Security is an oft-debated topic in the ongoing browser wars, but there’s no denying that malware is a common problem for all of the leading contenders.
A new solution launched this week by German Sirrix AG, however, uses Firefox 4, Linux and virtualization to create what it calls a “browser in a box” that keeps all malware isolated and out of the user’s main operating system.
Originally created at the request of the German federal government, BitBox (short for “browser in the box”) runs on Windows XP, Vista and Windows 7 as well as Debian Linux, Ubuntu, OpenSUSE and Gentoo, allowing users to surf the Web worry-free, Sirrix says.
Safer Than Sandboxing
BitBox’s security derives from the fact that the browser runs in a virtualized environment using VirtualBox 4.04 and a hardened implementation of Debian 6 Linux. The included browser–Firefox 4–then runs in a separate virtual machine with its own operating system, keeping it completely separate from the rest of the user’s system.
Unlike the simple sandboxing system of standard browsers, in other words, BitBox runs a completely separate guest operating system and keeps all browser activity isolated and away from the base operating system.
Downloads, cut-and-paste capabilities and printing are all kept secure; only a shared folder is in the base operating system, accessible through a separate user account. Uploads, meanwhile, are not enabled, nor is Internet access through the base operating system.
Perhaps best of all, each time the browser is restarted, it gets reset to a certified boot image, thereby eliminating any malware that might have gotten through in the previous session.
An Enterprise Version
For users, BitBox is designed to feel no different from any standard use of Firefox 4. The software is available for free download by individual users and requires no special expertise to install, Sirrix says. It’s also available on DVD.
An extended enterprise version for centrally managed IT environments, meanwhile, offers additional features for a fee. In corporate settings, for instance, a tunnel between the BitBox browser and a central Internet gateway is transparently integrated, thereby ensuring a reliable separation between the Internet and the corporate intranet.
Client applications, then, can access only the internal corporate network, for example, while BitBox is tunneled to the outside and can access only Internet information in isolation.
A central management system, meanwhile, offers a simple way to manage security policies, configurations, certification and distribution.