doron's blaahg

This sounds interesting.
I like what I hear, just wondering where it is coming from.

What exactly do you find in the latest FIrefox builds that make Firefox a pain for enterprises?

Just the XPI whitelist?

I'm interested because there may truley be a need for a version of Firefox that is enterprise ready.
Thanks
-Jed

- XPI whitelisting
- adding unrequested UI to windows
- statically linking gecko, making it non-embedable
- the rest of the things I have to deal with day by day

> Which means we need a enterprise Mozilla browser. Perhaps Firefox Professional. Or Mozilla Navigator (aka Firemonkey).

No, the idea of mozilla as a web platform was that you can just use a browser which is already on the machines. As soon as you're satisfied with a special mozilla enterprise build, you have to install special browsers on the client machines.

This is partly a problem for OS vendors to solve. (IBM, this means you!) Remember those banner ads that are disguised as Windows alerts? Even if no-one used banner blockers, and even if Web users hadn't been getting more experienced over the past five years, those ads would still be less effective now than they were in 2000. Why? Because Windows XP defaults to an appearance ("Luna") that is noticably different from Windows 95/98/2000 ("Classic"). Now that (IIRC) half of computer users are using Windows XP, the deceptive advertisers have to choose either the Classic appearance or the Luna appearance, so they are more likely to be wrong, so people are less likely to mistake the ad alerts for real alerts. But if advertisers were smart, they could switch the ad based on the OS field of the UA string …

All of the above applies just as much to mimicking secure browser UI. If the author doesn't know what the OS looks like, they're much less likely to be able to spoof it.

Since OS appearance is largely a function of the OS, one fix would be for browser vendors to remove the ability of Web authors to know what platform the browser was running on — both from the UA string and from JavaScript. For browsers that only ran on one platform, that would entail removing the ability of Web authors to know the browser name as well. (For example, Safari's UA string would have to change from being "like Gecko", as it is now, to imitating Firefox's UA string exactly.) This would make the UA string even less useful than it already is, which I don't find particularly surprising, since UA strings have been getting steadily more crufty for the past eight years.

But that would break a lot of stuff, and wouldn't fix the problem for Windows. Which is why I say it's an OS vendor problem, not a browser vendor problem.

I have long told anyone who was interested (which is hardly anybody) that Microsoft should distribute Windows with several themes, and a random theme should be chosen at installation time. (Not at startup time, at *installation* time.) People would be allowed to configure the theme, but since most people wouldn't, the end result would be an end to the monoculture of GUI appearance amongst Web users.

Then as long as Web browsers followed the OS theme in their own controls, and as long as they didn't allow Web pages to know what the current OS theme was, it would be extremely difficult for Web pages to mimic trusted browser UI.

(Why couldn't browsers just do the theme randomizing thing by themselves? Because if the browser used a different theme from the rest of the OS, people would get used to seeing multiple inconsistent themes on the same computer, so the inconsistent malware appearance would seem more plausible.)

Under this logic, any browser theme that doesn't follow the OS appearance (e.g. Netscape's "Modern") is a security vulnerability, and so is supporting CSS's UI color values. Neither of which I find particularly surprising, since I've long suspected they were but until now hadn't worked out the exact problem.

Doron said: "- adding unrequested UI to windows"

IE already adds the status bar all the time in XP SP 2. I wanted to make Firefox match this, but got overruled.

IE SP2 is a bad example, they broke a lot of stuff too :) They probably choose the statusbar because its the least annoying part to show.

mpt: I would hazard a guess that WinXP users will click on windows classic-looking dialogs as well

How about a global whitelist with options for .xpi installation, displaying chrome over the web, xpcom privileges, and others? Something to make it easy for an enterprise admin to deploy firefox with a custom security policy for internal domains. The .xpi part is already there, how much more dangerous would it be?