decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Firefox FUD is Born
Friday, January 28 2005 @ 01:27 AM EST

Unbelievably enough, a Jupiter analyst, Michael Gartenberg, has written an opinion piece which ComputerWorld, unbelievably enough, has printed, cautioning businesses that they might want to think twice about switching from IE to Firefox because "Firefox lacks the ability to run Microsoft ActiveX code."

[Groklaw jaws drop all over the world in unison]

You may think he was doing a parody for Onion, but I think he's serious. Yes, friends, I believe we are seeing the birth of the anti-Firefox FUD. Here's the man's so-called "opinion":

The reception that Firefox has received from consumers and the press might tempt business users to switch browsers, but there are some good reasons not to. Many mission-critical applications have been built on Internet Explorer, and most organizations don't have the budget or resources to recode them. In addition, PCs' application loads need to be properly tested to ensure that nothing breaks with the addition of a different browser. In the near term, many business users will be better served by keeping Internet Explorer and installing security updates as they're released. If they aren't dependent on Internet Explorer technology, however, some end users could use Firefox for their daily Web surfing while reserving Internet Explorer use for sites that require it. . . .

If Microsoft is spurred by Firefox's success to put more resources into Internet Explorer, it would help create a better experience for both businesses and consumers. That might even happen before Longhorn ships.

Well, FUD with a triple capital F generally meets with a Groklaw response, but before I could even warm up the engine, a Groklaw reader, Dr. Tony Young, did it for me.

Here is the email he sent to the analyst, which he has given me permission to share with you:

Dear Michael,

I read your article in Computerworld with great interest: http://www.computerworld.com/securitytopics/security/ story/0,10801,99142,00.html.

What I wish to say below may not be precisely what you intended, and I am not up with ActiveX because I simply don't use it or encounter it. I find Firefox opens any web sites I require and as far as I know perfectly. Also I do my internet banking with it...and that covers all my needs.

You are partially correct, but I think that you miss the ultimate point: the real problem is ActiveX and the fact that Microsoft's IE **automatically** runs such code. In other words, if you design a piece of software to run things it sees on the web automatically, then you invite every spam merchant, malware and spyware agency to flock to your computer and run while you are logged on as system administrator and candidly, you deserve everything you get. I find it amazing that Windows users seem to think that it is normal to invite such software to run on their machines without any hindrance given that anything can be concealed in that code. The results speak for themselves: hard boots, blue screens of death, reinstallations, update antiviral codes, time costs, etc. etc. You don't do that with Linux.

The whole point about Firefox is that it is separate from the OS and DOESN'T run ActiveX automatically. And I'd go further, pray heaven it never does !!!! And that is the essential difference between Microsoft's proprietary OS which is now haemmorhaging because of its poor security design because IE is part of its coding, and Linux or FOSS which has been designed WITH security in mind. You actually have to choose to run a piece of software...not be told by a proprietary OS that such and such a piece of software is going to run whether you like it or not.

And finally, as regards cost of transfer...Do please add up all the system admin costs of virus protection, reinstallations, patches and the time they take...and think....now really, Firefox wins hands down.

I think Business in general has now reached the stage where it has little choice. Abandon Windows or remain in an ever increasing whirlpool of costs, viruses and reboots. Either do it now with minimal costs, or watch your ultimate costs of transfer steadily increase, because sooner or later, it will have to be done. There is little doubt in the statement that if we could remove the Microsoft OS from the world's computers and the internet tonight, almost 100% of viruses and malware would disappear and we would have a secure, user-oriented system. Kind regards,

Dr. Tony Young

You can read about ActiveX in this chapter from an O'Reilly book, "Malicious Mobile Code", by Roger A. Grimes, on "Malicious ActiveX Controls". I strongly suggest any executive pondering whether or not to switch from IE to Firefox read this chapter and ask themselves if they want their business computers doing such things as IE permits. For the time-pressed, here is just one paragraph that ought to tell you all you need to know:

ActiveX's biggest problem is the way it incorrectly marks controls Safe for Scripting. Already used in several email worm attacks, these types of holes continue to appear. If Microsoft cannot correctly determine the safety and appropriateness of their own system controls, how can vendors be expected to? Following that problem is the growing use of unsigned code. The digital signing process is technical and expensive. Most ActiveX controls on the Web are unsigned. Many of those that are signed, are expired. I rarely come across a control that is signed and current. If ActiveX's security lives or dies on whether end-users correctly choose to trust or not trust unsigned controls to run, it appears doomed unless digital signing of code becomes widespread. If ActiveX controls become standardized across the world's web sites, as expected, we will surely see a rise in malicious code for ActiveX.

The book was written in 2001, so this is not a new problem. Here's a ComputerWorld article about an ActiveX flaw spreading viruses in 2000. And yes, there is an abundance of malicious code. Some call ActiveX viruses the most dangerous of all, because you can get them just by surfing the web. Here is Microsoft's patch for one IE ActiveX vulnerability, which allows someone to take over your computer if you visit a malicious web site, after which they can run any code they like on your computer. Do you think a spammer might enjoy that power?

For you businessmen who are not coders, what does it mean that if one of your employees visits a malicious website, any code can run on their computer? Well, actually it's *your* computer. Your business computer. This paper [PDF], says it means that worm writers who run the malicious website can then delete or change your files, your registry entries, and create other serious system damage:

ActiveX is a popular technology among virus, Trojan horse, worm, and malicious scriptwriters.

This is due to the combined popularity of the Windows platform, the rich feature set that Microsoft exposes with ActiveX, and the lack of a sandbox - a barrier between the control and the rest of your system that is employed by Java technology. For example, worm writers may use ActiveX because the popular corporate e-mail client, Microsoft Outlook, exposes an ActiveX interface for accessing the Outlook address book. ActiveX viruses can also delete files, registry entries, and create other serious system damage.

Add to this the ActiveX security model, which is dependent both on the Internet Explorer (IE) security settings and on digital signing, which prompts users to accept or reject each control. If IE is set to allow all ActiveX controls, the user never sees the digital signing prompt and they are at particularly high risk for viruses and other malicious scripts. With a number of costly ActiveX viruses and worms in recent history, system administrators may be reluctant to trust their users to enable ActiveX controls, and can even set IE to accept no controls

Of course, if the only safe way to run IE is to turn off ActiveX, then why not just use Firefox? That way, your employees don't have to be trusted to do right. And, according to Pest Patrol, there's "Hostile ActiveX (an ActiveX trojan that captures info from your machine or modifies your files.)" Think of what that can mean for your business, that an interloper can capture information from your machine and modify your files. Then the person can send that misinformation, as if from you. Talk about functionality.

As for waiting for Microsoft to fix things, here's a Risk Digest, Forum on Risks to the Public in Computers and Related Systems from 1997 on ActiveX vulnerabilities, a year after ActiveX was first released. That's the track record. As for their skills, here is what they thought would happen, back in 1996 when they first developed ActiveX:

Microsoft appears pretty confident that Authenticode will work to ensure no viruses will be downloaded by users, and if by some chance they are, the source of the virus would be traceable, thanks to the digital ID.

Right. It's a design issue. Here is how Panda Software describes ActiveX: "ActiveX technology, patented by Microsoft, allows online programs to be run on computers through Internet Explorer. It also allows users to open Word or Excel documents directly through the browser. . . " So yes, the Jupiter analyst is correct, if you don't finish the thought, that you do lose some functionality with ActiveX turned off. But is it functionality you want and can afford to allow your employees to have?

But, you say, I'll just tell my geeks to make sure my business is fully up-to-date and patched. Better read this first:

A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw.

However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try saying that three times fast!)

The Register has a story on a security pow wow, sponsored by Microsoft, Messagelabs and the FBI, whereby several UK MPs will be flying to the US next month to meet with politicians and agencies here "to discuss information security". Here's some confirmation from the article that Dr. Young is correct:

Ed Gibson, FBI special agent and assistant legal attache of the US Embassy in London, said the get-together focuses on an important area of information security policy. "But for the viruses there would be no spam. That's why we see ever more virulent viruses," he told delegates this week at the Computer and Internet Crime Conference in London.

Stop and think of the implications of his remark, and then add in the fact that viruses on GNU/Linux systems are so rare. I am not saying they could never be written, but I have never had one in all the years I have used GNU/Linux software. Can you Windows folks say the same?

Microsoft, an expert on security? Think. I understand that naturally the FBI needs to work with Microsoft to try to solve their problems, because the operating system is in such widespread use. But the rest of you can contribute to the health of the Internet by just not using IE any more. At least turn off ActiveX, and that's just for starters. Just switching to Firefox would help.

Wine is software that emulates windows on a GNU/Linux system. The guys who run the Wine project decided to test if windows viruses can run under Wine. Here are the results -- essentially no -- and while they write their account in a very funny way, the virus problem is serious, and so is the spam problem, and I am quite serious in saying that I hope businesses do switch to Firefox, at a bare minimum, because people who use insecure products on the Internet impact the rest of us. If you guys would do your part, and stop enabling viruses, there would be no spam, according to the FBI. Think about it. Please.

If any of the rest of you wish to explain to the business community why this ComputerWorld article is inappropriate advice in your opinion, feel free to add your comments, with proof urls. Speak as you would to your boss, and just explain all about ActiveX, the alleged need to test PC's loads if you switch to Firefox, your own experiences with Microsoft's security patches, anything you wish to expound on that you can knowledgably discuss. That way, we can have a nice page you can point your boss to, if he asks you about this ComputerWorld FUD.


  


Firefox FUD is Born | 561 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Correction Here
Authored by: DBLR on Friday, January 28 2005 @ 01:41 AM EST
Please place corrections here for PJ to find and fix.

---

"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.

[ Reply to This | # ]

Off Topic Here
Authored by: DBLR on Friday, January 28 2005 @ 01:44 AM EST
Please place off topic subjects in this thread.

---

"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: AJWM on Friday, January 28 2005 @ 01:45 AM EST
Alas, he's right.

Just yesterday I had to fire up IE on my desktop at work (I usually use Mozilla)
because I was required to access an internal app for some HR-related thing.
Yeah, the app used CaptiveX objects.

The silly thing is, it was really just filling in a bunch of forms linked to a
database -- easily doable in a browser-inedepedant fashion.

Sigh. At least they let me use Mozilla (or Firefox) for nearly everything else.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: fudisbad on Friday, January 28 2005 @ 01:59 AM EST
"Unbelievably enough, a Jupiter analyst, Michael Gertenberg, has written an
opinion piece which ComputerWorld, unbelievably enough, has printed, cautioning
businesses that they might want to think twice about switching from IE to
Firefox because 'Firefox lacks the ability to run Microsoft ActiveX
code.'"

Umm, right. He doesn't realise RadioactiveX is a bad thing?

He's screaming out loud that he is a paided shill.

---
See my bio for copyright details re: this post.
This subliminal message has been brought to you by Microsoft.

[ Reply to This | # ]

Is this really FUD?
Authored by: Anonymous on Friday, January 28 2005 @ 02:01 AM EST
My company has switched to Firefox. But we know what we are doing.. and were able to test, plan the move and weigh up the cost/benefits of the switch. For us, costs were negligible. And the benefits huge.

My spouse works for a large international IT consultancy. They make heavy use of "Intranet" applications - delivered world wide by web servers to desktops - requiring little installation, local resource etc. etc. However, these applications make extensive use of ActiveX. So for this case, the costs of implementing Firefox outweigh the benefits - nobody would be able to complete timesheets, book holidays, access project documents etc.

Now the message coming out from the firefox lobby is that it is the cure for all evils. You could argue that this is FUD against I.E. Although it is genuinely the case that IE gives all the appearance of unmaintained, out of date, insecure, low quality, quirky, so this point is extremely debatable.

However, there are some cases where a switch to firefox isn't as simple as just download, install and go.

The world of IT is full of people who don't know what they are doing. And are quite likely to have a conversation where person A says "We've ditched IE" and Person B thinks "We'll do that". No more planning or evaluation is done and off they go then find that none of their applications work. Might seem unlikely, but this happens.

So before writing this of as FUD, consider: Who is the writers audience, what is the context of the message.

If the audience is fairly clueless IT managers who have heard about how great firefox is and how everybody is using it and you'll be considered old fashioned and out of date by every one at the golf club if you haven't switched to firefox, then the message might have some legitimacy.

[ Reply to This | # ]

Doesn't Look Like FUD to Me
Authored by: Anonymous on Friday, January 28 2005 @ 02:07 AM EST
You may think he was doing a parody for Onion, but I think he's serious. Yes, friends, I believe we are seeing the birth of the anti-Firefox FUD. Here's the man's so-called "opinion":
The reception that Firefox has received from consumers and the press might tempt business users to switch browsers, but there are some good reasons not to. Many mission-critical applications have been built on Internet Explorer, and most organizations don't have the budget or resources to recode them. In addition, PCs' application loads need to be properly tested to ensure that nothing breaks with the addition of a different browser. In the near term, many business users will be better served by keeping Internet Explorer and installing security updates as they're released. If they aren't dependent on Internet Explorer technology, however, some end users could use Firefox for their daily Web surfing while reserving Internet Explorer use for sites that require it. . . .

If Microsoft is spurred by Firefox's success to put more resources into Internet Explorer, it would help create a better experience for both businesses and consumers. That might even happen before Longhorn ships.

Well, FUD with a triple capital F generally meets with a Groklaw response, but before I could even warm up the engine, a Groklaw reader, Dr. Tony Young, did it for me.

How is that FUD? He's stating simple facts.

The company I work for (3000+ people) uses ActiveX controls for the timesheet and issue tracking systems. It's not the technology I would have chosen - I'm a pure Linux user and I have been for over a decade - but it's what the web developer group (not my area) wanted.

The author of the article hit the nail on the head. Our company won't be switching to FireFox precisely because of these ActiveX controls. You can blame the CIO, you can blame Microsoft, you can blame Bill Gates himself, but why are you blaming the author of the article? He's simply told you the reality. Do you honestly believe that a reporter that tells the ugly truth is a FUDster?

Cue angry indignant squawking and personal attacks in 3... 2... 1...

[ Reply to This | # ]

Firefox FUD is Born
Authored by: dhonn on Friday, January 28 2005 @ 02:09 AM EST
Even on SpreadFirefox.com I see FUD.

All I can say is that if you let someone try Firefox for themselves, they will
like it. There's a lot of maintance involved in using Internet Explorer. Just
being sick of popups and spyware and virus scanning is enough to switch.

I trust Java and Flash. I see no need for ActiveX. In fact when I use to use
windows the only usable ActiveX apps I have ever came across is Windows Update
and TrendMicro Online virus scan. I'll the rest are tring to get me to install
spyware. I have to click no a million times too.



[ Reply to This | # ]

He has a point
Authored by: Anonymous on Friday, January 28 2005 @ 02:13 AM EST
There are unfortunately some, possibly even many, web applications that simply
won't run in Firefox.

I was responsible for maintaining one such web application at work (it was
developed by an outside company) and the HTML, CSS and JavaScript used (there is
no need for ActiveX controls) is so horrendous and non-standard that Firefox
won't run it, but it works in IE fine. Obviously the developers saw no need to
be standards-compliant, but they only needed to make sure that it
"works".

Of course, the solution should not be to keep IE running but rather to develop
standards-compliant applications that work in any browser. But try telling that
to your boss.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 02:15 AM EST
Radioactive-X (Chaos Computer Club hacks Active-X to transfer money, from 1996/1997)

[ Reply to This | # ]

I detect a contradiction.
Authored by: Aladdin Sane on Friday, January 28 2005 @ 02:18 AM EST

I read that story, "Business Must Be Cautious With Firefox," when it was referenced at linux.org or NewsForge, don't remember which. I was pretty appalled by the same thing that appalled PJ. There was a contrast that struck me as glaringly contradictory:

"The result has been a security nightmare for IT organizations, which must deal with an endless series of patches and fixes from Microsoft to preserve their online safety."

Then 2 paragraphs later:

"Many mission-critical applications have been built on Internet Explorer, and most organizations don't have the budget or resources to recode them."

What I read was 1) IT security nightmare is an ongoing cost nightmare, and 2) Business has no money for new projects in IT today.

The juxtaposition strikes me as bordering on hilarious: "We're throwing all our IT effort away patching bad code and cleaning up spilled biohazardous material so we have no resources to install good code."

What?

The implication is that businesses like IT nightmares since the author admits there is an alternative. The behavior proposed forms that definition of insanity whereby one repeats the same actions over and over expecting different results each time. And never learns.

It might be suggested that Microsoft's relationship with its customers is inherently sick: The relationship smacks of co-dependence born of uncertainty. It may just be computer illiteracy, nothing that education can't solve. But to many in the business world the risk of change seems too great, and we will continue to suffer their ignorance until the greater networked world has had enough.

I note that the author, within his own article, did a great job of exposing the weakness of his thesis.

[ Reply to This | # ]

Current Netscape Beta Browser Based On Firefox Runs Active X
Authored by: TAZ6416 on Friday, January 28 2005 @ 02:19 AM EST
You can set the Browser to "Open In IE Mode" which turns on ActiveX...
yes I know that sorta defeats the object of switching to Firefox and I've never
switched that mode on.

Jonathan

[ Reply to This | # ]

Firefox FUD is Born
Authored by: pyrite on Friday, January 28 2005 @ 02:19 AM EST
Wow. I guess it depends on how you want to do it. If you know the outcome, it
just kind of seems odd that you would even bother writing an article.

Then there's the recent story (actually it's a link to a PDF) on osnews.com
about the lovely, wonderful comparison of Solaris vs Linux - that's a fun one,
too...

People need to get real. Something either is a certain way or it isn't.

Today's assignment: write an essay outlining possible reasons that an individual
might want to keep using IE. The conclusion should recommend IE.

Ouch. This stuff is becoming somewhat entertaining!

[ Reply to This | # ]

Where's the FUD?
Authored by: Anonymous on Friday, January 28 2005 @ 02:20 AM EST
Hmm in the corporate world, there are applications that were coded to take
advantage of ActiveX. In the Intranet world that's a fairly safe use. I know
that the ActiveX I'm forced to run across could be replaced by Java, but who's
going to pay to have something that works replaced?

Quote: "PCs' application loads need to be properly tested to ensure that
nothing breaks with the addition of a different browser"

This is really a failure in the ways that installshield for windows works. I've
gotten in trouble because of my installing Firefox caused the links in some
other software to be pooched. Still trying to figure how something I install in
my account on a 2k system appears as a default on all the users accounts. He
does have a point especially with any in-shop produced/custom software.

Quote: "If they aren't dependent on Internet Explorer technology, however,
some end users could use Firefox for their daily Web surfing while reserving
Internet Explorer use for sites that require it."

Definately FUD worthy here. Oh wait.. He's suggesting using Firefox unless the
site requires IE/ActiveX.

As a home-user, use whatever you want to surf the net. You're your own
sys-admin so if/when things break, it doesn't cost your employer time/money to
repair it. My shop is stepping away from Solaris 8 to Win 2K boxes. I hate it,
but I accept that I have to endure while I work there. At the end of the day I
can come home and use my Gentoo box to read rants and other silliness on the
internet. Occasionally I even find truly fair and balanced comments.


