[newbie] proxy, windows integrated authentication, browsers

hi there,

as i mentioned int the subject i'm a complete newbie about this kind of
things.

this is my present situation: my company just moved from a
basic-authentication-only http proxy to a new setup where the
http-authenticate lists: ntlm (first... :-( ), kerberos, negotiate.

this is good in order to prevent sniffers capture the
username/password, of course, but... the move had a side effect:
windows integrated authentication began to work.

now, maybe i'm wrong but... i definitely don't like it, especially
because we are forced to use outlook and outlook express (which use ie
as a component iirc) and anyway a lot of software you can install
under windows now can communicate with the outside world without
"mediation".

how can i prevent firefox and especially ie (and every software that
can transparently inherit my credentials) from automatically
authenticate themselves and do what they want without my
acknowledgement? :-|

wrt firefox: i spotted a couple of parameters in about:config related
to automatic ntlm authentication, will they suffice in stopping even
kerberos?

thank you in advance for any hint/suggestion/url