The World's Safest Browser: BitBox
There is no such thing as an entirely secure browser. Let's be realistic: You will always need a good portion of common sense and Internet smarts to avoid nasty attacks hijacks.
However, if you are paranoid about security, there is one browser that will reliably protect you from virtually all threats. It's a browser you already know: Firefox 4.0.1. Well, a boxed version of Firefox 4.0.1.
I am not exactly an adventurous Internet user as far as the dark corners of the web are concerned. Just I am not the kind of person to enjoy the silence in a dark alley in Chicago's south suburbs after dawn, I typically avoid websites I don't generally trust. I have had my fair share of spyware, trojans and other malware that caused me quite a bit of headache in the past and I am just more cautious than I was 10 years ago. Yet, that might change. I have just discovered a bulletproof wrapper for Firefox and, at least for now, I don't care that much anymore what is happening below the content the browser shows. There might be lots of malware and I really don't care anymore.
The reason is that I have started using BitBox as my browser for my general work-related tasks. BitBox is essentially a heavily armored version of Firefox 4.0.1 that is encased in Oracle's VirtualBox virtual machine (VM) environment that houses a secured Debian 6 Linux OS. That sounds relatively complicated, but once it is installed, this secure version of Firefox works just like a regular version of the browser. The difference is that it runs in a virtualized environment that is separate from your Windows XP/Vista/7.
The upside clearly is that you are dealing with a self-contained package. If you click on malicious malware, the usual EXE files cannot be executed in your Linux VM. You can download files, but they will not explicitly affect your Windows system and need to be manually moved out of the VM, if you have connected the drives. malware that infects Firefox during your session is automatically deleted the next time you start BitBox, as it always starts with its default configuration in the way it was installed. However, phishing attacks that target your personal data and may trick you in providing critical information will still require some common sense not to do so and will not protect you from the effects of such actions.
There are a few downsides. First, it is a hefty 990 MB download and the installed software will require almost 2 GB of space, as there is a need for Oracle's VirtualBox that is included in the package as well as a Debian 6 installation. Since the software is set back to a default level at every time it starts, it is not the most convenient browser to be used on an every day basis for the consumer. The deal breaker is its language. The software was developed for the German government and while it is available as a free download, it is only available in German. Unless you have basic knowledge of German, the installation will be a hurdle too high to overcome and even then it may be rather uncomfortable to be generally used.
The installation of the entire package is documented via PDF file and is somewhat straight forward, but some knowledge about virtual machines and virtualization in general does help when the individual components of the software are installed. In the end, you really want to know what is happening on your PC and you would want to know what effects a configured virtual drive on your PC has. Other than that, I was able to install BitBox within 15 minutes, once it was downloaded. The only criticism I would have is that developer Sirrix is not using the most recent version of Oracle's Virtual Box software (4.04 vs. 4.06). Custom configuration options include a specific download folder as well as a separate malware scanner as well as random root passwords for the virtual machine and proxy settings. During the installation, the software installs a Linux guest (Firefox) inside Virtual Box. Typically you would run the software form within VirtualBox, but Sirrix has managed to trim down the entire process to a single icon on the desktop.
I briefly mentioned it - this is not a browser to get deeply emotional about and discuss its performance features, but the concept is very compelling as far as browser safety is concerned. Plain browsing tasks make a lot of sense in such a package. In fact, I wonder, why such versions aren't offered by Mozilla and Google as well as Opera and Microsoft by default.
- Company Only Hires Naked Female Web Coders
- LimeWire Settling Lawsuit for $105 Million
- Google Busted for Advertising Illegal Pharmacies
- Anonymous Strikes Deus Ex, Eidos Websites
- Mark Zuckerberg Got Kicked Off Facebook
- How Google Stopped Itself From Buying Skype
- Facebook Hires PR Firm to Smear Google
- VOTW: Store Uses Kinect to Dress Shoppers
- Capcom: Sony Breach Could Cost Us Millions
- Sony's Letter to Publishers Regarding PSN Outage
- Amazon Says ''Stay Tuned'' On Tablet Front
- Sony Details SOE Compensation Package
- Facebook: It Wasn't a ''Smear Campaign''
- Google Wants Nevada to OK Driverless Cars
- Quirky Smart Power Strip that Solves Wall Warts
- Sony Restores PSN Services Around the World
- A Quarter Of TV Sales are 50 Inches And Larger
- Japan Refuses to Approve PSN Restoration
- RIM Recalls 1,000 Faulty BlackBerry PlayBooks
wow i dont see myself needing this much security in a web browser
Is this a challenge?
Seems to me that running Firefox inside of Sandboxie is just about as secure but without the storage and performance drawbacks.
download link?
990MB? uh yeah.... I bet it's slow as hell too... no thanks. If you're stupid enough to download viruses, open email attachments you deserve everything you get.
HA, they should have stated that it was only available in German right away. that way I wouldn't have had to read half the article.
Not that Firefox 4 in a VM isn't completely revolutionary...
