Privacy Web Browser 'Browzar' Branded Adware

DivineOmega writes "The recently released 'Browzar' web browser, based on the Internet Explorer core, is designed to protect a user's privacy whilst surfing the Internet and be an effective 'throw-away' browser. However many who deal with the removal of malware have flagged this software as malware. From the article: 'The application Browzar has been branded "adware" by many because it directs web searches to online adverts. Some technical experts also say Browzar, which claims to leave no trail of webpages visited, does not work. Browzar's developers say they are examining the feedback but strongly deny that it is adware.'"

well,

[joe+155]

they failed in their objectives pretty completely there...

I could go on to make jokes about an IE core, but that might be tacky (besides you'll have them in a moment anyway...)

Nobody cared about the first story

[karmaflux]

...and nobody cares now.

Releasing a closed-source Windows-only IE-based browser that claims to do things already done by other browsers is a non-story, especially on Slashdot. The discovery that it's adware can only be addressed with a single-word response:

Duh.

Re:Nobody cared about the first story

[daeg]

Just because you don't care doesn't mean others don't care. I found it interesting both times, as I am sure others did. Now if someone asks me or tries to use Browzar as a counter to the Firefox packages that don't leave trails, I can advise them that Browzar might not be all that it claims it is.

Believe it or not, some Slashdot users might even be using Browzar thinking they are safe.

Don't like it? Don't read it.

I'm not sure why this is a YRO story, though.

Re:Nobody cared about the first story

[Firehed]

You must lead a very angry lifestyle...

There are plenty of perfectly good closed-source solutions out there, both paid and free. Unless you're one of the truest of true 'practice what you preach Linux zealots,' chances are that you're using at least one of them. Now exactly how you classify 'scumware' I don't know, we all know there's rarely a true something-for-nothing

To the masses, open source doesn't mean a damn thing. To slashdotters, it means a warm fuzzy feeling but, probably more often than not, nothing more. How much OSS are you using? Probably quite a bit, going by your cynical attitude. I tend to use an OSS solution when it's available in favor of something closed-source, for the principle of it if nothing else. Now the much more important question: how many times have you actually looked through the source code to make sure it's not full of shitware? I know for me, that's one, and that one time was when I was actually coding the thing. People always go on the assumption that OSS is safe simply because the source is available, but it wouldn't be especially hard to slip a trojan of sorts into a fairly mainstream piece of OSS (probably not something as large as Firefox, but of decent install-base anyways) and get thousands of people infected who were counting on the open-ness as a security blanket. Sure, you're screwed if it happens in a closed-source solution, but it would still take someone who knows what to look for and where to look for it (and, most importantly, is actually doing so) to notice something and then spread the word for open-source software.

On the other hand, we've got Google. Everyone with half a brain knows they monitor absolutely everything they can, and want to know as much about us as possible. And they want to profit from the information. But we still use them. Maybe it's because they only want to use the information for their own profits and thus don't just bend over to the government; maybe it's because every other search engine does it too - but does it matter? I use google, everyone I know (except my moronic brother, but he's "special" that way) uses Google, and I'd bet that the majority of slashdotters use them as well.

I've written things out of goodwill, as have plenty of others. Yes, for every one of us, there's probably ten more with bad intentions; that's life. The 'free' community has given me a lot, and I like to give back in some way or another. That doesn't mean that I want to open-source my stuff. Hate me for it all you want, but I'd like to keep my options open - that doesn't mean I'm going to chock my software full of shit for dirty profits. Maybe some people a bit less cynical had assumed that Browzar was just such an example, since they are out there.

Is anyone really surprised, here?

Let's look at a few things...
1) It uses IE.
2) It's a branded, closed source skin for IE that fails to do many of the claims that it makes
3) Instead of actually creating something, they have to adapt it to something that is KNOWN to have many serious issues that...
4) Allow malware/adware/spyware people to gain control of a browser to do their dirty work...
5) Came pretty much out of nowhere. Full release without known betas,
6) Doesn't work.

Anyone who has been online for a while probably has had an experience or two with IE browser skins. Most of my experiences have involved devious search bars, plugins and other "enhanced content" that effectively monitors, controls traffic and serves ads. Not surprised in the least.

If anyone claims to make a fully private and "secure" browser, while ignoring that you still have ISP and backbone logs, going through pipes and other servers that do their own logging... I'd have to, in my best technical opinion, call bullshit. Especially considering it still uses Internet Explorer as a rendering engine. (If that's indeed all it does.)

Posted anonymously because I don't need no steekin' karma.

Trail

[debilo]

How can they say it leaves no trail when it's based on IE? As far as I know, IE still keeps the browsing history in index.dat which cannot be deleted because it is locked by Windows. I doubt that has changed.

Re:Trail

[DrXym]

Exactly. It's some crappy VB / C++ / .NET wrapper around the IE control. All it can do is set some settings, fire up IE, wipe some settings and hope for the best. It is as vulnerable to spyware, adware, cookies etc. as any other IE-wrapped skin. It is a waste of time to even use the thing since it is snake oil. It is even hard to understand why the thing has garnered ANY attention since IE has been embedded countless times since it appeared as a control.

Re:Trail

[rhvarona]

It is fairly easy to delete.

1) Open a command prompt, go to your user directory where index.dat is located, and search for the index.dat file:
cd %userprofile%
dir /s/b index.dat

2) Open your task manager (press Ctrl-Shift-Esc or right click on task bar). Kill the explorer.exe process.

3) Go back to your command prompt. Delete the file that you found in step 1.

4) Start explorer again, by typing explorer.exe in the command prompt.

BTW, this method is the easiest way to delete or modify all sorts of files that the explorer shell locks while running, without requiring a reboot.

Last Page Cached

[mikeswi]

They've altered it a bit since the story on Digg. Now it opens to an Overture search engine form instead of a page full of PPC links. Same search engine though. It does save a cached copy of the last page visited in the cache folder, after you shut it down. No cookies or anything else was saved that I could see.

Before and after usage log

Re:Any "technical details"?

[Timesprout]

a string of broken hearts

Already been done...

[Omicron32]

Firefox -> Tools -> Clear Private Data

Re:Any "technical details"?

[dreemernj]

Browzar erased temp files and cookies that it created, but not ones that it altered. So, if you visit a site in IE, and then go and visit it in Browzar, Browzar will alter the cookies set by IE. And when you exit Browzar, it won't undo the changes to those cookies and it won't erase them either. For it to work as advertised it would really need to work without looking at any cookies already on teh system.