A French startup has come up with what it claims is the perfect solution to web browser insecurity - run the browser ‘from the cloud' instead.
Released in version 1.0 this week, commonIT's Virtual Browser negates the need for browsers on individual PCs, laptops or PDAs, replacing them with separate virtual browsers for every client, all running on VMware or Citrix XEN in a data centre.
Each PC runs a software agent that connects to the commonIT Virtual Browser server appliance using an open source protocol to shift data to and from the PC, much the same as in any other thin client setup. Graphics, mouse and keyboard commands are executed locally.
The admin retains control over the user's browser, right down to policies allowing the range of plug-ins, and the ability to monitor encrypted http sessions. Browser updates can be made quickly and reliably, irrespective of the connection state of the PC or laptop.
In a stroke, this removes the impact of any browser vulnerability or hack to the single instance running on that server, isolated from gaining access to data or applications by the virtual nature of the software, the company says. Any attack - cross-site scripting for instance - would also be terminated as the browser session ended.
"There is a problem with the architecture of the web browser because it can be connected to both internal applications and the Internet," said commonIT co-founder Daniel Fages. This led to the sort of security issues that could never be solved by simply planting security software in front of every web device. "[with Virtual Browser] malware just stays in the virtual machine."
An important feature of the Virtual Browser is the ability to accommodate different web engines - Internet Explorer, Mozilla for instance - if that is what a specific business application had been designed to best use.
After trialling the software in a number of French companies and partners since late 2008, the company hopes to convince enterprises in other parts of Europe and the US to see the light. They will have a fight on their hands, however, with inertia the biggest hurdle.
One area where commonIT hopes to gain traction is in replacing SSL VPN remote access, Fages said. Virtual Browser removed the need for integrity checking of such clients, and could even be extended securely to third parties needing access to applications, normally a major security concern. A range of platforms were supported, including smartphones, and a USB standalone agent could be installed on a USB stick.
A data centre server appliance with 4GB of RAM could support up to 150 individual browsers, said Fages, a spec that scaled in a linear fashion.
Licensing is calculated according to a pre-paid 3-year contract, with 100 users coming in at 9,000 euros (£8,000 or $11,800), or between 10 euros and 50 euros depending on numbers.
A detailed explanation and spec is available from commonIT's website [PDF].