Rank21

Idea#38

This idea is active.
I.T. Policies »

Globally allow the use of Firefox and its extensions

Currently IE is the only approved web browser in CIO/OFT. It is against CIO/OFT policy to install different software such as Firefox unless one goes through a cumbersome policy exception application.

In my experience Firefox (with its added extensions) allows more granular control over websites.

The types of technologies that facilitate Web 2.0 (Flash; Javascript and other active content) are also used maliciously by many websites, e.g. to deliver malware placed there by hackers, or to deliver intrusive advertising which cannot be shut off.

Users like me are hesitant to enable active holes like this in their browsers, particularly because with IE it is largely an all-or-nothing enablement: Allow the technology for a Web 2.0 site, and you have allowed it for all the other lousy websites, too.

A strategy to adopt greater Web 2.0 use in agencies would be to allow the use of Firefox and its extensions (e.g. Flash Blocker; No-Script; etc) globally across the board. That way workforce members can "open" the Web 2.0 websites while keeping most websites under tight browser setting control.

Comment

Submitted by New York State CIO 4 years ago

Comments (6)

  1. Unsubscribed User

    [quote]...allow the use of Firefox and its extensions (e.g. Flash Blocker; No-Script; etc) globally across the board. [/quote]

    I think its important that we keep as much uniformity between user computers as possible as allowing across the board installation of *any* programs or extensions to programs can pose an even larger security risk. Although, I admit I am unsure if the ability exists to load Firefox with only a few approved extensions.

    Of course there is the additional overhead of updating any new software that is installed, Microsoft produces and maintains specialized software for pushing updates to client PC’s that allow updates to be scheduled, postponed or even not installed depending on the needs of the administrator.

    4 years ago
  2. Unsubscribed User

    And since most of our contracts are with Microsoft, their products will "work" with other programs, but not as nicely as MSIE (unfortunately).

    I agree that we have to maintain uniformity as much as possible to minimize problems, but we should also make provisions that will allow people to install programs that meet certain requirements without "cumbersome policies." Many people use lots of tools that make development and work easier with Firefox, Opera, and even Chrome. We should be able to accomodate different browsers while still only supporting MSIE as the official browser.

    4 years ago
  3. Unsubscribed User

    Actually, Firefox is packaged and available for distribution upon request, and OFT has customers using Firefox.

    The problem that continues to make Firefox difficult to support at an enterprise scale is Mozilla.org's failure to give any consideration to the needs of enterprise IT. In fact, when the maintainers of Debian Linux developed a mechanism that allowed for more flexibility in Firefox configuration, Mozilla refused to incorporate those changes into the Firefox source.

    I've also submitted bugs to Mozilla regarding some of these issues, all of which were closed.

    One of the very few advantages of Internet Explorer over Firefox is the ability to control the browser configuration in a myriad of ways via Group Policy. Another advantage is the ability to easily control when updates occur.

    It is really unfortunate that we are still forced to use IE. Although Microsoft has improved the security of the browser since the IE6 days, IE remains the lowest performing, least standards-compliant browser on the market. Reliance on Internet Explorer reinforces bad web development practices and security risks such as website with embedded ActiveX controls -- and I'd love to be rid of it.

    My hope is that in the mid-term, Google's Chrome browser will become platform that gives OFT a modern browser that meets IT needs.

    4 years ago
  4. Unsubscribed User

    1. I assume in terms of group policy controls things like FrontMotion have been vetted and found lacking?

    http://www.frontmotion.com/Firefox/

    2. "One of the very few advantages of Internet Explorer over Firefox is the ability to control the browser configuration in a myriad of ways via Group Policy."

    Is this a Firefox issue, or an anti-competitive, closed standards issue? Does Group Policy treat all browser applications used on that OS equally? It should.

    3. Perhaps there are third ways available here, e.g. rolling out Firefox without support, or only in pilot programs, or in sandboxes if that is possible, or only in an approved configuration to workforce members who have a reliable history of observing IT policies?

    4 years ago
  5. Unsubscribed User

    John -

    "I assume in terms of group policy controls things like FrontMotion have been vetted and found lacking?"

    It has. FrontMotion periodically repackages Firefox binaries, and it's group policy support is a hack a best. It essentially creates some registry keys, and then uses a login script to edit the Firefox chrome or preference file. That's a bad practice for a number of reasons"

    "Is this a Firefox issue, or an anti-competitive, closed standards issue? Does Group Policy treat all browser applications used on that OS equally? It should."

    It's a Firefox issue. I believe that Mozilla.org's approach is to develop their own configuration mechanisms that work on all platforms, instead of relying on the each platform's particular ways of doing things. They also carry on some legacy stuff that Netscape implemented a long time ago.

    IMO, Mozilla doesn't see it as an issue because their revenue is driven by Google Adsense via the search bar or start page.

    "Perhaps there are third ways available here, e.g. rolling out Firefox without support, or only in pilot programs, or in sandboxes if that is possible, or only in an approved configuration to workforce members who have a reliable history of observing IT policies?"

    That is possible, and we've done it for several customers, including at least several hundred at an external agency. I'll have it taken care of for you on Monday.

    4 years ago
  6. Unsubscribed User

    Just an update, and a suggestion:

    I did receive approval to use Firefox on my workstation and have been using it for several weeks. It has been exactly what I hoped for, has provided exactly the type of sensible control I needed (and which I couldn't obtain in that other browser). I strongly recommend its use.

    Just two add-ons are all you need to improve the Web 2.0 browsing experience:

    -- FlashBlock is an add-on which replaces webpage Flash content with a button. No Flash content on a page "plays" until you tell it to. This prevents content-blocking advertisements and distracting animations. But if you want to see Flash content (e.g. play an embedded video related to your work) you just click on the arrow and then the content plays.

    -- NoScript is the other essential add-on. You can enable Javascript in your Firefox Settings ("Tools --> Options --> Content) but NoScript prevents any Javascript running unless you allow it for a particular webpage. You have enough control also to allow some Javascript for certain webpages, but not all.

    So with just the main browser program and these two add-ons, Firefox is everything I had hoped it would be. If the challenge to allowing its use for all workforce members is the difficulty of administering it, perhaps a way could be found to reduce the admin burden by allowing it with only these two add-ons and disabling other add-ons.

    4 years ago

Vote Activity Show