The summer holiday period offered little rest for the information security specialist, with a series of browser and plugin vulnerabilities coming to light. Mathieu covered them here, here and here.
Then last week news broke that as many as 57,000 websites (a later report increases the estimate to 70,000) are contaminated with a malicious javascript. And we’re not talking about obscure pages on dubious, rarely visited websites in the outer reaches of the internet; a major New York hospital, medical charities, educational institutes, and a legal partnership all figure in the list of infected sites.
Back in the days when the floppy disk (for those who remember them) was the main method by which viruses were transmitted from one PC to the next, it was common for enterprise administrators to remove or disable the drives. Given today’s security risks, questions must be asked about the future of the internet in the enterprise. Should internet access simply be banned for end users? That’s clearly not the way forward. The web is a powerful communications tool, boosting productivity and competitivity. Added to which today’s users are not just internet-aware, they’re practically dependent on the web and will revolt against any restrictions on access.
So how can the enterprise deliver end-user internet access without leaving its own networks and systems susceptible to attack? With Virtual Browser “internet access” no longer means “connected to the internet.” The end-user’s PC doesn’t bounce from website to potentially risky website following the user’s mouse clicks. The user connects to a browser instance running as a virtual machine hosted in the secure environment of the datacenter. It is this hosted browser which connects to the internet. It’s as if, back in the days of the floppy, we could read and write to the disk without inserting into the drive — so that there was no risk of viruses infecting our PC.
Tags: web security
