Slashdot Mirror
Privacy Web Browser 'Browzar' Branded Adware
DivineOmega writes "The recently released 'Browzar' web browser, based on the Internet Explorer core, is designed to protect a user's privacy whilst surfing the Internet and be an effective 'throw-away' browser. However many who deal with the removal of malware have flagged this software as malware. From the article: 'The application Browzar has been branded "adware" by many because it directs web searches to online adverts. Some technical experts also say Browzar, which claims to leave no trail of webpages visited, does not work. Browzar's developers say they are examining the feedback but strongly deny that it is adware.'"
I knew it was too good to be true. Firefox was better anyway.
they failed in their objectives pretty completely there...
I could go on to make jokes about an IE core, but that might be tacky (besides you'll have them in a moment anyway...)
*''I can't believe it's not a hyperlink.''
Releasing a closed-source Windows-only IE-based browser that claims to do things already done by other browsers is a non-story, especially on Slashdot. The discovery that it's adware can only be addressed with a single-word response:
REM Old programmers don't die. They just GOSUB without RETURN.
We need a search engine that does not keep profiles and logs. Badly. See AOL scandal.
Does anyone know any of the missing details from this story? Like what exactly did the browser leave behind? cookies? history files?
Software vendor pushes sales of proprietary software up with unsubstantiated claims and FUD. The said software is being framed as adware because of certain "features".
News at 11.
Let's look at a few things...
1) It uses IE.
2) It's a branded, closed source skin for IE that fails to do many of the claims that it makes
3) Instead of actually creating something, they have to adapt it to something that is KNOWN to have many serious issues that...
4) Allow malware/adware/spyware people to gain control of a browser to do their dirty work...
5) Came pretty much out of nowhere. Full release without known betas,
6) Doesn't work.
Anyone who has been online for a while probably has had an experience or two with IE browser skins. Most of my experiences have involved devious search bars, plugins and other "enhanced content" that effectively monitors, controls traffic and serves ads. Not surprised in the least.
If anyone claims to make a fully private and "secure" browser, while ignoring that you still have ISP and backbone logs, going through pipes and other servers that do their own logging... I'd have to, in my best technical opinion, call bullshit. Especially considering it still uses Internet Explorer as a rendering engine. (If that's indeed all it does.)
Posted anonymously because I don't need no steekin' karma.
How can they say it leaves no trail when it's based on IE? As far as I know, IE still keeps the browsing history in index.dat which cannot be deleted because it is locked by Windows. I doubt that has changed.
Not a browser for windows that happens to be malware! Say it ain't so!
It's pretty funny how browzar is getting nailed for having ads mixed in with search results. Personally, I'm not too disturbed by this (but it would be nice if they pulled the ads aside). The more concerning part: the "selling point" of the browser is the anonymity and "no trace", which it allegedly fails to accomplish. Talking about false advertising....
this guy simply recovered all the data that this Adware Browser was supposed to of deleted using simple file recovery software, as this Browzar company is based in the UK you can stop him/his company via your local trading standards and complaining directly to the ASA for false and deceptive advertising
They've altered it a bit since the story on Digg. Now it opens to an Overture search engine form instead of a page full of PPC links. Same search engine though. It does save a cached copy of the last page visited in the cache folder, after you shut it down. No cookies or anything else was saved that I could see.
Before and after usage log
Only on
is here: http://www.hanselman.com/blog/ANewPrivateBrowserIM eanBrowzarDoesNotWorkAsAdvertised.aspx
Not that I would care much for some "enhanced" IE shell, but it makes sense for there to be such a market, of course. How do you know who to trust if you're not a geek reading tech news every day? Maybe google should have some kind of techmeme-ish related links to every site in a result.
Browser designed to protect a user's privacy which is based on the Internet Explorer core is an oxymoron oto my ears.
Besides, how do you "BASE" something on closed source? Isn't it a fancy term of creating new front-end to the "same old same old" using an API?
there is no issue with my network
Firefox -> Tools -> Clear Private Data
Article summary:
The browser is like ten thousand spoons when all you need is a knife.
ok, i know this doesnt make Browzar any less lame, but it can be modified to use the start page YOU want, and the search engine you want as well (to an extent). as a proof of concept, im hosting a zip file with 2 versions of the Browzer Black EXE. both use Google as the search engine. one uses Google as its start page, and the other uses my site as its start page. i have the file here (i may update the page at a later date with other stuff as well): http://xenomorph.net/browzar/ i posted this one some other sites because of the Adware issue. it doesnt make the browser any more secure, but you at least get to use a better search engine.
