Scott Hanselman

A New Private Browser - I mean Browzar - does not work as advertised

September 1, '06 Comments [18] Posted in Reviews
Sponsored By

Browzar_skinsUPDATE: Looks like I was mentioned on the BBC.  I'm afraid they miss the point:

However, some computer experts say they have already identified flaws in Browzar. Scott Hanselman, writing on his blog Computer Zen, claims to have been able to find records of websites he had visited with the program installed.

"Browzar, at least this version, is totally not doing what it says it does," he writes.

The newly released software is entering a market dominated by Internet Explorer.

Of course, the joke here is that Browzar is a wrapper around Internet Explorer.

I had a 2 gig USB Drive, but it was huge and I didn't use it as much as I could. Then I picked up one of these OCZ 2GB Flash for $40 $31 after rebate (that's not a typo!) at Omar's recommendation. It's freaking small.

Then I secured it - you'd be a fool not to, IMHO. Now I'm getting all my Portable Apps moved over to it as well.

Portable apps mean that they can be run directly from a USB Drive without installation. There's a portable version of Firefox, for example.

However, I noticed this little browser, called Browzar, mentioned in this InformationWeek article, that is a single 265k EXE that basically wraps IE 5.5 or above (works fine with 7.0) and is a "private browser." That means it doesn't save cookies or history or autocomplete. Sounds like a convenient thing to have on one's USB drive if one didn't want to leave (blatent) footprints.

Well, since it's hosting IE, I want to see what it's doing. So, I fired it up and visited the naughtiest site I could think of, Pl*yboy, while running Filemon. Here's a screenshot of the cached naughty gifs going in my Temporary Internet Files folder. Notice that Browzar deletes the gifs as soon as it sees them.

Browzar1

Then I closed the browser...You can see here that it deleted a bunch of cookies and such, trying to clean up. However, while it deleted the cookies, it didn't delete the page itself, just closed it.

Browzar3

Notice here, later, I find the file in my IE Cache:

Browzar2

So, Browzar, at least this version, is totally not doing what it says it does. That's a bummer. Maybe next version.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Friday, September 01, 2006 5:07:53 AM UTC
Hi Scott,

This is completely off topic, but I'm trying to find a good Paypal subscription management script that will protect a couple of directories on my site based on the recurring subscription status (paid or not). I would like to offer 3 or 4 recurring subscription options, and then allow access to the private member areas automatically -- no manual intervention needed.

The best script I've found is aMember Pro, but it is sort of expensive at $140 + $40 for Paypal integration per site license.

Do you know of any superior scripts for subscription site management with Paypal integration?

Thanks for your help,

Joe
Joe
Friday, September 01, 2006 5:44:54 AM UTC
That is totally off topic. Seems like $180 is a small financial outlay for a scheme that will make you money, no?
Scott Hanselman
Friday, September 01, 2006 5:46:14 AM UTC
Scott, is that *really* the dirtiest site you can think of, choir boy?
Friday, September 01, 2006 6:08:36 AM UTC
I saw this on /. yesterday. Man, that guy is so full of it I can smell him all the way across the Atlantic.

Check out the FAQ -

Q. What are the system requirements for Browzar?

A. The minimum requirements for Browzar are: Windows 98 Second Edition (SE): and Internet Explorer (IE) 5.5.

(My comment - Okay... If you say so, but I don't think you're exactly worthy of calling yourself a secure browser if you're just implementing an ActiveX control and deleting a few choice files AFTER they already live on your filesystem. Oh, yeah, THAT's private.)

Q. Will Browzar run on Apple Macintosh computers?

A. Not yet, but we plan to release a Mac version soon so watch this space!

(My comment - That'll be a neat trick, since IE for Mac is pretty well dead.)

Q. Will Browzar run under Linux?

A. Not yet, but watch this space!

(See above. But even better. Got plans to support... what, exactly?)

And to second an earlier opinion... Pl*yboy is the dirtiest you could come up with? I read the dead tree version for the articles! (and why are we obfuscating the "a"?)
Friday, September 01, 2006 8:46:33 AM UTC
Hi Scott,

I was looking for something like that too and I found the "Distrust" extension for Firefox (http://www.gness.com/distrust/). When activated, it prevents the browser from recording history entries, disables the cache, sets the duration of all cookie to session etc. As far as my limited testing goes, it seems to be working great.

Julien
Friday, September 01, 2006 12:44:08 PM UTC
Got to admire their marketing skills though. They seem to have hit a keynote with the big boys of news, even if the software is nowhere near what it is claiming to be.

BBC Technology News: http://news.bbc.co.uk/1/hi/technology/5305250.stm

I'm just wondering how many people will get sucked into thinking this is an actual self contained browser, since that's how there press releases seem to be pushing it (or are being interpreted) - as a replacement for IE, not the IE add-on that it really is.
Friday, September 01, 2006 11:41:42 PM UTC
I've been using Firefox since it first appeared, and various versions of Mozilla before that. I have also used Opera going back to when it first appeared. They both are way better than IE for security settings, and have always been. For at least a year both have had a feature to clear "private data" when closing the browser. In fact IE has "Delete temporary Internet files" but it's buried in Advanced settings, but that's all it does. I run Firefox with cookies set to "Accept from originating site" and "ask me" for others, and Clear Private data set to delete History, cache, etc. when closing. What is it that Browzar think they are doing that's new? How will they get it to work on Linux when IE doesn't? Ha! Ha! Ha!
Sadiq
Saturday, September 02, 2006 1:11:17 AM UTC
I can't believe it, internet explorer control wrapped up in a cheap and nasty GUI. I wrote a better browser than this years back using C# and ie wrapper. Mine did other terrfic things, maybe I should have marketed and made the headlines. These media people will do anything for a story......

Gotta give it to the guy!!!
Khalid
Saturday, September 02, 2006 5:31:37 AM UTC
Sounds more like Browzaren't
Saturday, September 02, 2006 7:07:22 AM UTC
You did get a mention and a link on the BBC. That's how I got here!

Now you are in my favs..........
Saturday, September 02, 2006 8:36:50 AM UTC
Scott - Saw your comment here:

http://web3.0log.org/2006/09/01/new-secure-browser-browzar-is-fake-and-full-of-adware/ (which, in turn, ended up on Bruce Schneier's blog... Man, I'm speaking volumes about my blogroll...)

It's totally worth mentioning here what that other blog mentioned - This thing promises privacy but delivers adware.
Saturday, September 02, 2006 12:24:27 PM UTC
looks like the bbc article has been rewritten to address the problem you mentioned. clearly a bcc fan of the hanselman.
Sunday, September 03, 2006 7:20:11 PM UTC
But are they really gone?

Anything that is "deleted" on a hard drive isn't truly gone until the blocks it occupied are overwritten.

After downloading Browzar and taking my own sightseeing tour of Pl@yboy.com, I was able to recover a number of cookies, web pages and images using 'Active @ UNDELETE' (a data recovery tool).

The best way for the FBI to *NOT* find incriminating photos on your hard drive, is to *NOT* have them on there in the first place!

Seriously though, I don't understand the need to browse the web in secret? What am I missing?

Yes, I realize the irony of my name being GuyIncognito ;)
GuyIncognito
Sunday, September 03, 2006 11:45:47 PM UTC
Scott, whats this cool shell? I want to have it!
Andy
Monday, September 04, 2006 5:19:33 AM UTC
Oh, it gets better in this version of the article, which made /. today: http://news.bbc.co.uk/1/hi/technology/5310114.stm

From the article:

<quote>
Mr Ahmed said that he had contacted Mr Hanselman. "We're asking him to provide details of how he did so, so that we can make the necessary changes," he explained. "We have done extensive testing but there maybe certain configurations that cause problems."
</quote>

Right. Like it's not there in black and white with screenshots 15 comments up.
Monday, September 04, 2006 6:35:45 AM UTC
I was about to try this browser, until I read it was IE-based... and until I read this: that's was interesting :)

What shell are you using here ? (http://www.hanselman.com/blog/content/binary/browzar2.png)

Thanks,
Leo.
Tuesday, September 05, 2006 4:42:42 AM UTC
Leo, that's Console, details here: http://www.hanselman.com/blog/ABetterPROMPTForCMDEXEOrCoolPromptEnvironmentVariablesAndANiceTransparentMultiprompt.aspx
Tuesday, September 05, 2006 9:56:01 AM UTC
Turns out there's not even an option to set your own home page in this browser, unless you edit the file with a hex editor:

http://rogerkarlsson.com/blogs/misc/change-browzar-home-page/
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.