Network News

X My Profile
View More Activity

HP's Dubious Move to Netscape

Hello, I'm Rob Pegoraro and I'll be your Security Fix blogger today (and tomorrow). I'm covering for Brian Krebs, who's out on vacation this week. For now, I want to talk about one of my favorite topics -- how companies that pick the wrong default programs and settings can wind up leaving their users exposed to unnecessary security risks. Today's exhibit is Hewlett-Packard, which will ship AOL's Netscape browser on HP desktop and laptop computers starting this fall.

That's big news -- the first time a major computer manufacturer has dared to bundle a non-Microsoft browser since the days when Microsoft would threaten such upstarts with the loss of their Windows licenses. Somebody should have done this a long time ago, given Internet Explorer's exhaustively documented security weaknesses and general obsolescence compared to the likes of Firefox, Opera and Safari. But it's also disappointing from the security perspective.

First, Netscape 8 -- a weird fusion of the open-source Mozilla Firefox browser and IE -- defaults to showing most pages with IE's code. As I wrote back in May, that means Netscape 8 is just as vulnerable as IE is to browser-hijacking attempts, unless you happen to land on a page already on a blacklist of untrusted sites. The safer course of action would be to have Netscape use the Firefox renderer unless it hits a page that actually requires IE to work at all.

Second, Netscape 8 has lagged, often badly, in incorporating Firefox's security fixes. The latest version as I type this, Netscape 8.03.3, includes the code from Firefox 1.06 -- but not the important security updates included in Firefox 1.07, released Sept. 21. And this isn't the first time that's happened, either.

-- Rob Pegoraro
Washington Post consumer technology editor

By Brian Krebs  |  October 4, 2005; 11:41 AM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Fun With Your Credit Report
Next: New Virus Risk: Anti-Virus Software?


If Netscape came into wide use, and it defaulted to Firefox, using IE only if Firefox wouldn't render, malicious sites would just make sure that they have a Firefox incompatability. It's the decision to have an IE engine at all that's flawed, not the choice of default.

Posted by: Austin | October 4, 2005 9:32 PM | Report abuse

"I'm Rob Pegoraro and I'll be your Security Fix blogger today..."

Umm, what is 'today'? There is no dateline on your piece, so relative time references fall meaningless. Somebody might be reading an archive in the future and want to know. Something to consider, for all web publishers.

Posted by: Puzzled | October 5, 2005 9:49 AM | Report abuse

Worked with HP almost from their inception. Shot themselves in the foot with this flim-flam - end of story.
If working with the "kiddie" AOL, Firefox, or any other duplicating upstarts were my choice, would be there now.
Netscape committed suicide years ago ignoring their demise, let it lie down and finish it.
When something different actually comes on stage, it will be an immediate choice. Until then, it likes choosing a car from the Big 3: different in name only..
Goodbye HP!

Posted by: Sick of it | October 5, 2005 10:23 AM | Report abuse

All the posts have time stamps. This one says "Posted at 11:41 AM ET, 10/ 4/2005" right above the headline.

Posted by: Solved | October 5, 2005 1:27 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company