However, if you are paranoid about security, there is one browser that will reliably protect you from virtually all threats. It's a browser you already know: Firefox 4.0.1. Well, a boxed version of Firefox 4.0.1.
I am not exactly an adventurous Internet user as far as the dark corners of the web are concerned. Just I am not the kind of person to enjoy the silence in a dark alley in Chicago's south suburbs after dawn, I typically avoid websites I don't generally trust. I have had my fair share of spyware, trojans and other malware that caused me quite a bit of headache in the past and I am just more cautious than I was 10 years ago. Yet, that might change. I have just discovered a bulletproof wrapper for Firefox and, at least for now, I don't care that much anymore what is happening below the content the browser shows. There might be lots of malware and I really don't care anymore.
The reason is that I have started using BitBox as my browser for my general work-related tasks. BitBox is essentially a heavily armored version of Firefox 4.0.1 that is encased in Oracle's VirtualBox virtual machine (VM) environment that houses a secured Debian 6 Linux OS. That sounds relatively complicated, but once it is installed, this secure version of Firefox works just like a regular version of the browser. The difference is that it runs in a virtualized environment that is separate from your Windows XP/Vista/7.
The upside clearly is that you are dealing with a self-contained package. If you click on malicious malware, the usual EXE files cannot be executed in your Linux VM. You can download files, but they will not explicitly affect your Windows system and need to be manually moved out of the VM, if you have connected the drives. malware that infects Firefox during your session is automatically deleted the next time you start BitBox, as it always starts with its default configuration in the way it was installed. However, phishing attacks that target your personal data and may trick you in providing critical information will still require some common sense not to do so and will not protect you from the effects of such actions.
There are a few downsides. First, it is a hefty 990 MB download and the installed software will require almost 2 GB of space, as there is a need for Oracle's VirtualBox that is included in the package as well as a Debian 6 installation. Since the software is set back to a default level at every time it starts, it is not the most convenient browser to be used on an every day basis for the consumer. The deal breaker is its language. The software was developed for the German government and while it is available as a free download, it is only available in German. Unless you have basic knowledge of German, the installation will be a hurdle too high to overcome and even then it may be rather uncomfortable to be generally used.
The installation of the entire package is documented via PDF file and is somewhat straight forward, but some knowledge about virtual machines and virtualization in general does help when the individual components of the software are installed. In the end, you really want to know what is happening on your PC and you would want to know what effects a configured virtual drive on your PC has. Other than that, I was able to install BitBox within 15 minutes, once it was downloaded. The only criticism I would have is that developer Sirrix is not using the most recent version of Oracle's Virtual Box software (4.04 vs. 4.06). Custom configuration options include a specific download folder as well as a separate malware scanner as well as random root passwords for the virtual machine and proxy settings. During the installation, the software installs a Linux guest (Firefox) inside Virtual Box. Typically you would run the software form within VirtualBox, but Sirrix has managed to trim down the entire process to a single icon on the desktop.
I briefly mentioned it - this is not a browser to get deeply emotional about and discuss its performance features, but the concept is very compelling as far as browser safety is concerned. Plain browsing tasks make a lot of sense in such a package. In fact, I wonder, why such versions aren't offered by Mozilla and Google as well as Opera and Microsoft by default.
