Skip to main content

DrupalCon San Francisco 2010

Headaches from security updates for Firefox and Thunderbird

By Bryan - Posted on 31 August 2006

Sigh...another round of security updates coming from the folks at Mozilla. It looks like version 1.5.0.7 will be at our doorsteps soon.  Now at home, updating Firefox and Thunderbird on the Windows PC is a snap since it is all automatic. However, updating in a secure enterprise environment is a different matter.

In most enterprises, most users don't have administrative privileges and without those rights Firefox and Thunderbird in most cases will not auto install the new version. What would really help is if Mozilla would provide their software in a MSI package. Until MSI packages are provided by Mozilla, it is difficult for me to accept Firefox and Thunderbird as "enterprise software". In a Windows Server 2003 environment, MSI packages are a must for easy deployment, management, and auditing.

There have been some in the Mozilla community that have pushed for official MSI releases, but it always appear to me to be an uphill battle. It has been my experience that too many in the open source community don't fully understand the needs for organizations to have full control of which version of the software are on their systems. Often, open source communities underestimate the degree of paranoia in large organizations and the extent of controls that are in place. Depending on your network configuration, installing software without MSI can make it a long and tedious day for the network administrator.

I applaud those in the open source community that have released their own MSI packages to the public. I especially would like to call attention to MIT's efforts through the Open Source MSI Repository at Sourceforge. The only problem is that it can take some time before their contributions of the MSI packages for the latest version of software are posted online. By that time, I have usually spent my morning making my own packages for office deployment. However, the MIT group lately seem to be doing a better job posting the updates in a timely manner...so maybe their services is something I can start to rely on in the near future.

This is not to say, that I don't like Firefox and Thunderbird. On the contrary I'm a big promoter of the software. In fact, my organization uses Thunderbird as its "official" email client and I've made sure all my users have Firefox available on the Windows desktop.

I also acknowledge and agree with posts in the Mozilla community which say such things as "security releases are what make Firefox and Thunderbird great products! Our work together helps to keep our users up to date and safe". Yes, I would rather have the opportunity to install secure software than no software on my network. It's just that I wish from a network administrator's point of view...I wish there was something in it for me. Selfish I know, but you see I have a headache.

 

Comments

#1 IE beats Firefox in Enterprise

Anonymous's picture
Submitted by Anonymous (not verified) on August 31, 2006 - 5:31pm.
I think with all the potential deployment issues, a large organization is crazy to deploy Firefox or Thunderbird on their WAN. It seems to me that you are using Firefox instead of IE to satisfy your personal interest in open source and not what really is best for your organization. I'm not saying IE is better than Firefox in features. What I am saying is that from an IT manager's point of view...if you can't control it, you shouldn't install it.

#2 For the time being, Firefox is consumer software

Asa Dotzler's picture
Submitted by Asa Dotzler (not verified) on September 1, 2006 - 11:21pm.
We fully understand and appreciate that the enterprise has quite different needs than the traditional consumer. Unfortunately, we don't have the resources to tackle the enterprise right now. There is little doubt in my mind that as a product Firefox is simply better for most users, including enterprise users. But, like I said, we can't cover those not-product pieces that are really required to achieve significant enterprise adoption. I think there's a huge opening here for some third party to come along and fill this need. Let's hope that happens soon. - A

#3 I understand

Bryan's picture
Submitted by Bryan on September 3, 2006 - 9:09am.

Asa, for a long time Rafael Ebron championed the need for MSI packages and enterprise support if open source communities wanted their products to be more accepted by big business. Unfortunately, some of his early posts have been dropped (he's changed his blogging application a couple times) and one of his latest posts on the subject falls in line with the Mozilla company line and your own comments. Who got to him and changed his mind?

I understand...no single group can meet the needs of all. I also understand your position, and better yet know you understand my position. I think however Mozilla did miss some opportunities. At one time, many businesses used Netscape as their "official" browser and email client, but eventually had to retreat back to IE and Outlook when Mozilla products were just for consumers. I myself was excited at one time when the nightlies were offering MSI packages for Firefox and Thunderbird...but eventually those were dropped too.

Ironically, my organization uses Thunderbird as our "official" e-mail client and IE as our "official" browser. Our calendar software is Oracle Calendar. All these disjointed products are a real mess to manage and their lack of integration is hard for me to call an enterprise solution. It is a mess we created (nothing to do with Mozilla's fine products) and a mess that we're now trying to fix.

I do what I can do to make sure Firefox is installed on the PCs under my control. I'm also hoping a "third-party" application we plan to use to deploy software and patch software will also allow us to manage Firefox/Thunderbird more easily on our network. I've found that many using Firefox to connect to our CMS...actually work faster. There are benefits to the software! Let's just say while I have a headache...it's an ache I'm willing to deal with.

Before I close, I'm using Firefox 2 Beta 2 as I write this. Not a single crash yet. Sweet...

#4 changes

Asa Dotzler's picture
Submitted by Asa Dotzler (not verified) on September 4, 2006 - 12:10pm.
Yeah, there was a time when several of the individuals at Mozilla (myself included) were advocating a more serious effort to target the enterprise. In the years since the launch of Firefox 1, we've actually done a lot to organize and nail down our planning so that it's not just a bunch of individuals going after their particular targets. As a result of that, we've agreed to consolidat our efforts around consumers. We're an organization of about 60 people and we've already got an installed base of more than a million times that number -- the overwhelming majority of that in the consumer space. It takes considerably more resources than we have just to take good care of the current installed base and enterprise customers are even more resource intensive to support. As I've said before, I think there's a great opportunity for a third party to take up this challenge --- not only in terms of spreading Firefox to a whole new class of users, but also, I'd imagine, a lucrative financial opportunity. I'm glad you're having a good experience with the Firefox 2 beta. We're very excited about this upcoming release. - A

#5 Why cater to business?

Anonymous's picture
Submitted by Anonymous (not verified) on September 6, 2006 - 12:46pm.
I don't know why Mozilla should even cater to business needs. It seems to me that companies have the money to buy their own propriety stuff. Why should the open source community, including Mozilla, worry about business using open source products?

#6 Why not be pro-business?

John's picture
Submitted by John (not verified) on September 7, 2006 - 9:25am.
Perhaps open source projects cater to business because business contribute back and also cater to open source. That includes small and large businesses. That Linux kernel and even that Firefox browser you may be using didn't happen on its own without some backing from business. If you think it did...you're fooling yourself.
Bryan's picture

About this CMS Enthusiast

Bryan Ruby is the owner and editor for CMS Report. He founded CMSReport.com in 2006 on the belief that information technologists, website owners, and web developers desired visiting sites where they could learn about content management systems without the sales pitch. Outside of his late night blogging hours, he is the Information Technology Officer for a field office in the federal government.