Q

What is the best choice for an enterprise Web browser?

In this expert Q&A, Richard Brain reviews enterprise browser choices and the best ways to keep them secure once you make a decision.

When it comes to browsers, should an enterprise use a niche offering like Opera or Chrome, or should it stay with established competitors such as Internet Explorer? What are the security differences between the two types?

Your enterprise Web browser choice may be limited. Many providers of enterprise Web-based email, CRM portals or ERP corporate software state they can only provide product support when certain browsers are used. Their intent is to simplify and reduce development and support costs by reducing complexity. This means that enterprises typically have little choice but to use mainstream browsers.

When using mainstream browsers, enterprises can reduce the risk of attack by following some of these steps:

  • Ensure machines are automatically frequently patched.
  • Modify browser security settings on sites outside enterprise control. For instance, do not run ActiveX or JavaScript on external sites.
  • Restrict what the Web browser and user can do on the workstation so that it is difficult for malware to install itself. For instance, deny admin access, lock down typical malware registry access points and have a firewall running on your machines.
  • Use application-level, UTM-type firewalls or filtering applications, which check Web requests for viruses and only allow whitelisted websites to be visited. It's also important to have the latest antivirus/antispyware installed on workstations.
  • Use centralised security management, so that potential infections can be quickly identified with infected machines then quarantined by firewalls.

The main advantage of using "niche" browsers is security by obscurity. There is less kudos for the hacker in discovering vulnerabilities within "niche" products, and less financial gain for cybercriminals due to there being fewer users. However, it does not automatically follow that "niche" browsers are better written and more secure.

There is a further enterprise Web browser issue which is not referred to in the question, and that is of browser plug-in security.

Plug-ins like Flash or Silverlight themselves have published vulnerabilities. Using a less established browser with limited plug-in support will mean that certain websites are harder to access, and if the plug-in is supported, it is more likely to be outdated and possibly more dangerous than plug-ins used by the mainstream browsers.

Hence the advantage of the lower risk in using a more "niche" browser is normally cancelled out by the lack of plug-ins, or the plug-ins posing a security risk by not being so up to date.

This was last published in August 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Web application security

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

From my experience (some of it frustrating and painful) browser choices are often made by the apps or singular app that the organization uses. this is why I am still supporting IE8, IE9 and IE10, because organizations by necessity need these browsers, not because the company has a policy, but because an app they are dependent on requires that browser.
Cancel
I second Michael. Many tools require IE of old versions so it has to be installed. Frequency of updates also is a challenge when users don't have permissions to do so.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close