|
Firefox FUD is Born |
|
Friday, January 28 2005 @ 01:27 AM EST
|
Unbelievably enough, a Jupiter analyst, Michael Gartenberg, has written an opinion piece which ComputerWorld, unbelievably enough, has printed, cautioning businesses that they might want to think twice about switching from IE to Firefox because "Firefox lacks the ability to run Microsoft ActiveX code." [Groklaw jaws drop all over the world in unison] You may think he was doing a parody for Onion, but I think he's serious. Yes, friends, I believe we are seeing the birth of the anti-Firefox FUD. Here's the man's so-called "opinion":
The reception that Firefox has received from consumers and the press might tempt business users to switch browsers, but there are some good reasons not to. Many mission-critical applications have been built on Internet Explorer, and most organizations don't have the budget or resources to recode them. In addition, PCs' application loads need to be properly tested to ensure that nothing breaks with the addition of a different browser. In the near term, many business users will be better served by keeping Internet Explorer and installing security updates as they're released. If they aren't dependent on Internet Explorer technology, however, some end users could use Firefox for their daily Web surfing while reserving Internet Explorer use for sites that require it. . . .
If Microsoft is spurred by Firefox's success to put more resources into Internet Explorer, it would help create a better experience for both businesses and consumers. That might even happen before Longhorn ships.
Well, FUD with a triple capital F generally meets with a Groklaw response, but before I could even warm up the engine, a Groklaw reader, Dr. Tony Young, did it for me.
Here is the email he sent to the analyst, which he has given me permission to share with you:
Dear Michael,
I read your article in Computerworld with great interest:
http://www.computerworld.com/securitytopics/security/
story/0,10801,99142,00.html.
What I wish to say below may not be precisely what you intended, and I am not
up with ActiveX because I simply don't use it or encounter it. I find
Firefox opens any web sites I require and as far as I know perfectly. Also I
do my internet banking with it...and that covers all my needs.
You are partially correct, but I think that you miss the ultimate point: the
real problem is ActiveX and the fact that Microsoft's IE **automatically**
runs such code. In other words, if you design a piece of software to run
things it sees on the web automatically, then you invite every spam merchant,
malware and spyware agency to flock to your computer and run while you are
logged on as system administrator and candidly, you deserve everything you
get. I find it amazing that Windows users seem to think that it is normal
to invite such software to run on their machines without any hindrance given
that anything can be concealed in that code. The results speak for
themselves: hard boots, blue screens of death, reinstallations, update
antiviral codes, time costs, etc. etc. You don't do that with Linux.
The whole point about Firefox is that it is separate from the OS and
DOESN'T run ActiveX automatically. And I'd go further, pray heaven it
never does !!!! And that is the essential difference between
Microsoft's proprietary OS which is now haemmorhaging because of its poor
security design because IE is part of its coding, and Linux or FOSS which has
been designed WITH security in mind. You actually have to choose to run a
piece of software...not be told by a proprietary OS that such and such a
piece of software is going to run whether you like it or not.
And finally, as regards cost of transfer...Do please add up all the system
admin costs of virus protection, reinstallations, patches and the time they
take...and think....now really, Firefox wins hands down.
I think Business in general has now reached the stage where it has little
choice. Abandon Windows or remain in an ever increasing whirlpool of costs,
viruses and reboots. Either do it now with minimal costs, or watch your
ultimate costs of transfer steadily increase, because sooner or later,
it will have to be done. There is little doubt in the statement that if we
could remove the Microsoft OS from the world's computers and the internet
tonight, almost 100% of viruses and malware would disappear and we would have
a secure, user-oriented system.
Kind regards,
Dr. Tony Young
You can read about ActiveX in this chapter from an O'Reilly book, "Malicious Mobile Code", by Roger A. Grimes, on "Malicious ActiveX Controls". I strongly suggest any executive pondering whether or not to switch from IE to Firefox read this chapter and ask themselves if they want their business computers doing such things as IE permits. For the time-pressed, here is just one paragraph that ought to tell you all you need to know: ActiveX's biggest problem is the way it incorrectly marks controls Safe for Scripting. Already used in several email worm attacks, these types of holes continue to appear. If Microsoft cannot correctly determine the safety and appropriateness of their own system controls, how can vendors be expected to? Following that problem is the growing use of unsigned code. The digital signing process is technical and expensive. Most ActiveX controls on the Web are unsigned. Many of those that are signed, are expired. I rarely come across a control that is signed and current. If ActiveX's security lives or dies on whether end-users correctly choose to trust or not trust unsigned controls to run, it appears doomed unless digital signing of code becomes widespread. If ActiveX controls become standardized across the world's web sites, as expected, we will surely see a rise in malicious code for ActiveX.
The book was written in 2001, so this is not a new problem. Here's a ComputerWorld article about an ActiveX flaw spreading viruses in 2000. And yes, there is an abundance of malicious code. Some call ActiveX viruses the most dangerous of all, because you can get them just by surfing the web.
Here is Microsoft's patch for one IE ActiveX vulnerability, which allows someone to take over your computer if you visit a malicious web site, after which they can run any code they like on your computer. Do you think a spammer might enjoy that power? For you businessmen who are not coders, what does it mean that if one of your employees visits a malicious website, any code can run on their computer? Well, actually it's *your* computer. Your business computer. This paper [PDF], says it means that worm writers who run the malicious website can then delete or change your files, your registry
entries, and create other serious system damage: ActiveX is a popular technology among virus, Trojan horse, worm, and malicious scriptwriters.
This is due to the combined popularity of the Windows platform, the rich feature set that
Microsoft exposes with ActiveX, and the lack of a sandbox - a barrier between the control and the
rest of your system that is employed by Java technology. For example, worm writers may use
ActiveX because the popular corporate e-mail client, Microsoft Outlook, exposes an ActiveX
interface for accessing the Outlook address book. ActiveX viruses can also delete files, registry
entries, and create other serious system damage.
Add to this the ActiveX security model, which is dependent both on the Internet Explorer (IE)
security settings and on digital signing, which prompts users to accept or reject each control. If
IE is set to allow all ActiveX controls, the user never sees the digital signing prompt and they are
at particularly high risk for viruses and other malicious scripts. With a number of costly ActiveX
viruses and worms in recent history, system administrators may be reluctant to trust their users to
enable ActiveX controls, and can even set IE to accept no controls Of course, if the only safe way to run IE is to turn off ActiveX, then why not just use Firefox? That way, your employees don't have to be trusted to do right. And, according to Pest Patrol, there's "Hostile ActiveX (an ActiveX trojan that captures info from your machine or modifies your files.)" Think of what that can mean for your business, that an interloper can capture information from your machine and modify your files. Then the person can send that misinformation, as if from you. Talk about functionality.
As for waiting for Microsoft to fix things, here's a Risk Digest, Forum on Risks to the Public in Computers and Related Systems from 1997 on ActiveX vulnerabilities, a year after ActiveX was first released. That's the track record. As for their skills, here is what they thought would happen, back in 1996 when they first developed ActiveX: Microsoft appears pretty confident that Authenticode will work to ensure no viruses will be downloaded by users, and if by some chance they are, the source of the virus would be traceable, thanks to the digital ID. Right.
It's a design issue. Here is how Panda Software describes ActiveX: "ActiveX technology, patented by Microsoft, allows online programs to be run on computers through Internet Explorer. It also allows users to open Word or Excel documents directly through the browser. . . " So yes, the Jupiter analyst is correct, if you don't finish the thought, that you do lose some functionality with ActiveX turned off. But is it functionality you want and can afford to allow your employees to have?
But, you say, I'll just tell my geeks to make sure my business is fully up-to-date and patched. Better read this first: A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw.
However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try saying that three times fast!)
The Register has a story on a security pow wow, sponsored by Microsoft, Messagelabs and the FBI, whereby several UK MPs will be flying to the US next month to meet with politicians and agencies here "to discuss information security". Here's some confirmation from the article that Dr. Young is correct: Ed Gibson, FBI special agent and assistant legal attache of the US Embassy in London, said the get-together focuses on an important area of information security policy. "But for the viruses there would be no spam. That's why we see ever more virulent viruses," he told delegates this week at the Computer and Internet Crime Conference in London. Stop and think of the implications of his remark, and then add in the fact that viruses on GNU/Linux systems are so rare. I am not saying they could never be written, but I have never had one in all the years I have used GNU/Linux software. Can you Windows folks say the same? Microsoft, an expert on security? Think. I understand that naturally the FBI needs to work with Microsoft to try to solve their problems, because the operating system is in such widespread use. But the rest of you can contribute to the health of the Internet by just not using IE any more. At least turn off ActiveX, and that's just for starters. Just switching to Firefox would help.
Wine is software that emulates windows on a GNU/Linux system.
The guys who run the Wine project decided to test if windows viruses can run
under Wine. Here are the results -- essentially no -- and while they write their account in a very funny way, the virus problem is serious, and so is the spam problem, and I am quite serious in saying that I hope businesses do switch to Firefox, at a bare minimum, because people who use insecure products on the Internet impact the rest of us. If you guys would do your part, and stop enabling viruses, there would be no spam, according to the FBI. Think about it. Please. If any of the rest of you wish to explain to the business community why this ComputerWorld article is inappropriate advice in your opinion, feel free to add your comments, with proof urls. Speak as you would to your boss, and just explain all about ActiveX, the alleged need to test PC's loads if you switch to Firefox, your own experiences with Microsoft's security patches, anything you wish to expound on that you can knowledgably discuss. That way, we can have a nice page you can point your boss to, if he asks you about this ComputerWorld FUD.
|
|
Authored by: DBLR on Friday, January 28 2005 @ 01:41 AM EST |
Please place corrections here for PJ to find and fix.
---
"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.
[ Reply to This | # ]
|
|
Authored by: DBLR on Friday, January 28 2005 @ 01:44 AM EST |
Please place off topic subjects in this thread.
---
"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.
[ Reply to This | # ]
|
- OT: Why do people call it "GNU" / Linux? - Authored by: Anthem on Friday, January 28 2005 @ 02:15 AM EST
- OT: Here's Why - Authored by: Totosplatz on Friday, January 28 2005 @ 02:21 AM EST
- OT: Here's Why - Authored by: Anthem on Friday, January 28 2005 @ 03:00 AM EST
- OT: Here's Why - Authored by: Anonymous on Friday, January 28 2005 @ 03:26 AM EST
- OT: Here's Why - Authored by: Anonymous on Friday, January 28 2005 @ 07:35 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: PJ on Friday, January 28 2005 @ 02:49 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Anonymous on Friday, January 28 2005 @ 02:51 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: ashridah on Friday, January 28 2005 @ 02:53 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: cmc on Friday, January 28 2005 @ 03:03 AM EST
- Everything Gah-noo - Authored by: dhonn on Friday, January 28 2005 @ 03:06 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Aladdin Sane on Friday, January 28 2005 @ 03:22 AM EST
- Think of it as layers - Authored by: Anonymous on Friday, January 28 2005 @ 03:23 AM EST
- GNU kernel - Authored by: Anonymous on Friday, January 28 2005 @ 06:36 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Anonymous on Friday, January 28 2005 @ 04:09 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: chrisdj on Friday, January 28 2005 @ 04:12 AM EST
- contrariwise, why do people call it GNU/"Linux"? - Authored by: xtifr on Friday, January 28 2005 @ 04:39 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Anonymous on Friday, January 28 2005 @ 06:54 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Steve Martin on Friday, January 28 2005 @ 07:38 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: tomun on Friday, January 28 2005 @ 08:31 AM EST
- OT: Why people call it GNU/Linux - Authored by: rsteinmetz70112 on Friday, January 28 2005 @ 08:57 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: drakaan on Friday, January 28 2005 @ 09:26 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: inode_buddha on Friday, January 28 2005 @ 09:54 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Kiaser Zohsay on Friday, January 28 2005 @ 10:16 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Gerhard Mack on Friday, January 28 2005 @ 10:34 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: Anonymous on Friday, January 28 2005 @ 11:52 AM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: ingvar on Friday, January 28 2005 @ 01:57 PM EST
- OT: Really it ought to be Linux/GNU - Authored by: Anonymous on Friday, January 28 2005 @ 02:24 PM EST
- You DO use GNU on a regular basis - Authored by: darkonc on Friday, January 28 2005 @ 05:30 PM EST
- OT: Why do people call it "GNU" / Linux? - Authored by: darthaggie on Saturday, January 29 2005 @ 12:17 PM EST
- OTOT = Off the Topic, On the Topic, ATT & SBC - Authored by: Anonymous on Friday, January 28 2005 @ 02:47 AM EST
- MS profits... - Authored by: Anonymous on Friday, January 28 2005 @ 03:21 AM EST
- M$ is doing well - Authored by: Greebo on Friday, January 28 2005 @ 03:49 AM EST
- Jailed for using a nonstandard browser - Authored by: macrorodent on Friday, January 28 2005 @ 03:56 AM EST
- Law.com: The Real Price of Linux Software - Authored by: fudisbad on Friday, January 28 2005 @ 04:30 AM EST
- Is IBM's Lenovo Deal in Trouble? - Authored by: jentron on Friday, January 28 2005 @ 04:40 AM EST
- Analysing Analysts - Gartner and Meta. - Authored by: Brian S. on Friday, January 28 2005 @ 05:14 AM EST
- Song: "Can you hear the trolls tonight?" - Authored by: Anonymous on Friday, January 28 2005 @ 05:18 AM EST
- 1 in 4 may have to buy Windows for a second time. - Authored by: Brian S. on Friday, January 28 2005 @ 05:35 AM EST
- BBC: Warning over Windows Word files - Authored by: macrorodent on Friday, January 28 2005 @ 05:46 AM EST
- "Windows Media Center PCs aren't ready to rule the home just yet." - Authored by: Brian S. on Friday, January 28 2005 @ 05:55 AM EST
- 'Serious' Microsoft Office Encryption Flaw Uncovered" - Authored by: Brian S. on Friday, January 28 2005 @ 06:08 AM EST
- HP Warns of Microsoft Assault - Authored by: Anonymous on Friday, January 28 2005 @ 07:23 AM EST
- Any News On Gates vs. Lula at Davos - Authored by: Anonymous on Friday, January 28 2005 @ 08:42 AM EST
- OT: News Flash (humor) - Authored by: Anonymous on Friday, January 28 2005 @ 08:44 AM EST
- Future FUD Meanderings - Authored by: josmith42 on Friday, January 28 2005 @ 09:39 AM EST
- Malicious ActiveX Controls - Authored by: DannyB on Friday, January 28 2005 @ 09:59 AM EST
- Re: RMS's Ego and the GNU/* Holy War - Authored by: Anonymous on Friday, January 28 2005 @ 08:38 PM EST
- Patent Reform Town Meetings - Authored by: tyche on Saturday, January 29 2005 @ 12:19 AM EST
- Windows security and USB - Authored by: Anonymous on Saturday, January 29 2005 @ 04:46 AM EST
- Intuit TurboTax for the Web - Authored by: Anonymous on Saturday, January 29 2005 @ 06:51 PM EST
|
Authored by: AJWM on Friday, January 28 2005 @ 01:45 AM EST |
Alas, he's right.
Just yesterday I had to fire up IE on my desktop at work (I usually use Mozilla)
because I was required to access an internal app for some HR-related thing.
Yeah, the app used CaptiveX objects.
The silly thing is, it was really just filling in a bunch of forms linked to a
database -- easily doable in a browser-inedepedant fashion.
Sigh. At least they let me use Mozilla (or Firefox) for nearly everything else.[ Reply to This | # ]
|
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 07:16 AM EST
- Firefox FUD is Born - Authored by: Steve Martin on Friday, January 28 2005 @ 07:58 AM EST
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 08:15 AM EST
- Firefox FUD is Born - Authored by: kutulu on Friday, January 28 2005 @ 09:53 AM EST
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 11:40 AM EST
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 01:08 PM EST
- NEVER ! - Authored by: Anonymous on Friday, January 28 2005 @ 10:05 PM EST
- Not at all - Authored by: Anonymous on Friday, January 28 2005 @ 10:43 AM EST
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 12:46 PM EST
- There is an ActiveX plug-in for Firefox (n/t) - Authored by: Anonymous on Friday, January 28 2005 @ 02:30 PM EST
- Firefox FUD is Born - Authored by: Anonymous on Friday, January 28 2005 @ 05:32 PM EST
- Sigh. There is ActiveX support for Mozilla (Firefox) - Authored by: Anonymous on Sunday, January 30 2005 @ 10:10 AM EST
- Firefox FUD is Born - Authored by: Anonymous on Monday, February 07 2005 @ 12:59 AM EST
|
Authored by: fudisbad on Friday, January 28 2005 @ 01:59 AM EST |
"Unbelievably enough, a Jupiter analyst, Michael Gertenberg, has written an
opinion piece which ComputerWorld, unbelievably enough, has printed, cautioning
businesses that they might want to think twice about switching from IE to
Firefox because 'Firefox lacks the ability to run Microsoft ActiveX
code.'"
Umm, right. He doesn't realise RadioactiveX is a bad thing?
He's screaming out loud that he is a paided shill.
---
See my bio for copyright details re: this post.
This subliminal message has been brought to you by Microsoft.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:01 AM EST |
My company has switched to Firefox. But we know what we
are doing.. and were
able to test, plan the move and weigh
up the cost/benefits of the switch. For
us, costs were
negligible. And the benefits huge.
My spouse works for a
large international IT consultancy.
They make heavy use of "Intranet"
applications - delivered
world wide by web servers to desktops - requiring
little
installation, local resource etc. etc. However, these
applications make
extensive use of ActiveX. So for this
case, the costs of implementing Firefox
outweigh the
benefits - nobody would be able to complete timesheets,
book
holidays, access project documents etc.
Now the message coming out from
the firefox lobby is that
it is the cure for all evils. You could argue that
this is
FUD against I.E. Although it is genuinely the case that IE
gives all
the appearance of unmaintained, out of date,
insecure, low quality, quirky, so
this point is extremely
debatable.
However, there are some cases where a
switch to firefox
isn't as simple as just download, install and go.
The
world of IT is full of people who don't know what
they are doing. And are quite
likely to have a
conversation where person A says "We've ditched IE" and
Person B thinks "We'll do that". No more planning or
evaluation is done and
off they go then find that none of
their applications work. Might seem
unlikely, but this
happens.
So before writing this of as FUD, consider: Who
is the
writers audience, what is the context of the message.
If the
audience is fairly clueless IT managers who have
heard about how great firefox
is and how everybody is
using it and you'll be considered old fashioned and out
of
date by every one at the golf club if you haven't switched
to firefox, then
the message might have some legitimacy. [ Reply to This | # ]
|
- All or nothing approach? How bout both - Authored by: dhonn on Friday, January 28 2005 @ 02:23 AM EST
- Ah, Vendor Lock-In! - Authored by: Simon G Best on Friday, January 28 2005 @ 03:02 AM EST
- Is this really FUD? - Authored by: Anonymous on Friday, January 28 2005 @ 03:27 AM EST
- There is never FUD against IE... It's called reality - Authored by: Anonymous on Friday, January 28 2005 @ 04:05 AM EST
- Amen. - Authored by: pcmom on Friday, January 28 2005 @ 05:33 AM EST
- Amen. - Authored by: pcmom on Friday, January 28 2005 @ 05:38 AM EST
- A large, international IT consultancy??? - Authored by: Anonymous on Friday, January 28 2005 @ 04:34 AM EST
- If the audience is fairly clueless IT managers ... - Authored by: jbb on Friday, January 28 2005 @ 04:49 AM EST
- Is this really FUD? - Authored by: Anonymous on Friday, January 28 2005 @ 07:00 AM EST
- Is this really FUD? - Authored by: Anonymous on Friday, January 28 2005 @ 07:24 AM EST
- Is this really FUD? - Authored by: Frihet on Friday, January 28 2005 @ 08:13 AM EST
- It is very hard to "ditch IE", so no danger - Authored by: Anonymous on Friday, January 28 2005 @ 08:14 AM EST
- Internet vs. Intranet - Authored by: Anonymous on Friday, January 28 2005 @ 12:30 PM EST
- There is an ActiveX plug-in for Firefox - Authored by: Anonymous on Friday, January 28 2005 @ 02:32 PM EST
- Active-X? - Authored by: Tyro on Friday, January 28 2005 @ 04:47 PM EST
- It's probably FUD - but who cares? - Authored by: Anonymous on Friday, January 28 2005 @ 07:52 PM EST
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:07 AM EST |
You may think he was doing a parody for Onion, but I think he's
serious. Yes, friends, I believe we are seeing the birth of the anti-Firefox
FUD. Here's the man's so-called "opinion":
The reception that
Firefox has received from consumers and the press might tempt business users to
switch browsers, but there are some good reasons not to. Many
mission-critical applications have been built on Internet Explorer, and most
organizations don't have the budget or resources to recode them. In
addition, PCs' application loads need to be properly tested to ensure that
nothing breaks with the addition of a different browser. In the near term, many
business users will be better served by keeping Internet Explorer and installing
security updates as they're released. If they aren't dependent on Internet
Explorer technology, however, some end users could use Firefox for their daily
Web surfing while reserving Internet Explorer use for sites that require it. . .
.
If Microsoft is spurred by Firefox's success to put more resources
into Internet Explorer, it would help create a better experience for both
businesses and consumers. That might even happen before Longhorn ships.
Well, FUD with a triple capital F generally meets with a
Groklaw response, but before I could even warm up the engine, a Groklaw reader,
Dr. Tony Young, did it for me.
How is that FUD? He's
stating simple facts.
The company I work for (3000+ people) uses ActiveX
controls for the timesheet and issue tracking systems. It's not the technology I
would have chosen - I'm a pure Linux user and I have been for over a decade -
but it's what the web developer group (not my area) wanted.
The author of
the article hit the nail on the head. Our company won't be switching to FireFox
precisely because of these ActiveX controls. You can blame the CIO, you can
blame Microsoft, you can blame Bill Gates himself, but why are you blaming the
author of the article? He's simply told you the reality. Do you honestly believe
that a reporter that tells the ugly truth is a FUDster?
Cue angry indignant
squawking and personal attacks in 3... 2... 1... [ Reply to This | # ]
|
- intranet vs internet - Authored by: pyrite on Friday, January 28 2005 @ 02:26 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 02:29 AM EST
- It is FUD and here's why... - Authored by: Anonymous on Friday, January 28 2005 @ 02:30 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 03:35 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 04:48 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 07:10 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 07:46 AM EST
- It is subtle FUD with spin - Authored by: yscydion on Friday, January 28 2005 @ 08:43 AM EST
- Firefox Report: Works fine in my corporate environment - Authored by: Anonymous on Friday, January 28 2005 @ 08:50 AM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Friday, January 28 2005 @ 09:56 AM EST
- There is an ActiveX plug-in for Firefox - Authored by: Anonymous on Friday, January 28 2005 @ 02:33 PM EST
- A FUD by any other name - Authored by: Anonymous on Friday, January 28 2005 @ 02:44 PM EST
- Doesn't Look Like FUD to Me - Authored by: Anonymous on Saturday, January 29 2005 @ 07:01 AM EST
- Doesn't Look Like FUD to Me - Authored by: darthaggie on Saturday, January 29 2005 @ 12:39 PM EST
|
Authored by: dhonn on Friday, January 28 2005 @ 02:09 AM EST |
Even on SpreadFirefox.com I see FUD.
All I can say is that if you let someone try Firefox for themselves, they will
like it. There's a lot of maintance involved in using Internet Explorer. Just
being sick of popups and spyware and virus scanning is enough to switch.
I trust Java and Flash. I see no need for ActiveX. In fact when I use to use
windows the only usable ActiveX apps I have ever came across is Windows Update
and TrendMicro Online virus scan. I'll the rest are tring to get me to install
spyware. I have to click no a million times too.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:13 AM EST |
There are unfortunately some, possibly even many, web applications that simply
won't run in Firefox.
I was responsible for maintaining one such web application at work (it was
developed by an outside company) and the HTML, CSS and JavaScript used (there is
no need for ActiveX controls) is so horrendous and non-standard that Firefox
won't run it, but it works in IE fine. Obviously the developers saw no need to
be standards-compliant, but they only needed to make sure that it
"works".
Of course, the solution should not be to keep IE running but rather to develop
standards-compliant applications that work in any browser. But try telling that
to your boss.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:15 AM EST |
Radioactive-X (Chaos Computer Club hacks Active-X to
transfer money, from
1996/1997) [ Reply to This | # ]
|
|
Authored by: Aladdin Sane on Friday, January 28 2005 @ 02:18 AM EST |
I read that story, "Business Must Be Cautious With Firefox," when it was
referenced at linux.org or NewsForge, don't remember which. I was pretty
appalled by the same thing that appalled PJ. There was a contrast that struck
me as glaringly contradictory:
"The result has been a security
nightmare for IT organizations, which must deal with an endless series of
patches and fixes from Microsoft to preserve their online
safety."
Then 2 paragraphs later:
"Many
mission-critical applications have been built on Internet Explorer, and most
organizations don't have the budget or resources to recode
them."
What I read was 1) IT security nightmare is an
ongoing cost nightmare, and 2) Business has no money for new projects in IT
today.
The juxtaposition strikes me as bordering on hilarious: "We're
throwing all our IT effort away patching bad code and cleaning up spilled
biohazardous material so we have no resources to install good
code."
What?
The implication is that businesses like IT
nightmares since the author admits there is an alternative. The behavior
proposed forms that definition of insanity whereby one repeats the same actions
over and over expecting different results each time. And never learns.
It
might be suggested that Microsoft's relationship with its customers is
inherently sick: The relationship smacks of co-dependence born of uncertainty.
It may just be computer illiteracy, nothing that education can't solve. But to
many in the business world the risk of change seems too great, and we will
continue to suffer their ignorance until the greater networked world has had
enough.
I note that the author, within his own article, did a great job of
exposing the weakness of his thesis. [ Reply to This | # ]
|
|
Authored by: TAZ6416 on Friday, January 28 2005 @ 02:19 AM EST |
You can set the Browser to "Open In IE Mode" which turns on ActiveX...
yes I know that sorta defeats the object of switching to Firefox and I've never
switched that mode on.
Jonathan[ Reply to This | # ]
|
|
Authored by: pyrite on Friday, January 28 2005 @ 02:19 AM EST |
Wow. I guess it depends on how you want to do it. If you know the outcome, it
just kind of seems odd that you would even bother writing an article.
Then there's the recent story (actually it's a link to a PDF) on osnews.com
about the lovely, wonderful comparison of Solaris vs Linux - that's a fun one,
too...
People need to get real. Something either is a certain way or it isn't.
Today's assignment: write an essay outlining possible reasons that an individual
might want to keep using IE. The conclusion should recommend IE.
Ouch. This stuff is becoming somewhat entertaining! [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:20 AM EST |
Hmm in the corporate world, there are applications that were coded to take
advantage of ActiveX. In the Intranet world that's a fairly safe use. I know
that the ActiveX I'm forced to run across could be replaced by Java, but who's
going to pay to have something that works replaced?
Quote: "PCs' application loads need to be properly tested to ensure that
nothing breaks with the addition of a different browser"
This is really a failure in the ways that installshield for windows works. I've
gotten in trouble because of my installing Firefox caused the links in some
other software to be pooched. Still trying to figure how something I install in
my account on a 2k system appears as a default on all the users accounts. He
does have a point especially with any in-shop produced/custom software.
Quote: "If they aren't dependent on Internet Explorer technology, however,
some end users could use Firefox for their daily Web surfing while reserving
Internet Explorer use for sites that require it."
Definately FUD worthy here. Oh wait.. He's suggesting using Firefox unless the
site requires IE/ActiveX.
As a home-user, use whatever you want to surf the net. You're your own
sys-admin so if/when things break, it doesn't cost your employer time/money to
repair it. My shop is stepping away from Solaris 8 to Win 2K boxes. I hate it,
but I accept that I have to endure while I work there. At the end of the day I
can come home and use my Gentoo box to read rants and other silliness on the
internet. Occasionally I even find truly fair and balanced comments.
---------------------------
Black - White .. Nah.. Grey - Gray[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:21 AM EST |
Read past the words to the meaning of the words and that quote should read:
"Firefox lacks the ability to run highly insecure code." rather than
"Firefox lacks the ability to run Microsoft ActiveX
code."
Obviously the author of this article doesn't get it.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 02:24 AM EST |
Sheesh.. This is a bit over the top. Not what I would expect from Groklaw. The
piece says nothing but good things about firefox:
Mozilla has built a solid browser that supports features such as tabbed views,
Google for native searches and direct support for RSS feeds
This left the market open for the Mozilla team to create its user-friendly and
secure browser
I believe this new browser is going to be a force for positive change in the
industry
At the same time he points out all the bad things about IE:
for hackers to exploit this feature and execute malicious code on users'
machines have been abundant
A security nightmare for IT organizations
Internet Explorer was no longer a strategic product for Microsoft, and few
resources were devoted to it
This article paints a completely different picture of the piece and it's writer.
Everything is taken out of context. It is something I would expect from a MS
press release, where they cherry pick what they want out of a piece, to paint
their version of history.
The sad fact of the matter is, that there are orginisations out there who have
multi-million dollar applications that require Active X. And worse still, there
are IT decision makers, who would read about how great Firefox is (And it is
great, I use it all the time, except in work where I need to use IE for our
internal apps), and order everyone to change without having a clue as to the
implications.
PJ, I really hope you were just tired, or in a very bad mood when you wrote this
piece. It is not up to the standards you have written so recently about, or the
standard of any other article on this site.[ Reply to This | # ]
|
|
Authored by: RedBarchetta on Friday, January 28 2005 @ 02:53 AM EST |
In other words...
Microsoft's introducion of code into IE that
essentially make other browsers incapable of the same functions, is a reason not
to switch. That's like saying you should stick to drinking corn-sweetened sodas
because they are so much better tasting than a glass of nutritious non-fat milk.
Good health be damned.
Someday, try visiting Microsoft's web site to
update a Winbox machine using something other than IE. The result will be a
utter failure. As a person who services many Windows machines for friends and
family, I find it particularly annoying that I must keep 2 different browsers on
these machines. IE for Windows updates only. Netscape for everything
else.
My only reasonable guess as to why the author, Michael
Gertenberg, would suggest such a ridiculous thing is because he knows that
Microsoft cannot compete on innovation alone. He knows that IE security is the
three-headed dragon with no way to slay it, and the only way to keep it at bay
is by attempting to leverage it's proprietary "hooks."
My other guess,
which is probably more accurate, is that Michael Gertenberg is nothing but a
paid opinion.
Think it doesn't happen? Look at these links and tell me
that reporters/columnist/analysts are all impartial:
Reporter
admits to taking "propaganda" money from Bush
administration.
"Columnist Maggie Gallagher yesterday defended her
decision to accept $21,500 from the Department of Health and Human Services
to help it package an administration marriage initiative, but apologized for not
disclosing it. [..]
Is Maggie
Gallagher the Next Armstrong Williams?
"The appearance is enough to
bring forward accusations of 'payola.' Maggie Gallagher should have disclosed
the contracts and her relationship with the Bush Administration. There was
really no reason not to as no reader would be surprised that Gallagher was
defending policies she obviously believed in. She seems to have realized this
and noted in a Mea culpa column on Tuesday, 'I should have disclosed a
government contract when I later wrote about the Bush marriage initiative. I
would have, if I had remembered
it.'"
--- Collaborative efforts
synergise. [ Reply to This | # ]
|
|
Authored by: Greebo on Friday, January 28 2005 @ 02:57 AM EST |
PJ, I have to disagree with you on this one, and i'd be the first one to stand
up and say that Firefox is way better than IE.
I read the whole article and
it seemed quite well balanced. He points out that IE has it's
problems....
When Microsoft integrated Internet Explorer tightly with
its operating systems and allowed the browser to execute Windows code, it
created a double-edged sword. On one hand, a new class of richer Web-based
applications could be created, allowing for a far more interactive Web
experience. Unfortunately, opportunities for hackers to exploit this feature and
execute malicious code on users' machines have been abundant.
and he
praises Firefox....
Out of the ashes of Netscape, Mozilla has built a
solid browser that supports features such as tabbed views, Google for native
searches and direct support for RSS feeds.
And he quite rightly points
out that Firefox doesn't run ActiveX in a very direct way....
But
business users need to think twice about making the switch from Internet
Explorer, since Firefox lacks the ability to run Microsoft ActiveX
code.
Many Businesses use ActiveX - we use it in our Document system -
and it will take time and money to move away from that.
One option, as
someone quite rightly pointed out, would be to only use IE Internally, and use
Firefox for the Outside world, but that's entirely a company decision. I'm sure
over time more and more will move to Firefox.
I'm sorry, i just don't see
the FUD here, and judging by the posts so far neither do other
people.
Greebo --- PJ has permission to use my posts for commercial
use.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 03:26 AM EST |
It seems to me that every analyst still misses a major point in the ActiveX
discussion.
ActiveX components are software components. In my company we try to act in a
professional manner concerning software management. We try to comply with ITIL
change management procedures, meaning that all components that are distributed
to all systems are developed in a professional way, documented, tested, accepted
by the person that ordered the component and distributed in such a manner that
we can manage the risks.
Try to do that with ActiveX. As long as an ActiveX component is distributed like
other third party software, testing can be done, docs may be in order and
usually the manufacturer may guarantee the functionality and state that the
integrity of the system will not be compromised by the component.
But how about all those zillions of ActiveX controls on the internet. They are
distributed without any change management process. Who knows what functionality
the have. Who knows if they are developed, documented and tested in a
professional manner. Yeah, we know :)
So, even apart from all vulnerabilities caused by the integration in the Windows
OS and IE, there is an even bigger risk: Trust. I discussed this issue in a
Dutch security management magazine and got some favourable reactions. One major
financial organization decided to remove all the ActiveX components and java
applets from their website.
meneer[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 03:39 AM EST |
Look at:
Active-X
plugin/extension
I didn't try with Firefox yet because I don't need
Active-X.
See how good Michael Gertenberg can use Google?
It did take
me under 1 minute to find it.
So this is real FUD.
Frerk
[ Reply to This | # ]
|
|
Authored by: muswell100 on Friday, January 28 2005 @ 04:20 AM EST |
The use of ActiveX components in web sites were a short-sighted move from the
very outset. Like much of the present infrastructure on the Internet. Before you
start replying (or not, as the case may be) to this sweeping statement, consider
these points:
<RANT>
The Internet was originally built for a trusted subset of the population -
'Trust' being the key word here. Most of the protocols developed for it were
originally designed around this premise.
SMTP, for instance, is a service that is long overdue an overhaul. Given the way
it is regularly abused for the purposes of distributing spam, viruses, worms,
scams and other assorted junk, it can only at best be patched against further
abuse (ie: Sender ID, spam blacklists, etc.). Short-sighted entrepreneurs saw a
way to make a killing using these services as-is, without once considering the
wider implications.
ADSL has been widely sold to the general public with a great hue and cry over
the incresed speed and convenience, but without a single word about security.
Hence the dire situtation we now have with so many zombiefied PCs generating
much of the garbage out there.
Likewise, intoducing ActiveX into the equation was a 'business'-led decision
made on the fly to make sites more pretty and - ideally - more feature-packed.
Again, no thought was given to the repercussions which might follow if you
allowed untrusted applications to be run across the Web.
The result of all this is that we now have a near chaotic situation on the
Internet, all stemming from a raft of money-fuelled bad decisions taken over the
last few years - ActiveX being one of the more avoidable ones, given how much
more effectively and efficiently the same features can be implemented using
alternative, safer options.
Although I doubt it will happen very soon, decisions will have to be made
concerning a complete rewrite of many of the components of the Internet -
perhaps with Internet II?? Although given past performance, I suspect it will
taken near meltdown before anyone starts seeing sense.
</RANT>
Whew! Glad I got that off my chest...[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 04:35 AM EST |
Dr Young's comments are valid---and nothing new. The same
problems with IE have been pointed out again and again since ActiveX controls
were added about to IE about 6 or 7 years ago.
A web page by a Mr. McCloud circa late 1997/early 1998
demonstrated the risk of ActiveX in convincing fashion:
by providing an ActiveX control that shut down your computer. If you pulled the
plug before it had shut your
computer down, it would continue from where it was
interrupted as soon as you had rebooted until it completed
its appointed task and shut your computer down!
You were given a clear statement of what it would do and how
you couldn't stop it. It was your choice to try the control.
McCloud removed his site from the Internet, claiming he was
being threatened by the legal department of the creators of
ActiveX.
Maybe someone needs to set up a second site with a clear
and meaningful demonstration of ActiveX's power---eg:
Free HardDrive Dry Cleaning.
One click and you're clean ... down load your
ActiveX Hard Drive Cleaner now!
(ActiveX with the X magic ingredient for shining disk
drives squeaky clean).:-)
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 05:00 AM EST |
Is a computer with a Microsoft os still a computer?
In my view it is not.
Rather, it is something looks like a computer, but with the balance of control
between user and machine reversed.
Asking clients if the want a computer or a "Microsoft Device"
generally gives them pause for thought before they ask the obvious question.
This probably seems a bit petty, but the terms in which debate is joined can
often be decisive.
I'd welcome other views.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 05:09 AM EST |
GNU means GNUs not Unix.
The GNU project had the goal of replacing the commercial Unix by a free one.
They succeded in building great tools for that (Compiler, Editor, C-Library) but
failed with their Un*x-Kernel Hurd. Linux was the first Un*x Kernel under GPL.
So the GNU project succeded with the help of Linux, but Linux was developed with
GNU tools and it would not work without them.
Reason enough to say or write them in one word.
I don't do it just because im lazy. Sorry for that.
Frerk[ Reply to This | # ]
|
|
Authored by: efricke on Friday, January 28 2005 @ 05:24 AM EST |
As with every "religious" view, the most important thing is to stay
tolerant. I think there are many reasons why sticking to IE might be a good
idea. Important is allow for true diversity. I use Firefox at work even tough
our intranet only works with IE. Firefox for Web / IE for intranet. Do I care?
No! IE is like any other tool, and for our company it is the GUI part of a
client / server application called intranet. As our intranet is well secured,
there is no reason to "require" a switch to Firefox or any other
browser. As for web surfing, IE is the worst choice for so many reasons.
I think the article is right and wrong... yes, switching to Firefox might not be
the right choice for every enterprise out ther. But not allowing choice (forcing
a user to surf the web with IE) is not correct either. Choose the right tool for
the job.
I don't think this is a matter of FUD (fear uncertainty and doubt) but more a
matter of IT departments and Microsoft not reacting to the changing environment
of the Web in a timely manner. Don't get me wrong, at home I use linux by
choice, but at work I need to use Windows 2000.
Well, all I wanted to add was, that Firefox is not a panacea for everything
wrong. Keep IE if makes sense (ROI) and swith to Firefox where it makes sense
(ROI) and keep "religious" thinking out of it.
Cheers![ Reply to This | # ]
|
|
Authored by: prayforwind on Friday, January 28 2005 @ 05:40 AM EST |
Previously, I had this conversation with an IT PHB in an accounting firm.
Unfortunately she went away honestly believing that Microsoft's ability to run
ActiveX scripts at the request of a website is an example of Microsoft's
superior technical prowess! It was her opinion that if the results of doing so
were bad, that's not Microsoft's problem.
The same person believes that having a power button on her cable modem (at
home... so she can turn off the internet quickly enough to prevent malware from
reaching her computer) is better than using a firewall. And, according to her,
turning off power to your computer while it's not in use doesn't prevent virii
from entering it... unless your link to the internet is also powered down! At
this point I decided further conversation would be hopeless.
Yes, this really is a person who makes tech spending decisions at a mid-size
company (3k employees). However, she does have favourably shaped legs...
---
jabber me: prayforwind@jabber.org[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 06:34 AM EST |
From wikipedia:
<< Ignaz Philipp Semmelweis (originally Ignác Fülöp Semmelweis) (July 1,
1818 - August 13, 1865) was the Hungarian physician who demonstrated that
puerperal fever (also known as "childbed fever") was contagious and
that its incidence could be drastically reduced by enforcing appropriate
hand-washing behavior by medical care-givers. >>
I can almost hear the fudsters of his time:
* Many mission-critical operations are built on the 'dirty hands' approach.
* Most organizations don't have the budget or resources to actually go in and
clean the hands of the staff.
* In the near term, many doctors will be better served by keeping their hands in
the current state.
* Some doctors could wash their hands for their private tasks, while reserving
the 'dirty hands' approach for operations that require it ....[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 06:51 AM EST |
I once spent an evening "analysing" the problem with scrollable tables
and frozen headings on web delivered reports (conclusion: you can't do it) and
describing for my employer how this was in fact an IE bug. Ie. it couldn't
handle THEAD and TBODY specified in 1996 or before (this was 2004).
At the time I had two recommendations:
- Install Firefox for users of the reporting solution (about 4 people), so they
would get scrollable tables with frozen headings, like in Excel.
- Spend a week or so making the table concerned two tables and suffering the
maintainance cost of manually lining up headings with columns.
In the end, we licenced a Javascript code block to do the latter automatically.
The code was licenced under the GPL.
How come people still don't get it?
SJG, Programmer[ Reply to This | # ]
|
|
Authored by: TiddlyPom on Friday, January 28 2005 @ 06:54 AM EST |
To me the personal computer (whether that be a desktop/laptop/pda etc) is all
about choice.
I want to decide what I use it for and what
I run on it.
If there is a problem with one application then I will use
a different one in preference. This, of course, applies well to Internet
Explorer vs Firefox vs Opera or whatever.
