Privacy Web Browser 'Browzar' Branded Adware

DivineOmega writes "The recently released 'Browzar' web browser, based on the Internet Explorer core, is designed to protect a user's privacy whilst surfing the Internet and be an effective 'throw-away' browser. However many who deal with the removal of malware have flagged this software as malware. From the article: 'The application Browzar has been branded "adware" by many because it directs web searches to online adverts. Some technical experts also say Browzar, which claims to leave no trail of webpages visited, does not work. Browzar's developers say they are examining the feedback but strongly deny that it is adware.'"

well,

[joe 155 (937621)]

they failed in their objectives pretty completely there...

I could go on to make jokes about an IE core, but that might be tacky (besides you'll have them in a moment anyway...)

Nobody cared about the first story

[karmaflux (148909)]

...and nobody cares now.

Releasing a closed-source Windows-only IE-based browser that claims to do things already done by other browsers is a non-story, especially on Slashdot. The discovery that it's adware can only be addressed with a single-word response:

Duh.

Re:Nobody cared about the first story

[daeg (828071)]

Just because you don't care doesn't mean others don't care. I found it interesting both times, as I am sure others did. Now if someone asks me or tries to use Browzar as a counter to the Firefox packages that don't leave trails, I can advise them that Browzar might not be all that it claims it is.

Believe it or not, some Slashdot users might even be using Browzar thinking they are safe.

Don't like it? Don't read it.

I'm not sure why this is a YRO story, though.

Re:

[jmorris42 (1458)]

> Believe it or not, some Slashdot users might even be using Browzar thinking they are safe.

Then they deserve what they get. Anybody who didn't see 'scumware' written all over this the first time it made slashdot isn't cynical enough to survive out in the real world anyway.

Rule 1. No company gives out a free download for Windows that isn't scumware when it first ships or silently turns into scumware the second the company is expected to show a profit. Zero. Even Netscape turned into scumware before i

Re:Nobody cared about the first story

[Firehed (942385)]

You must lead a very angry lifestyle...

There are plenty of perfectly good closed-source solutions out there, both paid and free. Unless you're one of the truest of true 'practice what you preach Linux zealots,' chances are that you're using at least one of them. Now exactly how you classify 'scumware' I don't know, we all know there's rarely a true something-for-nothing

To the masses, open source doesn't mean a damn thing. To slashdotters, it means a warm fuzzy feeling but, probably more often than not, nothing more. How much OSS are you using? Probably quite a bit, going by your cynical attitude. I tend to use an OSS solution when it's available in favor of something closed-source, for the principle of it if nothing else. Now the much more important question: how many times have you actually looked through the source code to make sure it's not full of shitware? I know for me, that's one, and that one time was when I was actually coding the thing. People always go on the assumption that OSS is safe simply because the source is available, but it wouldn't be especially hard to slip a trojan of sorts into a fairly mainstream piece of OSS (probably not something as large as Firefox, but of decent install-base anyways) and get thousands of people infected who were counting on the open-ness as a security blanket. Sure, you're screwed if it happens in a closed-source solution, but it would still take someone who knows what to look for and where to look for it (and, most importantly, is actually doing so) to notice something and then spread the word for open-source software.

On the other hand, we've got Google. Everyone with half a brain knows they monitor absolutely everything they can, and want to know as much about us as possible. And they want to profit from the information. But we still use them. Maybe it's because they only want to use the information for their own profits and thus don't just bend over to the government; maybe it's because every other search engine does it too - but does it matter? I use google, everyone I know (except my moronic brother, but he's "special" that way) uses Google, and I'd bet that the majority of slashdotters use them as well.

I've written things out of goodwill, as have plenty of others. Yes, for every one of us, there's probably ten more with bad intentions; that's life. The 'free' community has given me a lot, and I like to give back in some way or another. That doesn't mean that I want to open-source my stuff. Hate me for it all you want, but I'd like to keep my options open - that doesn't mean I'm going to chock my software full of shit for dirty profits. Maybe some people a bit less cynical had assumed that Browzar was just such an example, since they are out there.

Re:

[Jaruzel (804522)]

I have actually looked on source of some programs, but not to search shit. This programs had some silly limitations, so I changed them. With closed source programs i couldn't do that, and this would really discard program for me.

Sounds like you are (sometime) programmer. If so, instead of bitching about closed source programs, just sit down and actually write something useful from scratch... ...and then like the rest of us, who have done this, think 'Shit, this is a good app, I'm going to release it to the

Re:

[devnull17 (592326)]

I'm usually pretty lenient with this kind of thing, but Browzar set off my bullshit detector, too. It's certainly not newsworthy, and at best, the story was free advertising for a product that, in the end, is pretty damn trivial.