---------------------------
Black - White .. Nah.. Grey - Gray

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 02:21 AM EST
Read past the words to the meaning of the words and that quote should read: "Firefox lacks the ability to run highly insecure code." rather than "Firefox lacks the ability to run Microsoft ActiveX code."

Obviously the author of this article doesn't get it.

[ Reply to This | # ]

Groklaw FUD is Born?!?
Authored by: Anonymous on Friday, January 28 2005 @ 02:24 AM EST
Sheesh.. This is a bit over the top. Not what I would expect from Groklaw. The
piece says nothing but good things about firefox:
Mozilla has built a solid browser that supports features such as tabbed views,
Google for native searches and direct support for RSS feeds
This left the market open for the Mozilla team to create its user-friendly and
secure browser
I believe this new browser is going to be a force for positive change in the
industry

At the same time he points out all the bad things about IE:
for hackers to exploit this feature and execute malicious code on users'
machines have been abundant
A security nightmare for IT organizations
Internet Explorer was no longer a strategic product for Microsoft, and few
resources were devoted to it

This article paints a completely different picture of the piece and it's writer.
Everything is taken out of context. It is something I would expect from a MS
press release, where they cherry pick what they want out of a piece, to paint
their version of history.

The sad fact of the matter is, that there are orginisations out there who have
multi-million dollar applications that require Active X. And worse still, there
are IT decision makers, who would read about how great Firefox is (And it is
great, I use it all the time, except in work where I need to use IE for our
internal apps), and order everyone to change without having a clue as to the
implications.

PJ, I really hope you were just tired, or in a very bad mood when you wrote this
piece. It is not up to the standards you have written so recently about, or the
standard of any other article on this site.

[ Reply to This | # ]

IE market "hooks"
Authored by: RedBarchetta on Friday, January 28 2005 @ 02:53 AM EST
In other words...

Microsoft's introducion of code into IE that essentially make other browsers incapable of the same functions, is a reason not to switch. That's like saying you should stick to drinking corn-sweetened sodas because they are so much better tasting than a glass of nutritious non-fat milk. Good health be damned.

Someday, try visiting Microsoft's web site to update a Winbox machine using something other than IE. The result will be a utter failure. As a person who services many Windows machines for friends and family, I find it particularly annoying that I must keep 2 different browsers on these machines. IE for Windows updates only. Netscape for everything else.

My only reasonable guess as to why the author, Michael Gertenberg, would suggest such a ridiculous thing is because he knows that Microsoft cannot compete on innovation alone. He knows that IE security is the three-headed dragon with no way to slay it, and the only way to keep it at bay is by attempting to leverage it's proprietary "hooks."

My other guess, which is probably more accurate, is that Michael Gertenberg is nothing but a paid opinion.

Think it doesn't happen? Look at these links and tell me that reporters/columnist/analysts are all impartial:
Reporter admits to taking "propaganda" money from Bush administration.

"Columnist Maggie Gallagher yesterday defended her decision to accept $21,500 from the Department of Health and Human Services to help it package an administration marriage initiative, but apologized for not disclosing it. [..]

Is Maggie Gallagher the Next Armstrong Williams?

"The appearance is enough to bring forward accusations of 'payola.' Maggie Gallagher should have disclosed the contracts and her relationship with the Bush Administration. There was really no reason not to as no reader would be surprised that Gallagher was defending policies she obviously believed in. She seems to have realized this and noted in a Mea culpa column on Tuesday, 'I should have disclosed a government contract when I later wrote about the Bush marriage initiative. I would have, if I had remembered it.'"


---
Collaborative efforts synergise.

[ Reply to This | # ]

Is this *really* FUD?
Authored by: Greebo on Friday, January 28 2005 @ 02:57 AM EST
PJ, I have to disagree with you on this one, and i'd be the first one to stand up and say that Firefox is way better than IE.

I read the whole article and it seemed quite well balanced. He points out that IE has it's problems....

When Microsoft integrated Internet Explorer tightly with its operating systems and allowed the browser to execute Windows code, it created a double-edged sword. On one hand, a new class of richer Web-based applications could be created, allowing for a far more interactive Web experience. Unfortunately, opportunities for hackers to exploit this feature and execute malicious code on users' machines have been abundant.

and he praises Firefox....

Out of the ashes of Netscape, Mozilla has built a solid browser that supports features such as tabbed views, Google for native searches and direct support for RSS feeds.

And he quite rightly points out that Firefox doesn't run ActiveX in a very direct way....

But business users need to think twice about making the switch from Internet Explorer, since Firefox lacks the ability to run Microsoft ActiveX code.

Many Businesses use ActiveX - we use it in our Document system - and it will take time and money to move away from that.

One option, as someone quite rightly pointed out, would be to only use IE Internally, and use Firefox for the Outside world, but that's entirely a company decision. I'm sure over time more and more will move to Firefox.

I'm sorry, i just don't see the FUD here, and judging by the posts so far neither do other people.

Greebo

---
PJ has permission to use my posts for commercial use.

[ Reply to This | # ]

Major corporate ActiveX problem
Authored by: Anonymous on Friday, January 28 2005 @ 03:26 AM EST
It seems to me that every analyst still misses a major point in the ActiveX
discussion.
ActiveX components are software components. In my company we try to act in a
professional manner concerning software management. We try to comply with ITIL
change management procedures, meaning that all components that are distributed
to all systems are developed in a professional way, documented, tested, accepted
by the person that ordered the component and distributed in such a manner that
we can manage the risks.

Try to do that with ActiveX. As long as an ActiveX component is distributed like
other third party software, testing can be done, docs may be in order and
usually the manufacturer may guarantee the functionality and state that the
integrity of the system will not be compromised by the component.

But how about all those zillions of ActiveX controls on the internet. They are
distributed without any change management process. Who knows what functionality
the have. Who knows if they are developed, documented and tested in a
professional manner. Yeah, we know :)

So, even apart from all vulnerabilities caused by the integration in the Windows
OS and IE, there is an even bigger risk: Trust. I discussed this issue in a
Dutch security management magazine and got some favourable reactions. One major
financial organization decided to remove all the ActiveX components and java
applets from their website.

meneer

[ Reply to This | # ]

Here it is: Active-X plugin/extension for Firefox, Mozilla and Netscape
Authored by: Anonymous on Friday, January 28 2005 @ 03:39 AM EST

Look at:
Active-X plugin/extension

I didn't try with Firefox yet because I don't need Active-X.

See how good Michael Gertenberg can use Google? It did take me under 1 minute to find it. So this is real FUD.

Frerk

[ Reply to This | # ]

Bad from the start
Authored by: muswell100 on Friday, January 28 2005 @ 04:20 AM EST
The use of ActiveX components in web sites were a short-sighted move from the
very outset. Like much of the present infrastructure on the Internet. Before you
start replying (or not, as the case may be) to this sweeping statement, consider
these points:
<RANT>
The Internet was originally built for a trusted subset of the population -
'Trust' being the key word here. Most of the protocols developed for it were
originally designed around this premise.

SMTP, for instance, is a service that is long overdue an overhaul. Given the way
it is regularly abused for the purposes of distributing spam, viruses, worms,
scams and other assorted junk, it can only at best be patched against further
abuse (ie: Sender ID, spam blacklists, etc.). Short-sighted entrepreneurs saw a
way to make a killing using these services as-is, without once considering the
wider implications.

ADSL has been widely sold to the general public with a great hue and cry over
the incresed speed and convenience, but without a single word about security.
Hence the dire situtation we now have with so many zombiefied PCs generating
much of the garbage out there.

Likewise, intoducing ActiveX into the equation was a 'business'-led decision
made on the fly to make sites more pretty and - ideally - more feature-packed.
Again, no thought was given to the repercussions which might follow if you
allowed untrusted applications to be run across the Web.

The result of all this is that we now have a near chaotic situation on the
Internet, all stemming from a raft of money-fuelled bad decisions taken over the
last few years - ActiveX being one of the more avoidable ones, given how much
more effectively and efficiently the same features can be implemented using
alternative, safer options.

Although I doubt it will happen very soon, decisions will have to be made
concerning a complete rewrite of many of the components of the Internet -
perhaps with Internet II?? Although given past performance, I suspect it will
taken near meltdown before anyone starts seeing sense.
</RANT>
Whew! Glad I got that off my chest...

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 04:35 AM EST
Dr Young's comments are valid---and nothing new. The same
problems with IE have been pointed out again and again since ActiveX controls
were added about to IE about 6 or 7 years ago.

A web page by a Mr. McCloud circa late 1997/early 1998
demonstrated the risk of ActiveX in convincing fashion:
by providing an ActiveX control that shut down your computer. If you pulled the
plug before it had shut your
computer down, it would continue from where it was
interrupted as soon as you had rebooted until it completed
its appointed task and shut your computer down!

You were given a clear statement of what it would do and how
you couldn't stop it. It was your choice to try the control.

McCloud removed his site from the Internet, claiming he was
being threatened by the legal department of the creators of
ActiveX.

Maybe someone needs to set up a second site with a clear
and meaningful demonstration of ActiveX's power---eg:

Free HardDrive Dry Cleaning.
One click and you're clean ... down load your
ActiveX Hard Drive Cleaner now!
(ActiveX with the X magic ingredient for shining disk
drives squeaky clean).:-)

[ Reply to This | # ]

Microsoft Devices
Authored by: Anonymous on Friday, January 28 2005 @ 05:00 AM EST
Is a computer with a Microsoft os still a computer?

In my view it is not.

