Security UPDATE--Browsing with Browzar--September 6, 2006


Unwrap the Hidden Benefits of Compliance

Improve Software Quality and Reduce Costs

Filtering the Spectrum of Internet Threats: Defending Against Inappropriate Content, Spyware, IM, and P2P at the Perimeter



IN FOCUS: Browsing with Browzar


- Firefox 2.0 Beta 2 Released

- Sunbelt Discontinues LanHound, Sells Customer Base

- 9 Ways to Diagnose Windows 2003 IPsec Problems

- Recent Security Vulnerabilities


- Security Matters Blog: Microsoft Wants Your Help on Mobile Security

- FAQ: Hide Domain List During Logon

- From the Forum: NTFS Permissions for Users with Multiple Group Memberships

- Share Your Security Tips

- Microsoft Learning Paths for Security: A More Secure Platform Through Identity and Access Management


- Filter Fights Spyware

- Wanted: Your Reviews of Products




=== SPONSOR: Quest Software


Unwrap the Hidden Benefits of Compliance

If your compliance solutions only address compliance, you're not getting the most for your budget dollar. The new Quest Software white paper, "Leveraging Business Value from Compliance Efforts," offers expert tips for identifying compliance solutions with high business value.

Read the white paper now.

=== IN FOCUS: Browsing with Browzar


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

There's a new Web browser in town and so far it looks pretty darn good, especially from a privacy perspective. However, there is a caveat, which I'll discuss in a moment. The new tool, called Browzar, is available free to anyone. The current version is only 264.4KB in size. That's not a misprint, it's really that small!

Browzar is billed as "the first ever 'freedom' Internet browser" because of the way it works: It doesn't save a cache, history, cookies, favorites, or other telltale information. When you close Browzar, any information that was temporarily stored is automatically deleted, so you don't need to remember to do that manually.

Using Browzar is incredibly simple to use because it's contained in a single executable file, and technically you don't even need to install Browzar onto a system. If your system allows you to, you could just go to the Browzar site, click the download link, and tell the system to open the file and run it.

I took Browzar for a test drive and surfed many Web sites. So far, I haven't found any problems with compatibility. Browzar is currently available for Windows 98 Second Edition and later, and requires Microsoft IE 5.5 or later to be installed on the computer.

Obviously, Browzar gains a lot of its functionality based on the capabilities of an already-installed copy of IE. When I tested the tool, I found that it supports NTLM authentication, JavaScript, and other features such as Adobe Systems' .pdf files and Flash. Components to support the last two features were installed on the system I used to test-drive Browzar.

A quick test also revealed that Browzar's reliance on IE extends to IE's security settings. For example, if ActiveX controls and scripting are disabled in IE, then sites that rely on those technologies won't work in Browzar either.

Browzar's use of IE's rendering engine raises the question of just how secure Browzar really is. Browzar being based on IE could be a major drawback because many security vulnerabilities that affect IE will also affect Browzar. So keep this mind if and when you use it. Browzar is best suited for situations in which you want to make sure nobody will be able to easily recover your browsing history and other sensitive information that you might have entered while surfing various sites.

The only configuration settings available in Browzar are to have it check for updates (which is useful if you've copied it to any type of storage device) and to turn on or off the built-in pop-up blocker. The interface is clean and simple, providing only the typical address box along with the usual navigation buttons and a tiny search box at the top right of the screen, similar to that in Mozilla Firefox. The search box isn't configurable, so when you use it, your queries are sent to the Browzar site, which runs its own search engine. I noticed that a lot of the returned results are sponsored links. Of course, you're free to visit any search engine you want by entering its URL into the address box.

You can get the Windows version now at the URL below. Versions are also planned for Mac OS X and Linux.

Browzar will come in handy when you use shared computers, such as those found at libraries, hotels, conferences and conventions, coffee shops, and business partner and customer networks. Keep in mind that this newly released tool is still in beta development, so while it worked really well during my test, it does have bugs. For example, some people report that it doesn't delete all cached Web pages and others report that it sometimes might leave the last visited URL in IE's index.dat file. I confirmed the latter bug through my own tests but wasn't able to reproduce the first bug.

=== SPONSOR: Klocwork


Improve Software Quality and Reduce Costs

New White Paper from Klocwork: Improve software quality and reduce life-cycle costs by incorporating Static Analysis tools into your routine development processes. Results: More maintainable code, more secure, reliable software and a more predictable development process. Download White Paper.



