HP's Dubious Move to Netscape
Hello, I'm Rob Pegoraro and I'll be your Security Fix blogger today (and tomorrow). I'm covering for Brian Krebs, who's out on vacation this week. For now, I want to talk about one of my favorite topics -- how companies that pick the wrong default programs and settings can wind up leaving their users exposed to unnecessary security risks. Today's exhibit is Hewlett-Packard, which will ship AOL's Netscape browser on HP desktop and laptop computers starting this fall.
That's big news -- the first time a major computer manufacturer has dared to bundle a non-Microsoft browser since the days when Microsoft would threaten such upstarts with the loss of their Windows licenses. Somebody should have done this a long time ago, given Internet Explorer's exhaustively documented security weaknesses and general obsolescence compared to the likes of Firefox, Opera and Safari. But it's also disappointing from the security perspective.
First, Netscape 8 -- a weird fusion of the open-source Mozilla Firefox browser and IE -- defaults to showing most pages with IE's code. As I wrote back in May, that means Netscape 8 is just as vulnerable as IE is to browser-hijacking attempts, unless you happen to land on a page already on a blacklist of untrusted sites. The safer course of action would be to have Netscape use the Firefox renderer unless it hits a page that actually requires IE to work at all.
Second, Netscape 8 has lagged, often badly, in incorporating Firefox's security fixes. The latest version as I type this, Netscape 8.03.3, includes the code from Firefox 1.06 -- but not the important security updates included in Firefox 1.07, released Sept. 21. And this isn't the first time that's happened, either.
Washington Post consumer technology editor
Posted by: Austin | October 4, 2005 9:32 PM | Report abuse
Posted by: Puzzled | October 5, 2005 9:49 AM | Report abuse
Posted by: Sick of it | October 5, 2005 10:23 AM | Report abuse
Posted by: Solved | October 5, 2005 1:27 PM | Report abuse
The comments to this entry are closed.