Re: Browsers and OS's

["Shalla, Kevin" <kshalla () UIC EDU>]

How about using Active Directory and Group Policy to force installation of
new versions of Firefox?  Then only the administrator has to notice the
upgrade, download the software, and set up the policy and software
package.

On Tue, October 4, 2005 10:25 am, Louis Brooks said:
> Firefox allows for notification of when new updates are available and will
> down load and install the updates with some prompting by the user. It will
> not force users to install and updates though like Windows automatic
> update,
> so user interaction is still required.
>
> The integration with the OS of IE is one of the roots of its security
> problems over the years. Having said that, the use of Firefox is not a
> security panacea. As the use of Firefox reaches critical mass, more and
> more
> vulnerabilities are being reported for the product. I think I remember
> seeing a report that more security flaws have been discovered in the past
> six months for Firefox than IE.
>
> I use Firefox myself, but more because I like the product than for
> security
> issues.
>
> Thanks,
>
> Louis Brooks
> SAIT Labs
> Florida State University
>
>
> -----Original Message-----
> From: Justin Sipher [mailto:jsipher () SKIDMORE EDU]
> Sent: Tuesday, October 04, 2005 10:49 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Browsers and OS's
>
> Folks,
>
> Hello.  I would welcome feedback/insight on an issue we are
> discussing.  It relates to browser world and *potential* security
> concerns.  In a nutshell, there is a belief that a browser tied to an
> OS (IE for Windows, Safari for MacOS) allow for better security
> because of the ability through the OS to let the users  (a) know when
> there is an update to the browser and (b) assist with the download/
> install.  The challenges is that we also want to use Firefox for a
> variety of purposes and there doesn't appear to be a way (on Firefox
> for any OS) to have similar functionality.  So, the **real** concern
> is someone downloads Firefox and is using it.  Then after time new
> versions come out, the end user doesn't (a) know about it and (b)
> doesn't actually do the upgrade and then we have a potential security
> hole.  Firefox for "techies" isn't the concern, it is the use by the
> common person that has some concerned.
>
> Has anyone else on other campuses talked about this and have insight
> as to how you have or have not addressed the issue.  Are there ways/
> systems out there to aid in this process?
>
> Thanks,
> ...Justin
>
> _______________________________________________________
>    Justin Sipher
>    Chief Technology Officer
>    Skidmore College
>    Saratoga Springs, NY
>    jsipher () skidmore edu
>    518-580-5909
> _______________________________________________________