What do you think about the security features in the new Aviator Web browser? Do you see any use cases for ent...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Ask the Expert
SearchSecurity expert Michael Cobb is ready to answer your application security questions -- submit them now! (All questions are anonymous.)
The big browser vendors -- Microsoft, Mozilla and Google -- have dominated the market for several years despite the fact that many users are uncomfortable with aspects of their privacy features. Although they have all added various options to improve security and, to some extent, privacy, the big three browser makers' business models -- which hinge on ads targeting specific groups of users -- have made it difficult to curtail advertisements and the manner in which advertisers can track user browsing activity. Not surprisingly, many developers are looking at ways to fill that gap and offer a browser free of revenue-generating constraint. In October 2013, WhiteHat Security LABS made such a browser -- its in-house browser, Aviator -- publicly available. The project originally started out as an experiment but is now the browser used by all WhiteHat employees.
WhiteHat has always been vocal about the dangers of ad-driven browsers and the threat Web tracking poses to privacy. Ads can potentially be used to track users across the Web, be infected with a malicious payload or take users who click on them to scams or attacker-controlled sites. While pop-up blockers used to work, ads are commonly now delivered as part of a webpage's content. Since popular browsers mainly rely on optional third-party plug-ins to provide full ad-blocking capabilities, WhiteHat decided to develop its own secure, privacy-centric browser. This option could certainly be of interest to individuals who don't want their browsing activities tracked and shared with unknown third parties. Aviator is set up to always run in private mode and each tab is sandboxed. Flash and Java are click-to-play to reduce the risk of drive-by downloads, while ads and tracking are stopped by blocking connections to advertising networks' servers.
The current version of Aviator isn't nearly mature enough to meet enterprise rollout requirements. The browser must be used by thousands of users, hundreds of thousands of times to iron out the inevitable bugs. There also should be improvements in the development environment as well. There have been too many oversights requiring fixes to give enterprises full confidence in the development process. There is currently only an OS X version available with no definite timeframe for the release of other versions. (Editor's note: A Windows beta version was released Mar. 21.) According to Robert Hansen of WhiteHat Labs the number of people using Aviator is growing quickly and they are getting a lot of information on how the browser needs to change for the enterprise, including feedback from a few of enterprises who have used it.
However, there is certainly room and possibly a great need for this type of privacy-centric browser. There are alternatives to Aviator to consider such as Spikes or Authentic8. Xombrero is another but it hasn’t been updated for some time and enterprises should only ever look to invest in software that is actively maintained and supported.
A growing number of enterprises and users do not want to share their online activities with browser vendors and advertising companies. If there is sufficient interest in this type of browser, it will be interesting to see how the major vendors respond. But for now, it's a case of watch this space.
Dig Deeper on Web Browser Security
Related Q&A from Michael Cobb
Google has added Linux kernel memory protection and other security measures to the Android OS. Expert Michael Cobb explains how these features work ...continue reading
The HummingBad malware has infected 10 million mobile devices worldwide. Expert Michael Cobb explains how this exploit enables click fraud and other ...continue reading
A full account access OAuth token was mistakenly issued to the Pokémon GO mobile game by Google. Expert Michael Cobb explains the security risks and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.