In agreement with you there--in some departments here, we have a deny all then only add in sites which are required, using GPO and by setting a proxy of the loopback. Works quite nicely. The downside is what about sites we don't know they'll need to link to on a day to day basis. Business use is business use is business use. I chant this like a mantra to them all.
So I do agree with you when you say that if the browser is locked down properly to begin with then it is highly unlikely to cause problems. However, as many of my security bulletins also get taken up by my users for their home use, I find that certain things are harder for me to control-and education is key. As for certain things not working with Firefox(I use it myself)-I have found the IE tab plugin does the trick pretty much all of the time. It masquerades as IE when needed. (In fact, I haven't come across a site that it can't work with). However, I don't think it mimics the flaws-though I could be wrong. Anyone else got any info on this? I also agree with the point of firefox now becoming the new target for exploiters to use. The more people that use it, the more of a target it becomes. Regards Murad Talukdar --------------------------------------------------------------------------- ---------------------------------------------------------------------------
