Saturday, October 28, 2006

How to run Firefox in a corporate environment

The story of this blog's title begins and ends with Firefox.

If you haven't been using Firefox in the past couple of years (or Opera or anything that's not Internet Explorer, for that matter), you have been missing out. It's no secret that IE6 is the worst browser ever created--well, maybe it was okay around the time it originally came out, but how many years ago was that? Sure, now IE7 is available, and it reportedly fixes the vast majority of my problems with IE6, but my story goes back to the days before IE7 was a blip on the radar. (And, for that matter, IT has made the pronouncement that we can not install IE7 until they do their corporate roll-out, which will take months presumably, based on past performance...)

Anyway, IE6 is unfortunately the official corporate internet browser, as it is for most companies out there. But Firefox is freeware and better, so what harm could come out of using it instead? Well, none, of course, but you will get IT's attention quickly and they will forcefully remove it from your computer. Generally, they call, say "I'm uninstalling Firefox," and then proceed to take remote control of your machine and remove the program. And then they say something about how Firefox is not approved software and you must not install it on your corporate workstation or laptop.

So, what to do? I don't want to use IE6 if there are other options. I use Firefox at home all the time and it's clearly my browser of choice. So, Google to the rescue...

Funny thing--Google. Anyone that's ever used Google extensively is well aware that you can learn anything and everything with a Google search. Yet, IT always seems surprised when we find ways around their rules and measures... do they not know about Google?

And the solution to my problem was quickly found: Portable Apps! Here's a modified version of Firefox that will run entirely off a USB drive. Nice. It was the perfect solution. I could have one copy of Firefox for use at both home and work, with the same bookmarks and extensions, and all I had to do was bring my USB drive to work every day. And Firefox would never actually be installed on my corporate computer, so IT wouldn't find it with their regular drive scans. And it worked like a charm for nearly a full year. I started running Portable Firefox in late 2005, while I was still at my terrible first job, and IT did not catch on until mid-2006. It was such a long period of being left alone, that it was quite a shock when they did finally realize what was happening.

When I moved to my new job, I found that a new co-worker was also a Portable Firefox user. And our boss, also getting annoyed with IT's policy on Firefox, got in on the Portable Firefox game as well. And it was our boss that got the call in summer 2006: IT had long known we were running Firefox somehow, but they had finally figured it out. Apparently, it had been quite the shock to learn that you could run software off USB drives... Google, anyone?

How did IT know we were running Firefox? They monitor everything. Every web site we visit is recorded, every executable we run is logged, every key stroke... well, I don't know about the last one, but I wouldn't be surprised. We apparently agree to this whenever we log in, because there's some bullshit disclaimer that we get each time--but is it really agreement when you have no choice in the matter? Probably yes, but it's still unfair. If I could use my own computer to work, I would, but I'm forced to use an IT-controlled PC by the company--where's my choice again? So, anyway, IT could see that firefox.exe was launched everyday, and they could see Firefox's user agent accessing web sites, but they couldn't find the executable to remove it.

A couple years ago, I stumbled upon the executable logging software while cleaning up my workstation files. It wasn't hidden very well... "C:\Program Files\Tally Systems Corp\TSCensus\Bin\UsageLogs" At the time I discovered the program, the usage logs were also plain text, so I was able to see exactly what they were monitoring. (Tally Systems was eventually purchased by Novell, and the upgraded ZENworks Asset Management software changed the usage logs to an unreadable proprietary format.) I attempted to uninstall the program a few times, but it always came back. So I started simply deleting the usage logs. And I wasn't afraid to share the location of these usage logs with my co-workers, to give them a chance to delete them as well. I did this for a couple of years with no consequences.

But my boss and co-worker that were running Portable Firefox were not deleting their usage logs, so we were eventually caught. And maybe all the deleting of usage logs I did was for naught, anyway, since who knows how often they grabbed the usage logs and stuck them somewhere on the network?

When IT's edict that we no longer run Portable Firefox was delivered by our boss, my co-worker and I got to work on running a stealthier Portable Firefox. We kept our boss out of it, as we knew he wouldn't be happy to find out that we weren't giving up. So, once again, Google to the rescue. We both installed the user agent switcher extension and started running Firefox as the Internet Explorer 6 user agent. We both renamed PortableFirefox.exe to something less conspicuous. And we both renamed firefox.exe on our USB drives to IEXPLORE.EXE. You see, Portable Firefox comes with an .ini file that lets you change the Firefox executable name as well. Brilliant!

And then we started making mistakes. Bad, costly mistakes. IT was already watching us closely, since we had been branded as trouble makers for running Portable Firefox in the first place. The smart thing to do would have been give up the fight and suffer with IE6. But where's the fun in that? We had to find out if our stealthier Firefox would do the trick...

My first mistake was a wrong headed attempt to prove that Firefox was more secure than IE6, despite IT's ridiculous claim otherwise. So I used both browsers to run the ShieldsUP! test. The results were inconclusive. The corporate network failed the security test, not the browsers. Little did I know that port scanning was a grievous offence...

My second mistake was telling my co-worker about the Tally Systems monitoring software. He came up with the idea of killing the software with a batch file on every restart. Great idea? Seemed like it at the time...

(My co-worker didn't help the situation when he started killing IT's SMS--software management system--program when it popped up at inconvenient times. SMS does annoy the hell out of everyone, as it forces restarts to install software upgrades. I would never restart my computer if not for SMS forced restarts.)

My third mistake was running utorrent off my USB drive while in Montreal for a training course. I wanted to download an episode of a TV show. Big deal. But it was my first time running utorrent, and I didn't pay attention to the files it left on my laptop. There's an easy fix to this, but I didn't know it at the time.

My fourth mistake was renaming the PortableFirefox shortcut in my quicklaunch bar. What's bizarre and makes this story worth sharing is that this fourth mistake is the one that's getting me in the most trouble. Yes, renaming a shortcut icon on my personal desktop is the biggest mistake I made in trying to run Firefox in a corporate environment... IT considers it to be a worse offence than regularly killing a corporate software process! It makes zero sense and is completely ridiculous, but it's the truth.

So, the obvious question remains: what was the shortcut icon renamed to? Take a look at the title of this blog and extract the first letter from each word. (Because it won't make sense unless you know this: C I & T is the full acronym for our IT department.) Yeah, that's it... FUCI&T! Oh, how scandalous! How dare I? Yes, it's immature. Yes, it was unnecessary. But it made me smile when I did it. And it apparently made IT's head explode when they discovered it.

No comments: