State Department: FireFox Costs Too Much

[kslghost]

Guessing that this article is not about installing and distributing the browser you get from firefox's website. Problem is likely that the web programs developed by the government 5-10 years ago and beyond are not necessarily compatible with firefox. This is not a discussion about something we likely just type in like "dmv.ca.gov", but proprietary software. Additionally, many branches of the government probably go by certain security standards that go beyond the scope of a script blocker.

That being said, politicians tend to know jack about the internet. Ted Stevens being one of the best of them at knowing nothing. Series of tubes.

 

[Guest]

@ People who don't think firefox comes with a price tag in a large organization:

It's very expensive to deploy ANY software across a large organization. While it may only take 1 minute of a tech's time per user, when you have thousands of users, it becomes a big deal.

 

[jediagh]

One other thing to keep in my **ALL** US Federal webpages must be what is called SECTION 508 Compliant meaning that deaf and blind people must be able to access/read/ them. Many of us take for granted than when a webpage loads with FLASH or some video or whatever that we can **SEE** the page and read it. However federal agencies must use special software so that their employees with disabilities (blind, deaf) can "see/hear" these pages. Government agencies has been doing this for years under IE5.5 and thus part of the reason why IE5.5 is still entrenched in most agencies.

The cost to "upgrade" hundreds of thousands of computers alone is costly. Add to that having to worry about compatabilitiy issues of the SECTION 508 kind and you see why many agencies are still using WIN 2000 or XP.

As stated before yes it's free and easy for you personally to install on your PC & make it work for you. But when you have to manage 1,000s of PC and they all must look the same (eg. same software, etc..) the free software beings to look less free as you add each users into the picture.

 

[jediagh]

**CORRECTIONS**
my = mind

 

[jgiron]

i can understand his point. I have worked in a very large organization where standards were a must. Using the Windows Update Services you can force certain policies down through Active Directory that affects IE. You can for everyone to upgrade from IE 5.5 to 7 and not allow people to upgrade to 8 from one central location. You can apply the patches that you want and other's you don't want. When you are managing 10s of thousands of computers and you are in the public eye, more control over the internet is must and IE is best suited for this.

Personally, I think IE is over rated, Firefox is great but I prefer using Chrome.

 

[jcknouse]

Too expensive to deploy?

Almost any "enterprise" worth a flip has startup scripts for their network clients. To deploy Firefox, all it would take is a well-written script add-on to check for Firefox. Maybe 1-2 hours of script writing time and to download Firefox's installer to a shared directory? $50-80 maybe in labor?

Too expensive to maintain/administrate?

No more than IE, once it's installed. In fact, you can configure Firefox to download and update itself automatically. I don't know any other way to update IE other than manually download it or update it through Windows Update.

I don't use IE at home, so I don't care. I just do security patches to it.

But, I bet it would cost them no more than $200 to deploy Firefox to every PC in the Dept. of State if they knew what they were doing.

Unless they are including in the cost the pay for all the bureaucrats to have 10 meetings totalling 50-60 hours to decide whether or not to have one Windows Network/Server Admin write a script and save Firefox's installer to a shared user directory.

Then it would be $250,000.

 

[brendano257]

[citation][nom]pirateboy[/nom]dumb ass politicians are expensive too[/citation]
Yeah...they get payed $100,000+ a year to work 3 days a week and...well whadd'ya know, they waste our money anyway.

 

[masterofm]

This has got NOTHING TO DO with the actual cost of acquiring firefox for deployment NOR ITS COMPATIBILITY WITH SITES, but rather the administration of it.

[citation][nom]maigo[/nom]And here I was, thinking IE costed more time and money to install and patch. Silly me, I didn't know IE updated its self and applied security patchs for it's many flaws on its own. Live and learn, I guess[/citation]

For those of you that don't work with Windows Servers for a job, I can tell you that IE does install and patch itself "automatically". When you have a large organization, in this case the government, the PCs are in an Active Directory integrated domain. In the domain, administrators can download updates centrally to a WSUS, test and then deploy from there updates to THOUSANDS of computers with the touch of a button.
You can also restrict, redirect, configure the DNS, run scrips and automatic configuration of proxies with a simple change, in a group or domain policy. Can you do any of these things with Firefox centrally? Unfortunately not.

If you don't see what the cost of supporting thousands of users individualy when just ONE update is pushed, then you are blind.

It amazes me the ignorance that I see in many posts regarding Microsoft technology, when they don't even know 5% of it(to say a number).

Do I believe IE is more secure than Firefox? hell no.
I have been using Firefox since around 0.7 almost exclusively in my home.
But managing so many users or expecting them to update it themselves is unmanageable and uncontrollable.

 

[eyemaster]

Again, people think that big organizations can just plop any kind of software and expect it to work. Yes, it might be free to get Firefox, but there are costs associated to it.

Where I work, we have 35k + computers. There are applications that have thousands of templates / pages / links and are all formatted for the browser that is the standard for the organization. Even just upgrading the browser means breaking those thousands of templates (which are the apps themselves). The browser also has apps developed to access mainframes and such. Upgrading for free to a newer version of the browser means it will cost millions of dollars in development and testing.

So no, it's not free.

 

[eyemaster]

[citation][nom]maigo[/nom]And here I was, thinking IE costed more time and money to install and patch. Silly me, I didn't know IE updated its self and applied security patchs for it's many flaws on its own. Live and learn, I guess[/citation]

In a big organization, each patch that is released also needs to be tested by the org. before being implemented. As I said above, braking an application that is essential just because you patched the browser is a big no no. Each time MS releases it's patches every month, it costs thousands of dollars to organizations.

