Sigh...another round of security updates coming from the folks at Mozilla. It looks like version 184.108.40.206 will be at our doorsteps soon. Now at home, updating Firefox and Thunderbird on the Windows PC is a snap since it is all automatic. However, updating in a secure enterprise environment is a different matter.
In most enterprises, most users don't have administrative privileges and without those rights Firefox and Thunderbird in most cases will not auto install the new version. What would really help is if Mozilla would provide their software in a MSI package. Until MSI packages are provided by Mozilla, it is difficult for me to accept Firefox and Thunderbird as "enterprise software". In a Windows Server 2003 environment, MSI packages are a must for easy deployment, management, and auditing.
There have been some in the Mozilla community that have pushed for official MSI releases, but it always appear to me to be an uphill battle. It has been my experience that too many in the open source community don't fully understand the needs for organizations to have full control of which version of the software are on their systems. Often, open source communities underestimate the degree of paranoia in large organizations and the extent of controls that are in place. Depending on your network configuration, installing software without MSI can make it a long and tedious day for the network administrator.
I applaud those in the open source community that have released their own MSI packages to the public. I especially would like to call attention to MIT's efforts through the Open Source MSI Repository at Sourceforge. The only problem is that it can take some time before their contributions of the MSI packages for the latest version of software are posted online. By that time, I have usually spent my morning making my own packages for office deployment. However, the MIT group lately seem to be doing a better job posting the updates in a timely manner...so maybe their services is something I can start to rely on in the near future.
This is not to say, that I don't like Firefox and Thunderbird. On the contrary I'm a big promoter of the software. In fact, my organization uses Thunderbird as its "official" email client and I've made sure all my users have Firefox available on the Windows desktop.
I also acknowledge and agree with posts in the Mozilla community which say such things as "security releases are what make Firefox and Thunderbird great products! Our work together helps to keep our users up to date and safe". Yes, I would rather have the opportunity to install secure software than no software on my network. It's just that I wish from a network administrator's point of view...I wish there was something in it for me. Selfish I know, but you see I have a headache.