Their reasoning: Passwords are stored unencrypted unless there is a master password. IE stores passwords encrypted (linked to user logon). While that doesn’t increase security (anybody logged on to the system incuding a trojan horse) can read stored passwords as evidenced by many tools out there, it looks more secure to our IT department (at a 10000+ company).

Would be great if FF had an option to additionally encrypt passwords with the same mechanism IE uses.

THanks

Mozilla Firefox proxy management is flawed by lots of bugs and since proxies and authentication are standard practices in Corporate IT, this browser is still considered “unprofessional” by IT Admins.

Lack of easy deployment (read: MSI), managed update mechanism (perhaps via MSI/MSP?), and easy control mechanisms (read: AD, or at least a template that can be released when installed) are the key reasons I can’t advocate installing Firefox on a large scale (i.e. nearly 1000 computers). I have been greatly disappointed in Mozilla’s complete disinterest on this front, and embarrassed when I’ve said that MSIs are going to be ‘in the next release’ (first promised for 1.5, then 2.0, then ignored completely for 3.0).

Frankly, Internet Explorer is *more* secure than Firefox in terms of ‘Enterprise’ insofar as I can guarantee patching in a very timely manner via WSUS.

To everyone who suggests “Oh, just do this…” — please try it on a large scale, and get back to me when you have many projects to juggle. Furthermore, I really don’t want to to use a third-party build (i.e. FrontMotion), as I have to place a /lot/ more trust in that than Mozilla. Firefox is great on a small scale, but not nearly as good on a large scale, especially when users don’t have admin. rights (which is /actually secure/). For that matter, to practice what I preach, I took away my own admin rights, so I’m going to have to jump through hoops to upgrade to 3.0.5. :/

At this point, I may get sufficiently tired of waiting and complaining, and ‘scratch the itch’ with WiX. That requires a lot of free time, which I’m short on, but maybe a ‘rainy day’ will come up.

P.S. If Mozilla released MSIs that people didn’t alter terribly much, they’d get a lot more revenue from the search box when used on tens of thousands of corporate computers…

I think there are some programs/services you can buy to do centralized administration on windows, and some free ones like WPKG, but I haven’t looked at them very much. I don’t administer any networks so I have only limited knowledge from what I have heard.

What does that mean? Firefox has a centralized update mechanism. It even covers extensions.

Again, I don’t do Windows. I can think of a dozen straightforward, gratis ways to do that on *nix, so I assumed there’d gotta be at least one expensive way to do it on Windows. Is it actually worse than I thought?

For instance where I work the IT dept has all the windows machine run stupid scripts upon logon. Here they’re just used to annoy users (such re-enabling the locking screensaver — supremely irritating on VMWare or when the PC is merely driving a monitoring screen); but you could have it run an update program of sorts … couldn’t you?

http://www.frontmotion.com/FMFirefoxCE/index.htm

The reasoning behind that report is almost the same as you gave. If program can’t be centrally controlled and updated + it has high or critical vulnerability published year 2008, it’s on the list. More vulnerabilities and more users move it higher in the list.

http://www.kaply.com/weblog/tag/enterprise/

Using Active directory with the msi package should be enough to update all computers domain wide.