Rather, it is something looks like a computer, but with the balance of control
between user and machine reversed.

Asking clients if the want a computer or a "Microsoft Device"
generally gives them pause for thought before they ask the obvious question.

This probably seems a bit petty, but the terms in which debate is joined can
often be decisive.

I'd welcome other views.

[ Reply to This | # ]

GNUs not Unix, Linux is
Authored by: Anonymous on Friday, January 28 2005 @ 05:09 AM EST
GNU means GNUs not Unix.

The GNU project had the goal of replacing the commercial Unix by a free one.
They succeded in building great tools for that (Compiler, Editor, C-Library) but
failed with their Un*x-Kernel Hurd. Linux was the first Un*x Kernel under GPL.

So the GNU project succeded with the help of Linux, but Linux was developed with
GNU tools and it would not work without them.

Reason enough to say or write them in one word.

I don't do it just because im lazy. Sorry for that.

Frerk

[ Reply to This | # ]

Cool down
Authored by: efricke on Friday, January 28 2005 @ 05:24 AM EST
As with every "religious" view, the most important thing is to stay
tolerant. I think there are many reasons why sticking to IE might be a good
idea. Important is allow for true diversity. I use Firefox at work even tough
our intranet only works with IE. Firefox for Web / IE for intranet. Do I care?
No! IE is like any other tool, and for our company it is the GUI part of a
client / server application called intranet. As our intranet is well secured,
there is no reason to "require" a switch to Firefox or any other
browser. As for web surfing, IE is the worst choice for so many reasons.

I think the article is right and wrong... yes, switching to Firefox might not be
the right choice for every enterprise out ther. But not allowing choice (forcing
a user to surf the web with IE) is not correct either. Choose the right tool for
the job.

I don't think this is a matter of FUD (fear uncertainty and doubt) but more a
matter of IT departments and Microsoft not reacting to the changing environment
of the Web in a timely manner. Don't get me wrong, at home I use linux by
choice, but at work I need to use Windows 2000.

Well, all I wanted to add was, that Firefox is not a panacea for everything
wrong. Keep IE if makes sense (ROI) and swith to Firefox where it makes sense
(ROI) and keep "religious" thinking out of it.

Cheers!

[ Reply to This | # ]

"it's not a bug, it's a feature"
Authored by: prayforwind on Friday, January 28 2005 @ 05:40 AM EST
Previously, I had this conversation with an IT PHB in an accounting firm.
Unfortunately she went away honestly believing that Microsoft's ability to run
ActiveX scripts at the request of a website is an example of Microsoft's
superior technical prowess! It was her opinion that if the results of doing so
were bad, that's not Microsoft's problem.

The same person believes that having a power button on her cable modem (at
home... so she can turn off the internet quickly enough to prevent malware from
reaching her computer) is better than using a firewall. And, according to her,
turning off power to your computer while it's not in use doesn't prevent virii
from entering it... unless your link to the internet is also powered down! At
this point I decided further conversation would be hopeless.

Yes, this really is a person who makes tech spending decisions at a mid-size
company (3k employees). However, she does have favourably shaped legs...

---
jabber me: prayforwind@jabber.org

[ Reply to This | # ]

The cause of infections
Authored by: Anonymous on Friday, January 28 2005 @ 06:34 AM EST
From wikipedia:

<< Ignaz Philipp Semmelweis (originally Ignác Fülöp Semmelweis) (July 1,
1818 - August 13, 1865) was the Hungarian physician who demonstrated that
puerperal fever (also known as "childbed fever") was contagious and
that its incidence could be drastically reduced by enforcing appropriate
hand-washing behavior by medical care-givers. >>

I can almost hear the fudsters of his time:

* Many mission-critical operations are built on the 'dirty hands' approach.

* Most organizations don't have the budget or resources to actually go in and
clean the hands of the staff.

* In the near term, many doctors will be better served by keeping their hands in
the current state.

* Some doctors could wash their hands for their private tasks, while reserving
the 'dirty hands' approach for operations that require it ....

[ Reply to This | # ]

Anecdote: Firefox Tables
Authored by: Anonymous on Friday, January 28 2005 @ 06:51 AM EST

I once spent an evening "analysing" the problem with scrollable tables
and frozen headings on web delivered reports (conclusion: you can't do it) and
describing for my employer how this was in fact an IE bug. Ie. it couldn't
handle THEAD and TBODY specified in 1996 or before (this was 2004).

At the time I had two recommendations:

- Install Firefox for users of the reporting solution (about 4 people), so they
would get scrollable tables with frozen headings, like in Excel.

- Spend a week or so making the table concerned two tables and suffering the
maintainance cost of manually lining up headings with columns.

In the end, we licenced a Javascript code block to do the latter automatically.
The code was licenced under the GPL.

How come people still don't get it?

SJG, Programmer

[ Reply to This | # ]

User Empowerment
Authored by: TiddlyPom on Friday, January 28 2005 @ 06:54 AM EST
To me the personal computer (whether that be a desktop/laptop/pda etc) is all about choice.

I want to decide what I use it for and what I run on it.

If there is a problem with one application then I will use a different one in preference. This, of course, applies well to Internet Explorer vs Firefox vs Opera or whatever.

IMHO Firefox is just a better browser than IE.

I like

* the tabbed mult-page view and pop-up blocker
* the fact that visiting 'hostile' web pages does not infect my PC with anything
* (as a programmer) it supports style-sheets better than IE and is more standards complient
* that it doesn't support ActiveX (which is a dying technology anyway according to Microsoft).

There are very few web pages that I have come across that do not work with Firefox. From my point of view there are a total of 3 sites (out of the hundreds that I access) that require IE. Out of these, one is an online banking site (which is being updated to be browser independent) and the others are not essential to me in any case.

I run Windows XP as my primary operating system at work and Fedora Core Linux as my primary operating system at home but use Firefox as my primary browser on both systems. Using CrossOver Office (payware) allows me to run IE under Linux to access this rogue site and I will deinstall both CrossOver and IE as soon as the site becomes complient.

Years ago when I started in IT I was mainly using various varieties of Unix (e.g. SunOS, HP-UX, SCO etc) and when I started using PCs under Windows it was like a breath of fresh air. ODBC allowed me to write applications that were independent of the database provider and various venders sold different office suites giving me a real choice on what I ran on the PC. I had a choice of which web browser I wanted to use (Netscape, Mosaic, Internet Explorer etc) and there was a healthy spread of competing products to run on the PC covering every aspect of day-to-day operation of the PC. What a wonderful product and enabling environment!

I evangelised about this to my collegues who also began to switch because Windows put them in control and made the computing experience fun. Not any more.

These days I find that Windows restricts my choices. People expect to have no choice in web browser (Internet Explorer), office suite (Microsoft Office - latest of course despite the fact that it is little different from the last version), Messaging Client (Internet Messanger) etc.

Digital Restriction Management (on Windows) stops me doing useful with media products that I have purchased legitimately.

I now find myself recommending Linux to collegues, friends and family because...it puts them in control and makes the computing experience fun!

*Sigh*

That is why Firefox, Thunderbird, AbiWord, OpenOffice, Dia, theGIMP are gaining popularity on the PC. They offer choice and are a breath of fresh air compared to the 'stale' products that people are used to.

Microsoft used to gain mind share by showing how technologically brilliant their products were compared to everyone elses - but now they try to cling on to mind share by presenting FUD and monopolistic practices. Choosing between Firefox and IE is a persons choice and is empowerment.

I have no problems if someone presents IE as a better solution to Firefox as long as the the facts are presented clearly and it is a purely technological argument.

Microsoft have lost my support by moving away from the choice and empowerment mind set that made the PC popular in the first place.

---
"There is no spoon?"
"Then you will see that it is not the spoon that bends, it is only yourself."

[ Reply to This | # ]

I Hope They All Keep Using MS
Authored by: Anonymous on Friday, January 28 2005 @ 07:27 AM EST
I have a small internet business, and I have come to the conclusion that no one
who uses MS products can compete with me. My wife and I do all the system
administration, programming, etc. We could not run our business alone with MS
computers, and we could not afford to even be in business if we had to buy
proprietary software. Even if it is technically possible to install enough free
software on an MS system, why would anyone do this? It keeps breaking. If the
business grows, we will save HUGE amounts of money on licencing, buying
software, and human resources. In the mid to long term those who use free
software will win and those who do not see this soon enough will loose. I just
hope that WalMart doesn't find out about free software soon enough to put us out
of business!

[ Reply to This | # ]

  • PS - Authored by: Anonymous on Friday, January 28 2005 @ 07:32 AM EST
  • I believe you - Authored by: Anonymous on Friday, January 28 2005 @ 08:23 AM EST
Windows update
Authored by: Anonymous on Friday, January 28 2005 @ 07:32 AM EST
I wonder whether it would be possible to start a class action suit based on the
fact that Microsoft requires you to use IE to access Windows Update ? Surely
that is a case of illegal product tying from a convicted monopolist ?

Microsoft was at one time ordered to remove the browser from the operating
system, but the way things work now, you must run IE in order to keep your
operating system current.

[ Reply to This | # ]

NO--Firefox FUD is **NOT**Born
Authored by: spuluka on Friday, January 28 2005 @ 07:32 AM EST
PJ,

I am very disappointed in your mischaracterization of this article. This is a
cautionary tale for IT managers to do their job carefully. The article is based
on the facts as they exist in large corporations today and has reasonable
opinions on those situations. Which is not to say I share all the views, but
they are reasonable ones for the problem faced by these IT departments.

Chapter and verse are in many of the messages above, so I won't repeat. But I
want to go on record as saying the Groklaw article is miss labeled and should be
given a new headline.

