What is the best choice for an enterprise Web browser?

In this expert Q&A, Richard Brain reviews enterprise browser choices and the best ways to keep them secure once you make a decision.

When it comes to browsers, should an enterprise use a niche offering like Opera or Chrome, or should it stay with established competitors such as Internet Explorer? What are the security differences between the two types?

Your enterprise Web browser choice may be limited. Many providers of enterprise Web-based email, CRM portals or ERP corporate software state they can only provide product support when certain browsers are used. Their intent is to simplify and reduce development and support costs by reducing complexity. This means that enterprises typically have little choice but to use mainstream browsers.

When using mainstream browsers, enterprises can reduce the risk of attack by following some of these steps:

  • Ensure machines are automatically frequently patched.
  • Modify browser security settings on sites outside enterprise control. For instance, do not run ActiveX or JavaScript on external sites.
  • Restrict what the Web browser and user can do on the workstation so that it is difficult for malware to install itself. For instance, deny admin access, lock down typical malware registry access points and have a firewall running on your machines.
  • Use application-level, UTM-type firewalls or filtering applications, which check Web requests for viruses and only allow whitelisted websites to be visited. It's also important to have the latest antivirus/antispyware installed on workstations.
  • Use centralised security management, so that potential infections can be quickly identified with infected machines then quarantined by firewalls.

The main advantage of using "niche" browsers is security by obscurity. There is less kudos for the hacker in discovering vulnerabilities within "niche" products, and less financial gain for cybercriminals due to there being fewer users. However, it does not automatically follow that "niche" browsers are better written and more secure.

There is a further enterprise Web browser issue which is not referred to in the question, and that is of browser plug-in security.

Plug-ins like Flash or Silverlight themselves have published vulnerabilities. Using a less established browser with limited plug-in support will mean that certain websites are harder to access, and if the plug-in is supported, it is more likely to be outdated and possibly more dangerous than plug-ins used by the mainstream browsers.

Hence the advantage of the lower risk in using a more "niche" browser is normally cancelled out by the lack of plug-ins, or the plug-ins posing a security risk by not being so up to date.

Read more on Web application security