Deepnet browser guards against phishing

Internet users are getting more Web browser choices. On the heels of a new Netscape preview release and the launch of Firefox 1.0, a U.K. company on Thursday released a Web browser it claims is more secure than Internet Explorer (IE) or Firefox.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

Deepnet Technologies on Thursday made available version 1.3 of its Deepnet Explorer. The free Web browser is based on Microsoft's IE, but offers additional features, including one designed to protect Internet users against increasingly common online scams known as "phishing," according to the company's Web site.

Deepnet Explorer seeks to protect users against such attacks by blacklisting known phishing sites and analyzing Web addresses and Web sites. Phishing scams typically combine spam e-mail messages and Web pages that look like legitimate e-commerce sites to steal sensitive information such as user names, passwords and credit card numbers.

The makers of Deepnet Explorer claim their browser is "more secure" than IE or Firefox, because of the "phishing alarm" and other security features, such as a "content control" function that allows users to block ActiveX controls and other potential security risks. Also, according to Deepnet most of the security problems with IE affect the application shell, not the rendering engine that is also used by Deepnet Explorer.

One expert disagreed with Deepnet's security assessment. "They claim that most vulnerabilities are found in the IE application instead of in the rendering engine, but that's contrary to the hundreds of vulnerabilities found in the rendering engine," said Thor Larholm, senior security researcher at PivX Solutions, a security services company in Newport Beach, California.

Indeed, while the Deepnet makers claim their browser is more secure than others, the 1.3 update also fixes several security vulnerabilities, according to the browser release notes on the company's Web site. For example, Deepnet Explorer was also vulnerable to the high-profile "iframe" vulnerability in IE, which has been exploited to attack users.

"The only thing Deepnet Explorer has that IE doesn't have is a phishing analyzer that tries to block access to known phishing sites and URL's that look 'phishy'," Larholm said. For improved security, Larholm recommends a complete browser switch, for example to Firefox, or securing existing products using tools such as PiVX's Qwik-Fix Pro.

Other features in Deepnet Explorer are meant to make browsing the Web more pleasant. New in version 1.3 is a "floating killer," which detects and blocks ads that float over Web pages. The browser already included a pop-up ad blocker to stop Web sites from opening other windows with advertisements.

Deepnet Explorer also supports tabbed browsing. Version 1.3 adds a feature that lets users group active tabs. The new version also includes a cookie manager so users can keep track and chose to block the small files a Web site places on a user's computer for tracking purposes and to store preferences.

Deepnet Explorer is one of many browsers built on top of Microsoft's IE browser engine. Others include Maxthon, NetCaptor and Optimal Desktop. The IE-based browsers typically offer features that IE itself does not, like support for RSS (Really Simple Syndication) feeds and tabbed browsing. Firefox also includes these features.

Deepnet Explorer can be downloaded at: http://www.deepnetexplorer.com/