---
Steve Puluka
Pittsburgh, PA

[ Reply to This | # ]

Articles like this help to offset any Firefox FUD
Authored by: Anonymous on Friday, January 28 2005 @ 07:43 AM EST
lin k

[ Reply to This | # ]

The truth about ActiveX
Authored by: Anonymous on Friday, January 28 2005 @ 08:03 AM EST
Why does everyone here link IE and ActiveX as though they are parent and child?
Why does everyone think of ActiveX as Evil?

ActiveX is a fundamental unit of code modularity in Windows. Virtually every
Windows application is a collection of ActiveX controls, coordinated by another
module. Some have UI's, some do not. An earlier name for them was OLE Controls.

There are equivalent structures in every OS. IE's support of ActiveX was a
godsend for Corporate developers. They allow a web page to become a program,
treated like any other program on the computer. This makes designing and
distributing applications in an internal context - accessing and integrating
corporate data - much easier. Java, for all of its own marketing, is not as
efficent or effective as ActiveX for this purpose.

Where IE's probem lies isn't in ActiveX, it is that IE allows them to run in an
inappropriate context. The concept of security zones is an attempt to limit this
exposure. It doesn't go far enough.

The bulk of IE's problems could be resovled quite simply by disabling ActiveX in
pages except for a list of explicitly designated sites. This list should not be
accessible through IE's user interface or API. This should be enough to allow IE
to perform its role internally, while limiting the exposure to malicious sites.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: JoeDawson on Friday, January 28 2005 @ 08:18 AM EST
It KILLS me that my corporation uses Active-x in almost all mission critical web
apps. It was terrible, for a time i was getting popups on INTRANET sites until
i cleaned out all the crap the previous tenant of this computer had infecting
it. I've tried every web browser imaginable, but alas, IE is neccessary for
this crap.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 08:45 AM EST
Before I start, I would like to say that I use Firefox exclusively, and Linux at
home.

I thought the original article was quite reasonable. Many businesses use ActiveX
for a lot of intranet and business work, and they cannot just switch away from
IE without recoding their applications. Such a switch would probably take
considerable time and expense, for little to no benefit.

The article also points out that they could still use Firefox for surfing, and
IE for intranet, which also sounds like a reasonable conclusion.

It is not so that every argument against using open source is FUD, and it is not
so that everyone who says something negative about open source products is a
shill.

[ Reply to This | # ]

Michael has a point!
Authored by: Anonymous on Friday, January 28 2005 @ 08:47 AM EST
Although in principle I agree with the majority of comments on this page, and
personally use firefox for my browsing (both linux and win), I beleive that
Michael Gertenberg has a valid point.
I work in the financial services industry and moving over to firefox would be
totally impractical. Many sites that are ctirical to my work (both internal and
external) do not allow access via firefox. I do not know whether it is activex
or for some other reason.
Everyone here knows the benefits of firefox, but if external sites do not allow
access I do not believe that companies should make the transition.
Kind regards
Christian

[ Reply to This | # ]

Where the FUD Lies?
Authored by: Dolphin Boy on Friday, January 28 2005 @ 09:08 AM EST
I think the main problem with articles like this is apparent when you consider
the target audience.

Any organisation with "capable" managers/techies will be able to make
their own minds up about whether a move to Firefox is a good idea or not and
don't need to rely on consultants/journalists to tell them anything.

Which means the main audience for these articles are those companies that let
other companies make their decisions (let's call them Noddies). These entities
*like* to pay money to third parties so they can be free of the burden of doing
the work themselves. In this scenario they will simply accept the other
company's analysis on the face of it.

Which is where the danger in this article lies. For a start the author says
there are "some" good reasons not to switch to Firefox and then goes
on to list one, ActiveX.

Secondly, he makes it sound like the fact it doesn't support ActiveX is a
universal reason for not adopting Firefox, which is rubbish.

It is a perfectly valid point that any company that has mission critical apps
running via ActiveX will be better of staying with fully patched IE in the short
term but then these companies are hardly likely to just install Firefox
everywhere and demand everyone use it without doing plenty of testing first, if
they do they deserve what they get.

I think the sad thing is that articles like this get way too much attention, not
least the level of discussion here on Groklaw. I still don't know what PJ was
thinking when she posted it here.

Nothing in the article itself explains anything technical that any technically
competent person doesn't know already, it mainly boils down to an opinion piece,
and what use is one person's opinion to anyone?

So here we have an opinion piece written for Noddies telling them not to use
Firefox because of a reason that may not (and probably is not) be relevant to
the vast majority. This is where the FUD lies.

[ Reply to This | # ]

  • I agree totally - Authored by: Anonymous on Friday, January 28 2005 @ 09:11 AM EST
  • Cheers - Authored by: Anonymous on Friday, January 28 2005 @ 10:36 AM EST
Firefox FUD is Born
Authored by: pacer on Friday, January 28 2005 @ 09:21 AM EST
It is important to note that there are many reasons why adminstrators and
companies might not want to switch from Internet Explorer.

The Internet Explorer engine has been used to create specialized systems for
many companies that simplify procedures by their employees. Further, there have
been many programs created for both large and small businesses which use all or
portions of the IE engine and its various components.

One example I can think of is the Legal Software PCLaw. I know there are many
others.

This information is important so that one's arguments against IE and for FireFox
can answer the concerns of those admins or CIO/CTOs who worry about their
IE-based systems and programs.

The beauty is that FireFox and Mozilla.org offer a far better system for
creating specialized systems and programs than Microsoft's IE.

The Mozilla engine is far more open, far more secure, and works on many
different systems than IE.

What needs to be done more than anything is the conversion of some of these
specialized programs from IE-based into Mozilla-based.

By doing this, companies are provided a more secure engine that crosses
platforms. In the end, the cost benefit would likely be superior for the larger
companies. The problem is the initial cost for such a product and the
hesitation of many companies in upgraded even sorely antiquated legacy systems.

I have not personally delved into the abilities of the IE engine and the
abilities of the Mozilla engine, but I doubt there is much one can do that the
other can not -- even if the method for arriving at the final product deviates.

[ Reply to This | # ]

It's a Point of View: Windows is not Unix
Authored by: Prototrm on Friday, January 28 2005 @ 09:23 AM EST
I don't see the article as FUD, so much as evidence that we're not dealing with
the Unix/Linux/BSD point of view here.

Windows was originally created as a consumer toy, not as an industrial-strength
tool for the enterprise. As such, it does a lot of things to make life easier
for the user -- things that would (or at least *should*) make a sysadmin cringe.


But organizations around the world have accepted the Windows ease-of-use mantra
to the point where security flaws and patching vulnerabilities is an accepted
part of daily life. They have gone so far down that road that there is no way
they can now change to something more secure, particularly when those in charge
of IT demand the exclusive use of Microsoft development tools to create internal
applications.

Windows was fine in the days before the internet, before the fatal flaws in its
design philosophy became clear. It was easy to set up and easy to use.
Productivity generally increased over plain vanilla MS-DOS. The only network
connectivity was with a Novell server. Browsers didn't exist in the enterprise,
and email was relegated to text.

Windows, and its "let's all be friends" philosphy was never really
apropriate for the post-internet world, but it's too late now for most companies
to go back. There's too much time and money invested, which is a shame.

It's important that people know why Firefox is more secure -- that it doesn't
natively suport things like Active X -- because it's important that managers
know what they're getting into before they adopt something new. After all, from
their point of view, look what happened the last time they failed to do that:
they got stuck with Windows.

[ Reply to This | # ]

Personal Firefox experience...
Authored by: Anonymous on Friday, January 28 2005 @ 09:43 AM EST
A few weeks ago I was searching Google for information on of all things
differential (rear axle) codes for a 1987 GMC Astro van - something I think
would not lead me to a malware infested site - but alas I was negligent in two
respects - I didn't look at the URL I was directed to (.ru) and I was running
IE. I first noticed the problem when IE asked me if I wanted to install
something. I immediately said no, closed the browser and rebooted my machine.
I was redirected to some other home page than my default. I then ran
anti-adware software and low and behold I had several dozen pieces of spy/adware
on my machine. Was all of the malware installed from a visit to that one site?
I don't really know. What I do know is I spent a couple of days cleaning this
mess up and switched to Firefox. I haven't had one single piece of malware
detected on my machine since the switch. I also haven't missed the pop-up ads
etc. In my opinion IE has become obsolete through MS own foolishness and I
welcome a browser that doesn't expose my machine to the nefarious activities on
the Internet as a policy. I will gladly give up the "funtionality" of
ActiveX to rid myself of the problems that it causes. My question to the IE
advocates is "Do you leave your house unlocked when you go to work so you
have the convenince of not having to unlock it when you come home?" Of
course not! Why would you do the same thing to your computer? Nuff said!

[ Reply to This | # ]

Here's a journalist who mostly gets it
Authored by: Anonymous on Friday, January 28 2005 @ 09:49 AM EST

Mathew Ingram, a business columnist for Canadian newspaper The Globe and Mail, recently wrote an article about firefox that is suprisingly insightful. He even gets the part about ActiveX correct:

"[Firefox] also can't do much with pages that require features only Internet Explorer has, such as the ability to run Active-X programs. These features are part of the reason IE is so riddled with malware, but they also allow it to interact with certain websites. Until Firefox finds a way around that, you might have to keep Internet Explorer around -- just for emergencies, of course."

Not bad for somebody who usually writes about corporate governance and such.

[ Reply to This | # ]

Stick to the Law
Authored by: Anonymous on Friday, January 28 2005 @ 09:50 AM EST
As a lead developer in major company (10,000+ seats) using IE web applications I
can tell you that switching to Firefox should be done with extreme caution.
This is even without heavy use of ActiveX controls. PJ, please don't comment on
technical articles outside your domain of expertise. Just because Groklaw is a
success doesn't make you any more knowledgeable about technical issues than the
day you started it.