IMHO Firefox is just a better
browser than IE.
I like
* the tabbed mult-page view and pop-up
blocker
* the fact that visiting 'hostile' web pages does not infect my PC
with anything
* (as a programmer) it supports style-sheets better than IE
and is more standards complient
* that it doesn't support ActiveX (which is
a dying technology anyway according to Microsoft).
There are very few
web pages that I have come across that do not work with Firefox. From my point
of view there are a total of 3 sites (out of the hundreds that I access) that
require IE. Out of these, one is an online banking site (which is being updated
to be browser independent) and the others are not essential to me in any
case.
I run Windows XP as my primary operating system at work and Fedora
Core Linux as my primary operating system at home but use Firefox as my primary
browser on both systems. Using CrossOver Office (payware) allows me to run IE
under Linux to access this rogue site and I will deinstall both CrossOver and IE
as soon as the site becomes complient.
Years ago when I started in IT I
was mainly using various varieties of Unix (e.g. SunOS, HP-UX, SCO etc) and when
I started using PCs under Windows it was like a breath of fresh air. ODBC
allowed me to write applications that were independent of the database provider
and various venders sold different office suites giving me a real choice
on what I ran on the PC. I had a choice of which web browser I wanted to use
(Netscape, Mosaic, Internet Explorer etc) and there was a healthy spread of
competing products to run on the PC covering every aspect of day-to-day
operation of the PC. What a wonderful product and enabling
environment!
I evangelised about this to my collegues who also began to
switch because Windows put them in control and made the computing
experience fun.
Not any more.
These days I find that Windows
restricts my choices.
People expect to have no choice in web
browser (Internet Explorer), office suite (Microsoft Office - latest of course
despite the fact that it is little different from the last version), Messaging
Client (Internet Messanger) etc.
Digital Restriction Management (on
Windows) stops me doing useful with media products that I have purchased
legitimately.
I now find myself recommending Linux to collegues,
friends and family because...it puts them in control and makes the
computing experience fun!
*Sigh*
That is why Firefox,
Thunderbird, AbiWord, OpenOffice, Dia, theGIMP are gaining popularity on the PC.
They offer choice and are a breath of fresh air compared to the 'stale'
products that people are used to.
Microsoft used to gain mind share by
showing how technologically brilliant their products were compared to everyone
elses - but now they try to cling on to mind share by presenting FUD and
monopolistic practices. Choosing between Firefox and IE is a persons choice and
is empowerment.
I have no problems if someone presents IE as a better
solution to Firefox as long as the the facts are presented clearly and it is a
purely technological argument.
Microsoft have lost my support by moving
away from the choice and empowerment mind set that made the PC popular in
the first place.
--- "There is no spoon?"
"Then you will see that it is not the spoon that bends, it is only yourself." [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 07:27 AM EST |
I have a small internet business, and I have come to the conclusion that no one
who uses MS products can compete with me. My wife and I do all the system
administration, programming, etc. We could not run our business alone with MS
computers, and we could not afford to even be in business if we had to buy
proprietary software. Even if it is technically possible to install enough free
software on an MS system, why would anyone do this? It keeps breaking. If the
business grows, we will save HUGE amounts of money on licencing, buying
software, and human resources. In the mid to long term those who use free
software will win and those who do not see this soon enough will loose. I just
hope that WalMart doesn't find out about free software soon enough to put us out
of business![ Reply to This | # ]
|
- PS - Authored by: Anonymous on Friday, January 28 2005 @ 07:32 AM EST
- I believe you - Authored by: Anonymous on Friday, January 28 2005 @ 08:23 AM EST
|
Authored by: Anonymous on Friday, January 28 2005 @ 07:32 AM EST |
I wonder whether it would be possible to start a class action suit based on the
fact that Microsoft requires you to use IE to access Windows Update ? Surely
that is a case of illegal product tying from a convicted monopolist ?
Microsoft was at one time ordered to remove the browser from the operating
system, but the way things work now, you must run IE in order to keep your
operating system current.
[ Reply to This | # ]
|
- Windows update - Authored by: Anonymous on Friday, January 28 2005 @ 08:04 AM EST
- Windows update trap - Authored by: Anonymous on Saturday, January 29 2005 @ 09:25 AM EST
|
Authored by: spuluka on Friday, January 28 2005 @ 07:32 AM EST |
PJ,
I am very disappointed in your mischaracterization of this article. This is a
cautionary tale for IT managers to do their job carefully. The article is based
on the facts as they exist in large corporations today and has reasonable
opinions on those situations. Which is not to say I share all the views, but
they are reasonable ones for the problem faced by these IT departments.
Chapter and verse are in many of the messages above, so I won't repeat. But I
want to go on record as saying the Groklaw article is miss labeled and should be
given a new headline.
---
Steve Puluka
Pittsburgh, PA[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 07:43 AM EST |
lin
k [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 08:03 AM EST |
Why does everyone here link IE and ActiveX as though they are parent and child?
Why does everyone think of ActiveX as Evil?
ActiveX is a fundamental unit of code modularity in Windows. Virtually every
Windows application is a collection of ActiveX controls, coordinated by another
module. Some have UI's, some do not. An earlier name for them was OLE Controls.
There are equivalent structures in every OS. IE's support of ActiveX was a
godsend for Corporate developers. They allow a web page to become a program,
treated like any other program on the computer. This makes designing and
distributing applications in an internal context - accessing and integrating
corporate data - much easier. Java, for all of its own marketing, is not as
efficent or effective as ActiveX for this purpose.
Where IE's probem lies isn't in ActiveX, it is that IE allows them to run in an
inappropriate context. The concept of security zones is an attempt to limit this
exposure. It doesn't go far enough.
The bulk of IE's problems could be resovled quite simply by disabling ActiveX in
pages except for a list of explicitly designated sites. This list should not be
accessible through IE's user interface or API. This should be enough to allow IE
to perform its role internally, while limiting the exposure to malicious sites.[ Reply to This | # ]
|
|
Authored by: JoeDawson on Friday, January 28 2005 @ 08:18 AM EST |
It KILLS me that my corporation uses Active-x in almost all mission critical web
apps. It was terrible, for a time i was getting popups on INTRANET sites until
i cleaned out all the crap the previous tenant of this computer had infecting
it. I've tried every web browser imaginable, but alas, IE is neccessary for
this crap. [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 08:45 AM EST |
Before I start, I would like to say that I use Firefox exclusively, and Linux at
home.
I thought the original article was quite reasonable. Many businesses use ActiveX
for a lot of intranet and business work, and they cannot just switch away from
IE without recoding their applications. Such a switch would probably take
considerable time and expense, for little to no benefit.
The article also points out that they could still use Firefox for surfing, and
IE for intranet, which also sounds like a reasonable conclusion.
It is not so that every argument against using open source is FUD, and it is not
so that everyone who says something negative about open source products is a
shill.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 08:47 AM EST |
Although in principle I agree with the majority of comments on this page, and
personally use firefox for my browsing (both linux and win), I beleive that
Michael Gertenberg has a valid point.
I work in the financial services industry and moving over to firefox would be
totally impractical. Many sites that are ctirical to my work (both internal and
external) do not allow access via firefox. I do not know whether it is activex
or for some other reason.
Everyone here knows the benefits of firefox, but if external sites do not allow
access I do not believe that companies should make the transition.
Kind regards
Christian[ Reply to This | # ]
|
|
Authored by: Dolphin Boy on Friday, January 28 2005 @ 09:08 AM EST |
I think the main problem with articles like this is apparent when you consider
the target audience.
Any organisation with "capable" managers/techies will be able to make
their own minds up about whether a move to Firefox is a good idea or not and
don't need to rely on consultants/journalists to tell them anything.
Which means the main audience for these articles are those companies that let
other companies make their decisions (let's call them Noddies). These entities
*like* to pay money to third parties so they can be free of the burden of doing
the work themselves. In this scenario they will simply accept the other
company's analysis on the face of it.
Which is where the danger in this article lies. For a start the author says
there are "some" good reasons not to switch to Firefox and then goes
on to list one, ActiveX.
Secondly, he makes it sound like the fact it doesn't support ActiveX is a
universal reason for not adopting Firefox, which is rubbish.
It is a perfectly valid point that any company that has mission critical apps
running via ActiveX will be better of staying with fully patched IE in the short
term but then these companies are hardly likely to just install Firefox
everywhere and demand everyone use it without doing plenty of testing first, if
they do they deserve what they get.
I think the sad thing is that articles like this get way too much attention, not
least the level of discussion here on Groklaw. I still don't know what PJ was
thinking when she posted it here.
Nothing in the article itself explains anything technical that any technically
competent person doesn't know already, it mainly boils down to an opinion piece,
and what use is one person's opinion to anyone?
So here we have an opinion piece written for Noddies telling them not to use
Firefox because of a reason that may not (and probably is not) be relevant to
the vast majority. This is where the FUD lies.[ Reply to This | # ]
|
- I agree totally - Authored by: Anonymous on Friday, January 28 2005 @ 09:11 AM EST
- Cheers - Authored by: Anonymous on Friday, January 28 2005 @ 10:36 AM EST
|
Authored by: pacer on Friday, January 28 2005 @ 09:21 AM EST |
It is important to note that there are many reasons why adminstrators and
companies might not want to switch from Internet Explorer.
The Internet Explorer engine has been used to create specialized systems for
many companies that simplify procedures by their employees. Further, there have
been many programs created for both large and small businesses which use all or
portions of the IE engine and its various components.
One example I can think of is the Legal Software PCLaw. I know there are many
others.
This information is important so that one's arguments against IE and for FireFox
can answer the concerns of those admins or CIO/CTOs who worry about their
IE-based systems and programs.
The beauty is that FireFox and Mozilla.org offer a far better system for
creating specialized systems and programs than Microsoft's IE.
The Mozilla engine is far more open, far more secure, and works on many
different systems than IE.
What needs to be done more than anything is the conversion of some of these
specialized programs from IE-based into Mozilla-based.
By doing this, companies are provided a more secure engine that crosses
platforms. In the end, the cost benefit would likely be superior for the larger
companies. The problem is the initial cost for such a product and the
hesitation of many companies in upgraded even sorely antiquated legacy systems.
I have not personally delved into the abilities of the IE engine and the
abilities of the Mozilla engine, but I doubt there is much one can do that the
other can not -- even if the method for arriving at the final product deviates.[ Reply to This | # ]
|
|
Authored by: Prototrm on Friday, January 28 2005 @ 09:23 AM EST |
I don't see the article as FUD, so much as evidence that we're not dealing with
the Unix/Linux/BSD point of view here.
