Feeds

Security experts cry foul over Browzar

Browser beware

Securing Web Applications Made Simple and Scalable

Security experts are crying foul over a new supposedly secure browser application.

Browzar is promoted as an easy way for users to surf the web without leaving traces of sensitive information behind on their PCs. Critics say it fails to do what it says on the tin and, worse still, the software manipulates search results to push ads at users.

Browzar, according to its developers, is designed not to retain information. Browzar automatically deletes internet caches, histories, cookies. It doesn't use auto-complete forms, a feature that anticipates the search term or web address a user might enter.

Initially, we took these assurances at face value, but many problems with the software have since emerged.

Although positioned as a fully fledged browser application, Browzar is a simple "custom wrapper" and user interface for IE that inherits any problems an installed version of Internet Explorer might have, while adding some all of its own. The software is supposed to get rid of all records of sites surfers may have visited, along with cookies and history files relating to a Browzar session from users' PCs.

But Browzar does not clean up all traces of surfing as promised. Deleted files are not wiped and would be easy to recover - allowing anyone with a basic data recovery tool to access history, cookies or any other media downloaded using Browzar. Furthermore, because Browzar uses IE's ActiveX control, a list of browsed websites stills appear in the index.dat file. Browzar therefore, according to critics, offers a false sense of privacy protection.

As if that wasn't enough reason to be wary of the software, Browzar steers users towards the firm's own search page which allows the browser's developers to insert sponsored links intermixed with regular search results. Much of the criticism of Browzar has focused on its skewed search engine and the use of Browzar's website as the default (unchangeable) home page for surfers.

Based on this feature, security guru Bruce Schneier describes the software as ad-ware, a view backed up multiple assessments of the software by other security researchers (here and here).

Other applications, such as Sandboxie, which runs programs inside of a virtual "sandbox", offer a far better alternative to Browzar, the SANS Institute suggests.

Browzar's developers reject the ad-ware tag but say they are prepared to examine feedback, the BBC reports.

Ajaz Ahmed, founder of UK ISP Freeserve and the business brains behind Browzar, told the BBC: "This is not adware at all. Like every search engine, Browzar has sponsored advertising." ®

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.