Security Alert for Netscape 8

Just a quick alert to let you know that the much awaited release of Netscape’s browser (version 8) has some security issues you should be aware of. I mention this because I don’t want the quick patch release they made for other security issues to make you think that all is safe and sound with version 8.

It seems that the trusted site feature is currently allowing some sites that are known Spyware/Adware sites to download software to a user’s computer. Sites are supposed to be checked against a white list/ black list screening system to determine if they are trusted or not.

This scanning should be blocking questionable sites that are known to download Spyware/Adware from being able to download software to a user’s computer. For reasons that aren’t being made clear that isn’t happening.

EWEEK tested and found that the green "trustworthy" symbol was displayed on both hotbar.com’s home page and on ABetterInternet.com’s home page. I checked out the sites of Hotbar and ABetterInternet (two sites that are notorious for their Spyware.) for myself using Netscape 8 and found that both sites did receive the “green” or “trusted site” rating.

Worse still I then verified that both sites had successfully downloaded their nefarious software by scanning with spybot search and destroy and finding the software downloads in place and seemingly functional.

Not what I was hoping but my findings none the less.

In theory since these sites are listed on one of the lists that the trusted site scanning engine is supposed to use (Aluria's list of Spyware/Adware) and they both should have been blocked from making any software downloads and shown as none trusted sites. That certainly wasn’t what I experienced.

Netscape’s use of third party lists and rating systems is part of the problem. Several of the lists being used don’t address Spyware/Adware issues at all. Some are trade associations while others deal with business issues like privacy of customer information. These groups and organizations aren’t the ones to help with detecting Spyware/Adware sites. Netscape should be using only lists and organizations that are known and trusted as experts in the field of Spyware/Adware detection and prevention.

A good example is the use of TRUSTe. Their rating system and therefore the sites bearing their seal of approval don’t address the issue of software downloads, Spyware or other wise. This is according to no less than Fran Maier the executive director at TRUSTe. Their seal of approval only addresses the rated company’s privacy protection policy. Certainly something to know and be aware of but not something that pertains directly to the Spyware/Adware issue.

Anyway until Netscape gets things working as advertised with the trusted site rating system use caution and be sure you keep your Spyware/Adware scanners up to date. Remember safety lies in continuing to scan your computer system often no matter what browser you use.

It is unfortunate that this has to happen just when the Foxfire browsing engine (used in both the Netscape 8 and Foxfire browsers) has been gaining on IE mainly due to better security and more advanced features. But bear in mind that both Netscape 8 and Foxfire for that matter are very good browsers and are a step above IE in security with or without the trusted site feature.

Let’s hope that Netscape cleans up this problem soon like they did with the other security issues that were patched shortly after version 8 was released. We need to have a reliable and secure second choice in internet browsers.

Let’s hope that Netscape and Foxfire keep pushing Microsoft to improve IE or we’ll be stuck with poor security and no improvements in browsers for years to come. It is encouraging to see Microsoft rushing to release the next version of IE much sooner than was expected.