Controlling Plug-Ins in Your Internet Browser
One of the key features of today’s browsers is the ability to plug-in 3rd party code to add additional capabilities to the browsing experience but as these add-ins add additional capability they can also introduce new security and integrity risks. In this post we will look at approaches to protect our browser environments from plug-ins.
December 19, 2011
I remember when the Internet was static HTM pages that had links to GIF or JPG files. The web browser just downloaded these files using HTTP and then rendered them. Needs grew and technologies evolved to move from a static web experience to a rich, dynamic environment using technologies like JavaScript, ASP.NET, HTML5, Silverlight and Flash to name but a few. Our web browser today can run full web-based applications and many sites today leverage plug-ins/add-ons which are additions to the web browser to add an additional capability which is utilized by a website or adds some functionality to the overall web browsing experience.
While these additions often have benefits they can cause numerous challenges. One common problem is the browser slowing down to start and render pages. This can be caused by additions initializing or running some action every time a web site is opened such as scanning the content of the page for information it wants to act on. The good news is web browser vendors are now acknowledging and adding features to manage the plug-ins and even auto-disable if needed. In Internet Explorer 9, for example, we can select Manage Add-ons and all of the Add-ons installed are shown along with the amount of time they take to load and their impact on navigation. If you find an addition that shows long times you can disable it.
Slowdown is bad for the browsing experience but there are far greater problems. The Add-ons we see that are becoming more prevalent have powerful capabilities that can perform functions on the operating system which could be steal data from users machines, perform malware type activities or even enable the installation of other applications on the users machine which then have free reign to cause maximum damage.
For organizations to maintain good protection for their operating systems it is very important to control the add-ons for internet browsers. To control the add-ons it’s important to standardize on a web browser which can then be the focus of our control. It’s no use investing heavily in defining supported additions for Internet Explorer and blocking other add-ons if users just fire up Firefox and run what they like! Standardize on a browser and block others using the standard software restriction technologies like the application whitelisting.
Once the browser has been selected research the methods that are available for that browser to control additions that are allowed and how to block others. For Internet Explorer, Group Policy has a lot of settings, the major ones I describe below:
·Windows ComponentsInternet ExplorerInternet Control PanelAdvanced PageAllow third-party browser extensions. Allows any third-party browser extension to be blocked
·Windows ComponentsInternet ExplorerSecurity FeaturesAdd-on Management
Numerous settings including a list of allowed Add-ons (essentially whitelisting for add-ons), options to block any Add-on not in the allowed list. There are also settings to add additional processes which should adhere to the add-on list
As we look at providing users a secure operating environment we have to give the web browser a lot of respect due to the extensibility of the modern web platform which can be a gateway for malware and unauthorized programs to get onto our systems. By standardizing on a single web browser in the organization, blocking other web browsers and then focusing attention on the additions supported for our corporate browser we can enable users to have a rich web experience but stopping the undesirable add-ons.
About the Author
You May Also Like