Windows was originally created as a consumer toy, not as an industrial-strength
tool for the enterprise. As such, it does a lot of things to make life easier
for the user -- things that would (or at least *should*) make a sysadmin cringe.
But organizations around the world have accepted the Windows ease-of-use mantra
to the point where security flaws and patching vulnerabilities is an accepted
part of daily life. They have gone so far down that road that there is no way
they can now change to something more secure, particularly when those in charge
of IT demand the exclusive use of Microsoft development tools to create internal
applications.
Windows was fine in the days before the internet, before the fatal flaws in its
design philosophy became clear. It was easy to set up and easy to use.
Productivity generally increased over plain vanilla MS-DOS. The only network
connectivity was with a Novell server. Browsers didn't exist in the enterprise,
and email was relegated to text.
Windows, and its "let's all be friends" philosphy was never really
apropriate for the post-internet world, but it's too late now for most companies
to go back. There's too much time and money invested, which is a shame.
It's important that people know why Firefox is more secure -- that it doesn't
natively suport things like Active X -- because it's important that managers
know what they're getting into before they adopt something new. After all, from
their point of view, look what happened the last time they failed to do that:
they got stuck with Windows.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 09:43 AM EST |
A few weeks ago I was searching Google for information on of all things
differential (rear axle) codes for a 1987 GMC Astro van - something I think
would not lead me to a malware infested site - but alas I was negligent in two
respects - I didn't look at the URL I was directed to (.ru) and I was running
IE. I first noticed the problem when IE asked me if I wanted to install
something. I immediately said no, closed the browser and rebooted my machine.
I was redirected to some other home page than my default. I then ran
anti-adware software and low and behold I had several dozen pieces of spy/adware
on my machine. Was all of the malware installed from a visit to that one site?
I don't really know. What I do know is I spent a couple of days cleaning this
mess up and switched to Firefox. I haven't had one single piece of malware
detected on my machine since the switch. I also haven't missed the pop-up ads
etc. In my opinion IE has become obsolete through MS own foolishness and I
welcome a browser that doesn't expose my machine to the nefarious activities on
the Internet as a policy. I will gladly give up the "funtionality" of
ActiveX to rid myself of the problems that it causes. My question to the IE
advocates is "Do you leave your house unlocked when you go to work so you
have the convenince of not having to unlock it when you come home?" Of
course not! Why would you do the same thing to your computer? Nuff said![ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 09:49 AM EST |
Mathew Ingram, a business columnist for Canadian newspaper The Globe and Mail, recently wrote an article about firefox that is suprisingly insightful. He
even gets the part about ActiveX correct:
"[Firefox] also can't do
much with pages that require features only Internet Explorer has, such as the
ability to run Active-X programs. These features are part of the reason IE is so
riddled with malware, but they also allow it to interact with certain websites.
Until Firefox finds a way around that, you might have to keep Internet Explorer
around -- just for emergencies, of course."
Not bad for somebody who
usually writes about corporate governance and such. [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 09:50 AM EST |
As a lead developer in major company (10,000+ seats) using IE web applications I
can tell you that switching to Firefox should be done with extreme caution.
This is even without heavy use of ActiveX controls. PJ, please don't comment on
technical articles outside your domain of expertise. Just because Groklaw is a
success doesn't make you any more knowledgeable about technical issues than the
day you started it.
"If Microsoft is spurred by Firefox's success to put more resources into
Internet Explorer, it would help create a better experience for both businesses
and consumers. That might even happen before Longhorn ships."
This paragraph is utterly ignorant and yet ignored in the commentary. If users
(and major corporations are a big chunk of users) do not switch to Firefox then
MS is not spurred to put more resources into Internet Explorer. MS has shown
they will not put resources into IE unless "spurred". There are two
important questions:
1. How far behind the competition (Firefox now) do MS products have to stay and
still maintain their dominant market position? (the "slow follower"
strategy to web browser innovation)
2. Will the developers of the "spurring" application (Firefox,
Netscape) get demoralized over time and drop the project (Netscape)?
It's time to switch to a new browser vendor now because the long term costs of
stagnation and zero innovation are higher than the short term costs of testing,
validation and cautious change. Not because the short term costs do not exist
and this author does indeed correctly identify the short term costs.
[ Reply to This | # ]
|
|
Authored by: blacklight on Friday, January 28 2005 @ 10:02 AM EST |
There are some vicious pieces of malware that exploit Active X to download
themselves on users' Windows desktops. If Firefox does not support Active X, I
regard it as a plus.
I'd say that those who need to use IE because they need access to internal
Active X applications could have IE configured to access a proxy server that
would only allow them to use IE to access internal addresses.
The other major issue I would have is how to deploy Firefox from a single point,
including upgrades. However, I believe that issue is also manageable. One
possibility for example wiould be to put Firefox up on a shared folder, email
evey user with a link to that folder, and tell them to click away and install.[ Reply to This | # ]
|
|
Authored by: shiptar on Friday, January 28 2005 @ 10:24 AM EST |
What exactly are we responding to here?
Corporate users and different from
consumers. We don't let IE users out onto the internet from the corporate
network, except to business related sites. We don't let folks use Outlook. We
don't have the time, nor resources to change 1000+ USERS to Firefox.
What
do I gain by doing it? The computers aren't being infected with viruses, they're
not sending out spam, as a responsible IT Department, we prevent those things
from happening. The argument can be made that we never should have been using
it, but Pointy Haired Bosses rule the world.
Some quick questions for
PJ. How long did it take to convert your whole organization to
Firefox?
How many users did you switch?
What were the snags, if any, did
you hit in that conversion? How much did it cost? Include retraining,
testing, bug fixes, man hours please.
At the end of the day, from where I
stand, IE use in many corporations is not causing the end of the world. We're
not even hurting you, because you never see us. Are you telling us, that the
ComputerWorld article is wrong, and that all IT Managers should go out and
switch all of their users to Firefox? IANAL, IANAJ, I'm just an IT person.
This is my first post, because not being a journalist or lawyer, I don't have
much to contribute, but I wasn't coming here for advice on corporate IT
strategy, I'm just looking for information.
Sorry you hate us PJ, as one
of the folks who lives what he is saying, we're really trying, but change is
incremental, the points the fellow brings up in the article are very valid, and
the realities of what he is saying are governing IT strategies. I used to be
this way, 'You should do it because it's the right thing to do!'. I lost, so we
protect and limit IE the best we can. Someday we'll get there, but not by
alienating people by trying to scare them into doing what you want without
identifying tangible benefits from it.[ Reply to This | # ]
|
|
Authored by: grouch on Friday, January 28 2005 @ 10:48 AM EST |
FUD - Fear, Uncertainty, Doubt
Fear:
- "Business Must Be Cautious
With Firefox"
- "But business users need to think twice about making the
switch from Internet Explorer, since Firefox lacks the ability to run Microsoft
ActiveX code."
Uncertainty:
- "Many mission-critical
applications have been built on Internet Explorer, and most organizations don't
have the budget or resources to recode them."
- "In addition, PCs'
application loads need to be properly tested to ensure that nothing breaks with
the addition of a different browser."
Doubt:
- "In the near
term, many business users will be better served by keeping Internet Explorer and
installing security updates as they're released."
- "Despite the factors that
should keep many business users from adopting Firefox at the expense of Internet
Explorer, I believe this new browser is going to be a force for positive change
in the industry."
- "There's no doubt that Firefox resonates with end users.
Microsoft's lack of ambition in driving browser development forward, combined
with the multitude of security issues associated with Internet Explorer,
fostered an environment where Firefox could flourish."
The message is
clear:
- Fear Firefox.
- Fear the loss of Microsoft's wondrous
ActiveX.
- The cost of leaving ActiveX behind is uncertain.
- It is
uncertain if your computers will continue to run if you install
Firefox.
- Stick with the known power of Microsoft's security patches, for it
is doubtful that Firefox will make your life better.
- Firefox might make
things better in the future, but it is doubtful that it will help now.
- The
true worth of Firefox is doubtful, since only an oversight by the great
Microsoft has allowed it to become popular for the moment.
Was the
article truly aimed at businesses? Looks like a checklist to get some folks to
wait for Microsoft to come to their rescue rather than jumping into those
fearful, uncertain, doubt-filled waters of Open Source.
--- "The
power of the Web is in its universality. Access by everyone regardless of
disability is an essential aspect."
-- Tim Berners-Lee, W3C Director and invent [ Reply to This | # ]
|
|
Authored by: inode_buddha on Friday, January 28 2005 @ 11:22 AM EST |
I find it interesting that this article appears about a week after Google hires Firefox. Coincidence?--- inode_buddha
peter.vantassell@gmail.com [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 11:28 AM EST |
PJ, I think you should also point out that ActiveX is just another attempt by M$
to embrace, extend, and extinguish the world wide web. There are standard ways
of doing things that are compatible across platforms. The only reason to
implement something using ActiveX would be to lock it to a single platform and
application (Windows & IE).[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 12:14 PM EST |
You may find out here
. And basically I am financing a very, very small small part of this FUD
campain through my subscription. I guess it is time for IDG to compete on the
open press market by cancelling my subscription.
Now for all of you who have
ever seen any Microsoft security advise for an beserk running, unpatched Windows
system because virus x is spreading world wide should know that switiching OFF
Active X is allways the first advise one will get.
Without any doubt that is
cheap FUD financed by readers of IDG magazines.[ Reply to This | # ]
|
|
Authored by: Franki on Friday, January 28 2005 @ 12:29 PM EST |
I sent this to the National bank in australia. If you visit their online banking
in Firefox, you get a message telling you to upgrade to IE or NS7. If you click
"continue anyway", the site works flawlessly. I decided to sent them a
message, but although their site is based on Perl (yah!) they have some serious
design flaws in their contant system, so for the lack of grammer and
punctionation, blame their system as I had to cut my original post down
considerably to get it to submit.
I am an IT sysadmin, and as part of my anti-virus/anti-spyware procedures, I
have been installing the Firefox web browser on all my clients computers.
Firefox is what the next version of Netscape will be based on. In fact it is
based on the same GECKO rendering engine that all Netscape/Mozilla browsers use.
It also looks like being the basis for Google's web browser, as they are paying
the salaries of several of the developers. (as are IBM, Sun and Novell)
It supports all the same features as NS7, and yet your site insists that we
download IE or NS7 in order to view your site correctly (even though if you
click continue anyway, the site works perfectly already).
Firefox is now the second most popular browser on the Internet, it already has
over 5% of the world browser market and it has only been a stable release for 3
months now.
