HP's Dubious Move to Netscape
Hello, I'm Rob Pegoraro and I'll be your Security Fix blogger today (and tomorrow). I'm covering for Brian Krebs, who's out on vacation this week. For now, I want to talk about one of my favorite topics -- how companies that pick the wrong default programs and settings can wind up leaving their users exposed to unnecessary security risks. Today's exhibit is Hewlett-Packard, which will ship AOL's Netscape browser on HP desktop and laptop computers starting this fall.
That's big news -- the first time a major computer manufacturer has dared to bundle a non-Microsoft browser since the days when Microsoft would threaten such upstarts with the loss of their Windows licenses. Somebody should have done this a long time ago, given Internet Explorer's exhaustively documented security weaknesses and general obsolescence compared to the likes of Firefox, Opera and Safari. But it's also disappointing from the security perspective.
First, Netscape 8 -- a weird fusion of the open-source Mozilla Firefox browser and IE -- defaults to showing most pages with IE's code. As I wrote back in May, that means Netscape 8 is just as vulnerable as IE is to browser-hijacking attempts, unless you happen to land on a page already on a blacklist of untrusted sites. The safer course of action would be to have Netscape use the Firefox renderer unless it hits a page that actually requires IE to work at all.
Second, Netscape 8 has lagged, often badly, in incorporating Firefox's security fixes. The latest version as I type this, Netscape 8.03.3, includes the code from Firefox 1.06 -- but not the important security updates included in Firefox 1.07, released Sept. 21. And this isn't the first time that's happened, either.
Washington Post consumer technology editor
By
Brian Krebs
|
October 4, 2005; 11:41 AM ET
Save & Share:
Previous: Fun With Your Credit Report
Next: New Virus Risk: Anti-Virus Software?
Posted by: Austin | October 4, 2005 9:32 PM | Report abuse
"I'm Rob Pegoraro and I'll be your Security Fix blogger today..."
Umm, what is 'today'? There is no dateline on your piece, so relative time references fall meaningless. Somebody might be reading an archive in the future and want to know. Something to consider, for all web publishers.
Posted by: Puzzled | October 5, 2005 9:49 AM | Report abuse
Worked with HP almost from their inception. Shot themselves in the foot with this flim-flam - end of story.
If working with the "kiddie" AOL, Firefox, or any other duplicating upstarts were my choice, would be there now.
Netscape committed suicide years ago ignoring their demise, let it lie down and finish it.
When something different actually comes on stage, it will be an immediate choice. Until then, it likes choosing a car from the Big 3: different in name only..
Goodbye HP!
Posted by: Sick of it | October 5, 2005 10:23 AM | Report abuse
All the posts have time stamps. This one says "Posted at 11:41 AM ET, 10/ 4/2005" right above the headline.
Posted by: Solved | October 5, 2005 1:27 PM | Report abuse
The comments to this entry are closed.
If Netscape came into wide use, and it defaulted to Firefox, using IE only if Firefox wouldn't render, malicious sites would just make sure that they have a Firefox incompatability. It's the decision to have an IE engine at all that's flawed, not the choice of default.