There was a similar story a few years ago about some kid who added a few very basic enhancements to an instance of IE for a science fair project and got all kinds of mainstream news coverage. It's like, wow, you figured out how to embed ActiveX controls. Grats d00d.

I understand h

I disagree.

[YesIAmAScript (886271)]

When the BBC posts an article about how this is a safe browser and it appears to be not true (in fact, perhaps it's Adware), then I think the article has risen to a high enough level that a refutal is in order.

Is anyone really surprised, here?

[by Anonymous Coward]

Let's look at a few things...
1) It uses IE.
2) It's a branded, closed source skin for IE that fails to do many of the claims that it makes
3) Instead of actually creating something, they have to adapt it to something that is KNOWN to have many serious issues that...
4) Allow malware/adware/spyware people to gain control of a browser to do their dirty work...
5) Came pretty much out of nowhere. Full release without known betas,
6) Doesn't work.

Anyone who has been online for a while probably has had an experience or two with IE browser skins. Most of my experiences have involved devious search bars, plugins and other "enhanced content" that effectively monitors, controls traffic and serves ads. Not surprised in the least.

If anyone claims to make a fully private and "secure" browser, while ignoring that you still have ISP and backbone logs, going through pipes and other servers that do their own logging... I'd have to, in my best technical opinion, call bullshit. Especially considering it still uses Internet Explorer as a rendering engine. (If that's indeed all it does.)

Posted anonymously because I don't need no steekin' karma.

Re:

[owlnation (858981)]

Can I also add:

7) Came from the same people who were responsible for Freeserve.

Which actually make the previous six easy to understand / believe / expect. Those of us who remember Freeserve, do not do so fondly. It wasn't Free and it only Served Ads.

Re:

[The MAZZTer (911996)]

If anyone claims to make a fully private and "secure" browser, while ignoring that you still have ISP and backbone logs, going through pipes and other servers that do their own logging... I'd have to, in my best technical opinion, call bullshit.

What if it piped it's traffic through an encrypted proxy routing system like Tor [wikipedia.org]? Granted, even then you're not completely secure, but it's good enough for most purposes. The only possible downsides I see are:

• Someone who is familiar with Tor and is sniffing

Re:

[dbIII (701233)]

If anyone claims to make a fully private and "secure" browser, while ignoring that you still have ISP and backbone logs, going through pipes and other servers that do their own logging... I'd have to, in my best technical opinion, call bullshit

It is easy to do - ssh into another machine and run the browser there and have X windows put it on your local display. On MS Windows there is the option of VNC over ssh or a VPN. Of course logging is done with respect to the other machine - so it has to be a two pa

Trail

[debilo (612116)]

How can they say it leaves no trail when it's based on IE? As far as I know, IE still keeps the browsing history in index.dat which cannot be deleted because it is locked by Windows. I doubt that has changed.

Re:Trail

[DrXym (126579)]

Exactly. It's some crappy VB / C++ / .NET wrapper around the IE control. All it can do is set some settings, fire up IE, wipe some settings and hope for the best. It is as vulnerable to spyware, adware, cookies etc. as any other IE-wrapped skin. It is a waste of time to even use the thing since it is snake oil. It is even hard to understand why the thing has garnered ANY attention since IE has been embedded countless times since it appeared as a control.

Re:

[Jeff DeMaagd (2015)]

Heck, the naming seems odd (Browzar? Ick), more like some spammer or marketing nitwit invented it.

Re:Trail

[rhvarona (710818)]

It is fairly easy to delete.

1) Open a command prompt, go to your user directory where index.dat is located, and search for the index.dat file:
cd %userprofile%
dir /s/b index.dat

2) Open your task manager (press Ctrl-Shift-Esc or right click on task bar). Kill the explorer.exe process.

3) Go back to your command prompt. Delete the file that you found in step 1.

4) Start explorer again, by typing explorer.exe in the command prompt.

BTW, this method is the easiest way to delete or modify all sorts of files that the explorer shell locks while running, without requiring a reboot.

Re:

[rifter (147452)]

How can they say it leaves no trail when it's based on IE? As far as I know, IE still keeps the browsing history in index.dat which cannot be deleted because it is locked by Windows. I doubt that has changed.

IE also puts all kinds of browsing history in your registry which is not erased when you erase history. Windows keeps a trail in 5000 places on your computer that, unless you manually attack all 5000 places, will ultimately betray you to someone who knows where to look.

Re:

[Tim C (15259)]

As far as I know, IE still keeps the browsing history in index.dat which cannot be deleted because it is locked by Windows.

It's locked by Explorer, and Browzar *is* Explorer. Besides which, you don't want to delete it, just save an empty version.

Quite apart from that, if I were writing something like this, my first attempt would just involve telling IE not to save history in the first place (assuming that's possible).

My thoughts

[Gemini_25_RB (997440)]

It's pretty funny how browzar is getting nailed for having ads mixed in with search results. Personally, I'm not too disturbed by this (but it would be nice if they pulled the ads aside). The more concerning part: the "selling point" of the browser is the anonymity and "no trace", which it allegedly fails to accomplish. Talking about false advertising....

Re:

[MobileTatsu-NJG (946591)]

"It's pretty funny how browzar is getting nailed for having ads mixed in with search results. "

Well.. if it's redirecting results to adverts, it's basically advertising to other sites what you're searching for. That, in and of itself, is a privacy concern.

Last Page Cached

[mikeswi (658619)]

They've altered it a bit since the story on Digg. Now it opens to an Overture search engine form instead of a page full of PPC links. Same search engine though. It does save a cached copy of the last page visited in the cache folder, after you shut it down. No cookies or anything else was saved that I could see.

Before and after usage log [spywareinfo.com]

Scott Hanselman's post & update

[Felonius Thunk (168604)]

is here: http://www.hanselman.com/blog/ANewPrivateBrowserI M eanBrowzarDoesNotWorkAsAdvertised.aspx [hanselman.com]

Not that I would care much for some "enhanced" IE shell, but it makes sense for there to be such a market, of course. How do you know who to trust if you're not a geek reading tech news every day? Maybe google should have some kind of techmeme-ish related links to every site in a result.

Oxymoron

[slidersv (972720)]

Browser designed to protect a user's privacy which is based on the Internet Explorer core is an oxymoron oto my ears.
Besides, how do you "BASE" something on closed source? Isn't it a fancy term of creating new front-end to the "same old same old" using an API?

Already been done...

[Omicron32 (646469)]

Firefox -> Tools -> Clear Private Data

Re:

[DJ Rubbie (621940)]

Did it ever occured to you that stuff written onto hard disk will usually stay there for a while even if the file is unlinked? I think Firefox only unlinks history and cookie files by default (and not shred them), and even shreding a file may not be secure if so happens that the sectors mapped by the hard disk got changed (because of bad sector). For a browser to be completely 'traceless' on the local machine (ISP, webservers log users anyway, but using Tor can mask that), it must use only RAM for storage a

Re:

[Omicron32 (646469)]

Yes, it did occur to me. What I'm saying is, Browzar doesnt do anything to prevent data from being recovered from the physical disk, so it's still just as good as Clear Private Data in Firefox.

You want untraceable? Linux LiveCD. Pretty much as good as it gets.

Re:

[NatasRevol (731260)]

Safari>Private Browsing

Doesn't write files in the first place, so there's nothing to delete.

Very nice.

Re:

[guruevi (827432)]

Even better:

Safari -> Private browsing... it gives you even a nice warning that it doesn't keep forms, history or cookies in that mode.

Don't you think?

[adolfojp (730818)]

Article summary:
The browser is like ten thousand spoons when all you need is a knife.

previous comment

[gEvil (beta) (945888)]

I would like to refer to my previous comment [slashdot.org] on the subject.

just another "use firefox" advert

[joeldg (518249)]

just another "use firefox" advert of course, I DO use firefox but still..

does not surprise me, using IE as a core in an attempt to recreate something like firefox (which all this functionality you can easily do with ff and a few tweaks that take five minutes)

moving along.. nothing to see here..

lacking expertise?

[capologist (310783)]

Many web browsers, including Firefox, IE and Safari, already allow users to do this manually.

Mr Ahmed said at the time of its release: "Although it's possible to delete history folders and empty cache with existing internet browsers, the majority of internet users worldwide don't have the time or expertise to do this.

In Safari, all one has to do is select "Private Browsing" from the "Safari" menu. Why don't all browsers have that?

Hmm...

[Schraegstrichpunkt (931443)]

I wonder if this program on my computer called "br()wz0r" is malware...

Hmm

[The MAZZTer (911996)]

I stuck it on my usb drive because it was a small EXE, it was standalone, no installer, and the devs themselves say it's good for portable use. I didn't really run it through it's paces, but I'll probably stick with my Portable Firefox, which can clean my trail anyways, and doesn't rely on IE.

Adverts?

[The MAZZTer (911996)]

I just tried the included search engine as well as Google. I'm not seeing any adverts. I was going to try invalid domain names, but my comp is set up in an odd way so that programs can't tell if DNS requests fail, so they end up timing out instead of DNS failing.

Re:

[Phroggy (441)]

I was going to try invalid domain names, but my comp is set up in an odd way so that programs can't tell if DNS requests fail, so they end up timing out instead of DNS failing.

Out of curiosity... what causes this?

