Sophos refuses to apologise for blocking your web browser

Are you one of those people who loves Firefox even though your company standard is to use Internet Explorer? Do you hanker for Safari, even though your IT team have pre-installed Firefox onto your desktop?

Well, stop reading now – because I’m about to ruin your day.

In an online poll*, Sophos found that seven out of 10 network administrators wanted greater control over what web browser their workers installed and used. In other words, most of them don’t want you to run Firefox if they have chosen Internet Explorer for the company, and vice versa.

One typical example is Nick C Beagin, an administrator at Alleyn’s School in London.

Nick says, “For me it was a constant battle to keep Firefox and Opera off my network, but I have one less worry now. Messenger and other chat application blocking is also a bonus.”

The application control functionality built into Sophos’s solution means that a long list of web browsers can be blocked. Names include Firefox (versions 1-3), Internet Explorer (versions 5-7), Safari, Opera, Netscape and Flock, as well as lesser known internet browsers.

Even if I say so myself, we have a pretty cool solution to the problem. Remember that we have over 20 years’ experience of reliably identifying malware on your computer – that’s software which goes out of its way to try and disguise itself. So it’s child’s play for us to identify legitimate programs, and simply augment our management console to give the IT team the ability to set a policy as to which applications are allowed, and which are not.

But don’t let me say it. Let’s hear from Nick again: “I was very pleased to see application control in the Sophos line up… A manager at another school thought it worked by recognising and blocking the names of applications. When I showed him that you could rename the program, and it would still be blocked by Sophos, he was delighted.”

If you’re a regular worker inside a corporation you may wonder why so many of the IT guys feel like this.

The most obvious reason is that your IT department has to support yours and, in some cases, hundreds or thousands of other computers around your company. If everyone chooses to run different versions of different web browsers then you are giving your IT team a support headache.

Furthermore, different browsers may introduce different vulnerabilities into the organisation. With the web being the main vector for infection today, having a secure up-to-date web browser in place has never been more important.

In a nutshell, system administrators want to mandate a specific browser to reduce their IT support overhead and security risk.

So, if your company wants to block Internet Explorer and force the use of Firefox, they can if they want with help from Sophos. You may be upset that we’ve given your system administrator this ability to set a policy, but ultimately it’s your company which set the policy, not us. We’re just enforcing your company’s policy.

And that’s why we’re not apologising.

* Source: Sophos online poll, 304 respondents, 16 May – 4 June 2008.

Disclaimer blurb: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.