Slashdot Mirror

← Back to Stories (view on slashdot.org)

Enterprise-wide Browser Upgrades, IE, and Patching?

Posted by Cliff on from the between-a-rock-and-a-hard-place dept.

newkid asks: "Our company needs to upgrade its standard browser, a difficult decision when we factor security, compatibility and the logistics of actually doing it. For compatibility, Internet Explorer is required by internal applications like IBM Tivoli Storage Manager, so we have to keep it. On the security front, expert bulletins keep ranting every week about the latest gaping holes in IE but nobody really seems concerned: for example, many on-line banking services only work in IE, and they don't check for patches. Meanwhile, users do not care, as a large portion of the traffic still comes from IE 5.5, a version discontinued by Microsoft. As for logistics,the software distribution technology and the cost of patching both make the project much larger than we can undertake this year. Our two options are: roll-out IE without patching, or roll-out IE and Netscape, but lock IE so it can only surf on intranet sites, and update NS with rsync or Ant. What is your company doing? What is your strategy? How serious are the security threats? What are the documented security breach caused by IE? We need a reality check."

7 of 53 comments (clear)

  1. Many go unpatched anyways by dpete4552 · · Score: 5, Informative

    http://www.pivx.com/larholm/unpatched/

    --
    http://www.archive.org/details/ThePowerOfNightmares
  2. Mozilla by Cokelee · · Score: 5, Insightful

    Why can't you install Mozilla on a couple of shares and update them. It doesn't have to be on a local machine, and most internal networks remain fairly idle. (The other 60+mbps not being using by an external source.)

    On a very different note: these machines are running Windows, right? Why the security concern over IE?

  3. Quick and dirty... by dnight · · Score: 5, Funny

    Send an anonymous email with the Microsoft IE download link to the entire corporation, the day before you take a vacation. If your helpdesk is up to snuff, it should be all set when you get back.

    Oh, and look for snakes in your office when you get back.

  4. Are you sure you *need* IE? by aoteoroa · · Score: 5, Interesting

    You mentioned that tivoli's storage manager requires IE but a quick look at their product info page indicats that they support HP/UX,linux,Solaris and other clients and if that is the case then their web software must work with other web clients.

    I do all my banking, and the company's with Mozilla with no problems. A friend of mine also uses Moz for his banking. That's three separate banks that have no problem with Mozilla.

    There are probably more good choices in web browsers right now than there ever was. It is a good time for change.

  5. Re:Easy by J_DarkElf · · Score: 5, Interesting

    Well, IE6 *is* an improvement over NS 4.x

    But then again, so is every other browser which does not lie about its CSS support, and can render standards-compliant pages.

    The main problem with IE is that it accepts garbage, so people keep using garbage, saying 'it works in IE'...

  6. At least give MS a go properly. by swmccracken · · Score: 5, Informative

    Install a copy of Software Update Services and then use group policies to configure your workstations to use and automatically install the patches.

    It's a partial solution, while it doesn't upgrade Internet Explorer itself, it *does* apply all relevant patches to IE and the OS.

    You do use Group Policies, right? This is one managment area where Windows 2000 out-of-the-box beats any Linux managment system hands down.

    Generally.. the patches aren't that important, but notable exceptions exist. (Such as Outlook Express opening certain mime types automatically! - virus writers were quick to take advantage of *that* one..) The problem is that you never quite know which ones are going to be important.

  7. IEAK by omega9 · · Score: 5, Informative

    There's a neat little took called IEAK, which stands for Internet Explorer Administration Kit. It lets you download IE and create your own custom set of installation files with only the options you want. You can even make the installation non-interactive to make sure it only does what it's told. Anyone who's done a major IE rollout has at least heard of IEAK. Since you didn't even mention it I'll guess you've either never done an IE rollout or you've got SARS and it made you forget about it.

    You also didn't mention your network setup. However, you're considering IE so I'm going to guess most of your clients are running Windows. Also, if you're really entering into a rollout your network must be on the larger side (else it would just be you installing something on a few machines). So if you've got a a)large b)Windows network there's a good chance you've got some kind of domain model there. Or at least something that provides login scripts. Go fix yourself up a custom IE install with IEAK and launch the setup from the login script. Heck, if you're running AD on a Win2K server whip up an MSI and push it out to the clients. But if you can't do enough research on you own to discover IEAK, then you probably won't even be able to spell MSI.

    If you've never heard of IEAK, got a large Windows network, and aren't using some sort of login script functionality, then the SARS has truely taken over and a browser rollout is the least of your troubles.

    DISCLAIMER: no SARS were injured during the creation of this reply

    --
    I'm against picketing, but I don't know how to show it.