These stats were taken by the recognized web stats companies Onestat and
Websidestory.
http://www.websidestory.com/pressroom/pressreleases.html?id=238
Firefox 1.0 has now been downloaded just under 21 million times since it came
out. I tell my clients to just click "continue anyway" because they
are far safer doing online banking in Firefox then they are in IE, but it is not
a professional look for a company like the National recommending web browsers
that even the US government online security http://www.us-cert.gov/ office said
users should consider finding an alternative to.
The stats are all actually from late last year, recent reports have put IE below
the 90% mark for the first time since the browser wars. Also be aware that the
Firefox stats for tech related sites are much high then the onstats and
websidestory reports, because they monitor sites like Disney, not the sort of
places switched on web browsers hang out.
Some other url's you might be interested in.
http://news.com.com/Firefox+continues+gains+against+IE/2100-1032_3-5545930.html
http://www.theinquirer.net/?article=20791
Firefox also features a ton of security features like popup blockers and
phishing notification. Since people that have money stolen via online banking
because they have Trojans or keyloggers on their machines, most of which were
installed due to flaws in IE, I'm surprised that banks haven't jumped on this
faster.
I do not mean to be rude, I simply thought you might want to know that your site
already works perfectly in Firefox, so you do not need to suggest people get a
different browser to use it.
Thankyou,
rgds
Franki
---
Is M$ behind Linux attacks?
http://htmlfixit.com/index.php?p=86[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 12:41 PM EST |
A correction. Firefox, Mozilla and Netscape 7.1 & 7.2 on Windows can
run ActiveX controls.
I know all this because I wrote the special plugin you
need to do it. That plugin (called npmozax.dll) ships by default in NS 7.1 &
7.2 but it is locked down so that it only hosts the Windows Media Player control
and nothing else. No other control will load, but it will load any OBJECT tag
specifying the Windows Media Player control. The plugin (when not locked down)
even supports control download & installation, scripting and events from
controls so it is quite powerful.
For the other browsers you need to visit
the plugin website and
install it, assuming there is a version matches your browser. Note that
end-users should not do this since I don't offer support, the plugin has
no user interface for preferences, requires manual configuration and manual
removal.
The plugin is reasonably stable when used with the most popular
ActiveX controls, in particular Windows Media Player. Why Windows Media Player?
Because Microsoft chose to ship a broken LiveConnect scripting API with WMP 9 so
that it was impossible to script it in Mozilla or Netscape as so many sites do.
So Netscape shipped the plugin so that you could script it via its ActiveX
API.
Another point worth bearing in mind. There is nothing inherently more
evil about an ActiveX control than there is any other binary DLL. An untrusted
binary DLL of any kind can wreck your machine, steal your passwords and
generally ruin your day. A plugin is no different from a control in that
regard.
So why are there no rogue plugins? The reason is due to Microsoft's
historical stupidity - ActiveX was seen as a way to taint the generic web with
Windows only rich content. They even dumped support for hosting NS plugins
(implemented in a fairly trivial DLL that I was able to
re-implement quite easily) to lean on websites a little more to adopt
ActiveX. Thus for years they promoted controls as a way to embed rich content in
HTML, made it easy to write such controls and made sure IE was set to download
them whenever they were detected. The user still had to consent to install the
control but the control was ready and running with a click or two. A site didn't
even have to host the control in question - it could use any control that the
user had on their machine including exploitable controls like the MS Office
Assistant. So we saw a string of warnings issued for vulnerabilities in this or
that supposedly "safe for scripting" control turned out to be not at all. Now MS
have tried to patch up the model, with blacklists, "kill bits" and service
packs, but it is nearly as broken now as it was then.
Contrast this with
Netscape where it was always a major pain to write a plugin, a major pain to
install a plugin, a major pain to make it scriptable and the scripting API was
written in Java (negating many of the traditional buffer overflow techniques).
These hurdles basically eliminated the threat.
Unfortunately Firefox has
substantially reduced this hurdle. If you visit a page requiring a plugin,
Firefox will offer to install it for you with a few easy clicks. This increases
the chance of the user installing an exploitable plugin where before they may
not have bothered. But much more dangerous is the new extension mechanism in
Firefox. There are literally hundreds of extensions written in a mix of
privileged Javascript and sometimes binary DLLs out there. It would be trivial
to upload a new extension that superficially did something useful, but actually
installed spyware, deleted files, stole passwords or anything else it cared to
do. The rich API available to extensions in Firefox and its growing user base
makes this inevitable.
Doubly worse, Firefox doesn't even enforce a trust
model, so virtually every extension out there is unsigned and untrusted. There
is a case that trust and signing is a waste of time, but it's better than
nothing, especially since Firefox supports the mechanism. It should start
insisting on signed extensions by default, if for no better reason than to make
extensions tamper-proof and to make the browser more corporate friendly. If
people want to disable signing, that's their own problem, but secure by default
should be the order of the day for any app, whoever wrote it. [ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 01:06 PM EST |
I have used Netscape and Firefox for some time. When I installed a new network,
recently, I made sure the users only had access to Firefox. No virus or malware
issues and have been clean for many years. I needed to use IE to go to a site
because of ActiveX and made the mistake of checking the news on a respected
common resource. It took me out of productivity for a whole day cleaning viruses
and malware out of may machine.
While the article correctly points out that businesses are hooked into IE and
cannot always lightly switch to Firefox (or Opera or the new Netscape on the
horizon or anything else) I think it is the solution that is dubious.
If Microsoft have not addressed the issues that everyone has been screaming in
their faces for the last 8 years how the hell do businesses expect this to
change in the next year or two? Unfortunatly a business decision will not be
made by showing the technical merits of alternatives but by a cost comparison
between trying to keep up with IE, with all it's consequences, and a migration
to non-ActiveX model. All services using ActiveX need overhaul, from time to
time, so build the change into that and watch TCO drop as you shed IE.
What is also not pointed out is that anyone who does not migrate to XP or
Longhorn is locked out of any 'improvements' in IE as Microsoft refuses to retro
upgrade IE. How does the cost of migrating from ActiveX to A.N.other system
compare against completly ripping out and reinstalling your IT architecture,
software AND hardware, to switch to Longhorn to get these benefits?
I think we may see camels with groaning backs soon, which will be the straw?
[ Reply to This | # ]
|
|
Authored by: blang on Friday, January 28 2005 @ 01:22 PM EST |
The article writer has one point, and that is that Explorer does not support
ActiveX, and for that reason companies should not switch browser.
It bafffles the mind though, that managers who need to makse such decisions
would not know abut internal applications requiring ActiveX, and that they would
need to read advice from this guy to maake the decision. The article must be
aimed at those with power but no knowledge. Teh SoftieLoonies must be panicking
now that Firefox is eating up marketshare like a wildfire.
He is also complete wrong, of course. My company uses ActiveX all over the
place. Our IT department is full of Windows lovers (but it baffles me that after
so many years, they haven't bother learning it), and they don't mind spending 4
out of 5 days doing spyware cleanup.
When there is some worm or other windows flu going on, we usually get hit, and
it takes our monkeys 3-4 days to reach all to clean up. Or desktops get updated
constantly with allsorts of patches, and our machines are bogged down with
antivirus software.
Even though many intranet apps use ActiveX, a lot of users here are now using
firefix exclusively for surfing outside the firewall, and use IE only for those
internal sites that requires it.
I bet Firefox has already saved my company tens of thousands by reducing the
amount of time our monkeys have to spend picking spies, flees and bugs from our
machines.
[ Reply to This | # ]
|
|
Authored by: Frihet on Friday, January 28 2005 @ 01:52 PM EST |
Never thought about using Wine for Internet Explorer. I'll do some study on
this. Might be worth a try!
---
Frihet
Repeal the Digital Monopoly Conservation Act.
Write your congress folks![ Reply to This | # ]
|
|
Authored by: cybervegan on Friday, January 28 2005 @ 02:09 PM EST |
Anonymous poll:
1) Roughly how many users of internet browsers clients, and of what type, does
your employer have?
2) Does your employer use ActiveX applications deeply enough to stop them from
migrating to FireFox?
3) Roughly how many employees wouldn't be able to do their job properly if they
couldn't access your employer's ActiveX-based application(s) ?
I'll collate the results and post them back so we can see for ourselves how much
impact it would have on Groklaw's readership.
Please avoid posting offtopic responses to this thread as it will make it harder
to collate the results, and please be truthful as otherwise it will skew the
figures.
regards,
-cybervegan
---
Software source code is a bit like underwear - you only want to show it off in
public if it's clean and tidy. Refusal could be due to embarrassment or shame...[ Reply to This | # ]
|
|
Authored by: Pop69 on Friday, January 28 2005 @ 02:22 PM EST |
I don't so much see this as FUD as more someone pointing out that people should
use the best tool for the job.
If your company has already bought into the M$ lock-in then the costs of
switching to Firefox and recoding probably far outweigh the costs of sticking
with IE and patching.
If he'd phrased his article slightly differently and said move to Firefox unless
you need to stick with IE then perhaps he would be getting lauded for backing
Firefox.
I think his best point is probably saying that even most windows Firefox
adopters still keep IE on their machines to use for non standard sites, the fact
that you don't have a choice in keeping IE on your windows machine is an
entirely different point.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 28 2005 @ 04:02 PM EST |
Microsoft has been neglecting IE for years. The only new features have been by
way of toolbar extensions.
Firefox needn't fear a giant FUD onslaught--they should fear microsoft hiring
200 developers and putting in pop-up blocking and tabbed browsing, then locking
down activeX and plug-ins properly. They only need to hit these and maybe 5
other minor features and people will again decide that a pre-installed IE is
"good enough." That's what will relegate firefox, not the FUD.[ Reply to This | # ]
|
- Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:08 PM EST
- It's a problem - Authored by: Darkelve on Friday, January 28 2005 @ 05:25 PM EST
- Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:30 PM EST
- Fix IE ? - Authored by: Anonymous on Friday, January 28 2005 @ 05:44 PM EST
|
Authored by: darkonc on Friday, January 28 2005 @ 05:40 PM EST |
The proper answer to such fud is not a dropped jaw but rather (as you did later
in your article), a loud resounding "YEP!".
Firefox does not
run Active-X and (god willing) never will, because Active-X is a security
hole in, and of itself.
