Security experts cry foul over Browzar

Browser beware

channel

Security experts are crying foul over a new supposedly secure browser application.

Browzar is promoted as an easy way for users to surf the web without leaving traces of sensitive information behind on their PCs. Critics say it fails to do what it says on the tin and, worse still, the software manipulates search results to push ads at users.

Browzar, according to its developers, is designed not to retain information. Browzar automatically deletes internet caches, histories, cookies. It doesn't use auto-complete forms, a feature that anticipates the search term or web address a user might enter.

Initially, we took these assurances at face value, but many problems with the software have since emerged.

Although positioned as a fully fledged browser application, Browzar is a simple "custom wrapper" and user interface for IE that inherits any problems an installed version of Internet Explorer might have, while adding some all of its own. The software is supposed to get rid of all records of sites surfers may have visited, along with cookies and history files relating to a Browzar session from users' PCs.

But Browzar does not clean up all traces of surfing as promised. Deleted files are not wiped and would be easy to recover - allowing anyone with a basic data recovery tool to access history, cookies or any other media downloaded using Browzar. Furthermore, because Browzar uses IE's ActiveX control, a list of browsed websites stills appear in the index.dat file. Browzar therefore, according to critics, offers a false sense of privacy protection.

As if that wasn't enough reason to be wary of the software, Browzar steers users towards the firm's own search page which allows the browser's developers to insert sponsored links intermixed with regular search results. Much of the criticism of Browzar has focused on its skewed search engine and the use of Browzar's website as the default (unchangeable) home page for surfers.

Based on this feature, security guru Bruce Schneier describes the software as ad-ware, a view backed up multiple assessments of the software by other security researchers (here and here).

Other applications, such as Sandboxie, which runs programs inside of a virtual "sandbox", offer a far better alternative to Browzar, the SANS Institute suggests.

Browzar's developers reject the ad-ware tag but say they are prepared to examine feedback, the BBC reports.

Ajaz Ahmed, founder of UK ISP Freeserve and the business brains behind Browzar, told the BBC: "This is not adware at all. Like every search engine, Browzar has sponsored advertising." ®

Sponsored: Designing and building an open ITOA architecture