Did they not say from the start that the business model of it was to make money through a sponsored search engine? http://yro.slashdot.org/article.pl?sid=06/08/31/03 58225
For info, firefox can be set so that all locally stored data can be deleted every time you exit.
I would like to refer to my previous comment on the subject.
This guy's the limit!
just another "use firefox" advert of course, I DO use firefox but still..
does not surprise me, using IE as a core in an attempt to recreate something like firefox (which all this functionality you can easily do with ff and a few tweaks that take five minutes)
moving along.. nothing to see here..
anime+manga together at last.. in real time.
Thought I'd give it a try, but somehow, even the first time I used it, it was able to automatically log me into my google homepage. Seems a little odd for a browser that supposedly deletes all session data each time it's closed. No thanks...that one went in the trash...what a load of crap.
One of the points in the original slashdot story (http://yro.slashdot.org/article.pl?sid=06/08/31/0 358225) was that there would soon be a port to Linux, but how will they achieve this when it uses an IE core which, presumably, is a Windows only app?
In Safari, all one has to do is select "Private Browsing" from the "Safari" menu. Why don't all browsers have that?
Portable Firefox
Yeah they fail on removing files. I ran browzar (silver addition) in sandboxie http://www.sandboxie.com/ and it left behind 34 files, 16 folders for a total 1.72mb of stuff that they claim shouldn't be there. You can view what was left behind here (zipped) http://rapidshare.de/files/31863264/Browzar_Stuff_ Left_Behind.zip
When I ran browzar all I did was enter fast car in the search bar at the top right, after going through 4 pages or so called search results all I saw was 40 results of sponsors. Yeah sounds like adware to me.
Then then went to google.ca and entered fast car, better.
Oh well next :)
When the BBC posts an article about how this is a safe browser and it appears to be not true (in fact, perhaps it's Adware), then I think the article has risen to a high enough level that a refutal is in order.
http://lkml.org/lkml/2005/8/20/95
I wonder if this program on my computer called "br()wz0r" is malware...
http://outcampaign.org/
I stuck it on my usb drive because it was a small EXE, it was standalone, no installer, and the devs themselves say it's good for portable use. I didn't really run it through it's paces, but I'll probably stick with my Portable Firefox, which can clean my trail anyways, and doesn't rely on IE.
I just tried the included search engine as well as Google. I'm not seeing any adverts. I was going to try invalid domain names, but my comp is set up in an odd way so that programs can't tell if DNS requests fail, so they end up timing out instead of DNS failing.
That reminds me of an article we had not too long ago here, dealing with the security of encryption schemes. This hits the same topic: How "secure" is what we consider secure?
The browser was advertized as a privacy ensuring tool. Now we learn it is exactly the opposite. Which one is true? What claims can you rely on? What review is actually independent and "true"?
The end result will probably be that the only thing you can actually trust (at least to a moderate extent) is open source software. For the simple reason that, even if you cannot verify its safety and privacy, peer review will work. Someone with the ability to read source will want to use it and thus review it, test it and determine its inner workings.
This of course requires you to trust the system you build it on, the compiler you build it with, the libraries used in the process and so on. A very lengthy rewiew process, but still it is more secure and profound than anything you can reach with software that you can, at best (and only until DRM disables it), throw into a disassembler to get at least a clue of its plans.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Tools -> Options -> Privacy -> Settings
Select all options under 'Private Data', select 'Clear Private Data when closing Firefox'.
Yay.
If this is "badware", please fill out a Badware Report at StopBadware.org.
That organization has real promise for putting a dent into adware and spyware. With legal support from Harvard University and Oxford University, financial support from Google, Lenovo, and Sun, and assistance from Consumer's Union, they're in a very strong position to fight back. They're not going to cave in because some business complains.
Why is this even news? Why does anyone listen?
This crap is based on IE. If anyone believes that an IE engine browser will be safe & private, I'd like to send you some information literature regarding some beach front land in Louisanna.
*shrug*. This shit has been in the news for days now. What the fuck; it's practically a prank. There's nothing here to see folks, other than some moron pretending to release a browser by repackaging pure-shit. You're supposed to ignore stuff like this; just like the guy who claims he'll prove the water carborator works, but only after you buy his $19.99 (plus $24.99 shipping & handling) Automobile Water Carborator upgrade kit.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Want real privacy? Use the free open-source browser Torpark. Based on Firefox, comes with NoScript and Adblock, default config stores no history or cookies, your traffic runs through the Tor network, and best of all it can run from a removeable flash drive. Encrypt your flashdrive with TrueCrypt if you want.
