Slashdot Mirror
FireFox as a Security Risk Compared to IE?
A not-so anonymous Anonymous Coward asks: "The administrator at my work gave me the following reason for not using Mozilla. What do you think? 'FireFox is a security risk. Please refrain from using it. Please continue to use IE 6.0. IE is our only supported browser. FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'" Do any of you have information that could be used to contradict the administrators information on FireFox? Are there configuration options one can reach from about:config that a user can use to address the problem this administrator has cited?
by default, ssl cache is disabled on firefox.
Use MSIE and access as many problem pages as you can so that you end up with a system filled with viruses, spyware, adware, popups and everything else until the machine slows to a crawl and then let IT deal with it.
I think I'm going to have to call bullshit on your admistrator.
In about:config, the property you want to look for is:
browser.cache.disk_cache_ssl
From This Page:
* Description: switch to enable caching of objects served over a secure connection (SSL).
* Type: boolean
* Default: false
* Recommendation: true on systems where it is secure to cache these objects.
By default, Firefox (and Mozilla. and Netscape.) will *NOT* cache SSL-served pages. And, contrary to your administrator's *other* claim, you most certainly *can* toggle this behaviour in Firefox.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Just install it anyway. There's no way that they can tell you're using it, unless they're looking over your shoulder.
That kind of attitude will get you fired. Management is edgy these days and support/admin money is tight. There just isn't room for someone who doesn't want to go along with the flow. It's not 1998 anymore. The Aeron chairs and the foosball table have been auctioned off and there are many other people just waiting to take your job. Seriously. I've seen several people canned in 2004 by doing things "their own way" despite being told not to.
How does Firefox prevent them from patching Windows software?
It doesn't. It's just an excuse for lazy MCSE admins who don't want to add an additional step to their daily advisory-reading / patch-installing cycle.
My point is this: in an established MS shop, it's often very hard to get the admins to approve usage of non-MS software. At my previous job we had many people using MS Publisher and that MS photo suite when InDesign and Photoshop would have been far better for their needs.
I'm not agreeing with the original poster's admin, I'm just saying that MS shops are often set in their ways.
Add an autorun.inf to fire up firefox.exe (with command-line switches -- see the first link's discussion) automatically upon insert and you're good to go.
Yeah, right.
While your admin may have issues with the default configuration for Firefox, there are genuine reasons for not deploying firefox to your network. Most security concious organisations have a very rigourous patching system for the authorised applications and operating systems. Any app which doesn't fit into that patching system (whether it be up2date, apt-get, SUS/WUS/SMS, yum or another flavour) presents a massive overhead to the IT team. Every time there is an update to Firefox, it needs to be repackaged and redeployed to every desktop in your organisation. And it's not just Firefox, but by setting a precedent of deploying MyRequestedAppX, they face pressure from all sides for AppY, AppZ, etc. Then the questions come - "you support Mr X's AppX with updates and patches - why not mine?".
Unless your organisation has the infrastructure to deal with non-baseline application patching, those apps WILL present a security risk while the IT team tries to find the resource to patch/update and deploy the latest version.
Why can't we all just get along?
It would be better for a site like that to use a caching proxy anyway. It puts all the effort on the server, and off the desktops, and you have no problem keeping track of what the desktops have stored on them, so if a desktop machine gets stolen, no sensitive info is on it. This has to be applied to other areas of their computing system as well, of course, but it probably already is, because it's really stupid to cache database results.
So, if you use a caching proxy instead of client-side caching, you save bandwidth, you save space, you keep it fast for the users, and you don't have to worry about caching SSL pages on your user's machines.
...these aren't my real teeth.
What about giving an url?
Hosting 20G hd, 1Tb bw! ssh $7.95
http://www.firefoxie.net/
"The administrator at my work gave me the following reason for not using Mozilla."
Someone's not going to be an anonymous coward for long...
"FireFox is a security risk. Please refrain from using it"
LOL. Very good.
"IE is our only supported browser"
Please don't make me change anything. I might have to test it.
"FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'"
OMG, people write this stuff?
Internet Explorer runs programs if you put them in an XML stylesheet, it runs programs supplied in bitmap images, allows websites to save scripts to disk and run them from the "trusted" zone, and allows any website to run activeX programs with full access to your computer if you ever click OK to a dialog box. These are security risks.