Security Watch

Keeping Track of patches and hacks in the IT security world.

Netscape Death Is Long Overdue, Good for Security


America Online's decision to put Netscape to sleep has triggered sadness and nostalgia.

I have a one-word reaction: Yay!

Everyone loves an underdog and for many years, most of us rooted for Netscape during the first browser war but, truth be told, the current Netscape had become a security liability—a browser with a fundamental design flaw that left millions of users exposed to drive-by hacker attacks.

In its current iteration, Netscape uses two layout engines—Internet Explorer's Trident and Gecko—to render Web sites. This means that Netscape is vulnerable to all the security flaws in both engines and AOL's inability to issue patches in a timely manner became a colossal embarrassment.

Back in July, RSnake explained how that fundamental design flaw made Netscape "the future of security flaws."

"Because they do not update as quickly as the other browser manufacturers that they wrap they are always behind the times in terms of vulnerabilities. That means any user who uses Netscape is vulnerable to old Firefox vulnerabilities for months longer than they would be if they used Mozilla. I haven't seen a shift in that mentality in the nearly four years I've been meaning to write this and I don't see it changing any time soon. If you are using Netscape you are wildly behind the security patching process. I'd love to see Netscape fix this and start updating in near-real-time along side their rivals who they wrap. I don't see them as a serious competitor to Mozilla or IE, but still I'd rather them not disappear completely from the planet—if only for nostalgia."

Sometimes, it took weeks—even months—for a Firefox update to be rolled into Netscape. All that time, Netscape users were sitting ducks for malware attacks (yes, Firefox has become a real target).

Netscape became a liability to the security ecosystem and needed to be put out to pasture.

AOL made the right decision. Hallelujah.