... Browzar's developers say they are examining the feedback but strongly deny that it is adware. ...
If it meets the criteria for spyware: (excerpt)
Five evaluation criteria
Microsoft researchers use the following categories to determine whether to add a program to the definition library for detection, and what classification type, risk level, and recommendation to give it.
Deceptive behaviors. Runs processes or programs on the user's computer without notifying the user and getting the user's consent. Prevents users from controlling the actions taken by the program while it runs on the computer. Prevents users from uninstalling or removing the program.
Privacy. Collects, uses, or communicates the user's personal information and behaviors (such as Web browsing habits) without explicit consent.
Security. Attempts to circumvent or disable the security features on the user's computer, or otherwise compromises the computer's security.
Performance. Undermines performance, reliability, and quality of the user's computing experience with slow computer speed, reduced productivity, or corruption of the operating system.
Industry and consumer opinion. Considers the input from software industry and individual users as a key factor to help identify new behaviors and programs that might present risks to the user's computing experience.
Then it is spyware/adware no matter how strongly the vendor denies it.
Shh.
Because it can only be built around the IE component, therefore it inherits all IE flaws. Whatever their developers publicly say, this thing can't be better than the browser example one can find in every IDE such as C++Builder and Delphi where you drop a IE component on a form, write less than 10 lines of code and -voila- here's "your" shiny new web browser to show your friends how h4x0r you are.
Users willing to try this crap should be taught why functional browsers like Firefox or Opera are a very different thing.
based on the Internet Explorer core, is designed to protect a user's privacy
HAAAAAHAAAHAHAAHAHAHAHAHAHA HAHAHAHAHAHAHAHAHAHAAHA !!! HAHAHAHAHAHA... oh my god... can't take a bre.. HAHAAHAHAHAHAHAH
Disclaimer: I'm not a MS hater, and really like IE7, but HHAHAHAHAHAHAHHAHAHAHAAHAHAHAHAHAHAA.
... but instead sends all your juicy details to the mother ship. W00t!
as a proof of concept, im hosting a zip file with 2 versions of the Browzer Black EXE. both use Google as the search engine. one uses Google as its start page, and the other uses my site as its start page.
So to sum up, you worked out how to change your home page.
Congratulations - you win at the Internet.
And you get extra marks for using it as an opportunity to spam your shitty website on Slashdot.
I warned you all. I stand by what I have always ever said.
The only way to tell whether a program is any good is to examine the source code.
If the supplier doesn't want to show you the source code, the most probable reason for that is that there is something in there that they don't want you to know about. Back in the Classic Unix days, all software was distributed in source code form. You weren't necessarily allowed to pass copies about, but at least you could look at it and patch it. If the ugly truth be told, you probably had to patch it just because almost no two setups were ever identical.
I would like to see a (partial) return to those days. Maybe not the incompatibility (though it'd create employment opportunities for people who know one end of a shell prompt from the other) but the distribution of software in source code form, even if free and easy copying is not permitted, would be wonderful.
Disguising the source code does NOT make it harder to copy a program. It DOES make it harder to detect and repair problems. I would vote for anyone who intended to pass a law mandating that the administrator of a computer has the right to see the source code of any program running on that computer, and may use reasonable force to obtain it if necessary.
Je fume. Tu fumes. Nous fûmes!
I think lot of people are missing something here. If you set a unique numbered cookie on a first visit with IE, lets say to Gmail.
Do some stuff on Gmail. Log off. Gmail stores the status against your cookie number, ON ITS SERVER.
Close IE.
Open another browser, log into Gmail. Gmail knows its you, as you logged in with your id/password even though the new browser gave no cookie, so you do "stuff" and log out. You close the browser, deleting all cookies before you do, the cookie is deleted form the new browser, your Gmail status is save ON THE SERVER referenced to your unique id, still the same original unique id as you had in IE
You open IE, it sends your original cookie, and surprise surprise, the Gmail system works as designed and knows you visited and did "stuff" from your other browser.
it was Slashdot that first put about the browser 'Browzar' and how good it supposedly was - presumbly from reading the spec's and not actually testing it. makes you wonder how many other things this site has got wrong?