Why you can trust Tom's Guide
[Editor's Note:In late 2017, Bitdefender launched a second-generation Box that has a much faster central processor, more RAM and more storage space. It also works fairly well as a stand-alone router. The first-generation Box is no longer sold.]
When the well-regarded Romanian antivirus firm Bitdefender first announced its Box, a new breed of security hardware that protects a smart home's connected devices by monitoring the home's network, we were intrigued.
But now that we've had a chance to use the Box, it sadly overreaches and isn't quite ready for prime time. It tries to do too many things, and does few of them well. The Bitdefender Box will be useful only in a very limited number of circumstances, and falls far short of being the kind of unique protective appliance it promises to be.
MORE: Best Smart Home Gadgets
How It Works
The Bitdefender Box is a network security appliance, a device common on corporate networks that inspects traffic for malware, purloined data, rogue users, unauthorized software and other things that don't belong.
With the burgeoning growth of the so-called Internet of Things, there's a need to protect devices — smart thermostats, smart cameras, smart toasters and so on — that can't run antivirus software. To fit that bill, the Box aims to be the first network security appliance for the smart home.
The Box costs $199 to purchase, and requires a $99 annual subscription after the first year, along with an Android or iOS device to manage its inner workings. Setup and management of the Box, and all devices on the network, are performed entirely through the iOS or Android mobile app. There is no Web-based interface of the sort common among routers, and no client interface to run on the managed devices.
On computers (including Android devices), the Box replaces antivirus software by installing its own software that runs in the background without user input. (It won't delete antivirus software that is already installed, but asks the user to choose whether to keep the old software or install the Box client software.) The Box even protects mobile devices, including laptops, that travel out of the home. It does this by installing its own virtual private network (VPN) software on client devices, which runs whenever a device connects to a Wi-Fi hotspot.
According to Bitdefender, the preferred configuration is to set up the Box to work alongside an existing wireless router by plugging the Box into one of the router's Ethernet jacks. With Apple AirPort routers, the Box will have to sit between the router and the modem, essentially serving as a firewall.
The Box can also be used as a stand-alone router, although Bitdefender recommends that it not be used in that capacity. Ironically, that was the configuration in which we had the least trouble getting the Box to work.
There's no denying that the Box is attractive and elegantly designed. It looks like something Apple would produce: a low, white square the size of two decks of playing cards, about 3.5 inches on a side and just over an inch thick. At a mere 3.24 ounces, its weight is similarly unobtrusive.
There are only four physical inputs: a micro-USB port for AC power, two RJ-45 10/100 Ethernet ports (one for the local network, the other for the Internet) and a reset button. Under an upwardly turned chevron on the front is a blue LED that blinks while the Box is in setup mode, and is steady when the Box is operating normally.
If the Box is used as a router, it transmits and receives 802.11b/g/n Wi-Fi signals on the 2.4 GHz band, ostensibly at 100 Mbps. Our own tests found its speed to be much slower.
The Box is supposed to be simple to set up. But, in practice, it isn't. We had a terrible time getting the Box to work, spending hours on the phone with Bitdefender's tech support to get the device properly configured. The pain-free, mobile-app-based setup process that Bitdefender touts as one of the Box's main selling points eluded us, even when we used routers that the company said would work without any problem.
The Box is meant to work with both stand-alone routers, which are separate from a cable or DSL modem, and all-in-one home gateway devices, which combine a modem and router. However, we had a lot of trouble getting either kind of device to play well with the Box.
The Box filters all network traffic by supplanting the router as your home network's DHCP (dynamic host control protocol) server, which supplies internal Internet Protocol (IP) addresses to every device on your network. This sounds simple, but networking is inherently tricky, and while the Box's mobile companion app is meant to take care of all the complicated stuff, there may just be too many variables involved for the automatic setup process to work all, or even most, of the time.
If the Box can't supply the IP addresses, then its protection features can't be enabled. And if the automated setup process fails, and you don't know what an IP address is, what a DHCP server does or how to make sure your router relays DHCP requests from your devices to the Box, then the setup process could end up being very confusing indeed. (The Bitdefender website offers some help with recalcitrant routers under "Compatibility" on the Box FAQ page.)
If you have an all-in-one home gateway — very commonly provided with DSL subscriptions — you may find it even more difficult to set up the Box, as ISPs seldom make it easy for a home user to reconfigure such devices. You will probably require the expert setup assistance that comes free from Bitdefender, and possibly some assistance from your ISP.
Even with a stand-alone router, it was a real chore to get the Box to work, requiring multiple tech-support calls and email exchanges. The Box's mobile companion app is guaranteed to automatically configure only a few dozen routers (some of which we had), and, it turned out, really only works if a router's default administrative credentials have not been changed.
(This last requirement contradicts what was in the Box's instruction manual. It also flies in the face of security best practices, which are that users should ALWAYS change the admin username and password on home routers to prevent remote takeovers by malicious hackers.).
When you finally do connect your Box and get it working properly, your machines are, by default, placed into a temporary "guest" status, which means you can't manage them or add any of the additional protection features that the Box provides, other than some moderate anti-phishing screening across the network.
The Box is meant to provide a raft of security features to your home network: anti-phishing protection, malicious-website alerts, detection and quarantining of malware entering your systems, an effortless cloud-based VPN to which mobile devices can connect when outside the home, and a scanner that tells you when your devices are running outdated software.
Yet each feature comes with a list of caveats and exceptions almost as long as the disclaimers that flash by during drug commercials on TV. For example, the number of security alerts the Box generates can quickly overwhelm your phone if you have a lot of devices on your home network. (Editor's note: A Bitdefender representative told us that this problem had been mitigated by software updates.) The anti-phishing protection is basically what you already get with a modern Web browser. The operating system/software version checker isn't very accurate.
The real excitement of the Box comes when you can elevate a device's status from a "guest" to a "family" designation and the on-device protection kicks in. You'll have to allow the installation of "clientless" (i.e., no user interface) software on your Windows, Mac and Android devices to enable three protection features. These can be selectively turned on or off from the phone that is managing the Box. (Only one of these features, Private Line, will work on iOS devices.)
First is Local Protection, antivirus software that runs in the background,blocking malware and other unwanted programs. We tried to test this by navigating to presumably malware-infested websites, but found that most Web browsers blocked the suspicious pages before Local Protection had a chance to intervene.
Local Protection uses Bitdefender's malware-detection engine, which is very good indeed, to hunt down and eliminate malicious and unwanted software. But this brings up a pricing issue: At $100 per year, Bitdefender Total Security Multi-Device will protect up to five Windows, OS X or Android devices for the same price as a yearly Box subscription — and provide a client interface on every device.
The second Box feature tracks software and OS versions to make sure you have the latest patches. For the most part, these reports (see screenshot below) matched the software configurations on our devices. It correctly saw that our Windows 8 PC hadn't yet been upgraded to 8.1, but it incorrectly reported that our aging Windows 7 PC was running the current version, when in fact it hadn't been upgraded to Windows 7 Service Pack 1. (Again, Bitdefender representatives say this problem has been fixed.)
Then again, free software-update monitors are easy to find for Windows and OS X — if you think to look for them in the first place — and such functions are already built into Android and iOS.
The final feature is what Bitdefender calls Private Line, which you can think of as an automatic VPN. It makes sure that all your Wi-Fi-network traffic is encrypted, no matter if your device is in your home or away. When the device tries to connect to a Wi-Fi network other than the one the Box is protecting, the Private Line software automatically begins a VPN session.
Unlike the other two features, this one does work on iOS. Because decent unlimited VPN services generally start around $40 per year for each laptop, and $30 for each mobile device, Private Line is indeed a bargain.
Our biggest issue with the Box is that it is very parsimonious with user interfaces. The Windows/Mac protection software doesn't have any interface at all; it just works in the background. For example, the only way to immediately tell whether you are running the Private Line feature on a Windows laptop is by checking the configuration in your Windows networking control panel:
You could also, of course, check the Box's mobile companion app on your Android or iOS device to see whether Private Line was functioning properly on the laptop, but you'd have to flip through to the particular page for that device. Such minimal display of information is arguably a bonus for less technically inclined users, but a Windows Taskbar or OS X menu-bar notification that an on-device protection feature was working properly might be nice.
Similarly, the Box itself doesn't come with any user-accessible Web administration interface, as most routers would. Instead, you manage the Box, just like the devices it protects, with the same Android or iOS mobile companion app.
The smartphone-based management tool makes troubleshooting and installation tricky. You have to read lots of information on your phone's tiny screen, which can become a frustrating chore.
For example, instead of opening the smartphone app and swiping your way into each machine's details individually to see whether the device's software is up to date, it might be better to be able to email or message reports to registered devices, so that users could update the devices from the client end.
For the devices that the Bitdefender Box can recognize and manage, the mobile app reveals lots of interesting information. The app can tell you whether a machine's overall operating system and application software is up to date, whether users have strong local passwords for their routers' login credentials, whether each device is currently on the local network or being used outside the home, and even how much empty disk space is available on each device.
The Box's performance differs depending on how you use the device. As a network filter running alongside a router, it works fine, though we did detect data-transmission latency with the VPN. Private Line added about 200 milliseconds of packet delay to the average browsing session, according to our tests. That might not be acceptable on the road, when you often get slow Internet speeds on hotel Wi-Fi connections.
But when the Box is used as a stand-alone router, which Bitdefender doesn't recommend, it simply falls down on radio coverage and speed. Because the Box doesn't have external antennas, its radio coverage area is limited. As we walked around our home, the Box's signal strength wasn't as great as, and dropped off more rapidly than, the signal from the 2Wire DSL router sitting next to it.
MORE: Best Wi-Fi Routers
In the Tom's Guide testing labs, we ran the Box through our router throughput test, in which we sent data from a laptop next to the Box to a second laptop featuring a 3x3 802.11ac wireless card. The throughput was then measured at 5 feet, 15 feet, 50 feet and 140 feet.
At every point, the Box clocked in well below the average speed of regular routers. It was speediest at 15 feet, where it measured 34.5 megabits per second (Mbps), as opposed to the router average of 59.7 Mbps.
As a router, the Box just can't compete. By comparison, the Asus RT-N66U, which costs about $125 retail as opposed to the Box's $199, delivered a throughput of 78.1 Mbps at 15 feet on the 2.4-GHz band, and 217 Mbps on the 5-GHz band that the Box eschews.
The Bitdefender Box has a lot of good ideas in its tiny package: cloud-based malware scanning, effortless and inexpensive VPN service for multiple devices, reminders to update your software, and, most significantly, perhaps the only network-based protection for in-home "smart" devices commercially available to consumers.
If only it all worked half as well as promised. The unsophisticated users for whom the Box is designed are, sadly, going to be confused when they run into problems. While Bitdefender's heart is in the right place, the company needs more time to make the Box into something that will work much better than it currently does.
If you already use a software-based VPN when on the road and are happy with it, this isn't the Box for you. If you already have multi-device antivirus protection and like being able to interface with that software on each device, ditto. But if you have a lot of smart-home devices that aren't protected by anything other than your Wi-Fi network password, then the Bitdefender Box could work — but you might be better off waiting for Box 2.0.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.