Consumers generally access all content from the Internet, where the default security assumption should be that content is untrusted and barriers should be provided to protect the user’s system. Therefore most modern web browsers default to security settings that are appropriate for Internet. If browsers were only used for the Internet, one group of settings would make sense for everything. But this is often not the case for users on their employer’s private intranet.

The concept of Security Zones, which is unique to Internet Explorer, is based on the premise that not all content is created equally. More importantly, not all content should be viewed with the same security settings. The business environment is quite different from the consumer use case, where employees have access to internal business systems, not to mention externally hosted partner systems (Extranets). Some content (e.g., internal line of business applications) may require more advanced/relaxed security access to the local system in order to function properly. Without Security Zones to enable lower security settings for trusted networks, users would need to open their systems to potentially endless Internet attacks just to make certain business applications work as required.

Browsium Catalyst was designed to enable the deployment of multiple browsers within a business environment by ensuring IT has centralized control over which browser is used for which web application on each PC in the organization. Many organizations want to use Internet Explorer for internal, line of business applications and another browser (such as Google Chrome or Mozilla Firefox) for external, Internet) use. Catalyst makes this very easy, even though only Internet Explorer was designed to be ‘Zone aware’.

Read our new Knowledge Base article to learn more about Security Zones, along with guidance to ensure proper use of Security Zones in Catalyst to direct users to the required target browser.

To those who have migrated your organization from Windows XP to Windows 7 — Congratulations! Given our expertise in dealing with the hardest migration and legacy web application issues, let us be the first to say ‘job well done’. We are still here to help you tackle the next challenges facing your organization, such as  managing and securing your Java clients and giving you centralized control of browser defaults in your multi-browser environment (read: IE + Chrome or Firefox).

For those of you still struggling to get off Windows XP, let’s put your situation into perspective. As of the end of March 2013, nearly 39% of the world’s PCs are still running Windows XP. Is that a big number? You bet it is. There are roughly 1.5 billion PCs is use today so that 39% represents almost 600 million PCs. So, for better or worse, you’re in good company.

It should come as no surprise that most of those Windows XP PCs are being used in business. After all, Windows 7 first shipped 3 1/2 years ago and immediately replaced Windows XP on the hundreds of millions of new consumer PCs that ship each year. But businesses deploy upgrades on a very different cycle than consumers, so the tail of Windows XP usage should be very long. That said, one would still expect to see a steady decline in Windows XP usage as we’re nearing one year from Microsoft’s April 8th 2014 “end of support” date for XP. In fact, the XP decline should be accelerating. But what may be a surprise is that fact that the decline in Windows XP usage has stalled. Computerworld appears to be the first to publicly report on this, but the trend has been clearly evident for many months. As the chart below shows, Windows XP usage finally dropped below Windows 7 around the middle of 2012. But since then, the trend lines have been relatively parallel … and horizontal!

We first started talking about this problem last summer when we identified the disturbing trend that easy Windows 7 migrations were already done. What’s left are the difficult and expensive migrations facing the largest of enterprises.  The sheer number of large enterprises around the globe, multiplied by the number of PCs they use, accounts for a significant portion of that red Windows XP line. We’ll need to set aside the questions around software piracy and the impact that has on upgrades – there’s just no agreed upon way to address that data so we’ll just consider it in the ‘margin of error’. That still leaves a huge number of PCs waiting for an IT-driven migration to Windows 7, and it’s happening way too slowly.

There are many factors that slow these migrations, and they can vary by enterprise. For some, it’s budget challenges in a difficult economy. For others it’s simply the fact that Windows XP is solid and it works. It’s also possible that IT organizations have no “desktop OS migration muscle definition” remaining. After all, it’s been more than a decade for most IT pros since their last major OS migration. The move from Windows NT or Windows 2000 to Windows XP was the last time organizations really migrated – everyone skipped Windows Vista, leaving Windows XP in place for nearly 12 years. Who remembers how to migrate desktops anymore?