"If Microsoft is spurred by Firefox's success to put more resources into
Internet Explorer, it would help create a better experience for both businesses
and consumers. That might even happen before Longhorn ships."

This paragraph is utterly ignorant and yet ignored in the commentary. If users
(and major corporations are a big chunk of users) do not switch to Firefox then
MS is not spurred to put more resources into Internet Explorer. MS has shown
they will not put resources into IE unless "spurred". There are two
important questions:

1. How far behind the competition (Firefox now) do MS products have to stay and
still maintain their dominant market position? (the "slow follower"
strategy to web browser innovation)

2. Will the developers of the "spurring" application (Firefox,
Netscape) get demoralized over time and drop the project (Netscape)?

It's time to switch to a new browser vendor now because the long term costs of
stagnation and zero innovation are higher than the short term costs of testing,
validation and cautious change. Not because the short term costs do not exist
and this author does indeed correctly identify the short term costs.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: blacklight on Friday, January 28 2005 @ 10:02 AM EST
There are some vicious pieces of malware that exploit Active X to download
themselves on users' Windows desktops. If Firefox does not support Active X, I
regard it as a plus.

I'd say that those who need to use IE because they need access to internal
Active X applications could have IE configured to access a proxy server that
would only allow them to use IE to access internal addresses.

The other major issue I would have is how to deploy Firefox from a single point,
including upgrades. However, I believe that issue is also manageable. One
possibility for example wiould be to put Firefox up on a shared folder, email
evey user with a link to that folder, and tell them to click away and install.

[ Reply to This | # ]

I'm not sure I understand the point...
Authored by: shiptar on Friday, January 28 2005 @ 10:24 AM EST
What exactly are we responding to here?
Corporate users and different from consumers. We don't let IE users out onto the internet from the corporate network, except to business related sites. We don't let folks use Outlook. We don't have the time, nor resources to change 1000+ USERS to Firefox.

What do I gain by doing it? The computers aren't being infected with viruses, they're not sending out spam, as a responsible IT Department, we prevent those things from happening. The argument can be made that we never should have been using it, but Pointy Haired Bosses rule the world.

Some quick questions for PJ.
How long did it take to convert your whole organization to Firefox?
How many users did you switch?
What were the snags, if any, did you hit in that conversion?
How much did it cost? Include retraining, testing, bug fixes, man hours please.

At the end of the day, from where I stand, IE use in many corporations is not causing the end of the world. We're not even hurting you, because you never see us. Are you telling us, that the ComputerWorld article is wrong, and that all IT Managers should go out and switch all of their users to Firefox? IANAL, IANAJ, I'm just an IT person. This is my first post, because not being a journalist or lawyer, I don't have much to contribute, but I wasn't coming here for advice on corporate IT strategy, I'm just looking for information.

Sorry you hate us PJ, as one of the folks who lives what he is saying, we're really trying, but change is incremental, the points the fellow brings up in the article are very valid, and the realities of what he is saying are governing IT strategies. I used to be this way, 'You should do it because it's the right thing to do!'. I lost, so we protect and limit IE the best we can. Someday we'll get there, but not by alienating people by trying to scare them into doing what you want without identifying tangible benefits from it.

[ Reply to This | # ]

It is truly FUD
Authored by: grouch on Friday, January 28 2005 @ 10:48 AM EST
FUD - Fear, Uncertainty, Doubt

Fear:

  • "Business Must Be Cautious With Firefox"
  • "But business users need to think twice about making the switch from Internet Explorer, since Firefox lacks the ability to run Microsoft ActiveX code."

Uncertainty:

  • "Many mission-critical applications have been built on Internet Explorer, and most organizations don't have the budget or resources to recode them."
  • "In addition, PCs' application loads need to be properly tested to ensure that nothing breaks with the addition of a different browser."

Doubt:

  • "In the near term, many business users will be better served by keeping Internet Explorer and installing security updates as they're released."
  • "Despite the factors that should keep many business users from adopting Firefox at the expense of Internet Explorer, I believe this new browser is going to be a force for positive change in the industry."
  • "There's no doubt that Firefox resonates with end users. Microsoft's lack of ambition in driving browser development forward, combined with the multitude of security issues associated with Internet Explorer, fostered an environment where Firefox could flourish."

The message is clear:

  1. Fear Firefox.
  2. Fear the loss of Microsoft's wondrous ActiveX.
  3. The cost of leaving ActiveX behind is uncertain.
  4. It is uncertain if your computers will continue to run if you install Firefox.
  5. Stick with the known power of Microsoft's security patches, for it is doubtful that Firefox will make your life better.
  6. Firefox might make things better in the future, but it is doubtful that it will help now.
  7. The true worth of Firefox is doubtful, since only an oversight by the great Microsoft has allowed it to become popular for the moment.

Was the article truly aimed at businesses? Looks like a checklist to get some folks to wait for Microsoft to come to their rescue rather than jumping into those fearful, uncertain, doubt-filled waters of Open Source.

---
"The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect."
-- Tim Berners-Lee, W3C Director and invent

[ Reply to This | # ]

Interesting timing
Authored by: inode_buddha on Friday, January 28 2005 @ 11:22 AM EST
I find it interesting that this article appears about a week after Google hires Firefox.
Coincidence?

---
inode_buddha
peter.vantassell@gmail.com

[ Reply to This | # ]

No mention of W3C?
Authored by: Anonymous on Friday, January 28 2005 @ 11:28 AM EST
PJ, I think you should also point out that ActiveX is just another attempt by M$
to embrace, extend, and extinguish the world wide web. There are standard ways
of doing things that are compatible across platforms. The only reason to
implement something using ActiveX would be to lock it to a single platform and
application (Windows & IE).

[ Reply to This | # ]

Who are the guys behind Computerworld?
Authored by: Anonymous on Friday, January 28 2005 @ 12:14 PM EST
You may find out here
. And basically I am financing a very, very small small part of this FUD campain through my subscription. I guess it is time for IDG to compete on the open press market by cancelling my subscription. Now for all of you who have ever seen any Microsoft security advise for an beserk running, unpatched Windows system because virus x is spreading world wide should know that switiching OFF Active X is allways the first advise one will get. Without any doubt that is cheap FUD financed by readers of IDG magazines.

[ Reply to This | # ]

Letter to an online bank.
Authored by: Franki on Friday, January 28 2005 @ 12:29 PM EST
I sent this to the National bank in australia. If you visit their online banking
in Firefox, you get a message telling you to upgrade to IE or NS7. If you click
"continue anyway", the site works flawlessly. I decided to sent them a
message, but although their site is based on Perl (yah!) they have some serious
design flaws in their contant system, so for the lack of grammer and
punctionation, blame their system as I had to cut my original post down
considerably to get it to submit.

I am an IT sysadmin, and as part of my anti-virus/anti-spyware procedures, I
have been installing the Firefox web browser on all my clients computers.
Firefox is what the next version of Netscape will be based on. In fact it is
based on the same GECKO rendering engine that all Netscape/Mozilla browsers use.
It also looks like being the basis for Google's web browser, as they are paying
the salaries of several of the developers. (as are IBM, Sun and Novell)

It supports all the same features as NS7, and yet your site insists that we
download IE or NS7 in order to view your site correctly (even though if you
click continue anyway, the site works perfectly already).

Firefox is now the second most popular browser on the Internet, it already has
over 5% of the world browser market and it has only been a stable release for 3
months now.

These stats were taken by the recognized web stats companies Onestat and
Websidestory.
http://www.websidestory.com/pressroom/pressreleases.html?id=238
Firefox 1.0 has now been downloaded just under 21 million times since it came
out. I tell my clients to just click "continue anyway" because they
are far safer doing online banking in Firefox then they are in IE, but it is not
a professional look for a company like the National recommending web browsers
that even the US government online security http://www.us-cert.gov/ office said
users should consider finding an alternative to.

The stats are all actually from late last year, recent reports have put IE below
the 90% mark for the first time since the browser wars. Also be aware that the
Firefox stats for tech related sites are much high then the onstats and
websidestory reports, because they monitor sites like Disney, not the sort of
places switched on web browsers hang out.
Some other url's you might be interested in.
http://news.com.com/Firefox+continues+gains+against+IE/2100-1032_3-5545930.html
http://www.theinquirer.net/?article=20791

Firefox also features a ton of security features like popup blockers and
phishing notification. Since people that have money stolen via online banking
because they have Trojans or keyloggers on their machines, most of which were
installed due to flaws in IE, I'm surprised that banks haven't jumped on this
faster.
I do not mean to be rude, I simply thought you might want to know that your site
already works perfectly in Firefox, so you do not need to suggest people get a
different browser to use it.

Thankyou,

rgds

Franki

---
Is M$ behind Linux attacks?
http://htmlfixit.com/index.php?p=86

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 12:41 PM EST
A correction. Firefox, Mozilla and Netscape 7.1 & 7.2 on Windows can run ActiveX controls.

I know all this because I wrote the special plugin you need to do it. That plugin (called npmozax.dll) ships by default in NS 7.1 & 7.2 but it is locked down so that it only hosts the Windows Media Player control and nothing else. No other control will load, but it will load any OBJECT tag specifying the Windows Media Player control. The plugin (when not locked down) even supports control download & installation, scripting and events from controls so it is quite powerful.

For the other browsers you need to visit the plugin website and install it, assuming there is a version matches your browser. Note that end-users should not do this since I don't offer support, the plugin has no user interface for preferences, requires manual configuration and manual removal.

