[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Re: Browzar Bashing: Is It Warranted?

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Re: Browzar Bashing: Is It Warranted?
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Fri, 8 Sep 2006 03:17:39 -0500 (CDT)
Delivered-to: isn@xxxxxxxxxxxxxxx
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/
Sender: <archive@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.windowsitpro.com/Article/ArticleID/93420/93420.html
: 
: Browzar Bashing: Is It Warranted? 
: By Mark Joseph Edwards
:
: Lots of people have been bashing the tool based on its claim to be a 
: privacy enhancer. A lot of the bashers simply do not like advertising at 
: all while others fail to comprehend that Browzar is in beta development 
: and like any software is prone to have bugs.

A lot of the bashers are tired of snake-oil marketing promising us one
thing and delivery another.

: I was surprised to see Bruce Schneier align with those who think Browzar 
: can be considered adware simply because of ads in search results. If you 
: haven't used the tool yet, it has a little search box at the top left 
: similar to Firefox. If you use that box then your query is sent to a 
: Browzar-operated search engine which delivers a lot of sponsored 
: results. So what? Google and Yahoo do the same thing and we don't hear 
: people yelling from rooftops about them. 

Duh, nice try at slight-of-hand here Mark. When I use Firefox, I tell it 
what my home page is. If I use the box at the top right, I know it is 
Google.. and if I don't like that, I can easily change it so the box 
searches something else. How about Browzar .. can I do that? No. I have to 
use their search page since it is hard coded into the program.

Further, Google and Yahoo don't "do the same thing" as Browzar's search 
page. Google clearly marks what is a sponsored advertisement, puts one or 
two at the top off the search results, then it lists the other 3,978,733 
results that i can browse through without fear of sponsored advertising. 
Does Browzar do that?

: Others bash the tool because it doesn't always remove all traces of Web 
: usage history. This is to be expected. After all, it's in beta 
: development. If it's released out of beta and still doesn't remove all 
: traces, as it is claimed to be able to do, THEN complain, but to do so 
: now is just plain aggression for no reasonable cause.

You sound like a Microsoft apologist.

Browzar is a gimmick. Its a very small wrapper to the bloated MSIE engine. 
The ** ONLY ** redeeming quality of this "browser" is that is promises us 
privacy. When it fails to do the ONE thing it is supposedly good at, then 
yes, people are pissed. That's like Microsoft selling us Windows (plural) 
and delivering a program that could only have one Window (singular) up at 
a time. You'd be pissed, right?

: Still others point out that even when Browzar deletes historic Web use 
: records the related files can be recovered using file recovery tools. In 
: other words Browzar doesn't contain any kind of disk wiping technology. 

Err, wait. Doesn't it advertise that it doesn't cache that information? If 
it isn't writing to a disk cache, then how is it being dug out of files 
residing on the disk? If it is writing to a file on the disk, how is this 
good for shared computers, one of the justifications / selling points of 
the browser?

: information. There's no surprise here and Browzar never claimed to be 
: able to prevent history recovery using specialized tools. So why all the 
: fuss?

http://www.browzar.com/

With Browzar you can search and surf the web without leaving any visible 
trace on the computer you are using. [..]

# No browsing history, stored files, or cookies
# No embarrassing search auto-complete
# No installation. Just click run and go
# No registration required

Ok Mark, what's that first bullet there? No "stored files" .. yet it is 
storing browsing history/information in a file?

: I think the usefulness of Browzar is pointed out clearly on the tool's 
: Web page: It makes browsing safer when using public or shared computers. 

Unless the next person is curious and happens to look in the overly 
documented index.dat file that contains potentially sensitive information, 
that your new favorite Browzar writes to.

: It's not an anonymity tool, and it's not meant to 100% effective in all 
: circumstances. Proper perspective seems to severely lacking in Browzar's 
: critics.

Just as proper advertising seems to be severely lacking in Browzar's 
marketing goons.


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/

Prev by Date: [ISN] Secunia Weekly Summary - Issue: 2006-36
Next by Date: [ISN] Alums who sued over data breach fight OU's dismissal motion
Previous by thread: [ISN] Secunia Weekly Summary - Issue: 2006-36
Next by thread: [ISN] Alums who sued over data breach fight OU's dismissal motion
Index(es):
- Date
- Thread