990MB?
no thanks. i'm fine with the normal 9.9MB FF4
Really you could do the same thing with any VM. Even Microsoft's Virtual PC has an "Undo Disks" option that redirects any changes made to a new temporary virtual drive.
what kind of websites are you visiting at work Wolfgang?
I'll use Sandboxie, thanks.
So this is just a VM running Linux?
I run Win7 Ultimate and Ubuntu 11.04 as a dual boot
and under Win7 I use Virtual Box with XP Pro and Ubuntu 11.04
Just run FF4 with no scripst in your VM
And it is in English too.......
OH NO! 2gbs.......wait this isnt 1997 2gb is nothing...i have more gbs of junk in my temp folders then that.(well did)
But yes good points on how there are other methods to get the same safe web browsing experience.
OH NO! 2gbs.......wait this isnt 1997 2gb is nothing...i have more gbs of junk in my temp folders then that.(well did)But yes good points on how there are other methods to get the same safe web browsing experience.
Yeah, lets use programs that use 8gigs of ram to do what sandboxie does with less than 50mb, I mean, this aint 2009 anymore, its 2011! im sure you have the ram to have 8gb sitting there, not to mention cpu cycles, hdd reads/writes, all for a browser
Wait what?
990MB? uh yeah.... I bet it's slow as hell too... no thanks. If you're stupid enough to download viruses, open email attachments you deserve everything you get.
And if your stupid enough to assume people purposely download viruses....
Firefox with sandboxie is good enough for me...as an added protection I run the sandboxie container in a ramdisk so that it "autoclears" on every system restart.
Ive done this a few times with a ubuntu or suse test VM I had laying around from old labs. Nice to see someone went around and setup a smaller footprint one, wonder how much more they could gut out from the OS.
The worlds safest browser, is one left closed.
exactly who is going to be smart enough to install a VM and hook their hard drive up to it but dumb enough to open an email attachment from a person they dont know? This misses the target audience by a wide swath of a margin.
Well, I'm waiting for the day when I can run the entire Windows in a box INSIDE Linux or Solaris and keep all sensitive as far away from Windows as possible. Windows is worse than a Swiss cheese in terms of security.
There is technology for it but it is under heavy development. The challenge is to get the VGApassthrough to work properly so that you can run applications that requires DirectX or hardware accelerated 3D in virtual machines.
It is MUCH easier to load in GesWall it is much easier to use than sandboxie and is much more user friendly.
What i don't get is WHY does not mozilla or microsoft create a program like this inside their browsers? also all they have to do is prevent people from running exe's from browsers or scan them in a cloud.
How is this different from "virtual browsing" , Force Field and other components of security programs from ZoneAlarm and others ?
I trust the security of Firefox, I only resort to using VMs when I have to run Internet Explorer to properly view an ASP.NET website.
Or you can just install VirtualBox and slap on any version of linux you want (700MB) and get the same result lol. I don't see why you need to have a container with just a browser running on linux that reverts back to its original state every time. Seems like overkill and kind of stupid to be honest. If the virtual machine was Windows based or even OSX I could see reverting back being useful since those are the most heavily virus prone platforms.
Other than teenagers, whose browsing habits are as unsafe as their sex on average, most of the people who are most vulnerable to trojans and the like, are because of ignorance and would never be able to get this thing running in the first place.
Turning off Javascript and Flash is like having sex with a condom on. You're protected but you're missing a lot.
i think i perfer the use of comodo, anything with a selfupdating antivirus,firewall,sandbox and has a default deny system in place
and is FREE is the perfect security
Yeah, lets use programs that use 8gigs of ram to do what sandboxie does with less than 50mb, I mean, this aint 2009 anymore, its 2011! im sure you have the ram to have 8gb sitting there, not to mention cpu cycles, hdd reads/writes, all for a browserWait what?
No where in the article did it say thing about Ram use, nor did i say anything about ram use. I wasn't sticking up for bitbox it seems like a bad choice for a VM broswer. I was referring to people freaking out about a program that requites a total of 2gbs on a HDD, which is silly. I also pointed out that people have mentioned other ways to have a VM broswer that isnt bitbox (or in german) and doesn't require /startSarcasm a massive amount of hard drive space /endSarcasm.
Oh and if you were wondering i have 12gbs of ram sitting here, so yes i do use 8gbs of ram on programs frequently.
I've actually turned on quite a few non-Linux-geeks to the idea of having their wife and kids use Linux Mint as a Live USB key to browse the internet... That way all of the user's session data stays in RAM, and if need be, data can be saved to a data partition on the USB key.
'cause we all know that women, children, and the elderly are the quickest way to f*** up your PC....
And if your stupid enough to assume people purposely download viruses....
Well alot of people do click yes and download when presented with the option with out thinking.. IMO yes thats purposely. Its also the most frequent way i see it happen.
Me gusta! Streamline it a bit and spread it to the world.... then Apple can shut up about the whole "no viruses" nonsense once and for all.