Some time ago, I wrote an article where I compared the capabilities of Firefox with Internet Explorer in a corporate environment. My conclusion was that Firefox is no rival to IE in this field. I planned to check the situation again after Firefox 2.0 and IE7 came out, but a NetworkWorld article convinced me that it is not worth the time. It seems that the situation is pretty much the same.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Firefox 2.0 still lacks a couple of essential features that are important for corporate use. In short:
- There is no central management (no Active Directory, i.e., no Group Policy support).
- There is no centralized patch management similar to Windows Server Update Service (WSUS).
- Firefox 2.0 does not provide official support for MSI packages.
- Many Web applications are designed for IE and don't work with Firefox. (Firefox does not have ActiveX support, etc.)
- IE is part of the OS and doesn't have to be deployed, making it hard to justify the extra costs of deploying Firefox.
- Many desktop apps depend on the IE rendering engine, so you often have to support IE anyway. Why would you want to manage a second browser in your network, anyway?
Of course, you can get third-party tools to supply some of the missing features in Firefox. However, you won't get all of them and you won't get the same ease-of-use as with IE. Moreover, you can never be sure that these tools will still work when a new Firefox version comes out since the Firefox team does not officially support them. Check how many of your old plug-ins still work with Firefox 2.0 and you will know what I am talking about.
Subscribe to 4sysops newsletter!
Personally, I prefer Firefox 2.0 to IE7. Most of my system administrators would agree. Even so, nobody has ever suggested replacing IE with Firefox in our network.
I use FrontMotion Firefox throughout our laptop and desktop system
Software is initially and updates deployed via. Active Directory using MSI’s built by FrontMotion (which is now signed with Microsoft Authenticode)
Firefox is then locked down via. 2x ADM files in Active Directory. We currently lock down various settings – most important is PAC script which automatically configures proxy…
Thirdly – the bookmarks.html file is re-directed to their homedrive so it roams with them!
It is the default browser at the school I am the I.T. Administrator at and only have had one or two cases where a webpage won’t display correctly. With the version 2 update being installed shortly – this will help users in many ways…
Murray, how many PCs do you have in your organisation? Do you think it was worth the extra efforts?
Hi Michael – I currently run 60 desktops plus 10-odd laptops. Mozilla is automatically deployed on all of these computers. Once it is setup (on the server) and tested it works brilliant! And because Mozilla is the default browser, most people here use Mozilla and with the latest IE security issues (critical ones) – it makes sense!
Its very stable, reliable and fast 🙂
Okay, with 70 computers the extra efforts are limited. I doubt, however, that Firefox 2.0 is more secure than IE7.
At the University of Bergen, Norway where I used to work Firefox 2.0 is the preffered webbrowser throughout the network. The site caters in excess of 20 000 users clients and all installations are managed from a single IT department. They package and deploy Firefox themselves much like FrontMotion does. This is the largest single Firefox deployment I know of.
1- As mentioned by Michael, there are third party tools.
2- There’s NO centralized updater for IE native to AD; you separately set up a WSUS server. Which is no different from setting up a third party patch server to update Firefox.
3- There is no MSI for IE7. Which means IE7 needs to be deployed with another mechanism like IEAK or WSUS. Unless of course all your machines update directly from Microsoft.
4- Matter of opinion. The vast majority of mainstream sites work just fine with Firefox.
5- IE7 is not part of XP so it still has to be deployed. Maybe IE6 didn’t have to be distributed, but it’s easy enough to put Firefox on the image so it didn’t have to be deployed either.
6- It takes about 10 minutes to prepare Firefox to be deployed. It takes an hour to prepare GP to control Firefox. It takes a few mouse clicks to deploy it to tens of thousands of machines. On the back end, it really takes a minimal amount of time.
IE7, being “part” of the operating system, needs much more testing before being deployed, anything that calls the IE rendering engine has to be tested for compatibility. Not to mention every web site needs to be tested for compatibility to ensure those ActiveX scripts work. IE7 requires IEAK or WSUS to deploy, which is additional overhead.
And really, if it were my decision on what apps to support, everyone would be running BSD and creating documents in ee. That would make my life much, much easier. But IT doesn’t generate revenue, my users do that. So my job is to make their lives easier, to give them the apps that make their jobs easier. Whether I want to support multiple apps isn’t my decision.
Hi Ta,
I disagree with some of your arguments:
>2 – It is very different to set up a third party patch server to update Firefox. You can patch IE the same way as you patch Windows. This means that you get your patches from Windows Update. If you have Firefox in your network, you have to invest extra time to get it patched, too. Besides, WSUS is for free and can use AD. Professional third party patch management solutions usually cost money and often don’t use AD.
>3 You don’t need a MSI for IE7 because it is a Windows update. But you need a MSI for Firefox, because Firefox is not a part of Windows. Therefore, deploying Firefox costs extra money.
>5 IE 7 is a part of Windows XP. That’s why you can get it through Windows Update. Basically, IE7 is a Windows patch. You have to update Windows with IE7, even if you have Firefox. If you don’t do that, it becomes a security risk.
>6. If you are trained in software deployment you might be able to deploy Firefox in a network with 10 computers in 10 minutes. In larger networks software deployment is a complicated issue. Usually, you have to spend a lot of extra money if you want to deploy Firefox in a large network. I seriously doubt that it is worth the money since I don’t see any big difference between IE and Firefox.
Firefox notifies the user when a patch is available and can even be set up to automatically install the patch and prompt the user to restart the browser when finished. How much simpler can it possibly be?
As for Firefox costing money to deploy… Last I checked, it was a free download. You don’t have to pay for it. There’s no cost involved.
Internet Explorer automatically executes ActiveX code on web pages that use it. Or it prompts the user to make a decision, explaining that the page won’t be displayed correctly without the execution of said code. This is a bad thing. Firefox doesn’t execute ActiveX at all, and therefore protects the user (and the network) from potentially nasty code on a visited site. I don’t see how automatic execution of code is a good thing, especially when the average user doesn’t know the difference between legitimate code and a trojan that automatically downloads and executes off a porn site.
The fact that IE is part of the operating system is largely irrelevant. Integrating an application that contacts foreign systems that tightly with the operating system is brain-dead stupid and only invites a plethora of problems. Firefox, by being separate from the OS, isolates you from the sort of problem that can arise from the integration of browsers. Plus, using Firefox to the exclusion of IE avoids all the security flaws inherent in the Microsoft browser. yes, it opens doors to security flaws inherent in Firefox, but those are generally fewer and less serious due to the lack of integration into the OS.
Firefox takes less than 5 minutes to install per PC. You’d be lucky to get the IE7 update up and running in under 30 minutes. The damned thing is so invasive. It changes everything.
Sure… You could argue that a good firewall will block any of the stuff that makes IE such a crappy program, and that most companies have good firewalls in place. But why would anyone rely on that as their only line of defense? Isn’t it better to have a good firewall in place, in addition to the added security of a good, properly designed browser?
Wile the arguments on deploying and managing IE vs Firefox in a corporate set up are true and important I don’t believe you give enough weight to the argument about security issues with IE. In brief they are
1) ActiveX
2) IE is “part of the O/S”
see http://www.theinquirer.net/default.aspx?article=38419 for a more expansive explanation.
This is not to say Firefox is perfectly secure or the “final answer”, but using a different browser as the default goes a long way given the above two problems & the state of the web.
Hugh, I just can tell you about my experiences. When it comes to security, it is relatively unimportant if software has vulnerabilities or not. The only interesting question is, how big is the probability that someone will make use of a certain vulnerabilty. Journalists and so-called security experts often tend to neglect the latter. Take your own body as an example. It is very vulnerable. But as long as you are not on a battle field, you don’t have to worry about it. If you want to know how dangerous a certain IE vulnerability is, you have to know first how many Web sites exploit it. Otherwise, it isn’t even worth talking about it.
You are all missing the point…
Sometime you just need firefox. I work in a organisation where we have some 2K boxes, some XP (dont ask the windows admin is a bit shabby!!) and we need tabbed browsing for one of our in house engineering systems. IE7 doesn’t work on 2K and lets face it, its rubbish anyway…
Thats the point, IE 7 is crud. Iv heard people say they did an ok job but i think its terrible…
is it an option to use the portable firefox in a network? This version can easily be updated. Why is this not an option so far?
My understanding was that the portable Firefox runs totally seperate from the OS and doesn’t look at any registry settings you may have specified from example Group Policy.
So in my environment I have implemented software restrictions on all computers for removable devices so no-one can run any Portable Apps – or else they can bypass any lockdown settings and therefore bypass our ISA proxy.
We used wpkg at the last place I worked as a systems administrator to deploy applications across the network via AD scripts. Firefox didn’t require an MSI at all for deployment
http://wpkg.org/Firefox
I agree entirely. Firefox 3.x is now released but it doesn’t target the corporate environment at all.
The main problem is it runs in a user context however this makes updates impossible in a lockdown environment where users do not have permissions to to install software on the PC.
The software also generates a random folder name to store it’s settings, this makes writing any script to control setings a problem.
There is no MSI package meaning I have to rely on Frontmotion to package the software. While it’s great they are there and doing this they have no obligation to continue.
They also supply the ADM files to manage the software through group policy, this had no effect for me at all.
I have nothing against Firefox as it does have advantages over IE, however it just isn’t developed with businesses in mind.
I think in corporate setting it comes down to few important things for IT department:
1. Why should they take headache of introducing new application when existing application does its job. If IE has vulnerabilities which results into secutiry breach, they can save their a** by saying that it is MS fault (not theirs). Whereas if they introduce Firefox and it fails for some reason, they cannot save themselves.
2. Firefox runs as separate application from Operating system and allows hundreds of extensions, which makes it difficult for them to monitor. Most of security analysts in IT service desk are control freak, they want to control every aspect of their desktop including browser settings. They think every staff in their organisation is idiot, IT-illiterate and shares vital information to other organisations; which are all untrue.
3. Most of organisations developed web applications in 90s which were designed to work with IE. They had to invest 10% more effort to make their code cross browser compatible which they decided not to do; and hence they are all locked down into IE. This scenario results into incompatibility for non-IE browsers. Adding additional effort for IT departments; which they rightly dont want to do!
I started using Firefox since its initial days because I was tired of viruses and automated scripts coming through webpages through IE web browser. Activex was worst culprit. Once I started using firefox; I eliminated virus and other attacks altogether without additional investment.
FYI: I worked in IT industry for 13 years; mainly developing & delivering software and web applications.