The one common factor to nearly every stalled migration is web application compatibility. Upgrading, rewriting or replacing legacy web applications is expensive and time consuming … and very easy to keep pushing out until the last minute. Why put off for tomorrow what you can put off for two days? There are always more pressing business issues that DEMAND attention and NEED resources to be solved today compared with the unseen work and time involved in migrating to a new OS and browser. We see all too often organizations not dealing with these issues. But we’re biased (for obvious reasons) and only see the problems …organizations only come to us if they have migration and browser management issues. But the data shows it’s not just our perception and not just an issue in the organizations we talk with.

We’re now at the last minute, with one year to go until these organizations are faced with two equally painful options – buy an expensive custom support agreement from Microsoft, or go without support and risk a major security or support crisis. If you’re facing web application compatibility blockers, Browsium Ion can help. No solution is easier or faster at enabling legacy web applications to run on Windows 7. But you need to get started now.

Don’t leave yourself having to ask “do I have enough time to finish before the deadline?” Start now. Inaction will cost exponentially more time and money. We’re ready to work with you to drive Windows XP market share where it should be going – down and to the right.

The Impact on IT Managers

This situation would be barely tolerable even if the thousands of IT managers who rely on Java for business-critical web applications were able to always run the most current (and somewhat secure) version of Java. Adding insult to injury, IT managers are often required to run old versions of Java on their organization’s Windows PCs because the current version is not backward compatible with their application requirements. If Java is having a bad year, IT security managers are having a VERY bad year.

But is the situation really this hopeless? What if there was a way to run old versions of Java side by side with the current version, and that current version was the only version exposed to the web? What if it was possible to go a step further and only use Java for internal business applications and not expose it to the web at all? Would that help? Of course it would … and that solution exists today.

Browsium Makes Java Manageable and Secure

Browsium solutions were designed with targeted management in mind, so we are able to deliver solutions today to secure Java in your organization. Using our industry leading tools, Browsium Ion and Catalyst, you can securely deploy and manage web-based Java in your organization. Our tools let you define the scenarios under which different versions of Java are loaded – or prevented from loading – including the ability to load multiple different Java versions simultaneously ‘side by side’ in different browser tabs.

Java Remediation with Browsium Ion

For organizations looking to stay on Internet Explorer as the single browser platform, Browsium Ion is the perfect tool. Ion delivers granular Java management to enable isolated and secure side-by-side Java versioning. By giving IT administrators the ability to specify which version of Java loads for which sites (targeted down to the single page level), Ion enables an organization to avoid having to compromise security for compatibility while not turning off Java entirely. Users can continue to perform their internal critical business functions while accessing websites as they normally would, but IT limits exposure to external threats by using the most current, most secure version of Java.

As an example, the screenshot below shows a single instance of Internet Explorer invoking Java 7, Java 6, and Java 1.4, side-by-side, with Java 7 as the default version exposed to the web.

Java Isolation with Browsium Catalyst

Organizations seeking the most secure Java solution should run multiple browsers on each PC, managed with Browsium Catalyst.  Catalyst enables IT to centrally control which browser opens each website on every PC in the organization. The organization can then choose one browser, with Java enabled, for key intranet applications or set of known Internet websites that require Java, and then use another browser, with Java disabled, for everything else.

Depicted in the following diagram is the common scenario we see today with customers. Typically Internet Explorer is used with Java internally and then Chrome without Java is exposed to the web.

A Video is Worth a Thousand Pictures

With Browsium Ion and Browsium Catalyst, you don’t have to trade off compatibility for security. You can run both together to get the best of both worlds. To illustrate these approaches and show how simple these solutions are to implement, we created a video to demonstrate this experience. Watch it embedded below, or in full HD (with no Flash) on YouTube.

Remediating and Isolating Java

 
Don’t Wait – Let’s Secure Your Java Environment Today

You’ve suffered with Java compatibility and security problems long enough. Browsium delivers the solutions you need to get off the Java version treadmill and maximize Java security for your organization. Contact us and we’ll show you how to use Browsium Ion and Browsium Catalyst to secure your Java environment today.