If you were to modify Active-X to the point where
it was no longer a massive security hole, you'd end up with a bastardized Java
-- In that case you'd be better off using the more mature Java offerings than
having to relearn a heavily hacked and castrated Active-X (and worrying about
how many nasty security holes Microsoft had left in the
process). --- Powerful, committed communication. Touching the jewel within
each person and bringing it to life.. [ Reply to This | # ]
|
- Dropped Jaws??? - Authored by: Anonymous on Saturday, January 29 2005 @ 03:33 AM EST
|
Authored by: Anonymous on Friday, January 28 2005 @ 06:55 PM EST |
Ok, supposing you manage to convince your company to switch to Firefox. Install
it on, say, 5000 PC's. When an exploit is found and a patch available, you then
have to go around to all 5000 PC's to install that patch because there is no
patch management system.
I am sure the IT heros that have posted here would do it because of their
commitment to the ideals of FOSS, but most of us live in the real world, where
money talks and ideals walk.
IE also has other advantages (I use the term loosely), like being integrated
with practically the whole MS s/w stack.
From a managers point of view, one vendor, one s/w stack, one support route is
appealing.
Yes, I know all about vendor lock in, but managers have to think about other
things like "Will this company be around in 5 years?", or "If
something goes wrong, will I have a contact person that I can go to?"
The answer to those for firefox are: There is no company, and No, you might
"know" someone now on the dev team, but they could be gone in 6
months.
Face it, firefox, though it is an excellent piece of s/w, is not ready for the
corporate big time just yet. Personally, I wish it were, it would certainly make
my life a whole lot easier.
You can argue until you are blue in the face about how much better Firefox is,
and I would agree with everything you say. However, being better doesn't mean
much in business. Better products have fallen by the wayside time and time
again. Marketing drives products, and marketing relies on "features".
Sure Firefox has more features than IE, but compared to the whole MS s/w stack,
it is nothing but a drop in the ocean.
[ Reply to This | # ]
|
|
Authored by: GLJason on Friday, January 28 2005 @ 06:58 PM EST |
I'm not a big fan of IE, I actually use Mozilla since FireFox won't open a new
tab by typing in a URL and hitting CTRL-ENTER. However, I can see how this
would make sense from a business perspective.
- Microsoft has pushed
the ActiveX through the web as a way to develop solutions. Maybe you only do
your banking or visit slashdot using your browser, but there may be internal
applications at many businesses that rely on IE's ActiveX capabilities.
Remember, the article said businesses might want to wait...
- IE Sucks
- It's not FireFox or Mozilla's fault, but IE will take messed up HTML and still
render a page. It doesn't conform to standards as well as Mozilla or FireFox,
but it works to IE's advantage. If 90% of your users are using one browser, are
you going to write a web page so that it looks right on the browser that
displays it correctly, or write it so that it displays correctly on the browser
9/10 of your viewers are using? Once I was hand-writing a JSP and I forgot to
put the closing table tag in. It took me an hour to figure out in testing why
it looked fine on IE but there was simply no table when I viewed the page in
Netscape.
- Bosses would like to think that their employees don't surf the
web, so the threat from getting viruses and spyware through IE should be
NIL.
I'm not advocating the use of IE in any way, but it's not really
that hard to see where the reasoning comes from, I was surprised to see
"[Groklaw jaws drop all over the world in unison]".[ Reply to This | # ]
|
|
Authored by: brentdax on Friday, January 28 2005 @ 10:38 PM EST |
For once, I think you actually got it wrong, P.J. This is not FUD.
He doesn't say anything false here. It's true that Firefox doesn't support
ActiveX; it's true that some sites on the Internet rely on it; and it's even
more true that many intranet sites use ActiveX. The only FUD-like aspect of
this is that they don't give the reason for not allowing ActiveX, namely that
it's a huge security risk.
Don't get me wrong--I've used Firefox since it was Firebird, and I think ActiveX
was a horrible idea. I just don't think that pointing out--truthfully--that
Firefox doesn't support ActiveX, and thus it won't work for everybody, is FUD.
---
Brent 'Dax' Royal-Gordon[ Reply to This | # ]
|
|
Authored by: jacks4u on Friday, January 28 2005 @ 11:56 PM EST |
If you build a truely better mousetrap the world will flock to your door. That
is what Ben
Goodger (of Firefox fame) did
You see, I read all the time, Microsoft
said such and so, their pawn wrote blah-de-blah, and their paid servants
published so-and-so a study. I've seen it myself. In the news. And on the
Internet. Really! www.wired.com
has stories that are designed to cause Fear, Uncertainty, Doubt, Network World
Fusion tells us about it. C/Net news has stories also.And others. Lots of other
websites, Newscasts, Magazines. Don't believe me? Think these are just a few off
the wall references? Just do a Google search. I did one ... "Microsoft FUD" were
the search terms. Google says there are more than 334,000 webpages that contain
those terms. I've read about the FUD here on Groklaw.
But what I'm really
getting at, is the need for a root cause analisis. I can do some of this,
perhaps all. I just hope I'm not looking at a small subset of reality
So,
I'll just type my thoughts, and you decide whether my reality is close to
yours...
There's no doubt that Microsoft wishes to spread Fear, Uncertainty
and Doubt concerning any serious competitor to any of their product lines. The
web is full of examples. Groklaw is also.
But the question is WHY?
My anylisis, and that of many others is that Microsoft feels the threat.
The vulnerability of their products. The possibility that one of their products
MIGHT loose market share to a competitor.
So I would like to tell
Microsoft a few things, to help them be more responsable corporate citizens, and
to strengthen their market share. To help them increase their profits. And to
reduce competitors to a meer nuisance, rather than the serious threat that Microsoft
has recognised them to be.
Build a better mouse trap, and
the WORLD will flock to your door.
Your web broswer sucks.
Harsh words, but they aren't mine alone. You know what the problems are with
your Web Browser. I don't have to tell you. Millions of people are telling you
right now. People around the world. Corporate types with sensative information
about YOUR credit cards and bank accounts are telling you. Business people that
rely on computers as a business appliance are telling you. Like stock brokers,
perhaps yours. They are telling you. Housewives and high school students are
telling you. The FBI is telling you! More than 20 million people are telling you.
Quit
bashing the competition, and fix your products,Build a better mousetrap and
the world will flock to your doorstep. With Money in hand, if need be
Really.
But if you think that many people are willing to pay for an
inferior product that opens their finances, their personal belongings, even
their identities, to people with malicious intent, think again. You think I'm
just spouting off? 20 MILLION people plus change are also telling you.
I'm just putting it into words. Harsh words to be sure. But it seems you don't
understand any other way. Judges have declared you a monopolist. Countries and Nations have said you don't play nice, and are
saying, or thinking of saying "You are not welcome to play in our sandbox,
without extra rules"
Build a better mousetrap, and play nice. With
the bright minds at a company like yours, that should be the easy part.
A
concerned citizen of this world.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 29 2005 @ 12:11 AM EST |
Ahh the usual!
Whenever a good product emerges that is not underneath the umbrella of some big
corporation FUD is born.
As for me, I've been using Firefox exclusively on my laptop now and my computer
is much cleaner than my old desktop which still has some residue of unwanted
applications that I don't know how to remove from my IE days.
Regards.[ Reply to This | # ]
|
|
Authored by: bobmatnyc on Saturday, January 29 2005 @ 02:31 AM EST |
"Stop and think of the implications of his remark, and then add in
the fact that viruses on GNU/Linux systems are so rare. I am not saying they
could never be written, but I have never had one in all the years I have used
GNU/Linux software. Can you Windows folks say the same?"
While I
agree with the gist of the article, this quote stopped me dead. It is
essentially reverse FUD. GNU/Linux is likely less susceptible to
viruses, and certainly no equivalent for Windows malware exists, but given the
relative difference in desktop market share, one should not tout GNU/Linux's
security simply based on user experience.[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 29 2005 @ 10:50 AM EST |
I got firefox installed on a winxp box.
Recently i've upgraded to xpsp2, and with it came a m$ spyware detector.
It reported something like a 'browser hijacker mozilla' key set in the
registry.
While it didn't show which registry key it 'found suspicious', i'm fairly sure
it is the default browser setting of firefox.
Now, how will this improve my trust in M$?
I will turn this crapware detector off for sure.[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 29 2005 @ 04:44 PM EST |
I cannot believe what I read that somebody actually supporting active x on IE
(the analyst) and he got paid for that ?
What a wonderful world we live in......[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 29 2005 @ 08:58 PM EST |
Crackers break into Microsoft; Microsoft has to bring in the FBI to handle the
situation.
http://www.cbsnews.com/stories/2000/10/27/tech/main244646.shtml
Department of Homeland Security Warning to Disable Active scripting and ActiveX;
AND USE A DIFFERENT BROWSER
http://www.kb.cert.org/vuls/id/713878
[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, January 31 2005 @ 06:40 AM EST |
Firefox's immunity to infection with ActiveX is one of its most important
features, and one of the reasons I prefer it. Businesses that are stuck with a
Microsoft-only website *chose* to limit their reach, and can jolly well do
without my business if they are too cheap to do over what they were too cheap to
do right the first time. The tools to build a proper website were available to
them back then.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, January 31 2005 @ 11:33 AM EST |
"If any of the rest of you wish to explain to the business community why
this ComputerWorld article is inappropriate advice in your opinion, feel free to
add your comments, with proof urls."
So as usual, dissenting opinions need not apply.
If rip and replace were that easy, PEOPLE WOULD HAVE DONE IT ALREADY.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, January 31 2005 @ 11:08 PM EST |
No. Not those. Not the little white pills.
I'm talking about Firefox, web programming compliancy and business practices.
The people who do the grunt work in the company up to middle management are the
ones who get to decide that little choices of the project to project details.
Simply make it part of your work ethos to program W3C compliant code. It isn't
hard. Firefox is a great start, then run your code through a validator. After
that passes muster, view the page in IE and add in the necessary CSS or DOM
hacks to allow the page to function. It takes about 30 minutes more to do this.
Easily something that can be done without a committee deciding why it
"might be bad". Just do it. That goes for middle management as well,
encourage this programming behavior in your teams.
Firefox is simply one of the best tools there is for writing clean code. Then -
2 years later when upper management finally gets wind of this newfangled Firefox
thingy, everybody from the middle on down can get the job satisfaction knowing
that they (once again) did what was supposed to be done as opposed to what upper
management try to foist on them.
Just use your brains people.
As to the article. Yes it contributes to the belief that IE is the only way.
And for a lot of companies it is. Small steps. Eventually the word will get
out that having W3C complaint code is the best thing since sliced bread.
If you need a point for a round table discussion. Talk about that fabled code
re-use that has been mentioned for decades and tell them how W3C compliant code
is the closest thing we have to that. See the tech people look at you in a new
light.
It's really that easy.[ Reply to This | # ]
|
|
|
|
|