December 1, 2005

NASA ditches IE in favor of Firefox

A little birdie told me today that NASA has given up entirely on Internet Explorer. Now, if you are an employee of NASA, every time you go to a page using IE, you get up to three prompts telling you how risky it is to run scripts. The official line is that the newest IE vulnerability was the proverbial straw, and now NASA’s standard internal browser is Firefox.

That NASA has taken this step isn’t all that surprising — NASA has been odd man out for many years, encouraging innovation instead of pushing for standardization in their IT systems. But this is interesting because I don’t know of another government agency that has recently standardized (internally) on any browser besides IE for…well, it’s been a long time. Years. Time was Mozilla (Netscape) was standard at NCI, but even that holdout has given up the ghost. Maybe this will give them precedent so they can move to a good browser. 

Update 9:24 AM 12/5/05: Perhaps this rumor is just that — a rumor. See one of the comments below, from someone with a .ru address but who says they’re coming from NASA.

Update 10:24 AM 12/5/05: And another, below, from (apparently) NASA software contractor.

Update 4:27 PM 12/5/05: And a couple more, below, from more apparent NASA employees.

I think it’s time to put this rumor to rest. There are three options:

  1. It’s completely false and my NASA employee (aka “little birdie”) was flat-out wrong.
  2. It’s true for his part of NASA.
  3. It’s true for all of NASA but a bunch of people haven’t heard about the policy shift yet. 

The only way to resolve it is for someone to corroborate my birdie’s story, or for the furor to die down…

47 responses to “NASA ditches IE in favor of Firefox

  1. What startling news! If only we were privy to the internal discussions that drove this decision — the Mozilla folks would probably love to know more about it.

  2. NASA ditches IE in favor of Firefox

    Over at our company blog, Dan Turner’s posted some startling news: NASA appears to be using Firefox as standard now. Wohoo!

  3. No government, public service or financial entity should ever use a browser as dangerous as Internet Exploder!!! This should be a LAW!
    And if they do, they should be held accountable and fined for any data loss or consumer privacy breach.

  4. No, no, no! This is _still_ all wron. Support standards and not any particular browser.
    — Vikram, a longtime Firefox+Linux user.

  5. “No, no, no! This is _still_ all wron. Support standards and not any particular browser.”
    How can this be accomplished when Internet Explorer itself does not support standards.

  6. Behind the Curtain at TCG: NASA ditches IE in favor of Firefox

    Behind the Curtain at TCG: NASA ditches IE in favor of Firefox
    There are no sources for the information in this article, but I would be thrilled to hear that its true. Internet Explorer is a washed up security risk of an application and I&R…

  7. Adam: I think the point was that there are other browsers out there that are also very standards compliant- and NASA should be supporting standards-compliant browsers in general rather than just sticking to one browser.
    However, for admin purposes, standarising to one browser is much easier on them.

  8. NASA Ditches IE For Firefox

    Rumour has it that NASA have had enough of IE’s security problems and ditched it for Firefox. Incidentally, for those interested, approximately 25% of visitors to A Welsh View use Firefox.

  9. Er, i just clicked through several pages on the nasa site at http://www.nasa.gov using Internet Exploder 6.0.28 and saw absolutely nothing as mentioned…maybe the nasa site is intelligent enough to detect that my primary browser is actually firefox, and disables the warnings… 😉

  10. > Awww! I think I speak for all digg users.
    > Why couldn’t it have been Opera?
    Because security track record is irrelevant to the topic of security — hype is what matters.
    — y

  11. NASA ditches IE in favor of Firefox

    NASA has given up entirely on Internet Explorer. Now every time you go to a page using IE, you get up to three prompts telling you how risky it is to run scripts. The official line is that the newest IE vulnerability was the proverbial straw, and now …

  12. Well, it seems that the script telling you that IE is not “secure enough” (it was never “secure” in the first place) is run only for the “inside” users. Nobody expect that the NASA implement such scripts for every internet user on every site they own, right?

  13. Go ahead, switch if you want…in fact I use both Firefox and IE, but don’t assume that because there haven’t been many vulnerabities, that Firefox won’t be next. It’s tough to be on top, which I’m sure that Mozilla will learn once they get closer to it and line up in the cross hairs of all the script kiddies and black hatters out there.

  14. Doesn’t anyone bother to check on this stuff? http://science.nasa.gov/newhome/browsers.htm lists suggested browsers. The list includes IE but not FF. NASA says they “make no endorsement”, but the list still doesn’t support this story. Nor did I see any warnings when using IE.
    I’d like to see FF make it big but fantasy won’t help.

  15. Uh. INTERNALLY. According to the rumor, NASA has made Firefox their only legal browser INTERNALLY. That is, for employees of NASA. Externally may well be another story entirely.

  16. This is being posted from the NASA Johnson Space Center.
    This machine is running IE version 6.0.2900.2180.xpsp_sp2_gdr.050301–1519.
    No warnings have been displayed about scripts.
    If FF is the new standard, it’s taking some time to filter down to the worker bees.

