State Dept. to Clinton: Please let us use Firefox

Despite the rise of open source within the federal government, Mozilla's Firefox has yet to gain an official nod from the Department of State, at least according to a recent question-and-answer session that Secretary Hillary Clinton and Under Secretary Patrick Kennedy hosted last week, with an ironic back-and-forth on Firefox kicked off by government employee Jim Finkle:

Finkle: Can you please let the staff use an alternative Web browser called Firefox? I just--(applause)--I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn't use this browser. It was approved for the entire intelligence community, so I don't understand why State can't use it. It's a much safer program. Thank you. (Applause.)

Clinton: Well, apparently, there's a lot of support for this suggestion. (Laughter.) I don't know the answer. Pat, do you know the answer? (Laughter.)

Kennedy: The answer is, at the moment, it's an expense question. We can --

Finkle: It's free. (Laughter.)

Kennedy: Nothing is free. (Laughter.) It's a question of the resources to manage multiple systems. It is something we're looking at. And thanks to the secretary, there is a significant increase in the 2010 budget request that's pending for what is called the Capital Investment Fund, by which we fund our information technology operations. With the secretary's continuing pushing, we're hoping to get that increase in the Capital Investment Fund. And with those additional resources, we will be able to add multiple programs to it.

Yes, you're correct; it's free, but it has to be administered, the patches have to be loaded. It may seem small, but when you're running a worldwide operation and trying to push, as the secretary rightly said, out fobs and other devices, you're caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can't do everything at once.

Under Secretary Kennedy makes a good point: deploying Firefox isn't free, in terms of administration. But then, nothing is, including Internet Explorer. The real question is whether Firefox is easier and more cost-effective to support than IE. Mozilla has made some recent moves to make it such. We'll see if the government is listening.

Follow me on Twitter @mjasay.

[Random_Walk]

LOL! Gotta love the Gov... a free browser which costs nothing (and administering it takes next to nothing - the GPO objects are stupefyingly easy to write) requires a massive infusion of cash when the gov't gets involved...

[pmfjoe]

Have you ever tried to administer Firefox on a domain with 100+ users?

[dcase99]

Yes I have, and Firefox is easier, quicker and cheaper

[subslug]

Is it harder than administering 100+ user running IE?

[plbyrd]

This is a fool-hardy statement. If you actually look at the statistics, IE is a much safer browser than Firefox in every way. Also, there has to be administration of the plugins for Firefox, which is no easy feat. Enterprises that stay away from Firefox because of the administration costs are concerned about the ubiquity of plugins which is the primary reason people want Firefox. On its own, Firefox is a terrible browser compared to IE; you have to add so many plugins to make it useful that managing all those plugins becomes a real nightmare.

[Renegade Knight]

@pmfjoe <br /> <br />If you let inernal staff manage their own computers they would still be useful tools. <br /> <br />IT folks are employed for a reason, but they should never let that reason get in the way of the useful tools that computers can be.

[tauvix]

I can only assume from your comment that you've never had to administer a large network before, in particular one which is going to have the level of security that the State Department has.<br /><br />Administration may be "next to nothing" for one or even 10 machines, but if you multiply "next to nothing" by 10,000, or 100,000 machines, that turns into "quite a bit of effort."<br /><br />Firstly, you need to make sure that all your internal web based applications are now compatible with both IE and Firefox, because when you give your users a choice some will continue to use IE. That process can take months of testing.<br /><br />Secondly, you need to add Firefox to each of your deployment images, patch engines, and application rollout engines. You need to test the rollout procedure on each of the hardware configurations and software configurations that you have and make sure nothing breaks. And the you have to test patching the Firefox application with it's updates via the same engines. If any of it doesn't work, you need to go back and figure out how to fix it.<br /><br />Then you have to run a security analysis on all of these new configurations. And resolve anything that comes up there.<br /><br />Then, when you finally do the rollout, you need to have support personnel on hand to handle questions and problems that arise that you either a) didn't think to test, or b) couldn't test because you didn't know the conflict existed due to user modifications/additions of settings or software that isn't supported.<br /><br />All in all, you're looking at many months of work for a team of people.

