Mozzila decided to be aggressive with Firefox releases. Not a problem, just keep the old version till add-ons are all compatible. Doesn’t work that way if you want to be secure.

Mozzila announced that Firefox 5 is the security update for Firefox 4. There will be no other updates unless there is a major, and they mean major, security hole. Fine, I have no issues with doing that, keeping people on the latest version, making sure people know that is the way it is. Except for one thing. Only about 80% of the add-ons out there are going to work on Firefox 5.

The issues I have are now pretty simple, but extremely important. They are also why I think Firefox is trying to push itself to extinction. First, Firefox 5 came out today, same day as the announcement about Firefox 4 security updates. Second, one of the add-ons that don’t work in Firefox 5 is for LogMeInRescue, which I use on a very regular basis. I am now forced to use a different browser for supporting clients, because Mozzila decided that to be secure I had to update and break what I need. Not very smart on Mozzila’s part.

This also leads to another issue. People will stop upgrading, just so their add-ons will work. Of course, if they don’t upgrade, they are open to more security problems. Firefox becomes a security threat due to its aggressive upgrade policy. Someone better explain this to the keepers of Firefox.

Before I get started let me say this, I believe in patching, and updating systems and software. It is essential to security fo a system.

That being said, there is something to be said about forcing updated software by calling it a high priority update. Yep, I’m talking about IE8 yet again. Don’t get me wrong, I’ve used it, and for general web browsing, it is ok, although a lot of sites still seem broken when using it.Some of it is because of the higher security settings built into IE8 the rest because a lot of sites are not optimized for IE8 yet.

The problem is that it is listed as a high priority update, and if you have a machine set to automatically install critical updates, it gets automatically installed on your machine. This is totally against the statement from Microsoft that IE8 is optional. The non-tech person does not know to check, nor is expected to know how to decline the installation of something like IE8. All of a sudden this is costing my clients money, due to the fact that they have to pay me to remove IE8 and then reinstall IE7 on their machine.

Yeah, its nice for my revenu, but it makes the IT world look bad overall. Clients jsut want things to work, and I can’t blame them on that. I just want things to work also. Microsoft doesn’t seem to care about anything except market share and money, and with more and more viable options coming out, they better start learning that reputation means everything, and properly working software is the way to get more market share and money.

Keeping up in the IT world, you come across all sorts of interesting things. You also start seeing patterns that can almost be seen as a microcosm to the rest of the world. With all the focus on Swine Flu lately, you can see some similarities between the way it is being presented and say, Cornficker.

Swine Flu is still making headlines, while Cornficker has done exactly what I figured. It feel from the spotlight, and it fell hard. So hard that the FBI complained about the over-hype and problems that the over-hype caused. Now we are seeing that exact same over-hype with the whole Swine Flu health issue, but no one will ever say it was over-hyped. Cornficker, by the way, has one variant that is about the self destruct, while most of the others have been turning into spam-bots, creating a very large botnet.

The Swine Flu is a nasty illness, but it is being called an epidemic, when in reality such a small portion of people are getting it, and an extremely small amount are dying from it. Yes it is nasty, and yes it needs to be fought, but it doesn’t seem to be any more widespread than any other influenza, just a strain that is more rare.

So one has to wonder, with the latest Zero-Day Adobe Exploit, what we are doing about it. The answer is nothing. People are supposedly waiting for the patch for the newest exploit, yet they still haven’t applied the patches for the prior exploit. Mind you, these things get no press, even though they can be just as dangerous as anything else out there.

Yes, you should test patches before deploying them, but you need to have a plan and a time frame that is not insanely long for a decision. The patches for exploits out in the wild (zero-day) should be deployed as fast as possible. It is simple common sense.

Of course, common sense isn’t so common anymore. Just look at the plan on the Swine Flu “epidemic”.  It consists of scaring everyone to death, hurting the economy because of travel bans, and basically hyping the hell out of it until we become complacent and don’t even listen to the people who are basically crying wolf constantly about it.

Hype can be good, but in this day and age, we over-hype so much so fast that I have to wonder, “What are we thinking?”