How web browsing is crippling your infrastructure & compromising security

In Internet, Security by James Rankin

Slow web browsing

Ask anyone what the most resource-intensive applications on their end-user devices are, and you will normally receive a laundry list of software with heavy graphical or number-crunching output. ArcGIS, Solidworks, Google Earth, AutoCAD – these are normally the sorts of culprits one would normally expect a systems administrator to name as the worst applications he has to support from a resource point of view.

But the answer to this question is often a surprising one, especially in the modern world.

Many enterprises struggle to understand their environments correctly because of a lack of properly-focused client-side monitoring tools. For all the investment in tools like System Center, monitoring is often focused more on configuration and infrastructure than the actual user experience. Tools like Lakeside SysTrack, Nexthink, Extrahop and AppSense Insight exist to give real deep insight into the end user’s performance, but they are rarely deployed, and even if they are, sometimes the data they produce is ignored.

But if you were to deploy one of these tools, or a similar one, you might be very surprised at the applications which are consistently eating up the most resources on your endpoints, be these physical PCs or RDS-based desktops and applications. In my experience, most resource usage – particularly CPU and memory – is nowadays being consumed by Internet browsers.

And the reason all of our browsers have become so greedy, gluttonous and resource-hungry is probably quite clear to you. Adverts are everywhere – pop-up, pop-in, pop-under, animated, high-definition, those annoying surveys that start in the center of your desktop and take a slow walk off to the side; they’re rampant in their conquest of your screen space. I once heard it described, quite aptly as if “an electronic drunkard had decided to vomit Flash-based horror right across your workspace”.

So if you want to save up to 80% of memory and CPU usage from your browser sessions – a sizeable chunk of resource, whether you’re running on a dedicated desktop or a terminal server – then a simple way to do it is to clean up the web browsing experience and block all third-party ads from running in your browser. And it isn’t simply resources you will save – blocking connections to third-party content delivery networks will make your users more secure, and make their browser sessions more reliable. For a simple client-side solution that requires very little configuration change, blocking browser ads should be considered seriously by enterprises of all sizes to gain benefits on three different fronts.

Tools that protect your web browsing

Ad-Block Plus and UBlock Origin remain two very popular ways of deploying ad-blocking to the enterprise, but they are a little fiddly to configure. However, if you’re an Internet Explorer shop, then the little-known IE feature of Tracking Protection can be easily configured with a couple of Group Policy Preferences and a single shared file to set this up in no time at all. Testing of web applications against this should be negligible – as they only block access to third-party CDNs, it’s very unlikely that an application of any sort could be affected.

Some have expressed concern about the actual morality of blocking adverts – essentially stopping web content creators from the possibility that they may receive advertising revenue. However, given the propensity for third-party networks to serve up infections, as well as the intrusive manner in which they display most of their ads, I would suggest that the widespread use of ad-blockers would be a way not to deprive content creators of revenue but to encourage them to deal with third-party ad networks that secure and manage their advertising delivery in a more thorough manner.

Finally, there is the spectre of anti-ad-blocking websites out there – the few sites that actually prevent you from accessing content with an ad-blocker turned on. For these annoyances, there are exceptions lists that can be configured by the user, or the administrator, or both, in order to allow access should it be required for business purposes.

Blocking adverts is a simple, cheap and painless way of saving resources on your endpoints, of making them more secure, improving the reliability of your browser sessions and web browsing more enjoyable. Improving performance in this way is simply something any administrator cannot ignore.

For a video rundown of how to configure Internet Explorer Tracking Protection and to see how much resource can be saved in a typical Windows session, take a look here :


About the Author
James Rankin

James Rankin

James is an independent consultant specializing in user and application virtualization technologies. When not working on projects for customers across the globe, he can be found writing technical articles, blogging, and speaking at conferences and user groups. He regularly writes for Source One Technology in Milwaukee.