At Browsium we’re passionate about listening to our customers and continually improving our software. Since we launched Catalyst 1.0 in January, we’ve had tremendous interest in the product from customers like you looking for a great way to manage a multi-browser enterprise. Along the way a few design issues and deployment blockers have been identified … and have now been addressed in Catalyst 1.0.1. Complete details on what has changed are in the Release Notes.

If you’ve already been testing Catalyst, you should have received an email from us today with your your personal Catalyst 1.0.1 download link. Email Browsium Sales if you can’t find that email. To avoid filling out registration form on our website again, please use the link in that email to access the download page.

If you’re new to Catalyst, download the 30-day Evaluation Kit now and give it a try. We’d love to hear what you think.

You can learn more about Catalyst on the Catalyst product page. Be sure to read the FAQs and search the Knowledge Base. If you’d like to talk with our team about pricing or a reseller in your region, please email Browsium Sales.

The Browsium whitepaper series continues with the latest entry “Managing and Securing the Multi-Browser Enterprise”. This paper is a must-read for any enterprise looking to improve browser security, increase user productivity, and reduce helpdesk calls … so, basically, every enterprise on earth.

Executive Summary

Today’s web technology promises standards-based websites and web applications that can work in any modern browser. For many organizations, the wave of technological change to meet this promise comes with a new set of challenges. While organizations want to improve productivity and please users with new business applications which use modern browsers, existing, expensive and business-critical applications still require a specific browser to function.

This conundrum has caused many enterprises to compromise on both browser compatibility and security by standardizing on a single browser, Microsoft Internet Explorer, for their Windows systems. By forcing everyone to use only Internet Explorer because of web application compatibility, IT is taking unnecessary risks on network security and forgoing innovations that can improve business productivity. Overcoming these issues is what drives IT to deploy and tightly manage multi-browser PC environments in forward-looking organizations.

This paper will examine these issues in detail, providing a compelling case for not only proactively deploying multiple browsers in the enterprise, but also managing and securing this environment with Browsium Catalyst.

Download the complete whitepaper in PDF format (582KB).

As browser choice has broadened, IT organizations like yours are increasingly faced with multi-browser environments. Whether your IT team installs a second browser on every PC, or your end users install and use the alternative browsers of their choice, this multi-browser trend is becoming ever more common.

While multi-browser environments are often needed (and desired) to address compatibility and security problems, they come with several management challenges.  When end users switch between legacy and modern business applications or access consumer sites on the Internet, multiple browsers pose compatibility risks.  In addition, using old versions of Internet Explorer on the Internet can compromise network security.

The complexities of multi-browser environments are continuing to become more challenging. Today, ongoing browser exploits (like the recent Java and Internet Explorer zero-day exploits) pose additional risks and work disruption if a second browser is unavailable. In addition, browser vendors have designed new ways for users to work around admin rights requirements to install software, so the traditional approach of locking down browser use is no longer a solution.

These problems are solved with Browsium Catalyst, which was released today and is ready for enterprise deployment.

The Right Browser on Every Site

Catalyst is a browser management utility that makes deploying multiple browsers in the enterprise a manageable reality. It reduces helpdesk calls and improves IT security by putting you in control of all browsers in your enterprise.  With Catalyst, you can specify the most compatible and secure browser for each website on every PC in your organization, regardless of default settings or user behavior.

Get Your Free Catalyst Evaluation Kit

We invite you to try Catalyst in your enterprise environment. Simply fill out our Evaluation Kit Request Form to receive the free Catalyst 30-Day Evaluation Kit. It’s simple to install and configure and you’ll instantly see how it will improve compatibility and security throughout your organization.

You can learn more about Catalyst throughout the Browsium website. Be sure to read the product overview pages, peruse the FAQs, and search the Knowledge Base. If you’d like to talk with our team about pricing or a reseller in your region, you can email Browsium Sales.

The multi-browser enterprise is here to stay. Take control of yours with Browsium Catalyst.

