General discussion

Locked

Firefox security issues

By Tink56 ·
I am the only IT person and manage 45 desktops and 11 servers. I run a tight ship. Right now IE is the only browser I allow. It's required for some of the applications more than half of our employees use. I keep all my systems updated and patched.

The two new kids in marketing want to install Firefox. My concern is that I don't know anything about this program. I have no idea what kind of impact it will have on my time as far as keeping it up to date and patched; nor do I know anything about any security vulnerabilities it may have.

Keeping in mind my limited amount of time to manage my network and keep it secure, what would your recommendation be? For? Against? Why? Why not?

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by TheChas In reply to Firefox security issues

I'm a dedicated fan of Firefox. So, my assessment may be a bit biased.

The Mozilla organization seldom issues patches. What they do, is release a new version with the latest discovered holes and problems repaired.

This year, we have had 6 new revisions released.
(Currently, 1.0.6 with 1.0.7 in Beta)

So, you can expect to deploy new versions 7 to 9 times a year.

With every major release, you are best off uninstalling the present version, and installing the new version clean.
(Version 1.5.0 is under development.)

Admittedly, the basic Firefox browser has limited functionality. Most Firefox users want / need a number of extensions and plug-ins installed.

Since most extensions are user developed, updates can happen very often.

As far as basic security, Firefox is no worse than IE, and Mozilla responds much faster when holes are discovered.

Even if you rate the basic security of Firefox and IE as equal, I feel that Firefox is a more secure browser. Firefox is just not as attractive a target as IE is to the hacker community.

If your support time requirements are the biggest factor in your decision, I would lean toward not adding to your workload with more tasks to manage.

That said, I recommend that you install Firefox on a PC that you use so that you can check out the features and functionality. You might just decide that Firefox offers features that will benefit some users.

Chas

Collapse -

by TheChas In reply to

Here is a link to a TR download on Firefox.

http://techrepublic.com.com/5138-10877-5862575.html

It is a chapter from a book about Firefox.

Chas

Collapse -

by Tink56 In reply to

Poster rated this answer.

Collapse -

by Toivo Talikka In reply to Firefox security issues

Firefox is considered by many to be more secure than IE, for a good reason: it will not run ActiveX controls.

A complete list of security fixes in Firefox, release by release, can be found at
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Feel free to compare the information about security advisories 2003-2005 about both Firefox and Internet Explorer, available from:

- http://secunia.com/product/4227/ (Firefox, 22 advisories)
- http://secunia.com/product/11/ (IE6, 69 advisories)

In a nutshell, based on the percentage of extremely or highly critical vulnerabilities reported (23% vs. 43%) and the percentage of unpatched or partially fixed problems (19% vs. 41%), even though Firefox has only been around for over a year, I'd say that Firefox is 'twice' as secure as Internet Explorer.

Firefox has many features like tabbed browsing and RSS feed capability which are very useful for someone working in fast paced marketing environment.

There are many extensions (corresponding to IE plugins) available for Firefox, one of them is 'View this page in IE', to be used if the designers of a particular website only support proprietary HTML. I use the HTML Validator extension frequently when updating my web pages

You can find the extensions at https://addons.mozilla.org/extensions/?application=firefox

Scott Lowe's article "Deploy Firefox to all Windows computers in your enterprise with FFDeploy" was published in March in the TechProGuild forum. It shows how to use FFDeploy, available from firefox.dbltree.com to package a standard Firefox installation on a staging machine and make it ready for subsequent deployment.

Collapse -

by Tink56 In reply to

Poster rated this answer.

Collapse -

by stress junkie In reply to Firefox security issues

The issue, as I see it, is software configuration management. The other posters have talked about the merits of Firefox. While I agree with them they have not touched on the issue of managing the software that runs on your systems.

It is important to limit the number of different applications that run in the business environment. Each new application that is allowed to become an integral business tool requires some time to support. Since your shop keeps you busy already you don't have the time to add applications that you have to support when you already have an approved and deployed application that does the same job. If they say that they will support FF themselves reply that you must keep software support in your court.

Although I don't like IE the issue of having one application per function is important. You don't want to end up supporting three or four brands of browsers, two brands of word processors, three brands of email client, et. al. Effective software configuration management will help you to do your job well while wasting the least amount of time keeping up with patches, bugs, workarounds, etc.

Collapse -

by stress junkie In reply to

I wish we could edit our posts here. When I said "wasting time" I meant that you will spend more time doing support when you have more applications. Therefore if you have two applications that perform the same function then the time spent supporting the second application is wasted.

Collapse -

by Tink56 In reply to

Poster rated this answer.

Collapse -

by B_Pope In reply to Firefox security issues

I would agree with sticking with IE, my own personal experience with Firefox is mixed. I enjoy the browser & all the extra features you can add with the enormous amount of available extensions, but I still find it to be a very buggy & resource hungry application.

It easily consumes three times the memory of IE in a very short time, which isn't a big issue in a single user enviroment. I find Firefox typically hits 150MB of memory usage within 15 to 30 minutes of use & after almost a hour can reach between 200MB to 300MB even when mostly idle. It does this on all 5 of my PC's so it's not simply a configuration problem, it's a well documented Firefox problem. Having a application that can eat such large amounts of RAM per user in a multi-user enviroment can really hinder your operation fast.

Read the Sept 16 2005 article at this link regarding security of Firefox & browse through the other articles to get a feel for Firefox
http://slashdot.org/search.pl?topic=154

There is another option to using Firefox for IE users & that's Foxie, check it out.
http://www.getfoxie.com/

Collapse -

by Tink56 In reply to

Poster rated this answer.

Back to Security Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums