While these additions often have benefits they can cause numerous challenges. One common problem is the browser slowing down to start and render pages. This can be caused by additions initializing or running some action every time a web site is opened such as scanning the content of the page for information it wants to act on. The good news is web browser vendors are now acknowledging and adding features to manage the plug-ins and even auto-disable if needed. In Internet Explorer 9, for example, we can select Manage Add-ons and all of the Add-ons installed are shown along with the amount of time they take to load and their impact on navigation. If you find an addition that shows long times you can disable it.
Slowdown is bad for the browsing experience but there are far greater problems. The Add-ons we see that are becoming more prevalent have powerful capabilities that can perform functions on the operating system which could be steal data from users machines, perform malware type activities or even enable the installation of other applications on the users machine which then have free reign to cause maximum damage.
For organizations to maintain good protection for their operating systems it is very important to control the add-ons for internet browsers. To control the add-ons it’s important to standardize on a web browser which can then be the focus of our control. It’s no use investing heavily in defining supported additions for Internet Explorer and blocking other add-ons if users just fire up Firefox and run what they like! Standardize on a browser and block others using the standard software restriction technologies like the application whitelisting.
Once the browser has been selected research the methods that are available for that browser to control additions that are allowed and how to block others. For Internet Explorer, Group Policy has a lot of settings, the major ones I describe below:
·Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow third-party browser extensions. Allows any third-party browser extension to be blocked
·Windows Components\Internet Explorer\Security Features\Add-on Management\
Numerous settings including a list of allowed Add-ons (essentially whitelisting for add-ons), options to block any Add-on not in the allowed list. There are also settings to add additional processes which should adhere to the add-on list
As we look at providing users a secure operating environment we have to give the web browser a lot of respect due to the extensibility of the modern web platform which can be a gateway for malware and unauthorized programs to get onto our systems. By standardizing on a single web browser in the organization, blocking other web browsers and then focusing attention on the additions supported for our corporate browser we can enable users to have a rich web experience but stopping the undesirable add-ons.