This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."
Download it now to read this article plus other related content.
No security features are worth much in a corporate environment if managers can't configure and control them globally. In addition to superior security features, IE 7.0 really stands out in its ability to manage configurations across the enterprise.
|BROWSER SECURITY FEATURES|
While there's still no browser-embedded capability to centrally create browser configurations based on specific users or computers, you can create different browser configurations either through your AD implementation or enterprise disk imaging program.
AD is the better choice, since nearly all configuration controls--mostly registry settings--can be captured in a .INI file. The file can be distributed via SMS or commercial product, as opposed to an entire disk image every time you want to introduce new configuration settings or create specialized disk images for select groups. Further, because IE was designed to work with AD, you can control all of its more robust configuration options through this mechanism; the only way to manage all of the other browsers' more limited feature sets is through disk images.
The Vulnerability Caveat
Microsoft's track record on vulnerabilities hardly inspires confidence. The U.S. Department of Defense's NIST National Vulnerability Database lists 152 reported IE vulnerabilities in the last three years alone. Keeping up with patches and configuration controls, and the nagging anxiety about the next critical hole is the stuff of nightmares for security managers.
The assertion that Firefox is inherently more secure because it will have fewer vulnerabilities is open to debate. Since its release, 102 vulnerabilities have been reported, according to NIST. (Version 1.0 was announced in November 2004, though pre-1.0 betas were generally available for download and scrutiny.) Netscape had just 39 reported vulnerabilities in the last three years.
Numbers can be deceptive, though. IE is a mature product, so the continued discovery of large numbers of vulnerabilities is a real concern. On the other hand, it can be argued that the plethora of Firefox vulnerabilities is just an initial spike, typical of new applications.
This was first published in January 2006