Skip navigation

Netscape 8.0 Security

Netscape Communications' Netscape Browser 8.0 was released last week. I downloaded a copy and found that it has some impressive features, two of which are great innovations that I think are worth a close look. First, Netscape 8.0 can use both the Mozilla Firefox and Microsoft Internet Explorer (IE) rendering engines, which means that if you use it, you no longer have to open two browsers to get maximum functionality while surfing the Web. The IE engine is enabled by default for "trusted sites," and you can change that setting so that the Firefox engine is used by default instead. A menu option (Tools, Rendering Engine) lets you switch back and forth between the engines on the fly.

Second, configuring Netscape 8.0 is fairly simple, especially if you're familiar with Firefox. The Options dialog boxes are nearly identical in both browsers. However, one Netscape 8.0 feature that you won't find in Firefox is the Site Controls, which are similar to IE's security zones. With Site Controls, you can define master settings that determine how the browser will behave for each site you visit. There are four master settings: "I Trust This Site," "I'm Not Sure," "I Don't Trust This Site," and "Local Files." These are equivalent to IE's Trusted Sites, Internet, Restricted Sites, and Local Intranet zones, respectively. For each zone in Netscape 8.0, you can enable or disable various Web features, such as Java, JavaScript, cookies, pop-up windows, and ActiveX controls. You read that last item right--Netscape 8.0 supports ActiveX!

You can customize the master settings on a per-site basis for any sites you've added to any of the zones. Adding sites to a zone is simple. After you have a site open in the browser, right-click its tab and select Site Controls. Doing so presents a dialog box in which you can specify the zone the site should belong to and customize individual settings. You can also define a default rendering engine on a per-zone or per-site basis.

A third new security feature (also part of Site Controls) is Trust Ratings. If you enable this feature, you're relying on a third party to determine whether you should trust a Web site's content and whether it's OK to enter sensitive information at that Web site. The third party maintains catalogs of trusted and untrusted sites. The catalogs are automatically downloaded to the browser based on a schedule you define. For example, you can refresh the catalogs hourly, daily, or weekly. What Trust Ratings lacks is any information about who creates the catalogs, what classification criteria is used, and a way to view the catalogs. The feature requires that you trust it blindly to decide on your behalf. Thus, I think this feature is less useful than it could be.

Netscape 8.0 has other security-related features, some of which are similar to ones in Firefox. For example, Datacard Manager helps store information you might enter in Web forms. Passcard Manager helps you store frequently used passwords. Netscape 8.0 also supports themes and extensions. All those features are found in Firefox. Netscape 8.0 also has a handy toolbar button that erases the browser history and a Web mail manager that lets you configure account information for commonly used services such as MSN Hotmail, Yahoo!, Google's Gmail, America Online (AOL), and others. Those features don't come as standard components of Firefox, but extensions that offer such functionality are probably available.

Another feature not found in Firefox is statistics gathering. Netscape 8.0 can gather numbers about customers' browser feature usage, send them back to developers (while preserving customers' anonymity, of course), and use these statistics to improve future versions of the browser. As you would expect, when you install Netscape 8.0, you can import settings (such as preferences, cookies, browsing history) from other installed browsers, including Firefox, IE, and Opera. Although the installation routine did import all my settings, it didn't import all my search engine plug-ins, so that's one area that needs some improvement.

One thing I'm not clear about yet is how Netscape 8.0 actually uses the IE rendering engine and ActiveX controls. Does Netscape 8.0 respect the security zone settings as defined in IE? When I configure Netscape 8.0 to use the IE rendering engine, does it somehow map its own zones to IE zones to use the IE zone settings in the registry? Does it respect my IE zone settings for ActiveX behavior, such as disabling the download of unsigned controls? I did some basic testing to try to determine the functionality, and Netscape 8.0 didn't appear to use IE zone settings, but I could be wrong. If you have any information to help explain what goes on under the hood, please send me an email message with the details.

Overall, Netscape 8.0 seems like an excellent solution, particularly because of the new Site Controls and its use of both the IE and Firefox rendering engines. You can download a copy at the URL below and take it for a test drive. Note that Netscape 8.0 is based on Firefox 1.0.3 code. As such it inherited the same security problems that were present in that Firefox version. Netscape 8.0.1 has been released to correct those problems.

http://browser.netscape.com/ns8/

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish