The US State Department is quite clearly fed up with not being able to use Firefox. One of its staffers asked (causing applause) Secretary of State Hillary Clinton why they were not allowed to use Firefox. Clinton did not know the answer right away herself, but under secretary Kennedy explained that while Firefox is free, it still comes with a price. However, the goal is indeed to allow the State Department to use Firefox. More here.
The safest possible combination is:
1. Microsoft Windows
2. Microsoft Internet Explorer
3. Microsoft Office
All branches of government have determined these programs to be the safest, and certainly the cheapest combination for a secure, stable networked environment.
We are a funny bunch in America, no?
…also the cheapest possible combination! Free software is far too expsensive for the government.[sarcasm]
Furthermore, this combination is mandatory for every installation, especially within the educational system. Pupils should learn very early how the cheapest and most secure and stable networked environment feels like.
Finally, it’s worth mentioning that nothing except the things on the list given above do exist, so there’s no choice. Rule that applies: (a) We have always done it that way. (b) We have never done it that way. (c) Then anybody could come. – Yes, I know, it loses in the translation. 🙂
Same here in Germany, funny bunch. For example, schools are forced (!) to run such kinds of setups, and they are common in administration and industry. This makes it easy, as the past has shown, for attackers to conquer a whole corporate network for industry espionage.
Be goodthinker. Unuse Firefox. Firefox unprogram and nonexist.
In my opinion, using Firefox – or at least allowing the use of it – would be a neccessary step into the right direction,
For example, schools are forced (!) to run such kinds of setups
This is because Microsoft is giving stuff away for ‘free’. So people should use it, right ?
If I give you some dynamite for free, will you use it, either for your own pleasure or another one’s? 🙂
Yes, I know, stupid comment. In Germany, there are “advisors” from MICROS~1 who spend their time argumenting why “Windows” is the only existing solution for every problem. They are doing this especially in the administration sector where the rules are made for the “lower ranks”. For example, if you use “Windows” for a social carrier of professional education, you are funded by the government. If you don’t, you get nothing. Read: You don’t get the money for “Windows”, no, you get much more! For example, whole classrooms full of PCs. But only if you don’t run software on them that don’t exist. The programs that you will have to use for teaching are determined. Usually, we’re talking about outdated versions of “Office”, as well as of “Windows”.
The biggest problem in such settings comes from Pavlow’s excellent conditioning of the decision carriers: Because “Windows” is known for administrating itself and doing everything automatically by itself, there’s no need for an educated administrator. Most schools’ IT infrastructures are quite catastrophic. Remember: You get money for PCs, but you don’t get money for a sysadmin. Sysadmin is too expensive, and, as we all know, completely useless. 🙂
By the way, situation outside education (in industry, in government, at universities) often is much better. I don’t want to give you the impression that all German decision carriers are headless chicken, but… =^_^=
Wouldn’t say they are *headless” chickens, I would say they are *spineless*, very head-aware chickens. Head-aware in the sense that they will hack each others heads off, if one of them deviates from the established norm. ;-P
For a convicted Monopolist Microsoft sure gets the first seat on the Government Bus.
Author is pretty clueless about IT security:
Sure. Rather than restrict access for everyone—ensuring that nobody ever learns which programs are genuinely bad news and which are blocked just for convenience’s sake—they can educate workers about how to use their computers.
Allowing government or corporate workers to install their own software is foolish. They are there to do a job, not install random software off the web that might include backdoors. Like it or not IE8 + Group policy gets the job done. Alternative browsers make more sense in the consumer sphere.
True, because with IE the workers don’t have to install software to get the back doors on their computers ;-))
Tell me, why should a standard IE setup make more sense than a standard Firefox setup? Surely not for productivity..
Yes because all those can be easily updated thru WSUS. Firefox in other hand can’t. There is no way to update Firefox in huge corporations, unless you package every patch which ofc costs money. And if you say Firefox has internal update method I won’t bother answering.
So what about all those thousands of *OTHER* non-Microsoft programs that can be WSUS updated? I seem to recall that they can be easily packaged… and rolled out. In fact, I just worked on a corporate rollout of Adobe products and some kind of “Oracle” product… that you know… is some kind of small Enterprise Resource system. Also included was something stupid called “Groupwise”… oh along with about 40 other packages that were all updated to current revs.
Took us about 5 hours to finalize the changes and set them to roll in the wee hours of the morning.
So, what is this “Can’t be deployed via WSUS” comment? I need more words to understand your conceptual misinformation better.
The costing money part is no excuse, as it really only takes a few minutes to set up a new firefox installation through group policy. Is simple to pop the software onto the server, set a policy to install it on all computers, and off they go. Yes, that is how I have done it so I know it works.
That’s an inherent limitation of windows rather than firefox…
MS don’t make it easy to support third party software, unlike most linux package managers that make it trivial to add third party package repositories (and also include a much wider array of apps in the default repositories).
The fact they don’t may well be an anti competitive or monopolistic method to try and limit the spread of third party software, but it also harms paying customers because there will be very few customers who don’t need at least some third party apps (why do you think exploit writers target flash and acrobat these days – companies never update them but almost always have them installed).
Most linux distros have the firefox update feature disabled, because it simply isn’t needed, your OS should take care of updates centrally. The feature exists for windows and mac desktop users, where the OS lacks an update feature that third party apps can hook into.
Things like Firefox should definitely be allowed. The article makes it sound as if IT actually makes the decisions on how people should work, and the software they are allowed to have. Having worked in IT for 14 years I can be sure that is not the case.
The way any IT department is I have worked in, is the department manager makes the call on what the people in that department need to work, and then IT makes it available. Maybe it is different in bigger companies, though that would seem counter productive in a huge way.
On another note, the author actually thinks that socialization sites like facebook and twitter can improve productivity. Those sites are major time wasters, nothing more. I can see the twitter feed now:
Bob tweets “I am getting a cup of coffee now”
Jillian tweets “I am making some copies”
Dave says “I’ll get you the report later, when I am done here. I am busy playing Mobsters on facebook, and I just found out I have a hit on me.”
Yeah..that would be productive…..
True, I know one place where the workers are always posting on sites like OSNews.com. Major waster of productivity, if you ask me.
That would be another waste of time if the person was at work. When they are currently looking for work, and not employed, then not so much a waster of productivity.
Must be your own place of employment?
Uhm, Yes? I’m pretty sure there’s nothing about dating sites that increases productivity at work.
Nooooo REALLY!??! Seriously, wtf? Now, we actually allow this for many employees but I can certainly see why a company would not.
Then that person simply isn’t a good manager.
Disclaimer: I am an IT Manager.
This is a trick to get permission from your IT department to install anything on your work desktop:
1) Send e-mails to your IT department to ask them to solve bugs and missing feature in any of the software they force you to use. Explain why these bugs and missing features cause you to lose much time.
2) Your IT department does not expect such questions from you and they will feel bad they can’t help you to solve bugs/missing features in the proprietary software.
3) As an alternative way to help you (and because they don’t want your questions), they will finally suggest you to Google for a solution.
4) This suggestion is a wildcard for you to install any alternative software you prefer, especially if they wrote this in an email reply! B-)
5) If anybody would complain, you can point them to the email with the “Google for a solution permission” from the IT department. Also, the IT department will not bother you, because you always can point people to the multiple emails about problems with which the IT department could not help you…it will look like IT people did not do their job. Hence, they will not bother you B-)
Installed on my desktop (so far):
* Freemind
* VMWare with Ubuntu (I tried Portable Ubuntu before)
* Firefox
* Google Desktop
* Xobni Outlook plugin
* WinMerge
* some other small utilities
TODO: find a reliable Exchange-compatible email client and install a multiboot environment with Linux!
Their are people working on it:
http://lwn.net/Articles/234642/
http://www.openchange.org/
Gnome Evolution Plugin:
The plugin is expected to be code complete and included in Gnome 2.26.
It seems that article was written by a crack-smoking securi-dunce.
He would be responsible for many many Sysadmin suicides if he got his way.
I’ve been both a luser and an admin, and I can see both sides of this. I’m all for a little give and take; if I feel that IT is doing what they do for good reason, and is otherwise trying to get the most out of our computing environment, I can live with some restrictions (compared to, say, my home machine).
Unfortunately, that is not currently the case where I work. Our LAN is often slower than my DSL at home. There was more time and effort spent on advertising a new, crappy service request portal (can you say “Vista”?) than there has been fixing the bogus installer popups for applications that occur when you run other, totally unrelated apps. They are constantly mucking around with the servers or the network, breaking things without telling anyone. I hardly feel I’m getting anything in return for my tolerance of the aforementioned restrictions.
So I keep my PortableApps.com-filled USB stick with me, and run Firefox.
I AM the IT guy. With 30 windows computers, and a bunch of non techy people, I do not want them running what ever they want. Even the people that do have admin rights I still have to watch over, they know better, but they still install crap.
Yes it does make my job easier in the long run, but at the same time it keeps the company safe, and keeps the amount of man hours lost down. If someone installs something that messes up Windows, there down a computer, and I get to spend the next few hours dealing with it. Which takes time away from my major projects.
As far as blocking websites, opendns. And if I need to add something to the white list, its very easy.
Firefox is a must at my work. One of the first things I did when I was hired. Along with WSUS and Symantec Endpoint Protection.
The main issues that I have with non Microsoft software, is updating, firefox,adobe,ect from a central point. And not all computers are on a domain. Even then, you really don’t know whats install and at what version.
Yes, updating non MS software running on an MS OS is a huge pain, and one of the biggest problems many companies have…
MS don’t make it easy, possibly they do so intentionally to force you into using their products, only they don’t make everything most places need.
If you do want to keep everything updated, you end up having to buy expensive third party products for doing so, and spending a lot of time keeping them running. Contrast that with most modern distributions of Linux, where keeping a wide array of software up to date is both simple and free.
I was a system admin at an organisation with 300 people and it was Mac from top to bottom; I’m always surprised to see how people have the ability to stuff things up so badly. Security, for example, every computer had a normal restricted user and an admin account. Everything is stored directly on the server and not the computer; restoring the system is just a matter of netrestore and 40 minutes later the client computer is back to life.
I’m no computer expert but it amazes me how I see admins unable to implement some basic common sense – they either swing from being the hitler of the organisation or they’re completely clueless to the point that technically savvy people in the organisation are able to run rings around the IT Admin.
It does, however, go back to what I’ve said and maintained – there are alot of people in IT who shouldn’t be in IT.
Some reasons come to my mind right now :
* firefox does not integrate well with domain but ie does, no *easy* way from the DC to install, configure (homepages for exemples), modify (favorites for exemple), uninstall firefox.
* IT guys are too lazy to configure individually 300 computers and too paranoid to let the users do it
Unless of course you use a version of Firefox that supports group policy.
It’s pretty funny seeing an inline Jack Daniels commercial right after the bit about “The restrictions foster resentment, reduce morale (etc. etc.)”.
At my university it depends on what faculty you’re at. The library and Maths/Informatics have Firefox, most others don’t.
But that’s (mostly) the plan once school’s finished for me. I could absolutely see the rationale behind restricting work computers; however, I will tell you that at the store that I currently worked at, we played around with doing network restores over a gigabit setup, and I can tell you that with that capability, I could definitely see myself letting things roam a little freer on my network. Obviously, I’d have certain components of the OS I wouldn’t let users touch (AV/update/system settings, mainly) but when you can restore a system in ~10-15 minutes, it’s almost not worth it to lock down every damn thing.
The author makes a valid point; people who are more comfortable with their environment work better (subconsciously or not.) Part of this environment is their computer, and I do think that letting them have a bit of control over their comp setup is allowable. I would, of course, tell them when they first arrived that, in essence, “Hey, if you f**k this thing up at all, it gets erased & reloaded, no questions asked. Personal items and everything.”