Two-browser strategy and other options
It has now become standard practice to regularly, and best of all automatically, download security updates of operating systems and applications. Nevertheless, 0-day vulnerabilities frequently do occur, i.e. vulnerabilities for which no security update exists. Almost every day, vulnerabilities of this sort surface in a wide range of applications. Internet browsers are likewise not immune to them. Depending on the seriousness of the known vulnerability, it may make sense to switch to a different browser, at least temporarily, until the vulnerability has been resolved by the manufacturer.
What is trivial for the private domain can lead to serious problems in the business world. Unlike in the case of private computers, it is not always that simple to switch to an alternative browser in the case of business computers - for instance if no two-browser strategy has been implemented. This is often the case, so that the responsible ICT division only has to maintain a single browser.
If a serious vulnerability occurs, private or even confidential data may be at risk. It therefore makes sense, both at home and in the business world, to prepare for an emergency, in order to switch to an alternative browser as quickly as possible.
The following possibilities are conceivable in the business world. The list is not exhaustive:
- Comprehensive installation of two browsers on all workstations
All workstations in a given company are supplied with at least two browsers. In an emergency, the employees can be instructed to no longer use the affected browser until informed otherwise. This may also be steered using the proxy by denying Internet access to the affected browser. This solution is relatively cost-intensive, however, since several browsers have to be maintained and it is not always clear for the user which browser can be used when.
- Selective installation of at least two browsers
Workstations that absolutely have to access the Internet are supplied with several browsers. If one of the browsers is affected by a vulnerability, Internet access can be denied. Access to the Internet is then only possible with an alternative browser. This solution has the serious disadvantage that, in the event of an emergency, part of the staff temporarily has no access to the Internet. Even though this may not have a major impact on work, the affected users may feel patronised or disadvantaged.
- White list
All divisions of a company notify their ICT division of those URLs that must be accessible even in the event of an emergency. These URLs are then entered on a « white list ». If a vulnerability occurs, all URLs are blocked that are not included on the white list. With this measure, alternative browsers can be dispensed with. The risk of damage is minimised, since only specific URLs are reachable. Nevertheless, a certain risk persists. It must be possible to install security updates quickly, so that the temporary blocking of URLs not on the white list can be lifted as soon as possible.