high throughput, serialized data channel for the graphics chipset.