Slashdot Mirror

← Back to Stories (view on slashdot.org)

FireFox as a Security Risk Compared to IE?

Posted by Cliff on from the that's-just-silly-talk dept.

A not-so anonymous Anonymous Coward asks: "The administrator at my work gave me the following reason for not using Mozilla. What do you think? 'FireFox is a security risk. Please refrain from using it. Please continue to use IE 6.0. IE is our only supported browser. FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'" Do any of you have information that could be used to contradict the administrators information on FireFox? Are there configuration options one can reach from about:config that a user can use to address the problem this administrator has cited?

17 of 174 comments (clear)

  1. Re:Depends on your admin by green+pizza · · Score: 5, Interesting

    How does Firefox prevent them from patching Windows software?
    It doesn't. It's just an excuse for lazy MCSE admins who don't want to add an additional step to their daily advisory-reading / patch-installing cycle.

    My point is this: in an established MS shop, it's often very hard to get the admins to approve usage of non-MS software. At my previous job we had many people using MS Publisher and that MS photo suite when InDesign and Photoshop would have been far better for their needs.

    I'm not agreeing with the original poster's admin, I'm just saying that MS shops are often set in their ways.

  2. Any non-standard app is a security risk by SoundGuy666 · · Score: 5, Interesting

    While your admin may have issues with the default configuration for Firefox, there are genuine reasons for not deploying firefox to your network. Most security concious organisations have a very rigourous patching system for the authorised applications and operating systems. Any app which doesn't fit into that patching system (whether it be up2date, apt-get, SUS/WUS/SMS, yum or another flavour) presents a massive overhead to the IT team. Every time there is an update to Firefox, it needs to be repackaged and redeployed to every desktop in your organisation. And it's not just Firefox, but by setting a precedent of deploying MyRequestedAppX, they face pressure from all sides for AppY, AppZ, etc. Then the questions come - "you support Mr X's AppX with updates and patches - why not mine?".

    Unless your organisation has the infrastructure to deal with non-baseline application patching, those apps WILL present a security risk while the IT team tries to find the resource to patch/update and deploy the latest version.

    --
    Why can't we all just get along?
    1. Re:Any non-standard app is a security risk by Damhna · · Score: 4, Interesting

      Could not agree more.

      Custom application standardisation across the install base means that issue resolution can be standardised and tweaked to meet the response/support requirement. The certification and testing processes that most serious companies use to pass apps as fitting are both rigourous and not condusive to incorporating the latest 'app du jour'. And rightly so.

      It's easy for tech saavy folks to deem these practices as a symptom of the narrow mindedness of lazy MCSE admins (who would appear to be some sort of subspecies of a real admins). It's easy to see this as an organisation being inflexible due to undereducation but I believe that that is not the case. A pestered admin will often give the sort of pseudo answer this user recieved.It's not good to fudge that way , but without taking a user step by step through the security policies and application certification documetnation, it's difficult to explain the why of decisions such as this.

      It can be difficult to meet the job function requirements of diverse departments and maintain the steady balancing act that will ensure your SourceSafe users will be as compliant as the receptionist.

      For this organisation it may be useful to do a business case analysis exploring the usefulness or otherwise of Firefox but as it is still in it's first iteration a lot of companies will be loathe to abandon the practices they have in place on a whim.

      Aa firefox moves ever closer to a dominant position the pressure will become greater and things will change. It will also become more a target and I'm betting that this will begin getting longer and looking far more serious as more and more authors start realising the potential success to be had in taking Firefox on.

  3. funny your admin should say that... by blackcoot · · Score: 2, Interesting

    ... because i've switched all the machines i'm responsible for to using firefox precisely because it's n-times harder to get malware. not impossible mind, but a lot harder by default. perhaps inducing some blunt trauma with a clue-by-four might help...

  4. All Crap... by Shadow_139 · · Score: 1, Interesting

    The group policy (Worldwide) is to have *ONLY* Windows 2003 Servers.
    Just was doing a scan on the German network, and the main online reporting server/portal is running Linux ....
    Hehe.., either that or one of the clear german IT got MySQL and VSftpD http://vsftpd.beasts.org/ on Windows 2003.., and hacked the TCP fingerprint to show up as Linux 2.4


    The Admin is just studit and does not have a clue of that Firefox really is.
    You should, (which the Admin-Troll is off getting a coffee, install Firefox on his PC and delete the IE icon from desktop and startbar, and rename the Firefox one to "Internet Explorer" and change the icon to the stupid "E".
    He probally will not even notice.....
    P.S. His password is either "null" or print on a post-it on his monitor......

    "Clutch my testes, bloody squirrel humpers!!" -Happy Noodle Boy

  5. Nobody's Mentioned This So I am... by DiscoOnTheSide · · Score: 4, Interesting

    There's a wonderful little extension for Firefox called "Configuration Mania" and it works with 1.0. It has the ability to choose the option for the SSL disk cache mode as well as clear the disk cache every time you close the program, as well as other nifty little things. Give it a whirl.