Firefox 2.0 Beta 2 Released

Mozilla Foundation announced the availability of Firefox 2.0 Beta 2, which includes many enhancements, including a few that improve the browser's security.

Sunbelt Discontinues LanHound, Sells Customer Base

Sunbelt Software will cease development and distribution of LanHound, the company's network analyzer product. Network Instruments is offering Sunbelt's LanHound customers its Observer product as a replacement for LanHound.

9 Ways to Diagnose Windows 2003 IPsec Problems

You've implemented IPsec to protect traffic on your organization's LAN, and although you've followed all the technical documents carefully, you aren't convinced that the traffic on your network is actually protected from eavesdroppers. How can you reassure yourself that IPsec is truly encrypting your computers' network traffic? Orin Thomas shows you how in this article on our Web site.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: St. Bernard Software


Filtering the Spectrum of Internet Threats: Defending Against Inappropriate Content, Spyware, IM, and P2P at the Perimeter

Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P.



SECURITY MATTERS BLOG: Microsoft Wants Your Help on Mobile Security

by Mark Joseph Edwards,

Bill Canning, program manager for Microsoft Solutions for Security and Compliance, posted a message in the company's SecGuide blog asking for help in developing a solution to protect data on laptops against loss or theft. Read this blog item to find out how you can help.

FAQ: Hide Domain List During Logon

by John Savill,

Q: How can I use Group Policy to hide the domain drop-down list in the Windows logon dialog box?

Find the answer at

FROM THE FORUM: NTFS Permissions for Users with Multiple Group Memberships

A forum participant has a particular folder to which one user in a particular group needs read and write access but the rest of the group should not have access. He wonders how best to arrange NTFS permissions to accomplish that. Join the discussion at:


Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

MICROSOFT LEARNING PATHS FOR SECURITY: A More Secure Platform Through Identity and Access Management

Take the either/or scenario out of asset accessibility and security. By automating management, IT departments can reduce operational costs while improving security. Use the resources listed on the Microsoft Learning Paths Web page to get in-depth information about identity and access management--the simplified, secure sharing of digital identities across security boundaries. Find out how to provide a secure environment for managing user identities, authentication methods, and access rights across an organization's internal and external users.



by Renee Munshi, [email protected]

Filter Fights Spyware

NullBound announced the NullBound Malware Prevention System, a filtering system that watches Internet traffic for incoming spyware and blocks the malware from entering your network. You can download NullBound Malware Prevention System for free from the NullBound Web site and receive free monthly updates. Or you can purchase a subscription (a one-year subscription starts at $400 for up to 49 users) and receive updates as soon as they're available. For more information, go to

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.




Attend the 2006 Cross Platform Data roadshows to learn about optimizing 64-bit database computing, business intelligence for SQL Server and Oracle, high-availability proof points for database computing, and implications of architectural differences between Oracle and SQL. Coming to 12 US cities in September and October. Connections Conference

Now in its seventh year, Windows Connections returns November 6-9 to Mandalay Bay in Las Vegas. Don't miss your chance to interact with industry experts and hear the latest information on Windows Server 2003, Windows 2000 Server, and Windows XP Professional! Register, then attend sessions at Microsoft Exchange Connections FREE!

Are you protected company-wide against spyware, keyloggers, adware, and backdoor Trojan horses? Test a state-of-the-art scanning engine that uses threat signatures from multiple sources to track down the culprits that antivirus solutions alone can't protect you from. Download your free 30-day trial of CounterSpy Enterprise today!

Ensure that you're being effective with your internal network security. Are your DIY options protecting you against worms, BotNets, Trojans and hackers? Make sure! On-Demand Web Seminar

Take an up-to-date look at secure, remote access to corporate applications and stay ahead of the curve when making decisions about near- and long-term IT infrastructure. On-Demand Web Seminar



Do you want to block unwanted or undesirable email? Download this free whitepaper to learn how to manage the content of information crossing your network.



Uncover Essential Windows Knowledge Through Excavator

Try out the ultimate vertical search tool--Windows Excavator. Windows Excavator gives you fast, thorough third-party information while filtering out unwanted content. Visit today!

Discounted Offer for the Windows IT Pro Master CD

Save 50% off the Windows IT Pro Master CD! Order now and get access to the entire Windows IT Pro article database on CD. Subscribe now:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.