Browser in the Box: safe browsing solution for critical Internet activities

browser in the box

Most Internet users make use of a web browser for all Internet related tasks. They hang out on Facebook or Twitter, browse shopping websites, download files to their system, watch videos on YouTube, or do online banking.

While that is perfectly fine for most, some may want to improve security for Internet activities that they consider critical. This may include online banking or shopping websites, but also visiting websites that you do not trust.

Browser in the Box is a free safe browsing solution for Windows that is free for personal use. It comes as a Personal edition and an Open Source edition. The Open Source edition does not ship with  "secure upload", "trusted-channel to central management" and "Isolation of internet traffic via IPsec-tunnel to the program's gateway".

The program is using Oracle's Virtualbox virtualization environment for its core, which will be installed on the system if not installed already. This is also the core reason why the file size of the installer is larger than 400 Megabytes.

You can customize the installation by selecting the Expert mode option. Here you can define several settings, including whether or not clipboard data can be copied to and from the virtual browser, whether or not files can be uploaded or downloaded, and what kind of data you want to store persistently.

The start of the browser takes quite some time, which makes it less than ideal for day to day browsing. The browser used in the latest standalone edition is Iceweasel 17.0.9, a fork of Firefox that more or less works exactly as the browser. The core issue here is that 17.0.9 ESR is not the latest version, which means that the browser is vulnerable to security vulnerabilities that Mozilla fixed in newer versions of Firefox.

To put this in perspective, Firefox 17.0.9 was released in September 2013. The latest version is Firefox 24.0.2 ESR.

If you check the IceWeasel website for Windows, you will notice that the latest version of the browser has been released in September as well. This means that it is not the fault of Browser in a Box that the version has not been updated.

Still, in the end, it is their responsibility to select a browser that is secure and up to date, and if IceWeasel cannot deliver that, they should consider switching to another.

Anyway, you can install extensions from Mozilla's Addon repository, and if you have selected to keep persistent data, can make use of them in every browsing session.

If you plan to use the virtual browser, it is highly suggested to install security extensions such as NoScript to it to mitigate most attacks that target unfixed vulnerabilities in the product. While it may be unlikely that you are exposed to any depending on how you use the browser, it will improve security significantly all in all.

Verdict

A safe browsing solution that uses an insecure version of a browser, that does not bode well. It is not clear why IceWeasel was picked by the developers instead of the regular Firefox ESR version.

Considering that IceWeasel for Windows has not been updated for a couple of months, and that Firefox was updated in that time, it may be time to rethink the decision.

I cannot really recommend Browser in the Box right now because of this. While you may want to keep an eye on the application, it is best if you use a different software for that task.

Sandboxie comes to mind for example.

Now Read: Make Firefox the Fort Knox of browsers

facebooktwittergoogle_plusredditlinkedinmail


Filed under:

Responses to Browser in the Box: safe browsing solution for critical Internet activities

  1. sades December 28, 2013 at 4:31 pm #

    Comodo CIS also has sandbox option which, for some reason, are well hidden, but it's there and you can use any browser/software for it.

  2. jasray December 28, 2013 at 7:29 pm #

    Or just use Buffer Zone which is free for home use. Or, as mentioned, the free Comodo Internet Firewall.

    http://www.trustware.com/#!home-use/cmxt

  3. Ken Saunders December 29, 2013 at 4:18 am #

    Thanks for the tease.
    Just kidding. Kudos to you for a fair review.

    Perhaps a nudge for an explanation might get things going.
    I would like to try this product, so I've sent my email.
    Perhaps others could too?
    info@sirrix.com

  4. Nebulus December 29, 2013 at 11:55 am #

    I don't see why shouldn't I install a Debian (or other Linux distro) in VirtualBox and achieve the same thing myself?

    • Martin Brinkmann December 29, 2013 at 11:56 am #

      Well the main appeal of this solution is that you can simply run it without having to install or configure anything. But you are right, if you know how to, then you can achieve the same.

Leave a Reply

Subscribe without commenting