I’m a believer in following the rules. As a company we may challenge some rules to be innovative, but following rules has been part of our DNA from the beginning. Rules are part of our product approach – we believe in opt-in solutions where our products are used in a surgical manner. Following rules has helped us ensure our products don’t break the browsing experience. Most importantly, our approach has avoided any complications when Microsoft updates the Windows OS or Internet Explorer. We comply with Microsoft browser extension developer guidelines for all of our software solutions.

Going back to the early history of Browsium, looking at alphas, betas and release versions, we have delivered products for more than 2.5 years without anything breaking on a single Windows update. It’s an important statistic, and one that I’m very proud to share with customers. Our developers work very hard to make this happen, ensuring they follow only public documentation and use public APIs or other supported Microsoft coding practices.

The Browsium team has a long history of experience working with Microsoft, with many of the “Browsians” having worked on engineering and product management teams at Microsoft. That experience enables us to understand the browser in ways no other group outside Microsoft would, including the quirks and internal workings of Internet Explorer. But we’re also very careful in how we use what we learned at Microsoft. We realize that using our knowledge of the browser code and internal (aka not public) designs would not only raise intellectual property issues, it would leave us exposed to breaking changes. Microsoft is free to make breaking changes to any undocumented API or feature control key, etc. at any time. Using only public sources and APIs prevents that exposure.

Sometimes this means we need to proceed slowly to release new versions, more slowly than we or our customers would like. But the trade-off is too great and we want to do all we can to ensure that patching customer systems won’t break our software.

So what will go wrong if Microsoft needs to change something they expose publicly or deprecate one of their APIs in a future release of the browser? Nothing. Microsoft has made plenty of changes from IE8 to IE9 and beyond. We expect (and want) that to continue. We’ll identify what they did and get to work on ensuring our products work properly with the new version. We’re actively doing that now as we prepare to support IE10 and Windows 8.

What happens if Microsoft makes a change to an existing browser to break or deprecate a function we are using? Given that we follow the rules they’ve established, it would impact the entire extension ecosystem and that’s not something Microsoft is inclined to do without significant advanced notice for everyone to provide a workaround.

Going further than just updates, building our software in this way has a more important impact on customer systems. Your Windows installations are supported. We’re not changing the way Windows works or virtualizing the browser so when you call Microsoft for support, our software meets their guidelines. It’s also easy to disable for troubleshooting, like any well-behaved add-on should.

By staying inside the lines we are able to deliver innovative solutions to solve difficult browser compatibility and management problems for enterprise customers, without the worry of future support by Microsoft. Check out Ion and Catalyst to see how we can solve these problems for you.

Matt Heller
Founder & CEO

Browser security, or more precisely, browser “plug-in” security is in the news quite a bit these days with the recent Java exploit. While Java exploits are unfortunately quite common, this recent incident seems to be more serious. It’s not every day that the U.S. government recommends consumers disable or uninstall a browser plug-in because of security concerns.

Anyone who works in IT, or has a part time job as PC tech support for friends and family, knows how difficult it is for the typical PC user to manage browser security. We can coach them on safe browsing habits and encourage them to stay patched, but that’s about the extent of it. Beyond that, you just need to be ready to clean up after something goes wrong.

But for IT managing PCs in a large enterprise, much more can be done. Tools to manage browser security give IT a fighting chance to stave off the next security crisis and associated lost productivity (for both IT and end users). At Browsium, we build the tools that put IT in control of the browsers on end user PCs. This granular control yields considerable benefits when the next zero-day exploit occurs. The following are examples of how each of our core products help secure browsers in the enterprise:

• Browsium Ion enables zero or partial footprint installs of ActiveX controls like Java. This means Java can be used for specific, trusted applications, but not exposed to the public web. We blogged about this recently.
• Browsium Catalyst enables containment of one browser to the intranet while using another on the Internet to mitigate browser or plug-in exploits. This means Java could be enabled on the browser used for intranet applications but disabled on the browser used for the Internet. Read more in our Zero-Day blog post.

There are many more scenarios where Ion and Catalyst can be used to improve browser security in the enterprise. Give us a shout at sales@browsium.com to start a discussion on how our tools can help you mitigate security risk and keep your users productive.

