Web browser security is an important part of any IT security plan. While the market has some strong browser contenders from Google and Mozilla, experts suggest that the newest version of Internet Explorer may be the best bet for smaller organizations.
New features and updates in IE8 take Web browser security up a notch over some of the competition. Tack on the widely publicized corporate attacks stemming from vulnerabilities in IE6 and targeting companies such as Adobe Systems Inc. and Google Inc., and it comes as no surprise that IE8 recently surpassed earlier versions of Internet Explorer as the most popular Web browser in the world.
According to security experts, IE6 has many flaws and compatibility issues that make it significantly more vulnerable to attacks than IE7 or IE8. Recently, hackers exploited a new Internet Explorer zero-day flaw -- breaching network security and comprising intellectual property and data. Although attacks of this nature are not new, they stand as a reminder that companies should take an in-depth approach to security and not just rely on a specific security technology. Still, part of that overall security approach should be an upgrade from IE6, experts said.
Microsoft has added some features to IE8 that not only provide a higher level of protection, but also ease some of the administrative burden on IT. The SmartScreen Filter, for example, blocks sites that are identified as malicious and provides warnings when someone attempts to download a file from a suspicious or malicious website. That could be helpful for small and medium-sized businesses without dedicated IT or information security professionals.
And while IE is a popular target for attacks, other well-known Web browsers have also had their share of vulnerabilities recently. Popular browsers Mozilla Firefox (with 44 vulnerabilities reported in 2009) and Apple Safari (with six vulnerabilities) made an annual list of highly used, high-risk software in 2009, despite vendor efforts to improve security patching times and deployments. Part of the problem, according to some experts, is that some user interaction is necessary to deploy Web browser security updates -- and IT is usually kept out of the process. Some browsers, such as Google's Chrome, automatically update to reduce user disruption and patch deployment times. This feature minimizes the length of time that users run unpatched versions of the browser, thus reducing vulnerabilities. Internet Explorer, on the other hand, can be centrally updated by IT administrators.
How do you manage Web browser security? Email firstname.lastname@example.org.
This was first published in February 2010