[ISN] Browzar Bashing: Is It Warranted?

From: InfoSec News (alerts@private)
Date: Fri Sep 08 2006 - 01:01:25 PDT


Forwarded from: Mark Edwards <mje (at) windowsitpro.com>

http://www.windowsitpro.com/Article/ArticleID/93420/93420.html

Browzar Bashing: Is It Warranted?
By Mark Joseph Edwards
September 06, 2006 

When I first learned of Browzar I was excited. But the excitement 
quickly turned to a yawn right about the time I discovered that it's a 
wrapper for Internet Explorer components. Even so, that doesn't mean 
that it isn't a useful tool. I wrote about it in my editorial this week 
for our Security UPDATE Newsletter.

Lots of people have been bashing the tool based on its claim to be a 
privacy enhancer. A lot of the bashers simply do not like advertising at 
all while others fail to comprehend that Browzar is in beta development 
and like any software is prone to have bugs.

I was surprised to see Bruce Schneier align with those who think Browzar 
can be considered adware simply because of ads in search results. If you 
haven't used the tool yet, it has a little search box at the top left 
similar to Firefox. If you use that box then your query is sent to a 
Browzar-operated search engine which delivers a lot of sponsored 
results. So what? Google and Yahoo do the same thing and we don't hear 
people yelling from rooftops about them. Having sponsored search results 
in no way constitutes adware. You can always access your favorite search 
engine directly by simply entering its URL.

Others bash the tool because it doesn't always remove all traces of Web 
usage history. This is to be expected. After all, it's in beta 
development. If it's released out of beta and still doesn't remove all 
traces, as it is claimed to be able to do, THEN complain, but to do so 
now is just plain aggression for no reasonable cause.

Still others point out that even when Browzar deletes historic Web use 
records the related files can be recovered using file recovery tools. In 
other words Browzar doesn't contain any kind of disk wiping technology. 
It relies entirely on Windows API calls to remove Web use history 
information. There's no surprise here and Browzar never claimed to be 
able to prevent history recovery using specialized tools. So why all the 
fuss?

I think the usefulness of Browzar is pointed out clearly on the tool's 
Web page: It makes browsing safer when using public or shared computers. 
It's not an anonymity tool, and it's not meant to 100% effective in all 
circumstances. Proper perspective seems to severely lacking in Browzar's 
critics.



_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Fri Sep 08 2006 - 01:21:54 PDT