Those are the most dangerous people, because they can usually talk the talk but can't walk the walk and end up making more work for everyone.
I actually like the people who know stuff. Less stuff for me to do.
Oh I hate people who do that. We had to lock down machines hard because people insisted on installing their favorite browsers on shared workstations. If people would stop screwing with that crap it would be a lot easier. At least here we are using an ancient browser for a reason. It is so much fun to find out the previous doctor installed IE7 because he liked it and now the next Doctor cannot view his radiology images before the next surgery because IE6 is required. But it is a balancing act because some of the disks that other hospitals send require a client to be installed before the images can be viewed, so the doctor needs to be able to install some software.
Oh I hate people who do that. We had to lock down machines hard because people insisted on installing their favorite browsers on shared workstations.
now the next Doctor cannot view his radiology images before the next surgery because IE6 is required.
Also, the problem is not just related to non-IT. I know several people in our IT department who are in many cases bigger idiots then standard users.
For example, we have a 'software specialist' who uses terms like LAND, SAND, VLAND, etc when talking to network admins about issues. That same person loves to ask if the 'vmware is down' when anyone calls in with a problem connecting to anything (We run a large about of servers virtualized).
The solution should NOT have been to lock the machines down, though that is indeed appropriate in most corporate environments for other reasons. Instead:
FIX YOUR CODE TO WORK ON ALL BROWSERS! And remove the ancient browsers that bend over and present to any passerby. Or.... Insist that your vendors do the same! If your in a healthcare enviornment, your budget should allow for this! Allowing ancient browsers simply becasue you think you are in a walled garden is not a smart thing to do.
You sir, are part of the problem! Good Day Sir!
The solution should NOT have been to lock the machines down, though that is indeed appropriate in most corporate environments for other reasons. Instead:
FIX YOUR CODE TO WORK ON ALL BROWSERS! And remove the ancient browsers that bend over and present to any passerby. Or.... Insist that your vendors do the same! If your in a healthcare enviornment, your budget should allow for this! Allowing ancient browsers simply becasue you think you are in a walled garden is not a smart thing to do.
You sir, are part of the problem! Good Day Sir!
Meh, not a shared workstation. Some of my work sites don't work properly outside of IE, but good thing Chrome has this nifty "IE Tab" addon.Oh I hate people who do that. We had to lock down machines hard because people insisted on installing their favorite browsers on shared workstations. If people would stop screwing with that crap it would be a lot easier. At least here we are using an ancient browser for a reason. It is so much fun to find out the previous doctor installed IE7 because he liked it and now the next Doctor cannot view his radiology images before the next surgery because IE6 is required. But it is a balancing act because some of the disks that other hospitals send require a client to be installed before the images can be viewed, so the doctor needs to be able to install some software.
Those people are just dumb. It's pretty obvious that IT doesn't want us working outside of IE, so I'm not dumb enough to bring up my Chrome/Firefox issues with them. Not that I've had any.Those are my favorite users -- the ones who come up to you in the bathroom, bitching, because they somehow got Firefox installed on their system and it won't work, because you have it blocked at the proxy.
User: "Uh, Firefox is more 'secure.' You need to let me use it."
Me: "It may or may not be 'more' secure, but it does have vulnerabilities and we do not patch for Firefox vulnerabilities. We DO patch for Internet Explorer vulnerabilities and that is our standard browser due to other application requirements."
User: <sigh> ...
That isn't realistic in many cases. If your financials run on a particular version of Oracle and that version is only certified for IE 6.x, for example, guess what? You're going to be running IE 6.x until either 1) You upgrade Oracle (hugely expensive) or 2) Oracle certifies their application to run on IE 8, which may or may not happen depending on how far behind you are on Oracle versions.
Your corporate CFO doesn't give three shits about which version of IE you're running; he DOES care about having access to his Oracle financials and he DOES care about spending money to do upgrades.
Seriously, some of these posts make me wonder. Locking down your machines is PRECISELY the solution for this and many other reasons.
Seriously, some of these posts make me wonder. Locking down your machines is PRECISELY the solution for this and many other reasons.
Another "Part of the problem" admin!
Why won't you patch for Firefox?
I know there are application requirements for some other apps, but is it laziness, lack of support, or end of life that requires old-ass vulnerable browsers? Maybe lack of budget for upgrades to at least the latest IE? (as in sharepoint apps) Why isn't your code updated to work on other browsers? I can't conceive any app that can't be made to work with webkit. My programmers agree that its actually harder to keep things working on older IE than it is something webkit or Firefox.
Even Sharepoint
Another "Part of the problem" admin!
Why won't you patch for Firefox?
I know there are application requirements for some other apps, but is it laziness, lack of support, or end of life that requires old-ass vulnerable browsers?
Maybe lack of budget for upgrades to at least the latest IE? (as in sharepoint apps) Why isn't your code updated to work on other browsers? I can't conceive any app that can't be made to work with webkit. My programmers agree that its actually harder to keep things working on older IE than it is something webkit or Firefox.
Yup looking like its a lack of budget that keeps IE6 here. Sigh...... These days it making more and more sense to move to VDI.
The solution should NOT have been to lock the machines down, though that is indeed appropriate in most corporate environments for other reasons. Instead:
FIX YOUR CODE TO WORK ON ALL BROWSERS! And remove the ancient browsers that bend over and present to any passerby. Or.... Insist that your vendors do the same! If you are in a healthcare environment, your budget should allow for this! If not, the thought of HIPPA violation lawsuits due to spyware should compel your admin to press the issue!!
Allowing ancient browsers simply because you think you are in a walled garden is not a smart thing to do.
You sir, are part of the problem! Good Day Sir!
A walled garden isn't going to help when something new pops up and makes its way in somehow. I found out the hard way about PDF vulnerabilities. Unheard of more than a year or so ago!
Just my opinion. A locked down workstation helps, but it isn't an end all, and the reason for it shouldn't be "to keep the users from hurting themselves". But to "ensure functionality." To that end - virtual desktops make even more sense. ANd there really isn't anything wrong with allowing chrome or firefox, provided the user knows enough to use the right browser for the job.
Of course thats more and more money.
You assume a few things.
1) I get to decide what to support.
2) I write all the code for all the web applications we use.
3) I have infinite time to keep up to date on all security issues for any app someone might want to run.
The fact is, I have a boss, he tells me what to spend my time on. You have to convince him firefox is more important then my other work. Second, you have to call all the software vendors we use, many with no alternatives and get them to update their software. Finally, you need to figure out a way to keep the thing patched and continually tested with all our software.
If it is an ActiveSync connection, AFAIK, the only requirements are server address and his credentials (which he would know). The only way to avoid this, I believe, would be to disable ActiveSync on his account. His company probably enables ActiveSync connections by default.
A walled garden isn't going to help when something new pops up and makes its way in somehow. I found out the hard way about PDF vulnerabilities. Unheard of more than a year or so ago!
Just my opinion. A locked down workstation helps, but it isn't an end all, and the reason for it shouldn't be "to keep the users from hurting themselves".
But to "ensure functionality." To that end - virtual desktops make even more sense. ANd there really isn't anything wrong with allowing chrome or firefox, provided the user knows enough to use the right browser for the job.
Of course thats more and more money.
Why would we? What part of "it is not a corporate standard" do you not understand?
Oh yes I get this. 1700 workstations ran NT4 until 2002 because of this. No way I was sending my staff of 6 out to do anything unless it gave me quite an advantage or (more likely) it was required. Not quite Fortune 500 stuff but I know your scale.You don't go out, willy nilly, and say "Ooo, Firefox 4.x is out, let's upgrade everyone!" especially if your PRIMARY application (Oracle) won't support it.
Try telling your CFO about IE "vulnerabilities" when he can't get to his financials and tell me how that works, especially since you could patch most of those vulnerabilities with ease.
Another "Part of the problem" admin!
Why won't you patch for Firefox?
Because Firefox, while being a good browser, still is missing the entire Enterprise section of their program.
Those are the most dangerous people, because they can usually talk the talk but can't walk the walk and end up making more work for everyone.