Sophos adds browser and virtualisation blocking features

With Sophos' new endpoint security technology, it's now possible to block unwanted Internet browsers and virtualisation platforms to control user access. Application signatures and benefits of limiting users to Internet Explorer are also touched on.

Looking at logs we found that people were using other browsers to get around the filtering system. When we introduced application control, we found them seeking out ever more esoteric browsers.
Nick Beagin
Administrator, Alleyn's School in London
Sophos Plc. has added several Internet browsers to the growing list of applications it aims to block through its endpoint security product. The change is in response to a survey of IT administrators that showed a strong desire to control the browsers users can access.

"I know people have browser preferences, and may like to use Firefox or Opera," said John Stringer, product manager at Sophos. "But we found that many administrators want to keep with one browser so they can keep it patched. And a lot want to stick with Internet Explorer (IE) because they get their updates from Microsoft."

The Abingdon-based security company has added the feature by using its existing facility for creating virus signatures. To block an application, it creates a signature that can be recognised when someone attempts to run the application on the network.

"Some vendors take a different approach to blocking applications, such as application whitelisting, or using checksums of applications they want to block," said Stringer. "The downside of that is that whenever a new release of the application appears, you need to keep your checksum up to date."

Stringer said Sophos would keep application signatures up to date, as it does with virus signatures, and was planning to add between 10 and 15 new signatures every month to its list of applications that users might want to block.

The efforts will not be confined to browsers. Sophos has also added a number of virtualisation platforms which could pose potential security problems. Stringer explained: "It is easy for a user to bring in VMWare Player, Virtual PC or Citrix Xen on a USB stick and run their own environment. There are a lot of free virtualisation tools that you can download which let you run a completely separate image within the corporate environment. Administrators would know nothing about it -- the user could be running a private business and no one would be the wiser."

One early user of Sophos's new features is Nick Beagin, an administrator at Alleyn's School in London, which has 1100 pupils and 150 staff.

Beagin said it was essential to confine users to Internet Explorer because it gives him much greater control over what they are doing. "Using IE 7 as our chosen platform, we can apply group policy under ActiveDirectory, and we can have complete control over every detail such as buttons, favourites, and so on. If they are using Firefox or Opera, we can't control it."

Working with bright kids, many of whom are capable of writing their own browsers, Beagin said it had been difficult tying users down to Internet Explorer. "Looking at logs we found that people were using other browsers to get around the filtering system," he said. "When we introduced application control, we found them seeking out ever more esoteric browsers such as Flock, Green Browser or Maxthon, but we've asked Sophos to add them to the list too, which they've done."

In May, Sophos surveyed 304 administrators about the importance of being able to block unauthorized or out-of-date versions of approved Web browsers, and 70% agreed that it was either important or essential.

Read more on Web application security