Re:

[hawaiian717 (559933)]

He uses EarthLink [slashdot.org]. :P

Re:

[The MAZZTer (911996)]

No, I'm doing it on purpose, for anonymity. I use Proxifier [proxifier.com]'s built in feature to forward DNS requests over a proxy... it's a bit weird but it works (I think it hooks the normal DNS mechanisms, and instead of doing a DNS it returns a bogus IP it saves. When a request for that IP comes along, it looks up the appropriate hostname in its look up table and sends that hostname over the proxy, so no DNS request is made. This also has the advantage of allowing Proxifier to see and report on hostnames as opposed

How good is your privacy? Who can you trust?

[Opportunist (166417)]

That reminds me of an article we had not too long ago here, dealing with the security of encryption schemes. This hits the same topic: How "secure" is what we consider secure?

The browser was advertized as a privacy ensuring tool. Now we learn it is exactly the opposite. Which one is true? What claims can you rely on? What review is actually independent and "true"?

The end result will probably be that the only thing you can actually trust (at least to a moderate extent) is open source software. For the simple reason that, even if you cannot verify its safety and privacy, peer review will work. Someone with the ability to read source will want to use it and thus review it, test it and determine its inner workings.

This of course requires you to trust the system you build it on, the compiler you build it with, the libraries used in the process and so on. A very lengthy rewiew process, but still it is more secure and profound than anything you can reach with software that you can, at best (and only until DRM disables it), throw into a disassembler to get at least a clue of its plans.

Please fill out a "badware" report. Thanks

[Animats (122034)]

If this is "badware", please fill out a Badware Report [stopbadware.org] at StopBadware.org.

That organization has real promise for putting a dent into adware and spyware. With legal support from Harvard University and Oxford University, financial support from Google, Lenovo, and Sun, and assistance from Consumer's Union, they're in a very strong position to fight back. They're not going to cave in because some business complains.

*gaggle*

[WhiteWolf666 (145211)]

Why is this even news? Why does anyone listen?

This crap is based on IE. If anyone believes that an IE engine browser will be safe & private, I'd like to send you some information literature regarding some beach front land in Louisanna.

*shrug*. This shit has been in the news for days now. What the fuck; it's practically a prank. There's nothing here to see folks, other than some moron pretending to release a browser by repackaging pure-shit. You're supposed to ignore stuff like this; just like the guy wh

Criteria

[headkase (533448)]

... Browzar's developers say they are examining the feedback but strongly deny that it is adware. ...

If it meets the criteria [microsoft.com] for spyware: (excerpt)
Five evaluation criteria

Microsoft researchers use the following categories to determine whether to add a program to the definition library for detection, and what classification type, risk level, and recommendation to give it.

Deceptive behaviors. Runs processes or programs on the user's computer without notifying the user and getting the user's consent. Prevents users from controlling the actions taken by the program while it runs on the computer. Prevents users from uninstalling or removing the program.
Privacy. Collects, uses, or communicates the user's personal information and behaviors (such as Web browsing habits) without explicit consent.
Security. Attempts to circumvent or disable the security features on the user's computer, or otherwise compromises the computer's security.
Performance. Undermines performance, reliability, and quality of the user's computing experience with slow computer speed, reduced productivity, or corruption of the operating system.
Industry and consumer opinion. Considers the input from software industry and individual users as a key factor to help identify new behaviors and programs that might present risks to the user's computing experience.

Then it is spyware/adware no matter how strongly the vendor denies it.

So it doesn't leave a local trail on your PC...

[ArsenneLupin (766289)]

... but instead sends all your juicy details to the mother ship. W00t!

Re:

[legoburner (702695)]

Just use a proxy like black box search [blackboxsearch.com].

Re:

[slidersv (972720)]

And after a few years of use we will findout that "Blackbox" is a government project...

Re:

[FudRucker (866063)]

http://www.scroogle.org/cgi-bin/scraper.htm/ [scroogle.org]

Re:Any "technical details"?

[Timesprout (579035)]

a string of broken hearts

Re:Any "technical details"?

[dreemernj (859414)]

Browzar erased temp files and cookies that it created, but not ones that it altered. So, if you visit a site in IE, and then go and visit it in Browzar, Browzar will alter the cookies set by IE. And when you exit Browzar, it won't undo the changes to those cookies and it won't erase them either. For it to work as advertised it would really need to work without looking at any cookies already on teh system.

Re:

[gleffler (540281)]

Dumps stuff into index.dat that anyone can see on the machine. All IE browsers do this.

Re:

[dbIII (701233)]

Did they not say from the start that the business model of it was to make money through a sponsored search engine?

Since they are using IE how much money are they giving to Spyglass? IE was free for two reasons - bury Netscape and screw over Spyglass who sold it for a percentage of future sales.