When using mainstream browsers, enterprises can reduce the risk of attack by following some of these steps:
- Ensure machines are automatically frequently patched.
- Modify browser security settings on sites outside enterprise control. For instance, do not run ActiveX or JavaScript on external sites.
- Restrict what the Web browser and user can do on the workstation so that it is difficult for malware to install itself. For instance, deny admin access, lock down typical malware registry access points and have a firewall running on your machines.
- Use application-level, UTM-type firewalls or filtering applications, which check Web requests for viruses and only allow whitelisted websites to be visited. It's also important to have the latest antivirus/antispyware installed on workstations.
- Use centralised security management, so that potential infections can be quickly identified with infected machines then quarantined by firewalls.
There is a further enterprise Web browser issue which is not referred to in the question, and that is of browser plug-in security.
Plug-ins like Flash or Silverlight themselves have published vulnerabilities. Using a less established browser with limited plug-in support will mean that certain websites are harder to access, and if the plug-in is supported, it is more likely to be outdated and possibly more dangerous than plug-ins used by the mainstream browsers.
Hence the advantage of the lower risk in using a more "niche" browser is normally cancelled out by the lack of plug-ins, or the plug-ins posing a security risk by not being so up to date.
This was first published in August 2009