In today’s Ask the Admin, I’ll look at the pros and cons of each browser for use in the enterprise.
Emotions usually run high in any discussion about browsers. Most of us spend a good part of our working day in a browser, so it makes sense that it should be fast, reliable, secure, and have the extensions we need. Most users have an automatic preference for Google Chrome and it will be one of the first apps they download when setting up a new PC. Chrome is also the most widely used browser today according to Net MarketShare, with Internet Explorer taking second place, Firefox third, Microsoft Edge fourth, and Safari bringing up the rear.
Unlike Microsoft Edge, Google Chrome is not installed in Windows by default. But Google does provide a Windows Installer file that allows system administrators to distribute the software using Group Policy, script, or System Center Configuration Manager (SCCM). Google Update is a separate mechanism used to update Google Chrome and any other Google software installed on the PC. Google offers Group Policy administrative templates that can be used to manage the configuration of Chrome and Google Update and let sysadmins enforce more than 200 policies, such as website blacklisting and content filtering. The Chrome Enterprise Bundle, which Google released in May, provides all the necessary downloads in one package.
Chrome 63 introduces site isolation as an experimental feature. Site isolation allows sysadmins to force Chrome to render sites in their own dedicated processes. While this increases memory usage between 10 and 20 percent, it adds better isolation to Chrome’s sandbox. Site isolation is designed to prevent attacks where hackers use cross-site scripting vulnerabilities to run malicious code to steal information running in other sites. While Chrome always tries to place sites in different processes, there are cases where it is not technically possible, such as cross-site iframes.
Sysadmins can configure site isolation to work for all sites or a list of selected sites. Limiting the sites that are isolated helps to improve performance. Google is also working on an additional feature to address situations when the renderer process is fully compromised.
Chrome did much better than Edge at this year’s Pwn2Own 2017 hacking event, where Chrome wasn’t hacked at all. But security is a cat and mouse game, so next year’s results might be something different. But nevertheless, Chrome has put in an excellent showing at the hacking event over the past two years. Google patched 153 vulnerabilities in Chrome in 2017. Considerably less than Microsoft’s 201 for Edge.
From a usability perspective, Chrome is fast and stable. It also has a much larger selection of extensions than Edge. And for the security conscious, Chrome extensions can be blocked by the permissions they require. But maybe more importantly, Chrome is very compatible. By that, I mean that it renders websites correctly because developers test their sites in Chrome. In comparison, Edge isn’t always able to render sites properly, sometimes causing minor usability issues. Edge doesn’t support sites that use WebM videos within the HTML5 <Video> tag. So, that should be a consideration if you’re going to restrict users to Edge.
With all the negativity about Edge, is there any benefit to using it? Yes. Edge does have its advantages, especially in a corporate environment. The first being that it’s built into Windows 10 and updated via Windows Update, which provides a solid and trusted mechanism for updating Edge. But Edge isn’t available for Windows 7. Because Edge is built-in to Windows, there’s no need to download Group Policy administrative templates to manage the browser. When Edge is updated, so are the Group Policy settings. Google Chrome requires you to update administrative templates separately from browser updates.
Microsoft has also promised to separate Edge’s user interface from the backend rendering engine, although there’s no indication of when this is going to happen. This will allow the UI to be updated separately, via the Windows Store so that the Edge team can provide updates faster and without waiting for the next Windows release.
I think it’s fair to say that Edge hasn’t lived up to security expectations. Microsoft has made a lot of claims only to see Edge fall spectacularly at this year’s Pwn2Own hacking event. But that’s not to say that Edge is inherently insecure, even though there is clearly room for improvement. And on that note, the Windows Fall Creators Update includes Windows Defender Application Guard (WDAG), a new feature that allows system administrators to force Edge to open enterprise-defined untrusted sites in tabs that run in Hyper-V containers. If a site is malicious, it is isolated from the rest of the operating system using hardware-based virtualization.
At the time of writing, WDAG is only available to Windows 10 Enterprise customers. But Microsoft has announced that the spring 2018 update will bring WDAG to Windows 10 Professional customers as well. It’s also worth noting that because WDAG relies on hardware virtualization, it requires a 64-bit CPU with support for Second Level Address Translation (SLAT), and either VT-x (Intel) or AMD-V. But that shouldn’t be a problem for most modern hardware.
In terms of usability, Edge falls short. Although I have always preferred the font rendering in Edge and IE. Pages are just easier on the eye. Microsoft claims that Edge is faster than Chrome and more energy efficient. In my anecdotal experience, you’ll get a lot more battery time with Edge. In benchmark tests, Edge tends to beat Chrome. But performance isn’t the only criteria. Edge scores 476 in an HTML5 standards test compared to Chrome’s 519.
Apart from the limited extension support in Edge, there is one major usability letdown that is unforgivable. In the Fall Creators Update, Microsoft added the ability to pin sites to the taskbar. But in practice, it is next to useless. When you click on a site that’s pinned to the taskbar, if the site is already open in the browser, the page gets refreshed, at least most of the time. Furthermore, unlike Windows apps, there’s no white bar to highlight webpages opened from the taskbar. Microsoft’s implementation of pinned sites is nothing short of a disaster. Plus, if users require more than one input language, the Windows + SPACE keyboard shortcut for changing languages doesn’t always work properly in Edge.
Chrome Has The Edge
If you want a trouble-free life, then Google Chrome is the way to go. It’s compatible, fast, secure, and just as importantly, your users are likely to be happy. Microsoft Edge isn’t necessarily a bad browser, and it’s my personal preference, but it does have a couple of serious shortcomings that might result in compatibility issues with sites and complaints from users. And that might be enough to push your organization towards Chrome until Microsoft can fix those issues or offer a serious differentiator that makes Edge a must have.