[CDubber]

@ plbyrd:<br /><br />Thank you, Microsoft PR rep.<br /><br />P.S. Firefox is a terrible browser compared to IE??? LOL!

[The_Decider]

It is amazing how hopelessly clueless MS fans are. IE more secure? LOL /wipes tears from eyes and starts laughing again.<br /><br />Thanks MS shill, I will be laughing all day.

[ewsachse]

Letting users administer their own PC's is allowing an wide open hole of security leaks and data theft. It does not matter if the user's computers are Windows PCs, Unix workstations, Apple Macs, or even mainframe dumb terminals.<br /><br />Well maybe not the dumb terminals.<br /><br />If you let users install whatever they want and plug any device to the PC, then any person can copy private data and give it to people who should not have that information.<br /><br />Also, the extra cost of administering Firefox is the extra costs of developing web based applications that support that browser as well as Firefox. If you ever really developed a large scale application instead of just complaining on the comments section, then you will understand these extra costs.<br /><br />What this nation needs is more people learning the real processes of implementing IT systems whether it is system administration, software development, testing, or requirements analysis, and less fools on the Internet arguing like they are experts at something they know nothing about.<br /><br />Just because you are the coolest guy at the coffee shop with your shiny new MacBook, it does not mean that you can cut it at a corporate or governmental IT department.

[Kwasiowusu]

@ by Random_Walk :".. a free browser" <br /> <br />The resident open source crazy strikes again! <br />Please tell me this: When is the last time anyone actually paid for IE8 then? <br /> <br />@ by Random_Walk :" which costs nothing (and administering it takes next to nothing " <br /> <br />Administering 2 different browers of course costs plenty of extra money, especially since the actual people who are going to be hoodwinked into using Firefox by the few open source fanatics at the State Depetment, are far more famillliar with IE.

[ordnancemarine]

What is even more amazing is the number of computers running around the government that are still running windows 2000, even though they have relatively new hardware.

[plbyrd]

I agree with this completely. It's irresponsible to run an OS that is not in the normal maintenance pipeline. Microsoft stopped patching Win2K a long time ago. <br /><br />Now, that's not to say that the Feds don't have special access to Windows 2K source and are able to build their own version, in which case it's not really Win2K at all, but FedWin2K.

[The_Decider]

What does Vista have over 2000? Nothing but bloat.

[sting7k]

The feds don't only push Microsoft updates. Their versions of Windows are custom enterprise that they can change, and they do push their own updates daily that are not from Microsoft.

[BogusBasin]

I love the way the government goes after MS for being a monopoly and then forces everyone to use them. There are so many open source alternatives that would save the tax payers millions or billions. It's only a matter of time. It will happen at the speed of government, but it WILL happen. Rest in peace Micro$oft.<br /><br />Amen

[BogusBasin]

Microsoft, and specifically IE, is total garbage.<br /><br />http://www.electronista.com/reviews/browser-tests-chrome-firefox-ie-safari.html<br /><br />Amen

[Vegaman_Dan]

Governments are indeed behind the curve in the IT industry. I've worked there and the amount of restrictions is crazy. Even something like Firefox does indeed take months to adopt because it's a government. People here tend to forget this. It's not a corporation- it's a government run by committee. Sorry, the study you need to do in order to roll out that product doesn't have funding this year- a politician decided to take it away to pay for an art project in a bathroom in a Texas courthouse. You know, important stuff. <br /> <br />@BogusBasin: <br /> <br />Do you happen to have a few hundred billion surplus to pay for the conversion from MSFT to another alternative? Are you willing to convince the country to pay this huge amount to satisfy your own desires? How will you justify that decision when there are other programs that are lacking money? Disaster relief, banking, jobs, etc... how much are you willing to toss away to make you happy? You can talk big, but unless you have the cash to give to the government to do this, then you're just talking out of your ear.

