Letter #4: IE wins, but Microsoft must make a critical change
Reader: Wade Stewart
Environment: Small business of about 50 workstations running Windows 2000 and XP Professional, along with Small Business Server 2000 and Windows Server 2003.
Internet Explorer or Firefox: Internet Explorer
Why IE: I haven't bothered to test Firefox. I figure if I take on another browser, I'm going to have more vulnerabilities than if I stick with IE. I don't have time to research or test them. I do allow the users in our organization to have Firefox or other browsers, but I remind them frequently of updates which need to be performed. Since we use Systems Update Services (SUS) here, I don't have to sweat the IE patches at all. Only three users in our environment of 50 have chosen to use Firefox.
Firefox as a future attack target: I don't know if Firefox will be the next big target. In my opinion, both will be targeted and it will create more security work for everyone, which might be a good thing unless your resources are already stretched. Firefox might not be a target but it certainly will not make anyone's IT security workload any lighter.
What Microsoft should do to fix browser problems: Microsoft must separate the browser from the operating system. It was once this way, it can be this way again. Doing so would be a boon for everyone but Microsoft: Users would be able to completely remove IE and use other browsers, new competition in the browser and content delivery markets could spark, and security professionals could put IE's vulnerabilities in the same hierarchy as application vulnerabilities instead of the more critical OS ones.
How to enforce safe browsing: We deploy Spybot-Search & Destroy and Norton AntiVirus in our whole organization. We don't have a lot of money to spend on security, so between that and a lot of user training, we manage to keep ourselves secure. It seems to work well for the most part.
For more letters to the editor, click for the complete series.
Dig deeper on Microsoft Windows desktop operating systems security management