Firefox is an insecure application
That's a surprise statement coming from me. Various people knows that I am a Firefox enthusiast. Then why am I making this statement?
It goes back to earlier this month, when we received a notice from the IT department.
You have been identified by IT Dept. as running a non-standard browser (firefox Mozilla) on one or more devices assigned to you. IT Dept. has been alerted to vulnerabilities with this application. I have not been able to locate any related requests security review for this application. Please let me know if you can remove this application by end of day. If not please document the business requirements, forward to me (by end of day) and cc: your project leader. IT Dept. will be instructed to implement the patch, and a security review will be performed. Any questions let me know. Thanks
Our response to that is that we need Firefox to keep our current level of productivity. Personally, I use Javascript Console, HTML Validator extension, and Web Developer extension on the daily basis. It's more than just a damn good web browser to me.
But still, it made me think of this whole issue, and I came up with my own conclusion.
In general, IT department likes to be in control. They control all the computer deployment, including all servers, desktop PC's, laptops... hardware and software. Microsoft lets the computer maintenance folks power to control the software deployment in centralized manner. Our PC's are tweaked so we can't manually modify the registry files. Nor can we use tools like TweakUI. (I think tweakUI is an excellent productivity tool, but we're out of luck.) And the "Security" setting section of MSIE Options panel is completely locked - they are in control, not us. So, when they need to deploy new software or security rules, they can do it in very organized manner.
Now, try to apply that on Firefox. That's a completely different story. Firefox lets you control the application. And there are some very well-known extensions and plug-ins to enhance its features. Of course, along comes the possibility of introduction of malwares. Without the proper tweaks made to the application, it's impossible to control these possibilities, short of enforcing the ban the use of Firefox.
Also, there's an issue of the aptness in Firefox issues by the support personnel. Are all security folks and PC support groups be able to provide the sound support for Firefox? What if problems occur during the use of Firefox? This question can also lead to the security problem. With inadequate support, more problems will come up faster than the solutions.
With all that said, I still support Firefox. Firefox may be insecure, but IE is even worse. The IT department just can't see this point.
Sure, IE lets them take control of the application settings, but there are still plenty of problems. Currently, our Windows XP doesn't have SP2 loaded - no pop-up protection. It scares me to go to the internet using IE anymore. I really believe the IT department will save more troubles and money in the long run by making the switch. The cost of training will be made up quickly by the lack of support they have to provide!
By the way, our IT department allowed us the use of Firefox. I guess our business requirement sounded good enough to them. Damn right!
P.S. If you think "That's why Opera is even better!" (yes, that's you, Ledgem), don't forget, same security concern of Firefox applies to Opera too.
It goes back to earlier this month, when we received a notice from the IT department.
You have been identified by IT Dept. as running a non-standard browser (firefox Mozilla) on one or more devices assigned to you. IT Dept. has been alerted to vulnerabilities with this application. I have not been able to locate any related requests security review for this application. Please let me know if you can remove this application by end of day. If not please document the business requirements, forward to me (by end of day) and cc: your project leader. IT Dept. will be instructed to implement the patch, and a security review will be performed. Any questions let me know. Thanks
Our response to that is that we need Firefox to keep our current level of productivity. Personally, I use Javascript Console, HTML Validator extension, and Web Developer extension on the daily basis. It's more than just a damn good web browser to me.
But still, it made me think of this whole issue, and I came up with my own conclusion.
In general, IT department likes to be in control. They control all the computer deployment, including all servers, desktop PC's, laptops... hardware and software. Microsoft lets the computer maintenance folks power to control the software deployment in centralized manner. Our PC's are tweaked so we can't manually modify the registry files. Nor can we use tools like TweakUI. (I think tweakUI is an excellent productivity tool, but we're out of luck.) And the "Security" setting section of MSIE Options panel is completely locked - they are in control, not us. So, when they need to deploy new software or security rules, they can do it in very organized manner.
Now, try to apply that on Firefox. That's a completely different story. Firefox lets you control the application. And there are some very well-known extensions and plug-ins to enhance its features. Of course, along comes the possibility of introduction of malwares. Without the proper tweaks made to the application, it's impossible to control these possibilities, short of enforcing the ban the use of Firefox.
Also, there's an issue of the aptness in Firefox issues by the support personnel. Are all security folks and PC support groups be able to provide the sound support for Firefox? What if problems occur during the use of Firefox? This question can also lead to the security problem. With inadequate support, more problems will come up faster than the solutions.
With all that said, I still support Firefox. Firefox may be insecure, but IE is even worse. The IT department just can't see this point.
Sure, IE lets them take control of the application settings, but there are still plenty of problems. Currently, our Windows XP doesn't have SP2 loaded - no pop-up protection. It scares me to go to the internet using IE anymore. I really believe the IT department will save more troubles and money in the long run by making the switch. The cost of training will be made up quickly by the lack of support they have to provide!
By the way, our IT department allowed us the use of Firefox. I guess our business requirement sounded good enough to them. Damn right!
P.S. If you think "That's why Opera is even better!" (yes, that's you, Ledgem), don't forget, same security concern of Firefox applies to Opera too.