IT administrators who have tried Internet Explorer (IE) 7 say the extra security muscle and other features are...
an improvement, but not enough to convert those who ditched IE for Firefox a couple years ago.
"I use Firefox and only go into IE for sites that work best in IE," said Stephen Escher, network security manager for the Hilton Grand Vacations Company in Orlando, Fla. "I don't see myself switching to IE 7, especially since the innovation in Firefox is an ongoing process instead of the years it's taken Microsoft to catch up."
SearchSecurity.com asked IT security professionals to offer their initial thoughts after trying the browser. Most said they will deploy IE 7 across their companies only after vigorous testing and tweaking to solve compatibility problems with their home-grown applications. Those who personally use Firefox say they are sticking with the open source browser. But everyone gave Microsoft credit for taking security more seriously.
Here are the observations of five other IT pros:
Brad Bourland, IT director, Houston Astros
Bourland uses Firefox to some extent, but most employees in the Astros IT environment rely on IE. Though he hasn't taken a deep look at the security improvements in IE 7, he said IE 6 had its share of problems and any security enhancements are welcome. He won't be deploying IE 7 en masse just yet, however.
"I downloaded it and planned to use it exclusively, but I've seen some issues with some of the sites I use where certain parts of the Web page won't display properly," he said. For that reason he uninstalled it and he's a bit leery about deploying it across the board. For now, he's allowing certain employees to use it while waiting for some of the kinks to be ironed out.
"We'd like to be on the cutting edge but not the bleeding edge," he said of the decision to wait a bit before deploying IE 7 across the organization. "But with the security enhancements, I'd like to deploy it. Eventually we will."
But in the final analysis, he said, people shouldn't look to IE 7 to solve all their security concerns. Companies will still need to practice defense-in-depth to minimize attacks, he said, especially patch management.
"We keep all our patches up to date," he said. "If there are fewer patches for IE 7 than IE 6, that'll be great. But I doubt it. Every program has its issues and Microsoft has a big red X on its back."
Dave Bixler, CISO, Siemens Business Services Inc.
Even though he's tested IE 7 on its own and as part of the Windows Vista betas, Bixler said the jury is still out on whether the browser upgrade will lead to a significantly safer cyber-surfing experience.
"My perception at this point is that IE 7 has allowed Microsoft to catch up with Firefox, but I am not convinced they have jumped into the lead," he said.
The browser's phishing filter could be helpful to his users, he said, but only if the application is able to keep up with the phishing Web sites as they pop up and down. He's also waiting to see if IE 7 means fewer flaws than IE 6.
"The biggest challenges we faced with IE 6 were all related to vulnerabilities in the application, not a lack of security features," he said.
Due to his organization's reliance on Web-based applications, Bixler said a significant amount of testing will be necessary before he can switch everyone to IE 7. Like Bourland, he said it's only a matter of time before the full switch does happen, but that there are no compelling reasons to push for fast adoption.
While Siemens is mostly an IE environment, Bixler personally uses a variety of browsers, including Firefox, Netscape and occasionally Opera. He said each has its strengths and weaknesses, but Firefox remains his favorite.
"From my initial [IE 7] testing it appears Firefox is still a bit quicker, so I suspect I will use Firefox for most of my general browsing and IE for sites that don't support Firefox well," he said.
Todd Towles, Texas-based IT security consultant
Towles' overall impression of IE 7 is that it's better than IE 6. But it will never be enough to turn him away from Firefox. "Firefox is faster on loading than IE 7 and I don't have to worry about my browser being used as an entry point for attacking other Microsoft products," he said.
But he understands that IE is the dominant Web browser among enterprises and consumers, and said it's imperative that IT pros test it against their critical applications and prepare for mass deployments.
"Testing is a key element in the process of any software deployment and upgrading to IE 7 will not be a small deployment for most companies," he said. "Companies also need to look outside and think about their customers. IE 7 is going to be pushed to the general public starting in November. If a company hasn't already tested their applications with IE 7, then they are already behind the curve."
He does like IE 7's anti-phishing feature. It won't help the information security community win the war against phishing and identity fraud, he said, but it will help users identify phishing attacks more easily.
"Anti-phishing tools have been around for quite some time," he said. "But by building one in the browser itself, it puts a very powerful security tool in the hands of the people who wouldn't normally install a separate third-party tool."
John Hornbuckle, IT administrator, Taylor County School District, Perry, Fla.
Unlike the other IT pros interviewed for this story, Hornbuckle is not an avid Firefox user. As far as he's concerned, there was never a compelling reason to abandon IE.
He spent a couple months using IE 7 in beta, and he upgraded as soon as the browser emerged from beta a couple weeks ago. He said the additional security is great, though he's just as excited about the interface changes, including the tabbed browsing.
"The phishing filter is definitely a plus," he said. "I've had one or two users on my network fall prey to phishing scams in the past, and hopefully this will become less common now."
Hornbuckle said he will deploy IE 7 across the organization soon. "I'll get it installed on a handful of test machines at each of my sites so that application testing can occur," he said. "As soon as application compatibility is confirmed, I'll install it everywhere."
Eric Case, support systems analyst, University of Arizona's Department of Chemical and Environmental Engineering
Case said he hasn't taken a hard look at IE 7 yet. But so far he has seen nothing to indicate that the browser's security features will spark an exodus away from Firefox.
"Why switch if Firefox is doing what the users need?" he asked.
Of course, like the other IT pros interviewed, he knows most people use IE and he'll eventually need to deploy it to the masses. But he's holding off for now.
"IE 7 broke one of our enterprise apps so I've been planning to block it," he said. "In a month or so when I'm confident IE 7 will be okay to use for the enterprise application I'll start testing it."