Slashdot Mirror
FireFox as a Security Risk Compared to IE?
A not-so anonymous Anonymous Coward asks: "The administrator at my work gave me the following reason for not using Mozilla. What do you think? 'FireFox is a security risk. Please refrain from using it. Please continue to use IE 6.0. IE is our only supported browser. FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'" Do any of you have information that could be used to contradict the administrators information on FireFox? Are there configuration options one can reach from about:config that a user can use to address the problem this administrator has cited?
Or better yet, when you find out a good, definitive answer (that could potentially help those of us in the same boat to convince our higher-ups), do a nice write up of all of the info you collected and THEN submit it to slashdot.
"The object of war is not to die for your country, but to make the other bastard die for his." - Patton
The corps are under constant pressure to use MS software. The admin is just passing that on.
You are being MICROattacked, from various angles, in a SOFT manner.
I worked in an all-Windows shop for awhile. It wasn't too bad and the network and server admins were *very* tuned into the security notices from Microsoft. They would have every machine patched within one business day of the announcement. Maybe your company is the same way, and introducting non-Microsoft software may upset that cycle.
Just install it anyway. There's no way that they can tell you're using it, unless they're looking over your shoulder.
That kind of attitude will get you fired. Management is edgy these days and support/admin money is tight. There just isn't room for someone who doesn't want to go along with the flow. It's not 1998 anymore. The Aeron chairs and the foosball table have been auctioned off and there are many other people just waiting to take your job. Seriously. I've seen several people canned in 2004 by doing things "their own way" despite being told not to.
The problem was non-existent, and a fix plain and simple in the config. This entire article is a made up troll to rile up the mozilla zealots.
Add an autorun.inf to fire up firefox.exe (with command-line switches -- see the first link's discussion) automatically upon insert and you're good to go.
Yeah, right.
For people at any sane shop. I have local Admin rights on my laptop, as I need to install s/w. As a result, I have disabled much of the IT spyware that your profile loads. The result? When AD blows up, or Novell NDS-AD bridge goes down, I can still get on locally. The fact that you speak so readily of needing to "go with the flow" and wistfully of the "Aeron chairs" and "foosball" table tell me that your experience was markedly different, perhaps due to our differing skillsets and attitudes. Sorry for your loss.
I want to delete my account but Slashdot doesn't allow it.
But the admin didn't say "please use IE because we have defined patch and update mechanisms in place and we don't have the resources to do that for FF as well", the admin said "please use IE because FF is a security hole because [a bunch of bogus reasons]".
What about giving an url?
Hosting 20G hd, 1Tb bw! ssh $7.95
That's a good way to get fired, seeing as how most of the problem pages will either A) be against the AUP (porn, etc) or B) Illegal (certain porn, warez, etc).
stuff
It so happens that the pendulum has swung to the "conservative" management ideology. My office is Sun Ray and Windows 2000 based. Previously I only had a Sun Ray and was given a PC to run some Java software better. There was talk of removing UNIX workstations all together, to which I told my boss that my productivity would be halved at best. He thought that was a fair assessment and now we can use whichever is better for a given task. I'd say one of the most difficult IT jobs is to be an administrator of an office full of "administrators." Granted, we're all networking people, but a lot of us are hardcore UNIX guys and have always been. I sometimes feel bad for our admins and what they have to put up with from us. Usually they understand that it's best to help us do what we want.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
I work at a MS-Friendly company (I'd say Microsoft is one of our major customers) and as they gave me Administrator permissions to my machine, I did not even ask if I could install Firefox - I simply got it installed. Once the sysadmin saw and told me I should not use non-IE browsers. I answered him that as a web developer, it was my job to test everything in the most popular browsers and that IE now has less than 90% of market. He didn't knew that and while he was trying to answer something-too-complex-for-a-non-mcse, I asked if he saw the Wired edition where the CSO of Microsoft says he uses Firefox. Obviously the mcse got a BSOD and never bothered me again.
:D
Or, in fewer words: read slashdot and any tech news sites befere your mcse and tell them things they didn't know - they get totally b0rked if someone knows something they don't know.
your sysadmin's email address here.
This will make him know better !
Votez ecolo : Chiez dans l'urne !
since the admins want to minimize the number of things to be watched over (i.e. if I let you install Firefox, then besides Microsoft's updates, I have to watch for Mozilla.org's updates too.)
This sort of makes sense if *all* you ever run is MS Office, MS Small Biz Server, IIS, etc. But if your org needs to run other things (Raiser's Edge, QuickBooks, Adobe products, etc.)
It used to be people chose to run Windows vs. Linux or Mac because 'Windows has all the software'. But it seems now more IT depts are using security as an excuse to not run/install anything *but* MS software, excluding a gigantic range of other software options (ostensibly much of the reason for using Windows in the first place!)
creation science book
I use IE. I have used the 'trusted sites' system for nearly two years and (knock on wood) gotten zero spyware. The trick - I have ActiveX and scripting disabled for the 'internet zone'.
Unlike with Firefox, I actually *can* use ActiveX on pages that use it - provided I've added that site to the 'trusted sites' security zone. Plus, all the sites that have been carefully hacked to look a certain way in IE look exactly like what the authors intended.
Uh, can Firefox keep itself up-to-date if the user does not have admin rights? Didn't think so. Do most business users have admin rights? Didn't think so. I just don't think the FF team is interested in trying to tackle that market at this time. Let's not pretend that they are.
Even if it doesn't get the guy fired at the time, it sure is a nice tool for management to use when they do want to get rid of him.
Besides, there's every chance they will know he installed, if not immediately, then sooner or later. I used to work at a place where each workstation was, in effect, periodically spidered to determine if any unauthorized software was present. If it was, it was removed.
-- Slashdot: When Public Access TV Says "No"
When you've got this sort of thing going on, I don't see why any competent user should be denied the right to use appropriate software in their job
Because everyone who knows how to make text bold in Word thinks they're a competent user.
However, understanding why IT does this doesn't stop me from running lots of non-standard stuff myself...
When they came for the communists, I said "He's next door. Take him away. Goddam commies."