Browsium is a bi-coastal organization, with a team in each of America’s “Washingtons”. Our company headquarters and business team is located in Redmond in Washington state, while our development team is based in our nation’s capital Washington DC. Both were named after America’s first president, but that’s where the similarities end. 2,800 miles and wildly divergent cultures separate these two regions of the country.

Most years, these two regions don’t think about each other much at all. But this year the two Washingtons have been thrust together in cross-country rivalry in the American football playoffs. The Seattle Seahawks (from Washington state) are playing the Washington Redskins (from Washington DC) in a playoff game this Sunday. This has created a chance for the Browsium teams to battle for bragging rights, a valuable currency that can be spent strategically throughout the year. We’ll also throw in a picture of the losers wearing the winning team’s cap- that sort of humiliation is priceless.

The East Coast Redskins contingent is led by Browsium founder and CEO Matt Heller. The West Coast Seahawks boosters are led by Gary Schare, President and COO. Each gets one paragraph to make their team’s case. The outcome will be decided by the teams on Sunday at 4:30 EST. May the best team win.

From Matt: As a lifelong Washingtonian it’s great to see our team rising back to the level of play they had when I was growing up. There’s a storied history here with The Hogs, Joe Theismann and Super Bowl victories under Joe Gibbs. The past few years haven’t been good for the Skins, at times we couldn’t give away our game tickets unless people wanted a chance to see powerhouse visiting teams like the Giants, Eagles or Cowboys. Not this year. Not with RGIII, Alfred Morris and London Fletcher playing for the Redskins. I’m looking forward to a good game against the Seahawks and even with the incredible scoring they’ve put up recently I have confidence we will see Gary wearing the burgundy and gold next week. Hail to the Redskins!

From Gary: Though I grew up a fan of the San Francisco 49ers, I jumped on the Seahawks bandwagon immediately upon moving to Seattle in 1996. (It didn’t hurt that the 49ers began a rapid slide to mediocrity about the same time.) Despite the emotional pain of the 2006 Super Bowl, I have come to love this team and the amazing fans here in Seattle that turn out every week, rain or shine (okay, mostly rain). While the Redskins have put up an impressive 7 wins in a row, no team has more momentum coming into the playoffs than the Seahawks. Both the offense and the defense are firing on all cylinders. The road to the Super Bowl goes through Washington DC this year, but it’ll be the Seahawks who move on to the next round after a resounding road win against the Redskins this Sunday. Go Hawks!

As discussion surrounding the multi-browser enterprise heats up, our development efforts on Browsium Catalyst continue at full speed. Since the Catalyst Beta 1 release in October, we’ve had great feedback from customers around the world. They’ve told us that the ability to control which browser opens each website on every PC in the organization is critical to their IT operations. Some are moved by Catalyst’s ability to mitigate zero-day exploits. Others love zone management of Chrome and Firefox. And everyone agrees the multi-browser enterprise is here to stay.

Today we’re excited to deliver Browsium Catalyst Beta 2, the next critical milestone on our path to enabling IT to control their multi-browser enterprise.

What’s New in Catalyst Beta 2

There are a number of significant improvements in Browsium Catalyst Beta 2, including:

• Deployment of Catalyst configurations via Group Policy (Active Directory)
• Support for Chrome profiles to invoke Chrome with custom settings
• Ability to set any arbitrary application as a Rule target for one-way redirection
• Global settings for Rule templates to make Rule creation faster

How to Get Catalyst Beta 2

We truly value product feedback and feature requests and we encourage everyone to try this latest software release. There are two ways to get Catalyst Beta 2:

If you’ve been testing Catalyst Beta 1, you’re on our list and should have received an email from Browsium Sales today with a custom Beta 2 download link. Contact us if you can’t find it.

If you’re new to Catalyst, simply fill out our Catalyst Beta request form, verify your email address, and you’ll be directed to the Catalyst Beta 2 download page.

Let us know what you think after you’ve installed Catalyst Beta 2. We’re working quickly to finalize Catalyst for its production release in early 2013. Thanks for checking out the final beta!