  17. NASA just started using FF 6 months ago, and has yet to include any FF version higher than 1.0.6. NASA’s official browser internally and externally is IE6 SP1 but does not prohibit the use of FF.
    I know…I’m a SW Engineer for a contractor for NASA.

  18. The “suggested browsers” link that Peter Buck posted hasnt been updated since 2000.. If they just made this policy change, that page wouldnt reflect it.

  19. Just a reminder to read the fine entry…
    “Now, if you are an employee of NASA, every time you go to a page using IE, you get up to three prompts telling you how risky it is to run scripts.”
    Note the, ‘if you are an employee of NASA’ portion of the sentence? This implies that NASA employees while at work and on the NASA network, while using Internet Explorer, will get the prompts, not people off their network as in everyone outside of NASA.
    These people who work at NASA can go home, use IE there and they wont get the prompts unless, their home computer is tied to the internal NASA network.
    As for the Opera comment made by Complexium, it shouldn’t matter what browser is used as standards are a part of it.

  20. I work at NASA HQ in Washington DC. The kernel of truth in this rumor probably resides in the fact that NASA has a lot of Mac’s, MSIE no longer comes with Mac OS X, and so NASA chose Firefox as the default browser for Macs from Tiger on. Why not Safari? I have no idea. While Firefox is being used on Windows by some, there has been no edict to ban MSIE that I’m aware of. A lot of internal apps (i.e. COTS server apps) still require it. Until the govt starts requiring COTS solutions to work with and use web standards, this probably won’t change in my lifetime.

  21. Perhaps this little rumor is true but has not yet been implemented across the entire program. NASA is a large umbrella agency, so it’s possible that a specific site (like JPL) may decided to default to Firefox.
    I’d caution NASA employees to avoid discussing too many specifics regarding internal web architecture or applications, as it could be viewed as a violation of ethics and security training.

  22. This has to be nonsense. If anyone has ever been involved in a large-scale corporate software rollout, you know what a nightmare it is to do quality assurance, especially on out-of-date and internal software. Sometimes the former must be replaced, or the latter rewritten, which can delay rollouts for months or even, yes, years.
    Government agencies are even stodgier than corps. They have myriad regulations to conform with, and engineering-oriented agencies like NASA probably have many legacy applications, and NASA has numerous military interfaces which would dictate orange book conformance. They don’t just go changing the browser across the whole organization by fiat, because of one bug (no matter how major, alas). If anything like this were happening, it would be taking months of committee meetings just to make the decision, and rollout would take years.
    That said, I can definitely believe that there may be internally-generated interstitials that prevent casual browsing or at least warn about scripts, as a security measure. That’s not the same thing at all.

  23. FF/NASA rumor

    FF/ NASA rumor: A website says “little birdie told me today that NASA has given up entirely on Internet Explorer.” Check out the trackbacks, how people accept and embellish the story. Then other commenters check the story, and some from inside NASA dis…

  24. FF/NASA rumor

    FF/ NASA rumor: A website says “little birdie told me today that NASA has given up entirely on Internet Explorer.” Check out the trackbacks, how people accept and embellish the story. Then other commenters check the story, and some from inside NASA dis…

  25. Eh??? Doesn’t matter what browser?!?
    Someone’s got their pipe full of the white stuff. I casually wrote a JavaScript interpreter over the weekend and it runs 5 times faster than Spidermonkey; and I didn’t even touch assembler. Don’t worry, it runs 4 times as fast as IE’s JScript too.
    Why is it I, an undergraduate, can write something that so vastly outperforms what is the most used interpreter in the world?

  26. Firefox is now in our internal pushes to our workstations so users can have the option to use Firefox if they haven’t downloaded it already. End of story. At least, that’s how it is at Johnson Space Center.

  27. Why Firefox ? Well if they are anything ESA, then probably Netscape used to be their standard browser, so Firefox would partly be a return to the roots.

  28. re: Dan, clicking on your link I expected to see details of some actual realworld tests you did to back up what you said, nothing there yet. But also I can see that you are not *just* any undergraduate, given that you plan to write your own operating system.

  29. NASA can’t afford any security risks, so it’s possible they at least started to make the switch. They may recommend FF for external internet use, and IE for internal. Or they may just recommend it as an interim solution until IE 7 arrives.
    The point is that IE 6 hasn’t changed much since 1998 and has far too many vulnerabilities to be fixed. IE 7 will have great security but until then, it’s important that high-security institutions like NASA use something else.

  30. But this is interesting because I don’t know of another government agency that has recently standardized (internally) on any browser besides IE for…well, it’s been a long time. Years. Time was Mozilla (Netscape) was standard at NCI, but even that holdout has given up the ghost. Maybe this will give them precedent so they can move to a good browser.

Comments are closed.