Forwarded from: Josh 
CC: staff (at) attrition.org

# = My comments

Forwarded from: security curmudgeon 

: http://www.windowsitpro.com/Article/ArticleID/93420/93420.html 
: 
: Browzar Bashing: Is It Warranted? By Mark Joseph Edwards
: 
: Lots of people have been bashing the tool based on its claim to be a 
: privacy enhancer. A lot of the bashers simply do notlike advertising 
: at all while others fail to comprehend that Browzar is in beta 
: development and like any software is prone to have bugs.

A lot of the bashers are tired of snake-oil marketing promising us one 
thing and delivery another.

#Gee whoever are you talking about?

: I was surprised to see Bruce Schneier align with those who think 
: Browzar can be considered adware simply because of ads in search 
: results. If you haven't used the tool yet, it has a little search box 
: at the top left similar to Firefox. If you use that box then your 
: query is sent to a Browzar-operated search engine which delivers a lot 
: of sponsored results. So what? Google and Yahoo do the same thing and 
: we don't hear people yelling from rooftops about them.

Duh, nice try at slight-of-hand here Mark. When I use Firefox, I tell it 
what my home page is. If I use the box at the top right, I know it is 
Google.. and if I don't like that, I can easily change it so the box 
searches something else. How about Browzar .. can I do that? No. I have 
to use their search page since it is hard coded into the program.

Further, Google and Yahoo don't "do the same thing" as Browzar's search 
page. Google clearly marks what is a sponsored advertisement, puts one 
or two at the top off the search results, then it lists the other 
3,978,733 results that i can browse through without fear of sponsored 
advertising. Does Browzar do that?

#I do find the clear marks of google's advertisements appealing.  It 
gives me and most netizens #a since of honesty and control. Which is 
what America is all about, right?

: Others bash the tool because it doesn't always remove all traces of 
: Web usage history. This is to be expected. After all, it's in beta 
: development. If it's released out of beta and still doesn't remove all 
: traces, as it is claimed to be able to do, THEN complain, but to do so 
: now is just plain aggression for no reasonable cause.

#So they make false claims while in testing...  I hope airbag 
manufacturers don't claim there #shit works then says "well it was in 
testing..."  But we "released it to the public anyways #with false 
claims, expecting them to know the difference."  I am glad auto makers 
don't use #the same EULA's as software companies or else we'ed all be 
dead!

You sound like a Microsoft apologist.

Browzar is a gimmick. Its a very small wrapper to the bloated MSIE 
engine. The ** ONLY ** redeeming quality of this "browser" is that is 
promises us privacy. When it fails to do the ONE thing it is supposedly 
good at, then yes, people are pissed. That's like Microsoft selling us 
Windows (plural) and delivering a program that could only have one 
Window (singular) up at a time. You'd be pissed, right?

#Gimmick... For who?  Finally the truth!!!!!!!

: Still others point out that even when Browzar deletes historic Web use 
: records the related files can be recovered using file recovery tools. 
: In other words Browzar doesn't contain any kind of disk wiping 
: technology.

Err, wait. Doesn't it advertise that it doesn't cache that information? 
If it isn't writing to a disk cache, then how is it being dug out of 
files residing on the disk? If it is writing to a file on the disk, how 
is this good for shared computers, one of the justifications / selling 
points of the browser?

#Jericho stop being so damn factual!  How dare you contradict the claims 
of such a safe #product...  But seriously is this browser just a 
marketing tool or what?

#js


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/