Well I've not been back here for a while but it's time for another post and this time I'd like feedback from you guys about a decision Sophos has made regarding app control.
We use app control extensively and I block most things not related to our business by default (games, peer to peer etc). One noteable change recently was for Sophos to now add a Firefox V7 and higher policy option. Now while I fully understand the reason for this because of the mindless version updates vomiting out of the Mozilla labs at the moment, I don't understand why they don't pick off the major version numbers and especially, the ability to block beta versions. I've about 20% of users at my organization that use Firefox and of those, about a third watch the firefox website like hawks always wanting the latest, greatest version even if it's not tested and released. Previously, by allowing specific versions and blocking everything else, I had the ability to lock down to only released versions and I also had the ability to lockout old defunct versions that were either to vulnerable or really not fit for purpose (v7 immediately springs to mind!). Now, my users are freely downloading v9 beta, installing it, using it and I have absolutely no control over that with Sophos because they've adopted a v7+ identity only. How bad is that!
I'd like to get some feedback on whether you feel this is the right approach or not. As administrators, we know that the FF version change every 30 days is a big problem and I know there will be a few people out there that don't really care that users can get to higher versions even untested betas and alphas but I and many others do. How does the community feel about this approach?
Should we at the very least still continue to get individual version control? Should we have the v7+ AND the individual version control?
Matt
This thread was automatically locked due to age.
