Deployment:Deploying Firefox: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Remove outdated content.)
 
(27 intermediate revisions by 9 users not shown)
Line 1: Line 1:
< [[Deployment]]
Please visit https://support.mozilla.org/en-US/products/firefox-enterprise for our current documentation.
 
== Deploying Firefox ==
 
Many people are using Firefox at home, and many also want to use it at work or see it on public computers such as at libraries or Internet Cafes.  This article provides links and references to issues that might come up when considering or executing a Firefox deployment plan.  It describes a wide variety of tools and features available that can be to deploy Firefox and centrally manage and control the use of Firefox in enterprise, business, education, and a variety of large and small organizational settings.
 
== The Rational for Deploying Firefox inside Organizations and Institutions ==
 
* [[http://www.eweek.com/c/a/Enterprise-Applications/10-Reasons-Why-Companies-Should-Consider-Alternatives-to-Internet-Explorer-559225/  This EWeek Article ]]  By Don Reisinger, July 20, 2009,  does a good job of analyzing the major reason why companies have reason to consider Firefox deployment to their employees.
 
These are also reasons we have heard in the past from a variety of sources:
 
*<b>Concerns about security</b> is a strategic reason some organizations move to Firefox exclusively, or set up support support for multiple browsers. 
 
* Many users choose Firefox when it is offered inside their organization, or go around IT policies because it <b>makes these users more efficient and more productive in accessing information on the web.</b>  They take advantage of firefox features such as tab browsing, rss feeds, and integrated search to get more done, faster.  With the amount of time that "knowledge workers" spend using a browser each day these productivity increases can add up to be significant to the bottom line and the competitiveness of a company.
 
* Some organization also <b>chose Firefox as a tool to assist in ensuring development of internal applications and documents comply with web standards, and that the organizations do not get locked into proprietarty document formats that could become difficult or costly to support.</b>  If your applications and content works in Firefox its highly likely they will work in other browsers, and  open up possibilities that ensure your internal organizational content is searchable and useful with other applications that support standards.
 
* International organizations, and organizations that support multiple Operating Systems also like Firefox because its a way to standardize the browser for all their users.  If you have an organization where engineering teams might use Linux or Unix Systems, Design and Web Development Teams using Mac, and Business Teams using Windows Firefox is the one browser that can be used across the company, and its available in over 40 languages.
 
* <b>Firefox can also be customized and extended to meet specific needs of an organization by creating addon extensions or building on the Firefox platform.</b>
 
== Marketshare in the Enterprise and Business ==
 
*This point is often missed in the press but it is interesting to note that Firefox market share in corporate environments appears to be pretty closely tracking with the increased use of Firefox in the general internet population.  Firefox use inside many organization often starts with IT, web development teams, and engineering departments and then spreads to other departments and individual users. 
 
Jan. 2010
 
Another couple of articles and research than can be viewed in the glass half full/glass half full context,  espcially in the conclusions that it draws.
 
* http://www.computerworld.com/s/article/9143918/Microsoft_IE_s_downfall_far_fetched_says_researcher
* http://arstechnica.com/business/news/2010/01/enterprises-more-likely-to-shun-firefox-than-ie.ars
 
But the data itself follows previous findings:
* ~20% of enterprise PCs have firefox installed
Then it adds some interesting findings that
* Almost 50% of the monitored PCs run Firefox - or I think this says 50% of usage might be attributed to Firefox. 
 
This might be an indicator that were browsers and web use is a key part of daily work inside the enterprise, Firefox is in higher relative use.  The study suggests two things that are worth more research.  Its not only how many PC Firefox is installed on inside the enterprise, its which PCs Firefox is installed on.  Anecdotal we hear reports of Firefox use high in IT, Web Development, and Technology areas of companies.  That would match these findings.
November 2009
 
It is reported that IBM will make Firefox the default inhouse browser by the 2nd quarter of 2010. http://www.spreadfirefox.com/node/5406
 
April 2009
 
Forester Study Finds Firefox Adoption grows 1.3% to 18.2% in the second half of 2008.  That's just 2% less that NetApplications reported for general Firefox adoption in the overall browser market, and the 1.3% increase over the period is faster than the 1.2% increase in Firefox users that NetApplications reported over the same period.
http://www.eweek.com/c/a/Web-Services-Web-20-and-SOA/Microsoft-IE-Tops-in-Enterprise-Firefox-and-Chrome-Gaining-Forrester-490377/
http://marketshare.hitslink.com/browser-market-share.aspx?qprid=1
 
July 06
 
Marketshare among IT workers visiting Janco
http://www.e-janco.com/browser.htm
 
October 30, 2006
 
The New Browser Wars: Firefox vs. Internet Explorer
<br>http://www.newsfactor.com/story.xhtml?story_id=13200C4PLUMO
"Jupiter survey showed that 26 percent of companies with more than 250 employees allowed their employees to install Firefox in 2005. By 2006, that number had jumped to 44 percent."
 
