A browser security tool intended for Dell Inc.’s systems management and end-point security appliance product is now being offered for free.
Dell KACE Secure Browser, which can optionally be integrated with Dell’s KACE K1000 systems management appliance, has the ability to isolate all browser activities and contain them in a “sandbox” and later allow the administrator to reset to compromised system back to its “clean” state with a single click of a button. The tool is available for Firefox now and an Internet Explorer version will be coming soon.
A sandbox is a security mechanism that separates active programs. It is typically used to execute untested code and questionable programs that come from unverified users and third parties.
Related stories
How to choose the best and most secure Web browser
Bug off — security fixes to head off browser attacks
How to do a super-clean malware scan
The move to offer Secure Browser as a free download was originally meant to entice businesses into trying out Dell’s KACE 1000 and the company’s KACE 2000 deployment appliance which are targeted at mid-sized businesses. But, Rob Meinhardt, president of Dell KACE, said the decision also provides an excellent opportunity for budget constrained smaller businesses to “dip their toes into enhanced browser security.”
“Any business using a browser can avail of this free protection. They don’t need to have a KACE appliance,” he said. Download Secure Browser here.
With growing number of malware attacks targeting browsers, virtually no business is safe from malicious browser extensions, said Meinhardt. Traditional tools such as anti-virus software are often ineffective against constantly evolving threats, he added.
Preventing workers from using the browser is the method that can cut the risk by 100 per cent, but this strategy will be of little use as many businesses have become dependent on the Web.
“Limiting browser use to specific sites and making sure that whatever browser activity taking place is not affecting the whole system limits the exposure to attacks,” says the Dell KACE executive.
Isolation solution
The Secure Browser tool helps users in four key areas, according to Bob Kelly, Dell KACE senior product manager:
Containment – browser activity isolation
Clean state reset – returning system to a clean default state
Control – limit Web site activity and processes
Management – capable of central deployment and administration through integration with KACE K1000
“Secure Browser sandboxes all browser activities through the use of virtualization technology. If there are any attacks they will be stopped at the browser and will not affect the PC,” said Kelly.
Kelly said the process will not interfere with the user’s normal operation. “Guest programs can still be run in a partitioned area where they can access tightly controlled resources. But the guest programs will not affect the rest of the system.”
“The browser will not run programs or plug-ins without permission to do so, which allows for the prevention of many attacks before they can even be initiated,” said Kelly.
If the IT administrator or user detects some suspicious activity, he can simply click a button that will return the system to a preset default stage.
Secure Browser also enables administrators to create a “black list” of sites that will be blocked and off-limits to users. A “white list” will limit users to entering only sites that have been tagged as safe.
When Secure Browser is coupled with K1000 appliance, users can avail of the hardware’s asset management features and remote software deployment and patching and power management capabilities, said Kelly.
Playing in the sandbox
Dell’s move towards a sandboxed, contained Web browser environment is a smart one, according to Claudiu Popa, a Toronto-based security technology expert and president of Informatica Corp.
“Whether they can bundle it and include it in Windows by default remains to be seen, but as a tool to reduce the risk of infection from Web-borne threats, it’s a good one,” Popa said.
Popa, who also blogs for ITBusiness.ca, also pointed out that the concept of creating a contained, virtualized environment is not a new one. “Other hardened browsers have done this in the past. Due to the strategy’s simplicity of mechanism, others will no doubt follow.”
The security expert said he knows of four other “notable” secure browsers in the market but Secure Browser’s key differentiator is the strong Dell KACE brand name and the company’s capacity for broad distribution.
With respects to the tool’s functionality, Popa said, “it is debatable whether users following secure browsing best practices can’t implement such configuration changes themselves.”
Popa provided these three Web security best practices for SMBs:
- Don’t stray too far off the beaten path. Although numerous examples point to the contrary, large well-known and legitimate sites are less likely to serve up malware than smaller ones.
- Block ads and undesirable IP ranges. Use and IP (Internet Protocol) firewall to block known, malicious IP addresses by the millions. “This is easier done than said,” according to Popa.
- Finally, don’t allow other users to access your computer. If you have to, try aggressively to reduce access to your computer while you are out. Set up limited accounts on your computer or better yet, buy another computer for other members of your business.
For more secure browsing information follow these links:
– Secure Browser(tm): http://www.tropsoft.com/secbrowser/
– Virtually Secure Browser white paper: http://www.sans.org/reading_room/whitepapers/hsoffice/virtually-secure-browser_33124
– CERT paper on how to secure your Web browser: http://www.cert.org/tech_tips/securing_browser/#Mozilla_Firefox
Nestor Arellano is a Senior Writer at ITBusiness.ca. Follow him on Twitter, read his blog, and join the IT Business Facebook Page.