FireFox as a Security Risk Compared to IE?
A not-so anonymous Anonymous Coward asks: "The administrator at my work gave me the following reason for not using Mozilla. What do you think? 'FireFox is a security risk. Please refrain from using it. Please continue to use IE 6.0. IE is our only supported browser. FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'" Do any of you have information that could be used to contradict the administrators information on FireFox? Are there configuration options one can reach from about:config that a user can use to address the problem this administrator has cited?
How does Firefox prevent them from patching Windows software?
It doesn't. It's just an excuse for lazy MCSE admins who don't want to add an additional step to their daily advisory-reading / patch-installing cycle.
My point is this: in an established MS shop, it's often very hard to get the admins to approve usage of non-MS software. At my previous job we had many people using MS Publisher and that MS photo suite when InDesign and Photoshop would have been far better for their needs.
I'm not agreeing with the original poster's admin, I'm just saying that MS shops are often set in their ways.
While your admin may have issues with the default configuration for Firefox, there are genuine reasons for not deploying firefox to your network. Most security concious organisations have a very rigourous patching system for the authorised applications and operating systems. Any app which doesn't fit into that patching system (whether it be up2date, apt-get, SUS/WUS/SMS, yum or another flavour) presents a massive overhead to the IT team. Every time there is an update to Firefox, it needs to be repackaged and redeployed to every desktop in your organisation. And it's not just Firefox, but by setting a precedent of deploying MyRequestedAppX, they face pressure from all sides for AppY, AppZ, etc. Then the questions come - "you support Mr X's AppX with updates and patches - why not mine?".
Unless your organisation has the infrastructure to deal with non-baseline application patching, those apps WILL present a security risk while the IT team tries to find the resource to patch/update and deploy the latest version.
Why can't we all just get along?
There's a wonderful little extension for Firefox called "Configuration Mania" and it works with 1.0. It has the ability to choose the option for the SSL disk cache mode as well as clear the disk cache every time you close the program, as well as other nifty little things. Give it a whirl.
Viva La Revolucion! Buy a Mac!
better: http://johnhaller.com/jh/mozilla/portable_firefox/
http://www.firefoxie.net/
"the obvious minor stuff like the government only producing documents in MSWord format or WWW sites that are in MSHTML so only work in MSIE"
It could be worse. Your government could demand that all tax returns be filed electronically, make it illegal to not file electronically, and then create a website for filing so that it can't be used on non-Internet Explorer browsers
Of course, no real government would ever be that retarded.
What would be more useful (and currently not possible) is a "be anonymous" button that when pressed toggled the browser into a full privacy mode. In this mode, sites would not be well trusted (javascript disabled, plugins don't load), the Refered_By HTTP header would not be set, and nothing would be stored (history, autocomplete).
This post written under Gentoo-linux with an SCO IP license.