Feeds

Security experts cry foul over Browzar

Browser beware

Protecting against web application threats using SSL

Security experts are crying foul over a new supposedly secure browser application.

Browzar is promoted as an easy way for users to surf the web without leaving traces of sensitive information behind on their PCs. Critics say it fails to do what it says on the tin and, worse still, the software manipulates search results to push ads at users.

Browzar, according to its developers, is designed not to retain information. Browzar automatically deletes internet caches, histories, cookies. It doesn't use auto-complete forms, a feature that anticipates the search term or web address a user might enter.

Initially, we took these assurances at face value, but many problems with the software have since emerged.

Although positioned as a fully fledged browser application, Browzar is a simple "custom wrapper" and user interface for IE that inherits any problems an installed version of Internet Explorer might have, while adding some all of its own. The software is supposed to get rid of all records of sites surfers may have visited, along with cookies and history files relating to a Browzar session from users' PCs.

But Browzar does not clean up all traces of surfing as promised. Deleted files are not wiped and would be easy to recover - allowing anyone with a basic data recovery tool to access history, cookies or any other media downloaded using Browzar. Furthermore, because Browzar uses IE's ActiveX control, a list of browsed websites stills appear in the index.dat file. Browzar therefore, according to critics, offers a false sense of privacy protection.

As if that wasn't enough reason to be wary of the software, Browzar steers users towards the firm's own search page which allows the browser's developers to insert sponsored links intermixed with regular search results. Much of the criticism of Browzar has focused on its skewed search engine and the use of Browzar's website as the default (unchangeable) home page for surfers.

Based on this feature, security guru Bruce Schneier describes the software as ad-ware, a view backed up multiple assessments of the software by other security researchers (here and here).

Other applications, such as Sandboxie, which runs programs inside of a virtual "sandbox", offer a far better alternative to Browzar, the SANS Institute suggests.

Browzar's developers reject the ad-ware tag but say they are prepared to examine feedback, the BBC reports.

Ajaz Ahmed, founder of UK ISP Freeserve and the business brains behind Browzar, told the BBC: "This is not adware at all. Like every search engine, Browzar has sponsored advertising." ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.