Sign in with
Sign up | Sign in

The World's Safest Browser: BitBox

By - Source: Tom's Guide US | B 47 comments

There is no such thing as an entirely secure browser. Let's be realistic: You will always need a good portion of common sense and Internet smarts to avoid nasty attacks hijacks.

However, if you are paranoid about security, there is one browser that will reliably protect you from virtually all threats. It's a browser you already know: Firefox 4.0.1. Well, a boxed version of Firefox 4.0.1.

I am not exactly an adventurous Internet user as far as the dark corners of the web are concerned. Just I am not the kind of person to enjoy the silence in a dark alley in Chicago's south suburbs after dawn, I typically avoid websites I don't generally trust. I have had my fair share of spyware, trojans and other malware that caused me quite a bit of headache in the past and I am just more cautious than I was 10 years ago. Yet, that might change. I have just discovered a bulletproof wrapper for Firefox and, at least for now, I don't care that much anymore what is happening below the content the browser shows. There might be lots of malware and I really don't care anymore.

The reason is that I have started using BitBox as my browser for my general work-related tasks. BitBox is essentially a heavily armored version of Firefox 4.0.1 that is encased in Oracle's VirtualBox virtual machine (VM) environment that houses a secured Debian 6 Linux OS. That sounds relatively complicated, but once it is installed, this secure version of Firefox works just like a regular version of the browser. The difference is that it runs in a virtualized environment that is separate from your Windows XP/Vista/7.

The upside clearly is that you are dealing with a self-contained package. If you click on malicious malware, the usual EXE files cannot be executed in your Linux VM. You can download files, but they will not explicitly affect your Windows system and need to be manually moved out of the VM, if you have connected the drives. malware that infects Firefox during your session is automatically deleted the next time you start BitBox, as it always starts with its default configuration in the way it was installed. However, phishing attacks that target your personal data and may trick you in providing critical information will still require some common sense not to do so and will not protect you from the effects of such actions.

There are a few downsides. First, it is a hefty 990 MB download and the installed software will require almost 2 GB of space, as there is a need for Oracle's VirtualBox that is included in the package as well as a Debian 6 installation. Since the software is set back to a default level at every time it starts, it is not the most convenient browser to be used on an every day basis for the consumer. The deal breaker is its language. The software was developed for the German government and while it is available as a free download, it is only available in German. Unless you have basic knowledge of German, the installation will be a hurdle too high to overcome and even then it may be rather uncomfortable to be generally used.

The installation of the entire package is documented via PDF file and is somewhat straight forward, but some knowledge about virtual machines and virtualization in general does help when the individual components of the software are installed. In the end, you really want to know what is happening on your PC and you would want to know what effects a configured virtual drive on your PC has. Other than that, I was able to install BitBox within 15 minutes, once it was downloaded. The only criticism I would have is that developer Sirrix is not using the most recent version of Oracle's Virtual Box software (4.04 vs. 4.06). Custom configuration options include a specific download folder as well as a separate malware scanner as well as random root passwords for the virtual machine and proxy settings. During the installation, the software installs a Linux guest (Firefox) inside Virtual Box. Typically you would run the software form within VirtualBox, but Sirrix has managed to trim down the entire process to a single icon on the desktop.

I briefly mentioned it - this is not a browser to get deeply emotional about and discuss its performance features, but the concept is very compelling as far as browser safety is concerned. Plain browsing tasks make a lot of sense in such a package. In fact, I wonder, why such versions aren't offered by Mozilla and Google as well as Opera and Microsoft by default.

Discuss
Display all 47 comments.
This thread is closed for comments
  • 1 Hide
    saood06 , May 14, 2011 1:40 AM
    wow i dont see myself needing this much security in a web browser
  • 1 Hide
    ben850 , May 14, 2011 1:41 AM
    Is this a challenge?
  • 2 Hide
    mvario , May 14, 2011 2:05 AM
    Seems to me that running Firefox inside of Sandboxie is just about as secure but without the storage and performance drawbacks.
  • 0 Hide
    Aravind Aarumugam , May 14, 2011 2:08 AM
    download link?
  • -1 Hide
    otacon72 , May 14, 2011 2:10 AM
    990MB? uh yeah.... I bet it's slow as hell too... no thanks. If you're stupid enough to download viruses, open email attachments you deserve everything you get.
  • 0 Hide
    morethantoast , May 14, 2011 2:44 AM
    HA, they should have stated that it was only available in German right away. that way I wouldn't have had to read half the article.

    Not that Firefox 4 in a VM isn't completely revolutionary...
  • 1 Hide
    mayankleoboy1 , May 14, 2011 3:10 AM
    990MB? :o 
    no thanks. i'm fine with the normal 9.9MB FF4
  • 0 Hide
    ravewulf , May 14, 2011 3:52 AM
    Really you could do the same thing with any VM. Even Microsoft's Virtual PC has an "Undo Disks" option that redirects any changes made to a new temporary virtual drive.
  • 7 Hide
    bugo30 , May 14, 2011 4:15 AM
    Quote:
    I have started using BitBox as my browser for my general work-related tasks


    what kind of websites are you visiting at work Wolfgang?
  • 0 Hide
    Raidur , May 14, 2011 4:35 AM
    I'll use Sandboxie, thanks.
  • 1 Hide
    Gamer-girl , May 14, 2011 4:52 AM
    So this is just a VM running Linux?
  • 1 Hide
    king smp , May 14, 2011 5:08 AM
    I run Win7 Ultimate and Ubuntu 11.04 as a dual boot
    and under Win7 I use Virtual Box with XP Pro and Ubuntu 11.04
    Just run FF4 with no scripst in your VM
    And it is in English too.......
  • 0 Hide
    proxy711 , May 14, 2011 6:00 AM
    OH NO! 2gbs.......wait this isnt 1997 2gb is nothing...i have more gbs of junk in my temp folders then that.(well did)

    But yes good points on how there are other methods to get the same safe web browsing experience.
  • 2 Hide
    Sined , May 14, 2011 6:27 AM
    Proxy711OH NO! 2gbs.......wait this isnt 1997 2gb is nothing...i have more gbs of junk in my temp folders then that.(well did)But yes good points on how there are other methods to get the same safe web browsing experience.


    Yeah, lets use programs that use 8gigs of ram to do what sandboxie does with less than 50mb, I mean, this aint 2009 anymore, its 2011! im sure you have the ram to have 8gb sitting there, not to mention cpu cycles, hdd reads/writes, all for a browser

    Wait what?

  • 0 Hide
    aaron88_7 , May 14, 2011 7:15 AM
    otacon72990MB? uh yeah.... I bet it's slow as hell too... no thanks. If you're stupid enough to download viruses, open email attachments you deserve everything you get.

    And if your stupid enough to assume people purposely download viruses....
  • 0 Hide
    technogiant , May 14, 2011 7:38 AM
    Firefox with sandboxie is good enough for me...as an added protection I run the sandboxie container in a ramdisk so that it "autoclears" on every system restart.
  • 0 Hide
    nekoangel , May 14, 2011 9:25 AM
    Ive done this a few times with a ubuntu or suse test VM I had laying around from old labs. Nice to see someone went around and setup a smaller footprint one, wonder how much more they could gut out from the OS.
  • 3 Hide
    Socialdisorder , May 14, 2011 10:38 AM
    The worlds safest browser, is one left closed.
  • 0 Hide
    shin0bi272 , May 14, 2011 11:16 AM
    exactly who is going to be smart enough to install a VM and hook their hard drive up to it but dumb enough to open an email attachment from a person they dont know? This misses the target audience by a wide swath of a margin.
  • 0 Hide
    g00ey , May 14, 2011 11:58 AM
    Well, I'm waiting for the day when I can run the entire Windows in a box INSIDE Linux or Solaris and keep all sensitive as far away from Windows as possible. Windows is worse than a Swiss cheese in terms of security.

    There is technology for it but it is under heavy development. The challenge is to get the VGApassthrough to work properly so that you can run applications that requires DirectX or hardware accelerated 3D in virtual machines.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter