Home > Ask the Information Security Experts > Secure software development and application/platform security Questions & Answers > What is the best choice for an enterprise Web browser?
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

What is the best choice for an enterprise Web browser?

Richard Brain EXPERT RESPONSE FROM: Richard Brain

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Enterprise IT tips and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 08 July 2009
When it comes to browsers, should an enterprise use a niche offering like Opera or Chrome, or should it stay with established competitors such as Internet Explorer? What are the security differences between the two types?

>
Your enterprise Web browser choice may be limited. Many providers of enterprise Web-based email, CRM portals or ERP corporate software state they can only provide product support when certain browsers are used. Their intent is to simplify and reduce development and support costs by reducing complexity. This means that enterprises typically have little choice but to use mainstream browsers.

When using mainstream browsers, enterprises can reduce the risk of attack by following some of these steps:

  • Ensure machines are automatically frequently patched.
  • Modify browser security settings on sites outside enterprise control. For instance, do not run ActiveX or JavaScript on external sites.
  • Restrict what the Web browser and user can do on the workstation so that it is difficult for malware to install itself. For instance, deny admin access, lock down typical malware registry access points and have a firewall running on your machines.
  • Use application-level, UTM-type firewalls or filtering applications, which check Web requests for viruses and only allow whitelisted websites to be visited. It's also important to have the latest antivirus/antispyware installed on workstations.
  • Use centralised security management, so that potential infections can be quickly identified with infected machines then quarantined by firewalls.
The main advantage of using "niche" browsers is security by obscurity. There is less kudos for the hacker in discovering vulnerabilities within "niche" products, and less financial gain for cybercriminals due to there being fewer users. However, it does not automatically follow that "niche" browsers are better written and more secure.

There is a further enterprise Web browser issue which is not referred to in the question, and that is of browser plug-in security.

Plug-ins like Flash or Silverlight themselves have published vulnerabilities. Using a less established browser with limited plug-in support will mean that certain websites are harder to access, and if the plug-in is supported, it is more likely to be outdated and possibly more dangerous than plug-ins used by the mainstream browsers.

Hence the advantage of the lower risk in using a more "niche" browser is normally cancelled out by the lack of plug-ins, or the plug-ins posing a security risk by not being so up to date.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Secure software development and application/platform security
Pwn2Own results: The most secure Internet browser for enterprises
Google cloud applications: Secure enough for the enterprise?
Windows 2003 DNS configuration tips
How to protect a laptop from spam, viruses
How to detect and remove Sinowal and repair a master boot record
How does search engine malware spread?
How effective are password hack tools?
How do attackers use Google to hack?
Why can Google block virus-infected websites; how do you stop a ban?
Should a worm patch or push security updates?

Web Application Security
Social networking: Workplace productivity, security no match for Facebook
Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
Survey: Web 2.0 security issues cause concern
Twitter settles with FTC over security issues, careless policies
Report: Google to phase out Windows, cites security issues
New tool enables botnet command and control via Twitter
Pwn2Own results: The most secure Internet browser for enterprises
Google cloud applications: Secure enough for the enterprise?
Symantec Internet threat report highlights botnet, malware trends
Researchers aim to smarten Web application security scanners

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary







Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Access Management: Authentication, Biometrics, Password Security
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008 - 2010, TechTarget | Terms of Use | Read our Privacy Policy 		  TechTarget