[aSiriusTHoTH]

I run a quite large network and to switch every computer over to Firefox and maintain it would be a lot of work for our team of 5 techs. As of this time, it's not worth the time (which is money).

[thabassman]

I say linux/mac and firefox for all. Of course it would increase virus risk for us normal users of linux and mac, but its worth it for the USA's govt to ditch IE and window 2000. That is ridicoulous. I don't blame them for not using vista or anything but come on now. This is THE GOVERNMENT of one of the richest countries in the world. Get dignity. ASAP.

[monkeyfun14]

Now putting everyone on Linux/Mac and having virus threats much larger doesn't that just put us in the same hole we were in before.

[Endbringer]

It's not just "one of the richest countries in the world", the United States is THE richest country on the planet in it's history.

[massfat]

@Endbringer, that's not true. The US is not the richest country on the planet "in history".<br /><br />Many other countries were far richer than the US if you take into account inflation and actual influence they had with their money.<br />Want an example?<br /><br />China was the richest country in the world for some time, and they exerted greater control by forcing other countries to pay them in silver instead of other currencies. Due to the amount of dependency on Chinese products, other "currencies" became less valuable, and it was China that held the majority of the world's silver that was being used as currency.<br />Which, resulted in the opium wars in an attempt by the British to get silver back so that they could spend it on Chinese goods.

[Endbringer]

@massfat<br /><br />When you include inflation, the US still is far more wealthier than China was. http://en.wikipedia.org/wiki/List_of_countries_by_past_GDP_%28PPP%29<br /><br />Take a look at the regular Joe Smoe. In the US, those considered poor or in poverty are equal to the EU's middle class. The United States is far wealthier than any other country.

[hikaricm]

@Endbringer<br /><br />Where the hell do you get the idea that "In the US, those considered poor or in poverty are equal to the EU's middle class"? The extreme poverty i've seen in the US, i haven't seen that anywhere in the pre-2004 EU and i've lived in both for a long time. In the US, there is such an extreme difference between the lower and the middle class, we don't have that in the EU, everybody is simply well off, not rich, but has a house, food, and healthcare.

[troyoverton]

&lt;get dignity&gt; This is a comment masterpiece. &lt;/dignity&gt;

[subslug]

This is just a tiny micro fraction of what's wrong with the Government of the US. Everything is too big or too "dug in" to be changed. Even our policies now are too hard codded to even be considered for change.<br />Obviously this is a problem with any large entity, you get so tied into something that you can't get out of it without great effort. It's a shame really.<br />Something like a government you'd think would need more flexibility unless of course they have no plans to ever change.

[CDubber]

Funny how the government punishes Microsoft for illegal business practices yet still yokes itself to all of their products.

[Vegaman_Dan]

Yet they still run Linux as the primary choice for servers. <br /> <br />How do you explain that, CDubber?

[qazipoducifdechudhjhjkk]

@Vegaman_Dan: They do it (a) because Microsoft blows, (b) it's cheaper, (c) it's more secure. They'd do it on the desktop if (a) if they knew how, (b) if Microsoft wasn't their bread and butter.

[chedlin]

They may also have old custom applications that don't work with Firefox. It has cost our company a lot to redo our old legacy applications.

[myles taylor]

If that's the case, then they need to update those programs. Anything that is so old it needs IE to run isn't good for the modern network and needs to be upgraded.

[tauvix]

@myles taylor: That might be true, but you still have to pay developers to do that. Which again goes right back into costing quite a bit of money to roll out Firefox.

[sting7k]

@myles taylor, not just IE, but IE6. And updating all the stuff they have would probably cost more than the last stimulus bill. The feds also use a huge amount of custom stuff and push their own security patches for IE and Windows that are not from Microsoft. Those don't play so well with FF.

[Spats30]

I think the point is the get Firefox as an EXTRA alternative. They don't necessarily need to ensure all apps work on Firefox, but instead desire Firefox for other uses (that would include probably 95% computability).

[empirestatebuddy]

The answer is: Mozilla didn't donate millions to the Democrats. Microsoft did. Finkle might have a better shot at getting Chrome, since Google donates to political parties.

[Kwasiowusu]

@ empirestatebuddy :"The answer is: Mozilla didn't donate millions to the Democrats. Microsoft did" <br /> <br />The answer is, most home personal computer users by far, use IE. And they haven't received a penny from Microsoft. <br />Wanna try again?

[Endbringer]

@Kwasiowusu<br /><br />The article and topic is about the US State Department, not home consumers. So what does IE being used by home users have to do with Microsoft's lobbying effort toward the government? <br /><br />Wanna try again?

[Kwasiowusu]

@ Endbringer :"The article and topic is about the US State Department, not home consumers. So what does IE being used by home users have to do with Microsoft's lobbying effort toward the government?" <br /> <br />I think you'd better direct that question to "empirestatebuddy " and his moronic first post in this sub-thread :" Mozilla didn't donate millions to the Democrats. Microsoft did" <br /> <br />He brought up the matter of Microsoft political contributions, and goverment use of Microsoft software. I didn't. <br />My post was in direct response to his post, by pointing out that home users still prefer IE8, and thet don't get any political contributions from Microsoft. <br />You shoulda read BOTH posts, before spewing out irrelevancies.

[myles taylor]

I don't understand why people are forced to use IE, when it doesn't have one redeeming feature. And yes, I've worked on networks of hundreds of computers. Not thousands, but hundreds. IE is a nightmare in every way. I'm talking of course of the older versions that they are probably using.

[tauvix]

People are forced to use IE because for a long time that was the only browser you could get Enterprise level support on. The Mozilla Foundation even still does not offer any kind of Enterprise level support on Firefox or Thunderbird (At least none that I can find mention of on their website).<br /><br />Large businesses (and the government) like guarantees. Things like "I can call a support center 24 hours a day, 7 days a week, and if the problem is great enough can have my concern escalated right to a developer within X number of hours."<br /><br />And even if IE has historically needed a fair number of patches, well, they came right down the pike with the Windows patches and could be added right to your existing patch infrastructure.<br /><br />That's why most businesses force their users to use IE.

[ewsachse]

If I am the boss, and you are working for my corporation or government entity, then you will use whatever my IT staff has installed on the company's/government entity's PC's.<br /><br />If you do not like it, then you can always quit an find a new job.<br /><br />Simple enough for you?

[Vegaman_Dan]

@Tauvix: <br /> <br />Service Level Agreements. Microsoft has binding contracts to provide solutions to problems when they come up for large organizations. Firefox has none. They have no accountability whatsoever. That makes it very hard for any corporation to come back to them and demand a fix for a problem that comes up. If the government chose Firefox and nothing else, then what happens when there is a zero day flaw like there is today? Something that now allows drive by downloads resulting in compromises where the government would then be forced to tell users not to use their browsers at all because...well, Firefox *might* get around to a fix for it in a while. No ETA. <br /> <br />Those SLA's are what enterprise customers need and demand.

[Endbringer]

@ ewsachse<br /><br />Well, our IT department is inept and I work for a local government. They want IE used for everything, but don't really check to make sure it works with everyone's software. For example when IE7 came out, Autocad and the verticals would not work correctly with IE7. Our Nazi IT department pushed out IE7 without even bothering to check that. I came in one morning to find all our engineers and surveyors complaining that they couldn't use Autocad. I had to go and uninstall IE7 from everyone's computer until Autodesk released a patch to fix the problem. Our IT department wouldn't do that; I had to do it. <br /><br />I have fights with our IT department all the time because they just don't know enough to manage the system correctly. They only think there are secretary's and directors who use computers. And that's the problem with them. <br /><br />Firefox is faster, more secure, and just plain better overall compared to IE. Now for enterprise level support, I can't say much about, but I would think if the intelligence agencies of the federal government have approved Firefox, then why can't the State Department use it?

[JoeF2]

@tauvix:<br />"Large businesses (and the government) like guarantees. Things like "I can call a support center 24 hours a day, 7 days a week, and if the problem is great enough can have my concern escalated right to a developer within X number of hours.""<br /><br />If you think you can get that kind of support from Microsoft, you are sadly mistaken.<br />Open Source actually is better, and gets things fixed within days. Microsoft gives you a patch day once a month, and even then, lots of exploits of Microsoft products stay open much longer.<br />So, this "Open Source has no support" is really just hogwash, put out by interested parties...

[qazipoducifdechudhjhjkk]

@ewsachse: To echo Endbringer's comments, a lot of IT staff just aren't up to it quite frankly.<br /><br />I was given the choice you offered. Trouble is that they needed me more than I needed the money. I'm a craftsman, which means I'll use my own tools for the job thank you very much. That means an Apple Mac and not the POS Dell/XP they tried to insist I use. I'm still there. Simple enough for you?

[man_w_balls]

RE: This article - <br /><br />Yet another example of how our government can't do anything right. <br />When the machinery is so big that you can't make a small change, that means it's too big.

[codynews]

IE is free too. Why switch? IE is just fine. Firefox is just as big/fat/ugly as IE

[Endbringer]

Firefox is much smaller than IE, so why you say it's big I don't know. As for ugly, that's an opinion.

[troyoverton]

Uh, no.

[Kwasiowusu]

Deceptive article headline :"State Dept. to Clinton: Please let us use Firefox" <br /> <br />Real headline should be : "New State Department Employee and Open Source Fanatic Jim Finkle, Demands That Everyone Else Should Use Firefox Because He Does"

[Dmartin17]

Shouldn't this guy be working and not surfing the internet anyways?

[Kwasiowusu]

@ Dmartin17 :"Shouldn't this guy be working and not surfing the internet anyways? " <br /> <br />Didn't you know? <br />Open source fanatics don't go by the same rules as anyone else. They are a law unto themselves. A new employee at the State Department, can simply just get up, and demand that everyone else at the State Departmet, inclduing those who are far more senior than he is, should chage the browser they use, and the way they work, to suite the whims and caparices of that one open source fanatic Why? Well because open source is "cool" and Microsoft is "evil", silly.

[clamenza]

Shouldn't you?

[Endbringer]

@kwasiowusu<br /><br />Wanting to use Firefox does not equate to being an open source fanatic. Firefox is just a good, secure browser that works.

[Kwasiowusu]

@ Endbringer :"Firefox is just a good, secure browser that works. " <br /> <br />So is IE8. <br />So why give State Department employees plenty of headaches by forcing them to switch to Firefox just because some guy called Jim Finkle, a Johnny come lately, who only just joined the State Department, says so? <br />I wouldn't trust a guy called "Finkle" anyways.

[WulfTheSaxon]

@ Kwasiowusu<br /><br />Did you actually read the article? Nobody mentioned forcing anybody away from IE (not that it wouldn?t be a wise idea, what with all the security vulnerabilities)?

[fgsdfgdsfgdsfg]

still no group policy templates to control firefox, so no i don;t see it as easier to centrally administer then IE.

[cloudmatt]

*sigh* I work on over a thousand systems with administrator access. I love Firefox. the only browser on our systems IE. Why? Cause it drops in with the windows install, updates with the server roll outs, everyone an their mother has used it at one time or another and everything is made to work with it.<br /><br />Please understand I prefer Firefox to IE but IE makes my job just a little less difficult. If you guys want to see Firefox move into the corporate world I suggest you start with getting Firefox with a higher share of the browser world than IE. Then developers will take it serious and start programing for it.<br /><br />Until that day Quit your whining and resolve your self to Microsoft's owning of the world.

[Endbringer]

IE has 64% of the browser market. Firefox is around 24% and the others fall in behind. If you think ignoring a little less than half of all internet users is good policy, then perhaps you should rethink what you said.

[Kwasiowusu]

@ Endbringer :"IE has 64% of the browser market. Firefox is around 24% and the others fall in behind. If you think ignoring a little less than half of all internet users is good policy" <br /> <br /> <br />When did 24% suddenly become equal to a "little less than half" of 100%? <br />And if you think 24% shouldn't be ignored, then why the heck should 64% be ignored and pushed aside in favour of 24% tthen?

[msjonker]

Apparently, Finkle doesn't have enough work to do...<br /><br />"Laces out, Dan!"

[spenb]

The State Department should definitely use Firefox, because it's faster and, more importantly, more secure. One of the biggest reasons businesses use Internet Explorer is because they use so much Microsoft software (and probably because they don't want to spend the extra 3 minutes to switch everyone to Firefox--really). Hopefully the State Department isn't as reliant on Microsoft software as so many businesses are.

[sting7k]

The feds are pretty much totally reliant on Microsoft software. Most of their stuff is custom in addition. Their databases and legacy software only works with IE6. The feds don't just put out Microsoft updates, they push their own security updates for their network as well. FF, Safari, and new stuff doesn't play so well with their proprietary stuff at the big agencies with lots of security like the state department. <br /><br />When I first got to work I was shocked to find many many people only knew email as Outlook, they didn't know what webmail was or what it was used for.

[ipashchuk]

Saying that Firefox is much more secure is deceptive. Just off the press, Firefox has confirmed a vulnerability in its 3.5 version that can allow someone to hijack the machine running the browser. The timing is great, I have to say :). On a serious note, IE vulnerabilities are discovered all the time as well -- I just haven't heard of any today :). If one were to compare the history of vulnerabilities between IE and Firefox, there is no clear winner. IE is definitely the preferred target at this time, which could be why Firefox appears to be more secure. Once IE is in the minority, the picture may change completely. <br />Oh, and one more thing, I do prefer Firefox to IE (just in case that my post appears to speak to the contrary).

[FF2009]

of course there is a Winner. IE is the king of vulnerabilities. Just yesterday it had like 3 holes in it M$ had to patch.

[ipashchuk]

Well, actually, studies suggest that Firefox has more vulnerabilities than IE -- that's not even taking into account that IE is targeted more than Firefox. What makes Firefox stand out though is that its patching mechanism is not tied to the OS (like IE's is to Windows Update) and thus ensuring that latest patches are applied as soon as they are released. If we just look at the number of known vulnerabilities that IE and Firefox have had and take into account that IE is targeted more frequently (which would generally result in more vulnerabilities being discovered), IE is by far a more secure browser. But, there is a lot more to security than the number of vulnerabilities -- in fact, only one vulnerability may be sufficient to compromise a computer. In other words, if I have two buildings and one has 1 door open and the other has 100 doors open, which one are you likely to be able to get into? Since you only need one, it doesn't matter how many are available. However, statistically, you have a slightly higher chance of getting into the building with 100 doors open because it would take less time to find one of the open doors, but I digress :)...

[Endbringer]

MS releases patches roughly once a month. Mozilla sends out patches as soon as possible. That's a big thing to ignore.

[alegr]

From today's headlines: "Zero-day flaw found in Firefox 3.5"

[cohaver]

The Security Problems with in Active x interface and Direct X all interface at Internet Explorer And Task Bar Multiplication problems windows Desktop Search Holes are very well noted Government should have a Redundant network at all levels that includes the Browser. Stupid is as Stupid Does