 

[bfstev]

ie is exponentially easier to administer over an enterprise network as opposed to firefox. all security settings can be maintained and forced through GPO, all patches can be administered through WSUS. In sensitive government machines all patches and updates need to be tested extensively before being deployed and active directory gives better control of that for IE. You absolutely cannot allow firefox to update its self as a patch may break a security setting needed or open up an unexpected attack vector that needs to be tested for first. On top of this is the bandwidth cost of all the users d/ling from the internet the updated patches. You would have to script constant queries to check versions and probably dump those into a file for you to scan over daily. WSUS automates that and lets you schedule your update rollouts as well as tell yuou exactly what patches are installed or if there was an error of some kind requiring your attention. And since they would be using WSUS anyway for their windows computers, there would be no additional cost or man hours necessary.

 

[bfstev]

[citation][nom]NoCaDrummer[/nom]I guess they don't take into account the expense of time lost (or files corrupted, stolen, etc.) because IE allowed malware to install itself (thanks to Active X), whereas Firefox doesn't.[/citation]

thats part of the administered security settings. typically on a government computer, the average user's IE isn't allowed to d/l or install anything. Only those explicitly administered from the IT department are allowed. Also on a government network, you are behind some fairly impressive firewalls

 

[salem80]

my comment on one word
"Ignorance"

 

[Guest]

Anybody ever been around a government job? Anybody ever noticed what a horrible job most of the IT admins do anyways? How much worse off and wasteful could it possibly be? People with talent take corporate jobs that pay 2-4x what the government jobs pay. I'm sure that they just let Windows Update and IE run their course, I have doubts that they have a real setup where they control the deployment of updates.

 

[Shadow703793]

Umm... IE Tab ad on for Firefox?

 

[mdillenbeck]

@get_real_folks

Sorry, but a lot of government jobs don't come with the cash compensation but do come with equally valuable compensation in terms of benefits. You know, the vacation, sick days, personal days, insurance, and retirement benefits that taxpayers are always griping about. Oh, and let us not forget that common impression that IT people sit around all day playing games and not doing any real work - never mind that many of these administrators are "on call" all the time. After all, if a server crashes in the middle of the night, you can't just blow it off until you get in the next day.

===========================================================

I'd like to clarify my bosses statement from earlier - he did emphasize that he was talking in a secure and locked down environment. The type where the average user logging in does NOT have rights to run and install updates on their system, so as to prevent the accidental installation of malware.

However, I cannot comment too much on this. Additionally, we probably have a semi-unique setup. We have computer labs in several buildings where users need to be able to migrate seamlessly use any workstation as if it were there own. This poses some unique but not insurmountable challenges. Where IE is centrally administrated, FireFox requires a sequenced virtual deployment that integrates with their preferences and bookmarks stored on their network share.

Let me tell you, it took a few days to decide how to migrate users from v2 to v3 due to the change in the way bookmarks were handled. Huge cost? No. However, if you must sequence the app every time a new version comes out and verify it will not break profiles of users - and then be ready to deal with when it does because some yahoo has in their profile an unusual addon that does work with the upgrade - it becomes a bit of a mess after a bit.

Now, I don't deal with the IE stuff - but that is because I don't have to. My boss easily can do that "with a few clicks". Thus, we get to deal with the sequencing of the new version and testing in with profiles that have the old version, and then any of the problem tickets that come in when the new version inevitably breaks stuff.

So, long story short, FireFox was NOT developed as an enterprise product. What they lack is strong centralized management in an environment like ours, where users are highly restricted and the software is not allowed to "update itself". (Let me tell you, Adobe products also suck in this aspect too - as well as Apple products. You have to disable all the auto-updating crap, sequence it, and then test it to verify it won't break anything from the prior versions... so I am not just knocking FireFox but most software.)

Does this mean IE is great? Heck no. Almost everyone I know in my department doesn't use it, and there is a reason why FireFox work-arounds are used to deploy it in our computer labs. However, I am saying it is far easier to manage than FireFox. However, your home or small computer network environment is not the same as a locked-down enterprise environment (such as state level government).

 

[compulsionnra]

I think what they mean is the following; it costs a large amount of money to keep multiple pieces up software up to date from a cyber-security standpoint. The company I work for has to "validate" all software or updates before we can install anything. We are stuck using worthless IE because the IT/IM department doesn't want to/can't spend the time and money to keep track of two browsers.

 

[annymmo]

[citation][nom]jediagh[/nom]One other thing to keep in my **ALL** US Federal webpages must be what is called SECTION 508 Compliant meaning that deaf and blind people must be able to access/read/ them. Many of us take for granted than when a webpage loads with FLASH or some video or whatever that we can **SEE** the page and read it. However federal agencies must use special software so that their employees with disabilities (blind, deaf) can "see/hear" these pages. Government agencies has been doing this for years under IE5.5 and thus part of the reason why IE5.5 is still entrenched in most agencies.The cost to "upgrade" hundreds of thousands of computers alone is costly. Add to that having to worry about compatabilitiy issues of the SECTION 508 kind and you see why many agencies are still using WIN 2000 or XP.As stated before yes it's free and easy for you personally to install on your PC & make it work for you. But when you have to manage 1,000s of PC and they all must look the same (eg. same software, etc..) the free software beings to look less free as you add each users into the picture.[/citation]

If you only could write a script that deploys this software for you.
The agencies are going to have to upgrade some day anyway!

IF you can't administer stuff centrally, then your software sucks!
Really get some money for making a software product for making everything manageable centrally! It can be done!
(Guess it's too much trouble to make a good software that does everything and more to manage everything and get a truly centrally managed network.) MS centrally managed software is a joke, it only works with their products. Don't you see that you could make a piece of software that does this but for everything by using a more general approach? Guess not.