The plugin is reasonably stable when used with the most popular ActiveX controls, in particular Windows Media Player. Why Windows Media Player? Because Microsoft chose to ship a broken LiveConnect scripting API with WMP 9 so that it was impossible to script it in Mozilla or Netscape as so many sites do. So Netscape shipped the plugin so that you could script it via its ActiveX API.

Another point worth bearing in mind. There is nothing inherently more evil about an ActiveX control than there is any other binary DLL. An untrusted binary DLL of any kind can wreck your machine, steal your passwords and generally ruin your day. A plugin is no different from a control in that regard.

So why are there no rogue plugins? The reason is due to Microsoft's historical stupidity - ActiveX was seen as a way to taint the generic web with Windows only rich content. They even dumped support for hosting NS plugins (implemented in a fairly trivial DLL that I was able to re-implement quite easily) to lean on websites a little more to adopt ActiveX. Thus for years they promoted controls as a way to embed rich content in HTML, made it easy to write such controls and made sure IE was set to download them whenever they were detected. The user still had to consent to install the control but the control was ready and running with a click or two. A site didn't even have to host the control in question - it could use any control that the user had on their machine including exploitable controls like the MS Office Assistant. So we saw a string of warnings issued for vulnerabilities in this or that supposedly "safe for scripting" control turned out to be not at all. Now MS have tried to patch up the model, with blacklists, "kill bits" and service packs, but it is nearly as broken now as it was then.

Contrast this with Netscape where it was always a major pain to write a plugin, a major pain to install a plugin, a major pain to make it scriptable and the scripting API was written in Java (negating many of the traditional buffer overflow techniques). These hurdles basically eliminated the threat.

Unfortunately Firefox has substantially reduced this hurdle. If you visit a page requiring a plugin, Firefox will offer to install it for you with a few easy clicks. This increases the chance of the user installing an exploitable plugin where before they may not have bothered. But much more dangerous is the new extension mechanism in Firefox. There are literally hundreds of extensions written in a mix of privileged Javascript and sometimes binary DLLs out there. It would be trivial to upload a new extension that superficially did something useful, but actually installed spyware, deleted files, stole passwords or anything else it cared to do. The rich API available to extensions in Firefox and its growing user base makes this inevitable.

Doubly worse, Firefox doesn't even enforce a trust model, so virtually every extension out there is unsigned and untrusted. There is a case that trust and signing is a waste of time, but it's better than nothing, especially since Firefox supports the mechanism. It should start insisting on signed extensions by default, if for no better reason than to make extensions tamper-proof and to make the browser more corporate friendly. If people want to disable signing, that's their own problem, but secure by default should be the order of the day for any app, whoever wrote it.

[ Reply to This | # ]

FF v IE
Authored by: Anonymous on Friday, January 28 2005 @ 01:06 PM EST
I have used Netscape and Firefox for some time. When I installed a new network,
recently, I made sure the users only had access to Firefox. No virus or malware
issues and have been clean for many years. I needed to use IE to go to a site
because of ActiveX and made the mistake of checking the news on a respected
common resource. It took me out of productivity for a whole day cleaning viruses
and malware out of may machine.

While the article correctly points out that businesses are hooked into IE and
cannot always lightly switch to Firefox (or Opera or the new Netscape on the
horizon or anything else) I think it is the solution that is dubious.

If Microsoft have not addressed the issues that everyone has been screaming in
their faces for the last 8 years how the hell do businesses expect this to
change in the next year or two? Unfortunatly a business decision will not be
made by showing the technical merits of alternatives but by a cost comparison
between trying to keep up with IE, with all it's consequences, and a migration
to non-ActiveX model. All services using ActiveX need overhaul, from time to
time, so build the change into that and watch TCO drop as you shed IE.

What is also not pointed out is that anyone who does not migrate to XP or
Longhorn is locked out of any 'improvements' in IE as Microsoft refuses to retro
upgrade IE. How does the cost of migrating from ActiveX to A.N.other system
compare against completly ripping out and reinstalling your IT architecture,
software AND hardware, to switch to Longhorn to get these benefits?

I think we may see camels with groaning backs soon, which will be the straw?

[ Reply to This | # ]

Firefox FUD is Born
Authored by: blang on Friday, January 28 2005 @ 01:22 PM EST
The article writer has one point, and that is that Explorer does not support
ActiveX, and for that reason companies should not switch browser.

It bafffles the mind though, that managers who need to makse such decisions
would not know abut internal applications requiring ActiveX, and that they would
need to read advice from this guy to maake the decision. The article must be
aimed at those with power but no knowledge. Teh SoftieLoonies must be panicking
now that Firefox is eating up marketshare like a wildfire.

He is also complete wrong, of course. My company uses ActiveX all over the
place. Our IT department is full of Windows lovers (but it baffles me that after
so many years, they haven't bother learning it), and they don't mind spending 4
out of 5 days doing spyware cleanup.

When there is some worm or other windows flu going on, we usually get hit, and
it takes our monkeys 3-4 days to reach all to clean up. Or desktops get updated
constantly with allsorts of patches, and our machines are bogged down with
antivirus software.

Even though many intranet apps use ActiveX, a lot of users here are now using
firefix exclusively for surfing outside the firewall, and use IE only for those
internal sites that requires it.

I bet Firefox has already saved my company tens of thousands by reducing the
amount of time our monkeys have to spend picking spies, flees and bugs from our
machines.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Frihet on Friday, January 28 2005 @ 01:52 PM EST
Never thought about using Wine for Internet Explorer. I'll do some study on
this. Might be worth a try!

---
Frihet

Repeal the Digital Monopoly Conservation Act.
Write your congress folks!

[ Reply to This | # ]

ActiveX deployment poll
Authored by: cybervegan on Friday, January 28 2005 @ 02:09 PM EST
Anonymous poll:

1) Roughly how many users of internet browsers clients, and of what type, does
your employer have?

2) Does your employer use ActiveX applications deeply enough to stop them from
migrating to FireFox?

3) Roughly how many employees wouldn't be able to do their job properly if they
couldn't access your employer's ActiveX-based application(s) ?

I'll collate the results and post them back so we can see for ourselves how much
impact it would have on Groklaw's readership.

Please avoid posting offtopic responses to this thread as it will make it harder
to collate the results, and please be truthful as otherwise it will skew the
figures.

regards,
-cybervegan

---
Software source code is a bit like underwear - you only want to show it off in
public if it's clean and tidy. Refusal could be due to embarrassment or shame...

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Pop69 on Friday, January 28 2005 @ 02:22 PM EST
I don't so much see this as FUD as more someone pointing out that people should
use the best tool for the job.

If your company has already bought into the M$ lock-in then the costs of
switching to Firefox and recoding probably far outweigh the costs of sticking
with IE and patching.

If he'd phrased his article slightly differently and said move to Firefox unless
you need to stick with IE then perhaps he would be getting lauded for backing
Firefox.

I think his best point is probably saying that even most windows Firefox
adopters still keep IE on their machines to use for non standard sites, the fact
that you don't have a choice in keeping IE on your windows machine is an
entirely different point.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Friday, January 28 2005 @ 04:02 PM EST
Microsoft has been neglecting IE for years. The only new features have been by
way of toolbar extensions.

Firefox needn't fear a giant FUD onslaught--they should fear microsoft hiring
200 developers and putting in pop-up blocking and tabbed browsing, then locking
down activeX and plug-ins properly. They only need to hit these and maybe 5
other minor features and people will again decide that a pre-installed IE is
"good enough." That's what will relegate firefox, not the FUD.

[ Reply to This | # ]

  • Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:08 PM EST
    • It's a problem - Authored by: Darkelve on Friday, January 28 2005 @ 05:25 PM EST
    • Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:30 PM EST
    • Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:44 PM EST
Dropped Jaws???
Authored by: darkonc on Friday, January 28 2005 @ 05:40 PM EST
The proper answer to such fud is not a dropped jaw but rather (as you did later in your article), a loud resounding "YEP!".

Firefox does not run Active-X and (god willing) never will, because Active-X is a security hole in, and of itself.

If you were to modify Active-X to the point where it was no longer a massive security hole, you'd end up with a bastardized Java -- In that case you'd be better off using the more mature Java offerings than having to relearn a heavily hacked and castrated Active-X (and worrying about how many nasty security holes Microsoft had left in the process).

---
Powerful, committed communication. Touching the jewel within each person and bringing it to life..

[ Reply to This | # ]

  • Dropped Jaws??? - Authored by: Anonymous on Saturday, January 29 2005 @ 03:33 AM EST
So what happens.....
Authored by: Anonymous on Friday, January 28 2005 @ 06:55 PM EST
Ok, supposing you manage to convince your company to switch to Firefox. Install
it on, say, 5000 PC's. When an exploit is found and a patch available, you then
have to go around to all 5000 PC's to install that patch because there is no
patch management system.
I am sure the IT heros that have posted here would do it because of their
commitment to the ideals of FOSS, but most of us live in the real world, where
money talks and ideals walk.
IE also has other advantages (I use the term loosely), like being integrated
with practically the whole MS s/w stack.

From a managers point of view, one vendor, one s/w stack, one support route is
appealing.
Yes, I know all about vendor lock in, but managers have to think about other
things like "Will this company be around in 5 years?", or "If
something goes wrong, will I have a contact person that I can go to?"
The answer to those for firefox are: There is no company, and No, you might
"know" someone now on the dev team, but they could be gone in 6
months.

Face it, firefox, though it is an excellent piece of s/w, is not ready for the
corporate big time just yet. Personally, I wish it were, it would certainly make
my life a whole lot easier.

