In an effort to enhance the security of their popular web browser, Mozilla has dropped support for FTP in their recent Firefox update.
While the bold move may have come as a surprise to some, Mozilla actually released an article over a year ago detailing their plans to ditch FTP. In April, Firefox 88 was released, which disabled FTP functionality by default. Diehard FTP users who were determined to continue using Firefox for their FTP needs could still manually re-enable the functionality, though this was short-lived. Now, with the release of Firefox 90, the not-so-secure file transfer protocol has been disabled entirely.
Now you might be thinking to yourself that you'll just use Chrome or Edge instead of Firefox. Well, sorry to be the bearer of bad news, but those browsers haven't supported FTP since January 2021.
It's hard to blame developers for wanting to drop the aging protocol. The original specification for FTP was written over 50 years ago. Though it's been revised over the years to support things like TCP/IP, it lacks the security features necessary to keep users and data safe in today's online world. Mozilla highlights some of the security risks associated with FTP in a recent blog covering their decision to disable FTP support:
"The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user’s device using the FTP protocol."
Recently, threat actors have been hard at work, exploiting every vulnerability they can find. With the recent spree of vulnerabilities associated with the print spooler, another aging system, it makes sense to prioritize security over functionality. Also, as many systems transition to cloud solutions, users no longer rely on FTP as heavily as they once did.
While the big three in web browsers have decided to part ways with FTP, that doesn't mean that you have to as well. Whether or not you should is another question altogether, one you should probably discuss with your Security Engineer. If they give you the go-ahead, here are some alternatives you should consider.
Each of these utilities offers a ton of functionality and will keep you transferring files for years to come. In addition, each of these applications is either free or has a free version available, which will fit even the tightest budgets.
Once you're ready to push out a new FTP client to your users, PDQ Deploy is here to make the process as easy as possible. If you don't already have PDQ Deploy, take it for a spin with a 14-day free trial.
The package library in PDQ Deploy includes three of the FTP solutions listed above. The FileZilla, WinSCP, and Core FTP LE packages are all built and maintained automatically by PDQ, which means less work for you. To find them in the package library:
Open PDQ Deploy and click on the Package Library menu option in the navigation pane
In the filter field, enter the name of the FTP client you want to install. I'll use WinSCP for this example, but you can use FileZilla or Core FTP LE and still follow along. The process is the same.
Select the package and click Download Selected (As Auto Download)
Once the package has been downloaded, you'll see it listed under your available packages in the navigation menu.
Now that you have the package downloaded, you can deploy it to hundreds of computers in a matter of minutes. To deploy it:
Right-click on the package and select Deploy Once
In the Deploy Once window, add the targets you want to deploy to by entering the names of the machines and click Add Computer. You can also click Choose Targets to choose targets from a source like Active Directory or PDQ Inventory.
Once you've got your targets added, click Deploy Now
You can check on the status of your deployments in the deployments window
That's all there is to it. You can deploy the package to as many machines as needed.
While it's sad to see the industry transition away from older technologies, it's usually for the best, especially when security is a concern. These days, with new exploits and vulnerabilities popping up daily, you really can't be too careful.