Educause Security Discussion mailing list archives
Re: Browsers and OS's
From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Tue, 4 Oct 2005 21:03:24 -0400
All- Just as a point of information; the upcoming Firefox 1.5 (now in Beta 1 status and available for testing) supposedly has a MUCH improved auto-update mechanism. Not only is the notification itself more prominent to the user, but that actual update process only downloads the pieces of the application that need updating - it's not a full re-install of the entire application as is done currently. Regarding Microsoft's integration of Internet Explorer as a "feature" of the OS, this is a very very BAD decision from a security perspective. The reason IE flaws are often so catastrophic is precisely because of this deep embedding of the browser into the OS. And if I may jump on the soapbox for a moment: Microsoft's decision to "integrate" IE into the OS a number of years back was based not on any technical merit, but rather as a way to force customers to use IE instead of Netscape. In federal court (with a straight face) they claimed that IE was not a stand alone application but rather a core feature of the Windows OS. They said this even though IE was available on retail shelves as a stand alone shrink-wrapped application for both Windows 95/98 and MacOS. I guess perjury is OK when you're a multi-billionaire MS executive ;-) BTW, Montclair State supports Firefox and Thunderbird as our officially supported browser and email apps, though all web/email services we provide to our users will work with any standards compliant email/web application. -- Jeff Giacobbe Director of Systems, Security, Networking Montclair State University Jeni Li wrote:
My experience with Firefox update notification has been pretty spotty too. It tells me updates are available when I've already applied the updates; it tries to download theme/plug-in updates and fails; it tosses up messages that an end user might find confusing. I prefer Firefox hands-down for every situation except those few obnoxious IE-only sites -- two words, AdBlock and RIP -- but if keeping it updated on non-technical end users' systems is the goal, not so much. Unless maybe you're in an environment where you can push out software updates using GPO or something.-----Original Message----- From: Jason Richardson [mailto:A00JER2 () WPO CSO NIU EDU] Sent: Tuesday, October 04, 2005 12:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Browsers and OS's That is incorrect, I see a message roll up from the bottom right hand side of the browser window notifying me that updates are available. Then I click on the red icon in the upper right hand corner to download and apply the updates. I am running the latest ver. (1.0.7) but it has done that for several versions now. --- Jason Richardson Manager, IT Security and Client Development Enterprise Systems Support Northern Illinois Universitylbrooks () CS FSU EDU 10/4/2005 10:29:39 AM >>>The only notification that Firefox gives that it needs to be updated is a red icon in the upper right hand corner of the tool bar. It is easy to miss. In fact I usually will miss it unless I have seen a notification for updates on one of the security mailing lists. Louis Brooks SAIT Labs Florida State University -----Original Message----- From: Stephen W. Bradley [mailto:bradlesw () MUOHIO EDU] Sent: Tuesday, October 04, 2005 11:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Browsers and OS's Firefox has the option to periodically check for updates. I have personally never seen it work but it is under: Tools Advanced Software-update. I leave mine checked all the time. steve -----Original Message----- From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] Sent: Tuesday, October 04, 2005 10:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Browsers and OS's Folks, Hello. I would welcome feedback/insight on an issue we are discussing. It relates to browser world and *potential* security concerns. In a nutshell, there is a belief that a browser tied to an OS (IE for Windows, Safari for MacOS) allow for better security because of the ability through the OS to let the users (a) know when there is an update to the browser and (b) assist with the download/ install. The challenges is that we also want to use Firefox for a variety of purposes and there doesn't appear to be a way (on Firefox for any OS) to have similar functionality. So, the **real** concern is someone downloads Firefox and is using it. Then after time new versions come out, the end user doesn't (a) know about it and (b) doesn't actually do the upgrade and then we have a potential security hole. Firefox for "techies" isn't the concern, it is the use by the common person that has some concerned. Has anyone else on other campuses talked about this and have insight as to how you have or have not addressed the issue. Are there ways/ systems out there to aid in this process? Thanks, ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________
Current thread:
- Re: Browsers and OS's, (continued)
- Re: Browsers and OS's Louis Brooks (Oct 04)
- Re: Browsers and OS's Jason Richardson (Oct 04)
- Re: Browsers and OS's Louis Brooks (Oct 04)
- Re: Browsers and OS's Eric Brewer (Oct 04)
- Re: Browsers and OS's Joe St Sauver (Oct 04)
- Re: Browsers and OS's Justin Sipher (Oct 04)
- Re: Browsers and OS's Jason Richardson (Oct 04)
- Re: Browsers and OS's Jeni Li (Oct 04)
- Re: Browsers and OS's Harrold Ahole (Oct 04)
- Re: Browsers and OS's Valdis Kletnieks (Oct 04)
- Re: Browsers and OS's Jeff Giacobbe (Oct 04)
- Re: Browsers and OS's Shalla, Kevin (Oct 04)
- Re: Browsers and OS's Valdis Kletnieks (Oct 04)
- Re: Browsers and OS's Matt Kirchhoff (Oct 06)