Recent security holes with Oracle’s Java and Microsoft Internet Explorer have underscored the need for two web browsers (or two different computers) to separate your business processes while surfing the Internet.This isn’t the first time we’ve proposed something similar, as we’ve been long-time proponents of separating work PCs from personal use PCs. While this seems tough to justify for small businesses, who don’t want to deal with the expense of a second computer, with the advent of iPads and other portable tablets, most non-business activities, like surfing the web and checking email, can be accomplished with a cheap secondary device.
Fortunately, this solution is even cheaper, as there is no up-front cost, but first, the problem we’re addressing.
In August, Oracle’s Java was found to have a critical zero-day vulnerability which could allow a remote attacker to compromise any PC that ran its code. The only fix for some time was to disable Java, or avoid surfing the Internet. While this may be more practical than you’d think, after some consideration, this is not always the case. Another mitigation step was to disable Java within the web browser. Most of our clients do not require Java support in their browsers, so it can be disabled. You can still run Java apps, just not from a browser.
Then, last week, Microsoft’s Internet Explorer itself was found to have a critical zero-day vulnerability. Again, for some time, the only fix was “don’t use Internet Explorer.” To many people, that is synonymous with “don’t use the Internet,” but this need not be the case. There are several alternative web browsers to Internet Explorer. Having a second browser to use for general web surfing, and another used for business, is not an uncommon practice. It does require a little training for end users, e.g., double-click this icon to get to your online banking app, and this icon to get to everything else. The most popular (non-IE) browsers are Google Chrome and Mozilla Firefox, and there is no harm in having multiple browsers installed on your system, but you do need to keep them updated. Both can be configured to work in an enterprise setting, meaning they can be controlled, locked down, updated, and secured in a similar manner to Internet Explorer. While this does require extra effort on the part of IT, or end users, when they are allowed to manage their own software deployments, it gives you added protection and an alternative when IE is under a known attack.
Note that this is not a panacea, as Chrome and Firefox have had their own share of vulnerabilities and attacks, but it does mean that you at least have a somewhat more secure alternative when faced with a critical, unpatched vulnerability in your main browser.
Check with your IT staff before you go casually installing a new browser on your system, and see if it makes sense for you. Then, take comfort in knowing you have a way to get your work done, even if IE is under attack.