Browser in the Box: safe browsing solution for critical Internet activities
Most Internet users on the desktop make use of a web browser for all Internet related tasks. They hang out on Facebook or Twitter, browse shopping websites, download files to their system, watch videos on YouTube, or do online banking.
While that is perfectly fine for most, some may want to improve security for Internet activities that they consider critical. This may include online banking or shopping websites, but also visiting websites that you do not trust.
Browser in the Box
Browser in the Box is a safe browsing solution for Windows that is free for personal use. The software is offered in two versions right now: you can download the Chrome or Firefox version to your system. The version determines the browser that you will be using when you run Browser in the Box on your device.
The program uses Oracle's Virtualbox virtualization environment for its core, which will be installed on the system if not installed already. It should not come as a surprise that the size of the installer is 630 Megabytes currently considering that VirtualBox is included in the distribution.
Basically, what Browser in a Box offers is to run the selected web browser in a virtual environment to keep it separate from the underlying operating system. You could create a custom solution using VirtualBox, a Linux distribution like Linux Mint, and browsers like Chrome or Firefox that are compatible with it.
You can customize the installation by selecting the Expert mode; here you can define several settings, including whether or not clipboard data can be copied to and from the virtual browser, whether or not files can be uploaded or downloaded, and what kind of data you want to store persistently. You may add proxy and DNS information, and decide whether to allow printing or not.
The start of the browser takes quite some time as it is necessary that the virtual environment is loaded before it. The slow startup makes it less than ideal for day to day browsing unless you auto-start the environment and keep it open all the time while you work on the device.
When you check the version of the browser that is included in the package you may notice that it is outdated. Browser in a Box ran Chrome 66 Stable when I took it for a test drive while Chrome Stable was already available as version 68 officially.
The browser works just like any other installation on the "main" system. You can install browser extensions, add bookmarks, make changes to the configuration, and open any Internet page. Note that some changes may only be available during a browsing session; this depends on the initial configuration of the virtual environment.
Browser in a Box is a comfortable solution to run a web browser in a virtual environment. The main appeal is that it works out of the box without need to set up the environment manually. Its greatest strength is a weakness as well on the other hand as you get what is provided.
The fact that the browser is not the latest version released by the developers is problematic as it can lead to security or stability issues.
While the solution is comfortable, users may want to set up their own virtual environment instead as it gives you more control over the environment so that you can make sure that the browser is always up to date. You can run multiple browsers in the custom environment on top of that which may be beneficial as well.
I cannot really recommend Browser in the Box right now because of this. While you may want to keep an eye on the application, it is best if you use a different software for that task. Sandboxie comes to mind for example.
Now Read: Make Firefox the Fort Knox of browsers
The browser used in the latest standalone edition is Iceweasel 17.0.9, a fork of Firefox that more or less works exactly as the browser. The core issue here is that 17.0.9 ESR is not the latest version, which means that the browser is vulnerable to security vulnerabilities that Mozilla fixed in newer versions of Firefox.
To put this in perspective, Firefox 17.0.9 was released in September 2013. The latest version is Firefox 24.0.2 ESR.
If you check the IceWeasel website for Windows, you will notice that the latest version of the browser has been released in September as well. This means that it is not the fault of Browser in a Box that the version has not been updated.
Still, in the end, it is their responsibility to select a browser that is secure and up to date, and if IceWeasel cannot deliver that, they should consider switching to another.
Anyway, you can install extensions from Mozilla's Addon repository, and if you have selected to keep persistent data, can make use of them in every browsing session.
If you plan to use the virtual browser, it is highly suggested to install security extensions such as NoScript to it to mitigate most attacks that target unfixed vulnerabilities in the product. While it may be unlikely that you are exposed to any depending on how you use the browser, it will improve security significantly all in all.
A safe browsing solution that uses an insecure version of a browser, that does not bode well. It is not clear why IceWeasel was picked by the developers instead of the regular Firefox ESR version.
Considering that IceWeasel for Windows has not been updated for a couple of months, and that Firefox was updated in that time, it may be time to rethink the decision.Advertisement