At large organizations you’re generally not allowed to download much of anything without it passing through IT security and management first. If it’s a no, it will probably stay a no.
Just to be clear, I mean it’s literally managed at the Group Policy level (in Windows server environments at least) and no amount of asking will suddenly give your user account permissions to be able to save files of any kind.
You generally literally cannot download it without going through IT to get them to approve of and give your account access first.
Ya I forgot I have escalated device privileges and an admin account, which I definitely would have used for installing anything. Although I believe I can also skirt the rules using winget on a user account. That will probably get you in trouble however!
This matters more for some industries than others. But this attitude lets a malicious employee install basically whatever they want in service of “the job” and you won’t even know you’re being breached until after it’s all over.
Well, we still have to get approval. But it just seems like they don’t mind as much. For example, I don’t know how many companies out there would be fine with installations of AutoHotkey and LibreOffice.
My IT department uninstalled it from my work laptop, and told me not to reinstall it because - and I quote: “The only browser IT officially supports is Google Chrome.”
What makes this doubly stupid is that I’m a web developer. I literally can’t test my stuff on another browser…
I used to develop ads (non intrusive things for home depot or go RVing) and i used ad blockers. When testing, i would just run private browsing with plugins disabled…
I’m not always working in the office, and they’ve asked us to connect to VPN only if we need access to the internal network. Email and Teams work without VPN, but now you want me to log in for web access? A browser blocker is better imo.
You can only catch so much at the edge and DNS level. Browser extension catches the stragglers that get through. But we’ve mitigated virtually all browser induced malware possibilities by just moving to cloud-based internet isolation. It’s similar to what the DoD uses, if anyone’s familiar with their use case: https://www.bylight.com/wp-content/uploads/2020/09/CBII_2020-2025.pdf
Same here. The worst thing is in their justification of disallowing Firefox they listed that it was not an enterprise application. I get that it might be extra effort to support it but don’t list something factually untrue as a lame cop out for why you don’t want to.
Was told it wouldn’t be allowed because you couldn’t restrict it using GPO… Until I told them they could absolutely apply those restrictions using GPO and even provided the ADMX templates.
I can’t install anything. I’m lucky I can install uBlock Origin because I worked out later most extensions are disabled too. But I guess it’s only matter of time until that disappears.
Edge extension store still has it I think. Use it until Edge removes it as well. Then tell the IT to use Firefox highlighting the importance of adblocking.
I don’t like my chances of swaying IT. The organisation is too big and I’ll get told I should be using Edge which is the only officially supported browser.
If you had uBlock origin already, you may have gotten a message through Chrome that it was no longer supported, so it’s been disabled, and gives you the option to remove it. I noticed you don’t have to remove it, and it can be re-enabled. However, I need someone smarter with adblockers than I to say if this is actually helpful and not hazardous.
People are saying manifest v2 (the old API that ublock uses) will be gone soon, which I think should effectively make ublock unusable whatever you do unless you stop updating chrome maybe (which could open you up to a ton of security issues) ? Not sure, don’t care since I’ve ditched chrome long ago
Cries in only Chrome and Edge at work 😢
Download Firefox portable
At large organizations you’re generally not allowed to download much of anything without it passing through IT security and management first. If it’s a no, it will probably stay a no.
Just remember,it’s easier to ask for forgiveness than permission!
Just to be clear, I mean it’s literally managed at the Group Policy level (in Windows server environments at least) and no amount of asking will suddenly give your user account permissions to be able to save files of any kind.
You generally literally cannot download it without going through IT to get them to approve of and give your account access first.
Ya I forgot I have escalated device privileges and an admin account, which I definitely would have used for installing anything. Although I believe I can also skirt the rules using winget on a user account. That will probably get you in trouble however!
I work for a non-profit and they are way more lenient about what we would like to install as long as the job gets done.
Then you have bad opsec and security holes.
This matters more for some industries than others. But this attitude lets a malicious employee install basically whatever they want in service of “the job” and you won’t even know you’re being breached until after it’s all over.
Well, we still have to get approval. But it just seems like they don’t mind as much. For example, I don’t know how many companies out there would be fine with installations of AutoHotkey and LibreOffice.
https://portableapps.com/apps/internet/firefox_portable
Link for convenience.
Tell your IT.
Yeah. What company wouldn’t allow it?
When I was working for an ad exchange, everyone had adblock installed in their browsers, I found that quite ironic.
My IT department uninstalled it from my work laptop, and told me not to reinstall it because - and I quote: “The only browser IT officially supports is Google Chrome.”
What makes this doubly stupid is that I’m a web developer. I literally can’t test my stuff on another browser…
I used to develop ads (non intrusive things for home depot or go RVing) and i used ad blockers. When testing, i would just run private browsing with plugins disabled…
I would argue it’s a security issue not to have any ad blocking. Many scams online start with popups or fake ads.
So if you get the opportunity to talk to IT that’s what I would mention.
The FBI agrees with you
(Although they have since taken down their PSA woth no explanation)
A good IT is blocking ads at a company-level. Browser extensions wouldn’t matter, and in fact, shouldn’t be allowed for the same reason.
I’m not always working in the office, and they’ve asked us to connect to VPN only if we need access to the internal network. Email and Teams work without VPN, but now you want me to log in for web access? A browser blocker is better imo.
You can only catch so much at the edge and DNS level. Browser extension catches the stragglers that get through. But we’ve mitigated virtually all browser induced malware possibilities by just moving to cloud-based internet isolation. It’s similar to what the DoD uses, if anyone’s familiar with their use case: https://www.bylight.com/wp-content/uploads/2020/09/CBII_2020-2025.pdf
Even with CBII ads still make the internet cancerous to even look at
Oh for sure, but with CBII, malicious ads can’t exploit a vulnerability and infect your local system.
Officially only Edge is supported, but Chrome is tolerated. It’s a full MS environment.
Click on every single ad and banner, click “I agree” on every pop-up. Make that computer hate it’s life!
How To Get Fired 101
uBlock Origin Lite does work, but it’s predefined lists only. You can’t use the element zapper 🙁
lame
My condoleances
Same here. The worst thing is in their justification of disallowing Firefox they listed that it was not an enterprise application. I get that it might be extra effort to support it but don’t list something factually untrue as a lame cop out for why you don’t want to.
Was told it wouldn’t be allowed because you couldn’t restrict it using GPO… Until I told them they could absolutely apply those restrictions using GPO and even provided the ADMX templates.
Download a Firefox based browser from the Microsoft store?
Store is disabled
Wellp, time to get a new job.
some “infosec” systems tags firefox as a “vulnerability” risk
ahem tenable ahem
I can’t install anything. I’m lucky I can install uBlock Origin because I worked out later most extensions are disabled too. But I guess it’s only matter of time until that disappears.
Edge extension store still has it I think. Use it until Edge removes it as well. Then tell the IT to use Firefox highlighting the importance of adblocking.
I don’t like my chances of swaying IT. The organisation is too big and I’ll get told I should be using Edge which is the only officially supported browser.
https://portableapps.com/apps/internet/firefox_portable
I would have run already.
If you had uBlock origin already, you may have gotten a message through Chrome that it was no longer supported, so it’s been disabled, and gives you the option to remove it. I noticed you don’t have to remove it, and it can be re-enabled. However, I need someone smarter with adblockers than I to say if this is actually helpful and not hazardous.
People are saying manifest v2 (the old API that ublock uses) will be gone soon, which I think should effectively make ublock unusable whatever you do unless you stop updating chrome maybe (which could open you up to a ton of security issues) ? Not sure, don’t care since I’ve ditched chrome long ago
Good to know, thanks.