    --
    Viva La Revolucion! Buy a Mac!
  6. Re:Even better by DietFluffy · · Score: 5, Interesting

    better: http://johnhaller.com/jh/mozilla/portable_firefox/

  7. FirefoxIE by file+cabinet · · Score: 5, Interesting

    http://www.firefoxie.net/

  8. Problem patching open source software? by francium+de+neobie · · Score: 1, Interesting

    As someone else here mentioned, allowing the installation of Firefox would disrupt the usual patching routines, since the admins want to minimize the number of things to be watched over (i.e. if I let you install Firefox, then besides Microsoft's updates, I have to watch for Mozilla.org's updates too.) I can imagine the admins are already in deep shit with the Microsoftian legion of security flaws, but (un)luckily Microsoft has provided a rather automatic means of unattended update for IT administrators to save the day. Thus, adding Firefox into the equation just doesn't help. Especially when considering that there's no well known mass updating mechanism for Firefox and open source softwares in general. Sure you can write a program to look for the updates, changelogs, and related bugtraqs for you, but you can't expect an MCSE to write a proper program can you? ;^)

    With this in mind, I wonder if open source softwares, despite superior quality to M$'s offerings, are friendly to IT departments? This question is significant since if we can't make our softwares friendly to companies then the average users aren't likely to use them as well. If the answer is negative, how can we tackle this problem?

  9. Re:Just pressure from MS by legirons · · Score: 4, Interesting

    "the obvious minor stuff like the government only producing documents in MSWord format or WWW sites that are in MSHTML so only work in MSIE"

    It could be worse. Your government could demand that all tax returns be filed electronically, make it illegal to not file electronically, and then create a website for filing so that it can't be used on non-Internet Explorer browsers

    Of course, no real government would ever be that retarded.

  10. Your system admin... by CaptainTux · · Score: 2, Interesting
    What your system admin says is true. But consider this: with Firefox, one would probably have to have physical access to your machine to make any use of the information Firefox stores. With IE, one only needs to "reach out and touch you" using a malicious webpage or email.

    IMHO, Firefox is more of a local security risk that could expose your sensitive data to others who use your computer. IE, OTOH, could expose your data to anyone on the internet.

    --
    Anthony Papillion
    Advanced Data Concepts, Inc.
    "Quality Custom Software and IT Services"
  11. "Be Anonymous" Button by cbr2702 · · Score: 4, Interesting

    What would be more useful (and currently not possible) is a "be anonymous" button that when pressed toggled the browser into a full privacy mode. In this mode, sites would not be well trusted (javascript disabled, plugins don't load), the Refered_By HTTP header would not be set, and nothing would be stored (history, autocomplete).

    --


    This post written under Gentoo-linux with an SCO IP license.
  12. Re:Call Bullshit by klui · · Score: 2, Interesting

    But I can still save an encrypted page to disk using Firefox's File>Save. I cannot using IE. I personally like Firefox's behavior because if I can see it, I should be able to save it. Not being able to save it is a good option for those who want that behavior. And auto-clearing cache/cookies would be a great option to also have within FF's options. Let's see how fast the Firefox coders implement these functionalties. I'd give it a week.

  13. Re:Call Bullshit by Anonymous Coward · · Score: 1, Interesting

    Not only that; it's already the second (at least the second; there may have been even more) Ask Slashdot concerning a non-existent Firefox problem.

  14. Look carefully at that image... by leonbrooks · · Score: 2, Interesting

    ...and you'll see that their default search engine (on a screenshot advertising MSN Search) is Google. Ta-dish boom. Even for advertising bozos, that move really is dumber than a rock.

    --
    Got time? Spend some of it coding or testing
  15. There is retarded government by porneL · · Score: 2, Interesting

    In Poland only electronical way to submit tax returns is by Windows-only closed-source program "Patnik" (made by Prokom, an unlawful goverment software monopolist)

    Software itself is bloated s**t and government refuses to make it open-source. Bribes, bribes, bribes...

  16. Re:that's not what he said by A+Naughty+Moose · · Score: 3, Interesting
    I don't know what you mean by "third party automatic package updates for Windows"


    ZENWorks, is a third party option. And if your running a Novell network, it is practically mandatory. Sure it costs a lot (last time I looked, it was $70/seat), but if you have a VLA it becomes practically free. Anyway, whatever the cost, with the proper deployment it will save at least an FTE, and free up the guys admining the network to do something else in there free time. Why can it free up so much time? Simple there is:
    • Automatic application deployment. Can be assigned to users, workstations or users in a context, or workstations in a context. If the fix is something simple like a registry change, or a new dll, then a force run object can be created to push the change. Otherwise, the application, or an update can be installed by the user.
    • How many times have you had to deal with a problem that the only solution was to re-install? (Someone deleted all the Word templates on there machine, for example). With NAL, the user can right-click the application and choose "Verify", thus forcing the application to be re-installed.
    • Group policys: You can create and enforce group policies within ConsoleOne easier then you can with Microsoft's domain tools, and just as easy as with their Active Directory tools.
    • Users no longer need administrative rights to their computer. Got an application that needs admin rights to install? No problem, as the NAL runs as a service, the install will work. Need the application to run as an supervisor? Not a problem, the NAL runs as a service and can launch the application with supervisory rights if need be.
    • Easy printer management: Department got a new printer? Not a problem, push out the printer drivers through ZEN. Again, you can associate printers to users, workstations (indiviuals, or groups or contexts) so that you can always have your finance people print to the printer in accounting (for instance), no matter what computer they log into.
    • Computer imaging services. Have a machine that needs to be backed up periodically? (Might be a computer that has an app that no one has the install disks for anymore, for instance?) Not a problem. Set up the imaging service to make a backup of the machine once a month (or whenever), restore is just a simple checkmark in ConsoleOne.

    There are a few more features, but those are the ones I use the most. ZEN, along with salvage(aka: undelete on Network shares), and the ACL's on the Directory and filesystems make managing Windows networks tolerable, almost enjoyable.