February 13, 2006 
 
Deployments at IBM, Boeing and Fidelity Investments
http://www.computerworld.com/softwaretopics/software/story/0,10801,108622p3,00.html
http://www.computerworld.com.au/index.php/id;453717301;fp;2;fpid;2
14% of Surveyed IT Managers had multi browser deployments going on in there companies. 
 
March 22, 2005
 
Firefox explorers
 
This expansive article covers the advantages of using open source and Firefox software for business. When Bill Robertson decided last year to switch 450 workers and 100 desktops at De Bortoli Wines to the open source Firefox web browser, he had the company's future in mind.
http://www.theage.com.au/articles/2005/03/21/1111253920087.html?oneclick=true
 
== Security ==
 
<br>Independent Security Research teams such as US-CERT (US Dept. of Homeland Security) have for several years suggested supporting and using Firefox and other browsers as protection measure and response to critical problems with Internet Explorer.  Here are a variety of references:
 
<br>June 2004 https://www.kb.cert.org/vuls/id/713878
 
Here is an excerpt from that article:
 
''Use a different web browser''
 
''There are a number of significant vulnerabilities in technologies related to the IE domain/zone security model, trust in and access to the local file system (Local Machine Zone), the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented as operating system components that are used by IE and many other programs to provide web browser functionality. These components are integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.''
 
 
<br>http://www.cert.org/tech_tips/securing_browser/
<br>http://www.cbsnews.com/stories/2004/07/05/scitech/pcanswer/main627500.shtml
<br>http://news.zdnet.com/2100-1009_22-5250697.html
<br>http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html
 
<br>http://www.sans.org/top20/?portal=1563ee22b1a8bd138f0f420caec8d02c -- "...Exploit code for many of the critical Internet Explorer flaws are publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and Graphics Rendering Engine. Vulnerabilities in ActiveX controls installed by Microsoft or other vendor software are also being exploited via Internet Explorer... "How to Protect against These Vulnerabilities?... Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology...."
 
<br>November 6, 2006 - Attackers dig into [IE] zero-day flaw
<br>http://news.com.com/Attackers+dig+into+zero-day+flaw/2100-1002_3-6133028.html
03 Jan 2006 Open source's speed, Firefox's security wows Fidelity
http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1155599,00.html
<br> "The Mozilla Firefox browser was an eye-opener, added Mike Askew, who also works in the technology center. A head-to-head comparison of Firefox and Internet Explorer showed that both had about the same level of security vulnerability, but ''the time needed to fix vulnerabilities in Firefox was much less,'' Askew said. That experience led Fidelity to look at open source more intently."
--also prediction of Open Source used in 25% of business software investments by 2010
 
<b>Evaluating days of Vulnerability as the best metric for assessing risk in browsers.</b>
 
Several independent studies have shown that Firefox keeps users at risk of serious browser exploits a smaller amount of time than with Internet Explorer. For more than 3 years Mozilla and Firefox have a consistent track record for delivering security fixes faster than other browser vendors and reducing the risk to users.
 
2006
 
 
Internet Explorer Unsafe for 284 Days in 2006 v. 9 days for Firefox, or 98 of actual exposure days where known exploits were running to zero for Firefox
 
"...For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users."
 
In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."
 
http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
 
http://www.washingtonpost.com/wp-srv/technology/daily/graphics/index20070104.html
Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.
 
 
 
 
2005
 
Mozilla averaged about 21 days before it issued fixes for flaws in Firefox, compared with the 135 days it took for Microsoft to address problems in Internet Explorer.
Web Browser Vulnerabilities Calendar
Click the image for a look at the length of time Firefox and IE were vulnerable to known flaws in 2005.
 
For at least 38 days in 2005, IE was vulnerable to unpatched critical security flaws that were being exploited actively by viruses, worms and spyware. For at least 256 days last year, Internet Explorer contained unpatched vulnerabilities where the exploit method had been publicly disclosed but was not necessarily being used.
http://blog.washingtonpost.com/securityfix/2006/02/2005_patch_times_for_firefox_a.html
http://www.washingtonpost.com/wp-srv/technology/interactives/browsers/
 
2004
 
A Year Of Bugs http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=1
 
Executive Summary
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=5
004 was pretty hard for Internet Explorer users. The domination of Internet Explorer made it a preferred target for both malware writers and security researchers, creating a steady stream of vulnerabilities. Windows XP Service Pack 2 released on August 9, 2004 did not seem to alter this trend.
 
In 2004 Mozilla had the shortest "exposure period" of the three browsers compared. The growing popularity of Mozilla and Firefox was at least to some extent due to better security it currently provides to its users. However as Mozilla browsers become more common they are bound to attract attention of malware writers. It would be interesting to see how well Mozilla will do security-wise when its user base approaches that of Internet Explorer.
 
http://bcheck.scanit.be/bcheck/page.php?name=stats2004
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=3
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=4
 
<b>Security Features</b>
 
Datamation’s readers have taken notice, choosing Firefox – narrowly – to win its Product of the Year award in the Anti-Spam category.
 
http://itmanagement.earthweb.com/article.php/3662741
 
There is also a good summary of specific features in Firefox that help to make browsing safter at http://en.flossmanuals.net/Firefox/FirefoxSecurityFeatures
 
== Extending and Customizing Firefox for Enhanced Productivity ==
 
You can control thousands of Firefox settings, and extend Firefox with additional Addons to provide the best web experience for your users.
 
To see the many settings that can be customized in Firefox type:
 
    about:config
 
in the location bar of the browser.  Documentation about each of these preferences is available from a wide variety of sources.  One of the best may be at [http://preferential.mozdev.org/preferences.html the mozdev site]
 
[http://www.greatbigpodcast.com/2006/10/05/very-best-firefox-extensions-for-entrepreneurs/  The Very Best Firefox Extensions for Entrepreneurs] article recommend several Firefox addons that might be useful for increasing productivity of users inside large organizations.
 
A variety of tools are also available to assist in making changes to the browser and repackaging these changes before deploying to your users.  More information on those tools is provided below
 
== Firefox Customization (CCK and Repackaging Tools) ==
 
The Firefox Client Customization Kit (CCK) was designed as a successor to two Netscape products, CCK, and Mission Control Desktop (MCD). These two products were used to customize Netscape browsers for deployment for ISPs (CCK) and enterprises (MCD).
 
The goal of the Firefox CCK is to provide an extension that can be deployed with Firefox that does most basic customizations.
 
More information is available at http://www.mozilla.org/projects/cck/firefox.
 
Information on the release repackaging tool is available here  http://benjamin.smedbergs.us/release-repackager/
 
== Centralized Settings Management and Control ==
 
The core technology in Firefox and Thunderbird contains a feature called "Mission Control Desktop/Auto Config" that can be used to centrally manage Browser and Mail configuration settings for the client software that is deployed across an organization.  More documentation on this feature can be found at:
* http://developer.mozilla.org/en/docs/MCD%2C_Mission_Control_Desktop_AKA_AutoConfig
* http://developer.mozilla.org/en/docs/Automatic_Mozilla_Configurator:Locked_config_settings
 
Most of the controls are carried out via the preference system.  An overview of the this system can be found at
* http://www.mozilla.org/catalog/end-user/customizing/briefprefs.html
* http://www.xulplanet.com/tutorials/xulqa/q_prefs.html
 
Extensive lists of preferences can be found at:
* http://preferential.mozdev.org/preferences.html
 
Some customization ideas can be found here
* http://www.mozilla.org/support/firefox/tips
 
This article also talks about controlling other features such as bookmarks and history and an approach to "Securing Mozilla in the Public Library":
* http://tln.lib.mi.us/~amutch/pro/mozilla/
 
== Installer Options ==
 
Large Oranizations have a variety of software deployment systems.  In most cases the Firefox installation package can be wrapped inside these deployment systems.
Some groups have packaged the firefox installer inside a MSI package to do their deployments. The firefox installation program can be wrapped inside these deployment systems.  Two installer options are valuable in these set ups.
 
FirefoxSetup.exe  /ms    (for mode-silent)
 
or
 
FirefoxSetup.exe  /ma  (auto-mode, hands-free but visible)
 
Another installation option ( /ira ) might be useful in these scenarios as it keeps the program from running after the install has completed.
 
Some changes were made in Firefox 2 to modify installer command line options.  Information on those changes is here: http://wiki.mozilla.org/Installer:Command_Line_Arguments
 
== Deployment Tools ==
Automated deployment of Firefox with extensions, themes, and pre-configuration
http://firefox.dbltree.com/ (no longer maintained)
 
Firefox ADM (Active Directory deployment)
Manage Firefox settings through Group Policy and Active Directory.
http://homepages.ed.ac.uk/mcs/FirefoxADM/Readme.htm
 
== Software Update ==
 
Mozilla offers automated updates of  security patches and bug fixes for Firefox and Thunderbird though its software update system.  You can choose to use this system or modify the firefox configuration to turn software updates off and gain more control over the update process.  An overview of the software update system can be found at http://wiki.mozilla.org/Software_Update
 
== Companies ==
List of companies and contacts who can help with your evaluation, pilot projects, and deployment of Firefox or Thunderbird across your organization is provided below.
 
[http://www.wayforth.co.uk Wayforth] - London, UK
<br>
[http://www.browsergarage.com Browser Garage] - Mountain View, CA
<br>
[http://kaply.com/consulting Kaply Consulting] - Austin, TX - contact [mailto:consulting@kaply.com Michael Kaply]
 
We are also interested in hearing about your success stories or problems at partners@mozilla.org
 
== Licensing/Distribution Terms and Conditions ==
 
The Firefox End User License can be found here:
http://www.mozilla.com/en-US/legal/eula/
 
and more information about logo and trademark use can be found here: http://www.mozilla.org/foundation/trademarks/
 
== United States Export Control Information ==
 
Companies looking to provide Mozilla Software outside the United States often ask about Export Control provisions to comply with US laws and regulations. 
 
The '''Export Notice''' can be found at
http://ftp.mozilla.org/pub/mozilla.org/security/export-notice
 
In 2002, NSS 3.4 requested a '''CCATS''' commodity classification id '''G023895''' to make it easier for companies to file when they include NSS or Mozilla Applications such as Firefox which use NSS.
http://www.mozilla.org/projects/security/pki/nss/nss-3.4/nss-3.4-algorithms.html
This CCATS filing covered all the crypto operations used in the Mozilla code base, including SSL and S/MIME. 
 
More recent versions of NSS have not filed for further CCATS numbers, instead claiming a TSU exemption via 740.13(3) of the EAR because the NSS crypto code is "''publicly available''" and the binaries are built from purely open source software. 
 
: ''NB : the associated '''ECCN''' for software packages that include NSS is likely to be 5D002.c.1 (TSU unrestricted, via EAR 740.13(e)).  One could theoretically request a review of a specific set of binaries for authorization under 5D992.b.1 ("No License Required", but it's not known whether anyone has.  See Frank Hecker's Jan 2005 post: http://ftp.mozilla.org/pub/mozilla.org/security/export-notice )''
 
More information on exporting products made from Open Source can be found at https://www.bis.doc.gov/encryption/enc.htm and http://www.access.gpo.gov/bis/ear/ear_data.html
(Part 740. Section §740.13(e) is on page 30 of the PDF).
 
We strongly caution you not to act on your personal reading of export regulations.  They are complex and loaded with history, precedent, and context which often require interpretation from a qualified attorney.
 
Most questions about features provided by Mozilla's security library are contained in this document:
http://www.mozilla.org/projects/security/pki/nss/nss-3.9/nss-3.9-algorithms.html
 
== Other Links ==
 
Collection of other random thoughts, press, and other articles on Firefox Deployments in Enterprise and Large Organizations
 
<br>http://del.icio.us/chofmann/enterprise
<br>http://del.icio.us/chofmann/firefox-deployments
<br>http://mozillaenterprise.mozdev.org/information.html
<br>http://wiki.mozilla.org/Firefox:1.5_Institutional_Deployment
<br>http://www.sanduskycomputers.com/downloads/fxcorp/
<br>http://fxcorp.sanduskycomputers.com/
<br>http://corporatefirefox.blogspot.com/
<br>http://firefox.dbltree.com/
<br>http://varun21.blogspot.com/
<br>http://www.frontmotion.com/Firefox/
 
[[Category:Firefox]]

Latest revision as of 16:07, 31 May 2019

Please visit https://support.mozilla.org/en-US/products/firefox-enterprise for our current documentation.