You can argue until you are blue in the face about how much better Firefox is,
and I would agree with everything you say. However, being better doesn't mean
much in business. Better products have fallen by the wayside time and time
again. Marketing drives products, and marketing relies on "features".
Sure Firefox has more features than IE, but compared to the whole MS s/w stack,
it is nothing but a drop in the ocean.





[ Reply to This | # ]

Firefox FUD makes a little sense
Authored by: GLJason on Friday, January 28 2005 @ 06:58 PM EST
I'm not a big fan of IE, I actually use Mozilla since FireFox won't open a new tab by typing in a URL and hitting CTRL-ENTER. However, I can see how this would make sense from a business perspective.
  1. Microsoft has pushed the ActiveX through the web as a way to develop solutions. Maybe you only do your banking or visit slashdot using your browser, but there may be internal applications at many businesses that rely on IE's ActiveX capabilities. Remember, the article said businesses might want to wait...
  2. IE Sucks - It's not FireFox or Mozilla's fault, but IE will take messed up HTML and still render a page. It doesn't conform to standards as well as Mozilla or FireFox, but it works to IE's advantage. If 90% of your users are using one browser, are you going to write a web page so that it looks right on the browser that displays it correctly, or write it so that it displays correctly on the browser 9/10 of your viewers are using? Once I was hand-writing a JSP and I forgot to put the closing table tag in. It took me an hour to figure out in testing why it looked fine on IE but there was simply no table when I viewed the page in Netscape.
  3. Bosses would like to think that their employees don't surf the web, so the threat from getting viruses and spyware through IE should be NIL.
I'm not advocating the use of IE in any way, but it's not really that hard to see where the reasoning comes from, I was surprised to see "[Groklaw jaws drop all over the world in unison]".

[ Reply to This | # ]

Not FUD
Authored by: brentdax on Friday, January 28 2005 @ 10:38 PM EST
For once, I think you actually got it wrong, P.J. This is not FUD.

He doesn't say anything false here. It's true that Firefox doesn't support
ActiveX; it's true that some sites on the Internet rely on it; and it's even
more true that many intranet sites use ActiveX. The only FUD-like aspect of
this is that they don't give the reason for not allowing ActiveX, namely that
it's a huge security risk.

Don't get me wrong--I've used Firefox since it was Firebird, and I think ActiveX
was a horrible idea. I just don't think that pointing out--truthfully--that
Firefox doesn't support ActiveX, and thus it won't work for everybody, is FUD.

---
Brent 'Dax' Royal-Gordon

[ Reply to This | # ]

FUD Root cause... or, If you build a better mouse trap...
Authored by: jacks4u on Friday, January 28 2005 @ 11:56 PM EST
If you build a truely better mousetrap the world will flock to your door. That is what Ben Goodger (of Firefox fame) did

You see, I read all the time, Microsoft said such and so, their pawn wrote blah-de-blah, and their paid servants published so-and-so a study. I've seen it myself. In the news. And on the Internet. Really! www.wired.com has stories that are designed to cause Fear, Uncertainty, Doubt, Network World Fusion tells us about it. C/Net news has stories also.And others. Lots of other websites, Newscasts, Magazines. Don't believe me? Think these are just a few off the wall references? Just do a Google search. I did one ... "Microsoft FUD" were the search terms. Google says there are more than 334,000 webpages that contain those terms. I've read about the FUD here on Groklaw.

But what I'm really getting at, is the need for a root cause analisis. I can do some of this, perhaps all. I just hope I'm not looking at a small subset of reality

So, I'll just type my thoughts, and you decide whether my reality is close to yours...

There's no doubt that Microsoft wishes to spread Fear, Uncertainty and Doubt concerning any serious competitor to any of their product lines. The web is full of examples. Groklaw is also.

But the question is WHY?

My anylisis, and that of many others is that Microsoft feels the threat. The vulnerability of their products. The possibility that one of their products MIGHT loose market share to a competitor.

So I would like to tell Microsoft a few things, to help them be more responsable corporate citizens, and to strengthen their market share. To help them increase their profits. And to reduce competitors to a meer nuisance, rather than the serious threat that Microsoft has recognised them to be.

Build a better mouse trap, and the WORLD will flock to your door.

Your web broswer sucks. Harsh words, but they aren't mine alone. You know what the problems are with your Web Browser. I don't have to tell you. Millions of people are telling you right now. People around the world. Corporate types with sensative information about YOUR credit cards and bank accounts are telling you. Business people that rely on computers as a business appliance are telling you. Like stock brokers, perhaps yours. They are telling you. Housewives and high school students are telling you. The FBI is telling you! More than 20 million people are telling you.

Quit bashing the competition, and fix your products,Build a better mousetrap and the world will flock to your doorstep. With Money in hand, if need be Really.

But if you think that many people are willing to pay for an inferior product that opens their finances, their personal belongings, even their identities, to people with malicious intent, think again. You think I'm just spouting off? 20 MILLION people plus change are also telling you.

I'm just putting it into words. Harsh words to be sure. But it seems you don't understand any other way. Judges have declared you a monopolist. Countries and Nations have said you don't play nice, and are saying, or thinking of saying "You are not welcome to play in our sandbox, without extra rules"

Build a better mousetrap, and play nice. With the bright minds at a company like yours, that should be the easy part. A concerned citizen of this world.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Saturday, January 29 2005 @ 12:11 AM EST
Ahh the usual!
Whenever a good product emerges that is not underneath the umbrella of some big
corporation FUD is born.

As for me, I've been using Firefox exclusively on my laptop now and my computer
is much cleaner than my old desktop which still has some residue of unwanted
applications that I don't know how to remove from my IE days.

Regards.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: bobmatnyc on Saturday, January 29 2005 @ 02:31 AM EST
"Stop and think of the implications of his remark, and then add in the fact that viruses on GNU/Linux systems are so rare. I am not saying they could never be written, but I have never had one in all the years I have used GNU/Linux software. Can you Windows folks say the same?"
While I agree with the gist of the article, this quote stopped me dead. It is essentially reverse FUD. GNU/Linux is likely less susceptible to viruses, and certainly no equivalent for Windows malware exists, but given the relative difference in desktop market share, one should not tout GNU/Linux's security simply based on user experience.

[ Reply to This | # ]

some more Firefox FUD
Authored by: Anonymous on Saturday, January 29 2005 @ 10:50 AM EST
I got firefox installed on a winxp box.
Recently i've upgraded to xpsp2, and with it came a m$ spyware detector.
It reported something like a 'browser hijacker mozilla' key set in the
registry.
While it didn't show which registry key it 'found suspicious', i'm fairly sure
it is the default browser setting of firefox.
Now, how will this improve my trust in M$?
I will turn this crapware detector off for sure.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Saturday, January 29 2005 @ 04:44 PM EST
I cannot believe what I read that somebody actually supporting active x on IE
(the analyst) and he got paid for that ?
What a wonderful world we live in......

[ Reply to This | # ]

Don't Forget the FBI and Dept. of Homeland Security!
Authored by: Anonymous on Saturday, January 29 2005 @ 08:58 PM EST
Crackers break into Microsoft; Microsoft has to bring in the FBI to handle the
situation.

http://www.cbsnews.com/stories/2000/10/27/tech/main244646.shtml



Department of Homeland Security Warning to Disable Active scripting and ActiveX;
AND USE A DIFFERENT BROWSER

http://www.kb.cert.org/vuls/id/713878

[ Reply to This | # ]

Well, exactly
Authored by: Anonymous on Monday, January 31 2005 @ 06:40 AM EST
Firefox's immunity to infection with ActiveX is one of its most important
features, and one of the reasons I prefer it. Businesses that are stuck with a
Microsoft-only website *chose* to limit their reach, and can jolly well do
without my business if they are too cheap to do over what they were too cheap to
do right the first time. The tools to build a proper website were available to
them back then.

[ Reply to This | # ]

Firefox FUD is Born
Authored by: Anonymous on Monday, January 31 2005 @ 11:33 AM EST
"If any of the rest of you wish to explain to the business community why
this ComputerWorld article is inappropriate advice in your opinion, feel free to
add your comments, with proof urls."

So as usual, dissenting opinions need not apply.

If rip and replace were that easy, PEOPLE WOULD HAVE DONE IT ALREADY.

[ Reply to This | # ]

PHBs and you
Authored by: Anonymous on Monday, January 31 2005 @ 11:08 PM EST
No. Not those. Not the little white pills.

I'm talking about Firefox, web programming compliancy and business practices.
The people who do the grunt work in the company up to middle management are the
ones who get to decide that little choices of the project to project details.
Simply make it part of your work ethos to program W3C compliant code. It isn't
hard. Firefox is a great start, then run your code through a validator. After
that passes muster, view the page in IE and add in the necessary CSS or DOM
hacks to allow the page to function. It takes about 30 minutes more to do this.
Easily something that can be done without a committee deciding why it
"might be bad". Just do it. That goes for middle management as well,
encourage this programming behavior in your teams.

Firefox is simply one of the best tools there is for writing clean code. Then -
2 years later when upper management finally gets wind of this newfangled Firefox
thingy, everybody from the middle on down can get the job satisfaction knowing
that they (once again) did what was supposed to be done as opposed to what upper
management try to foist on them.

Just use your brains people.

As to the article. Yes it contributes to the belief that IE is the only way.
And for a lot of companies it is. Small steps. Eventually the word will get
out that having W3C complaint code is the best thing since sliced bread.

If you need a point for a round table discussion. Talk about that fabled code
re-use that has been mentioned for decades and tell them how W3C compliant code
is the closest thing we have to that. See the tech people look at you in a new
light.

It's really that easy.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )