Page 1 of 1

Corporate IT says FrontMotion not supported

Posted: Fri Apr 24, 2015 11:28 am
by ElizabethGray
Hi all,
I am an IT manager for a large municipal department with 1200 employees, many enjoying the use of FrontMotion FireFox. Our corporate IT has told us recently they are uninstalling FrontMotion (in favor of Chrome Enterprise; along with the standard IE). The reason: "because FireFox is open source and so it isn't' really supported like the other browsers."
I think that's hogwash--as demonstrated by this forum--but I need a bit more fact to push back with. For example a release schedule for patches, and any other info you can provide me to demonstrate that FrontMotion is just as "supported" as any other browser.

Thank you for any help you can provide.

Re: Corporate IT says FrontMotion not supported

Posted: Mon Apr 27, 2015 4:28 pm
by acoustix
It's definitely a BS reason. Firefox has a huge installed base and has more extensions/plugins than IE. The Extended Service Release of Firefox is very well supported. I would actually more concerned with what information Google is collecting with their browser in a corporate environment.

I'm an IT Director at a medium sized transportation company and we've been happily using Fronmotion Firefox for years, especially since it ties in so well with group policies.

I guess it's nice that they are at least giving users a browser option. But why not support all 3 browsers: IE, Firefox and Chrome?

Re: Corporate IT says FrontMotion not supported

Posted: Mon Apr 27, 2015 6:14 pm
by ElizabethGray
Thank you, acoustix...I will pass your info on. If anyone else has additional support, please chime in. I am fighting an uphill battle on this.

Re: Corporate IT says FrontMotion not supported

Posted: Tue Apr 28, 2015 6:34 am
by MHX
Firefox does not support Windows Certificate Store, so company ssl certificates are a problem. There is no easy way, certificates need to be installed into each users' local profile database. For Intranet and other internal webbased applications that you secure with ssl certificates (https), Firefox reports a problem... With IE and Chrome you can manage certificates centrally and easily by GPOs. Biggest disadvantage here.

If there is a new security problem, new Firefox versions come out fast, but you never know how long it takes until the FrontMotion Firefox will get the update - for businesses this is a factor. With Chrome you get official updates really fast and you can deploy them, with FrontMotion Firefox you need to wait as you cannot use the normal official Firefox updates. In general, you are always behind the official versions.

In FrontMotion Firefox you can disable the default browser check at browser start by GPO, but you cannot disable the button in the settings dialogue to manually set the default browser (if in a company IE is main browser and Firefox is additional browser, this is something you cannot manage successfully then). (At least, I do not know how to achieve this.)

Some users ask at our support why we have a Firefox nightly release, this is not only the blue icon (which I like), but what is displayed in about dialogue.

Our Dell Optiplex systems with Intel graphics made Firefox crash regularly with Firefox 32 which was not the case with Firefox 25 (we did not use the versions in between). This was related to hardware acceleration that we needed to disable by GPO (not a Frontmotion problem, but Firefox in general). Now with Firefox 37 (again skipped some versions), the fonts look blurry with disabled hardware acceleration... And with Firefox the UI gets changing quite often which is not liked by every IT support (might be true for Chrome, too).

From time to time there is a new problem with FrontMotion Firefox (due to the Frontmotion adjustments), so testing is essential before deployment (a GPO setting suddenly does not work anymore, an updater.exe gives false positives with Antivirus detection, ... -- just look into the forum). I personally have no problem with that, but I guess that you have a little bit more own work if you decide to use Firefox in your corporate environment.

I like Firefox best, and I like Frontmotion Firefox, and we use it in our environment, but I just want to add that not everything is as professional (in admin terms for corporations) as with IE or Chrome (both with own disadvantages as well). And you do not know how long Frontmotion Firefox will be offered, there is no guarantee, so you must expect to change to another browser (or another Firefox solution) in the future if this service someday might be stopped.

But most of the times, a new Frontmotion Firefox version can be deployed quite easily.

Re: Corporate IT says FrontMotion not supported

Posted: Tue Apr 28, 2015 8:45 am
by ElizabethGray
Extremely helpful, MHX, thank you for taking the time to document all this.

Re: Corporate IT says FrontMotion not supported

Posted: Tue Apr 28, 2015 9:12 am
by Loktai
In response to MHX and the disabling settings - this is possible in Frontmotion. I was successfully able to remove the entire settings button to stop users tinkering where they shouln't.

Please see the final post here as to how that was done:

Re: Corporate IT says FrontMotion not supported

Posted: Wed Apr 29, 2015 8:23 pm
by MonkeyBoy
You should tell your corporate IT that Chrome is also open source, and definitely isn't supported like the other browsers.

Chrome is designed to work with Google websites. That's it. Compatibility with any other company's websites are incidental. Chrome breaks websites far more often than Firefox. I have to support both (courtesy of Chromebooks). It's an absolute nightmare to keep Chrome happy. Google's documentation is sparse and regularly contradictory, when you contact Google for help they're even more confused than you are.

If your corporate IT wants to maintain all their websites on the same release cycle as Google, hey, more power to them, but I think their money would be better spent on other things. They'll need to regularly test the beta and dev branches of Chrome against their websites and make adjustments as needed so that future releases of Chrome won't break them. If they don't then they're just playing russian roulette with all the systems they administer. Eventually the gun's going to go off... and then they'll demand that nobody use anything except IE, which is probably their ultimate goal. To go back to Firefox at that point would be admitting they made a mistake...

Re: Corporate IT says FrontMotion not supported

Posted: Mon May 04, 2015 5:17 pm
by ElizabethGray
Amen, additional info noted and appreciated. (And I confess: I didn't know Chrome was open source; I thought it was an official Google-supported product).

Re: Corporate IT says FrontMotion not supported

Posted: Tue May 05, 2015 8:04 am
by ElizabethGray
Victory! They have decided to "investigate further" before uninstalling FireFox. Given the amount of pushback this forum enabled, I don't expect this subject to come up again anytime soon. Thanks to all for your help.

Re: Corporate IT says FrontMotion not supported

Posted: Tue May 12, 2015 8:29 pm
by MonkeyBoy
Google Chrome is based on the Chromium open source project. The lion's share of what makes Chrome Chrome comes from Chromium, they just add some closed-source undocumented components (some of which are amusingly referred to in some circles as the "botnet", since they make Chrome send data to Google's servers) to a Chromium release to create a Chrome release.

It's always good news when IT listens to their users. Bad things happen when they don't.

Re: Corporate IT says FrontMotion not supported

Posted: Thu May 21, 2015 6:54 pm
by GaGirrl
I'm an IT analyst and we've gone through the alternate browser argument and actually settled on FrontMotion because it was easier to harden than the standard Mozilla install.

Amen on the undocumented source code. Chrome has been known to be notoriously slow, buggy even on the first "stable" releases, and creates unwanted web traffic (which is a bear if your site web filters) because it also installs a Google update service to go out and check for updates periodically (God forbid you actually want to test updates before your users get them).

Also, Flash Player updates are automatically included in Chrome updates, so if you have an issue with Flash (that's an oxymoron), then your Chrome browser is hosed.

To MonkeyBoy's point, Chrome is just as much "open source" as Firefox. For example, Mozilla came out with an extension for disable SSL 3.0 for POODLE pretty quickly while they were testing updates to Firefox 34, to be proactive. Google's response was to launch Firefox with a --ssl-version-min=tls1 switch, tell people to update their servers, and then released a true fix in Chrome 40.

They should just do a security analysis on the pros and cons and come up with strategies to harden the browsers via GPOs and call it a day.

FF 49 will support company SSL certificates (Windows certs)

Posted: Tue Aug 09, 2016 4:20 am
by MHX
Good news for companies regarding self signed certificates. After several years of blocking the request to accept SSL certificates in Windows store, now a solution is coming. Firefox 49 will support Windows root certificates, here is the bugzilla thread:

Firefox will read the certs from specific Windows store where companies deploy them using GPO and keeps them in memory. So they will not be imported to Firefox database. When Firefox closes, it is the same as before. Every time, Firefox starts, this happens again.
From my perspective, a very elegant and good solution.

I switched to Beta channel to get FF 49 beta, and I was able to test it in corporate environment. Before, when visiting an intranet site with https, Firefox displayed a certificate warning and users had to accept and import the certificate on their own, every time the cert gets updated. With FF 49 beta, the intranet sites get shown directly with the green trusted lock symbol, the certificate was read and used from Windows store.

In about:config (or for Frontmotion Firefox CE via GPO), the setting security.enterprise_roots.enabled must be True (boolean). I assume that this will not be the default value, so you need to set this option, but this is easy (as Firefox CE admx files did not get an update for a long time, you can edit the file with an text editor and just add it, I did this with other settings without a problem).

Re: Corporate IT says FrontMotion not supported

Posted: Wed Aug 24, 2016 8:44 pm
by farmersWPSD
While I think it's great that they're trying. I just don't see it helping gain anything at this point. Too many people have moved onto Chrome or just stick with IE due to ease of using GPO. I know that I am one of the few at work that use Firefox and I'm the IT guy. I've gotten SSL certs to work using certutil, but it's doesn't work on first login, only after. It annoying and cumbersome. If they should make it the default at least.

Re: Corporate IT says FrontMotion not supported

Posted: Mon Sep 12, 2016 9:15 pm
by MonkeyBoy
It's funny, my anti-malware group policies block executables from running under the user folder.

Guess what installs to the user folder by default, because Google wants to bypass company policy and administrative control? Chrome.

There is the Chrome for Work version that installs to program files but for some reason nobody ever really cares enough about Chrome to ask us to install that.