Modernizing Authentication — What It Takes to Transform Secure Access
Gonzales says he swears by Firefox at home, in the office and for most of his IT team. But ask him if he intends to roll it out to his users, and he emphatically says ''no''.
Gonzales, senior network administrator at Colorado State Employees Credit Union in Denver, Colo. is not convinced that Firefox is ready to displace Microsoft Internet Explorer in the enterprise.
''I use it heavily. I loved it immediately,'' he says. ''But it takes a little more skill to use Firefox -- a little more knowledge to troubleshoot.''
Gonzales says Firefox would create help-desk headaches as many Web sites are coded specifically for Internet Explorer.
''The primary reason that Firefox is not ready for prime time yet is that people aren't preparing their Web sites for it,'' he says. Proprietary features like Microsoft's ActiveX controls don't work with Firefox, causing viewing problems.
Brian Schwartz, technology specialist at CDW Corp. in Vernon Hills, Ill., says Gonzales is not alone in his hesitancy to adopt Firefox.
''We've asked IT managers what their biggest concerns are and quite specifically they say they have too many number one priorities from [their executives],'' he says. ''IT managers want other people to prove [Firefox's] worth first. They prize stability and performance, and their users have very little patience to test out new things.''
He adds that IT managers are too busy to test the impact of Firefox on their networks and applications. ''If there is any question about whether Firefox could impact application performance, it's probably not going to make the list of items a large-scale IT organization would evaluate.''
The key, he says, is for Mozilla to show that Firefox offers something that Internet Explorer doesn't. ''IT managers aren't looking to adopt new stuff if they don't have to,'' he says.
Jim Linn agrees. As IT director at the American Gas Association in Washington, D.C., Linn says he does not intend to roll out Firefox.
''Our standard has been Internet Explorer for better or worse,'' he says. ''Although recent vulnerabilities have brought [Internet Explorer] into question, we are staying the course.''
Linn says it's important for IT groups to choose a path.
''We see the need to stay standardized -- particularly on Microsoft software. It all fits together neatly and works together well. Even for my personal use and my technicians, I am running Internet Explorer.''
An Uphill Battle
When Firefox debuted last year, proponents of the browser touted its security compared to the vulnerability-laden Internet Explorer. But over the past few weeks, scrutiny has picked up about Firefox's own security issues.
Security experts warn Firefox may be vulnerable to spyware. But these problems are still not as worrisome to IT managers as those found in IE.
''Firefox has the advantage that it is not Microsoft Windows-integrated,'' says Joel Snyder, security expert and senior partner at Opus One, a consultancy in Tucson, Ariz. ''Therefore, all the 'wonderful' hooks into Windows that Microsoft put into Internet Explorer, which are ripe for exploitation, are missing.''
But Firefox is not bulletproof, he adds. ''This is not to suggest there are no security vulnerabilities in Firefox, but they will not be so easily exploited to gain control over the operating system.''
Even so, Firefox still faces an uphill battle.
''The challenge for a company making the move to Firefox might be any stuff that is hard-wired to work only in Internet Explorer,'' says Thomas Powell, founder of Web development firm PINT in San Diego. ''For example, some enterprise content management software, portals, etc. are only written to support Internet Explorer.''
''The reality of Web-based applications is that most are poorly coded and barely work on one browser, much less three or four different browsers,'' Snyder says. ''So people are most likely to code for Internet Explorer because that has the largest market share.''
Striking a Balance
Some IT managers say they don't have to choose.
Joanne Kossuth, CIO at Franklin W. Olin College of Engineering in Needham, Mass., says with a little bit of preparation, IT groups can offer their users both browsers.
''Supporting Firefox is not any more difficult than supporting Internet Explorer,'' Kossuth says.
Her IT group offers a dual-operating system laptop program that allows students to switch between Linux and Microsoft Windows, and to download the browsers they want to run with each. More than 50 percent of the students have downloaded Firefox since it began being offered last year, she says. In fact, it was her student advisory group that recommended Firefox.
''The students drove the path to Firefox. Internet Explorer had vulnerabilities out there and after doing some research, we found no reason not to support Firefox,'' she adds.
But Kossuth warns IT groups to be prepared. While Internet Explorer offers automatic security updates, Firefox requires manual patching. ''You need to have communications with your users in place for this. Educate your users about patching and security issues.''
She also recommends tracking versions of Firefox and its specifications. ''If you are using Linux, you have to make sure you've got the right kernel. Match the specs to the operating system.''
It's important to understand what users want to do with their browsers, she says. ''Get input -- a survey would be a good way to do that. Ask them what they like about their browser and what they don't.''
To avoid the help desk headaches that Gonzales fears, Kossuth advocates training users how to use Firefox and how to solve problems they might encounter.
Kossuth also says IT managers should not try to limit user choice.
''Web browsing is a personal experience. Some people like tabbed browsing, some don't. Some will want to block pop-ups, some won't. You're going to have a hard time prescribing just one browser,'' she says.