BitBox
| BitBox | |
|---|---|
| Basic data
|
|
| Maintainer | Rohde & Schwarz Cybersecurity GmbH |
| developer | Rohde & Schwarz Cybersecurity GmbH |
| Current version | 4.6.0 (Windows 7/8/10) |
| operating system | Linux , Windows from XP etc. a. |
| category | free security web browser |
| License | GNU GPLv2 , proprietary |
| German speaking | Yes |
| Browser in the box | |
Browser in the Box, in short BitBox, is a Web browser - software package for safe Internet browsing. The company Sirrix AG (since May 2015 Rohde & Schwarz Cyber Security, a subsidiary of Rohde & Schwarz ) it developed on behalf of BSI .
Task and development
The Federal Office for Information Security (BSI) commissioned Sirrix AG to develop the BitBox virtual surfing environment for comfortable and secure internet surfing by federal authorities . This has been available since summer 2011 and enables largely safe internet surfing.
In order to protect confidential, personal, company or secret data on a PC from unauthorized access or to ward off dangers, a wide variety of attack scenarios must be taken into account, especially when exchanging data. When surfing the Internet, the risk potential has been increased significantly with the introduction of Web 2.0 through " active content ", so that the risk cannot be controlled by a firewall alone . Rather, the interface to the Internet must also be delimited from the trustworthy area if possible without impairing the user.
Under the catchphrase “ Browser -in-the-Box”, a conventional Firefox or Chrome web browser is encapsulated by a virtual machine on a reduced, hardened, Debian Linux -based guest operating system in order to reduce the likelihood of malware penetrating the To reduce the host or base operating system. Any damage to the guest operating system is eliminated each time the browser is restarted by returning to a certified initial state.
In contrast to the sandboxing method of standard browsers, the virtual machine completely isolates the entire guest operating system and all activities of the browser from the base operating system. Only a shared folder is accessible in the basic operating system for a separate user account . All persistent configuration data (bookmarks, start page etc.) of the browser are saved here. All files downloaded via the Internet are also initially stored here before they are made available to the user in his usual download directory after being checked by an up-to-date virus scanner .
In addition to the extensive protection of the basic system against attacks from the Internet ("external attack"), uploading of files to the Internet - unintentionally by Trojans or targeted by employees - is effectively prevented ("internal attack") and thus confidentiality important company or government data is not already endangered by just providing Internet access.
The single-user version was free for private use, but has not been available since mid-2019.
Furthermore, the source code developed by Sirrix AG is published at regular intervals under the GNU GPLv2 license. Although there are performance losses due to the virtualization of the browser, these are so small with today's computer architectures that surfing is possible without noticeable restrictions.
criticism
- BitBox contains the Java runtime environment . This is not always up to date and is only updated with a new BitBox version. This would lead to severe security problems on conventional systems. By using the hardened operating system in the guest, however, the attack surface for an attacker is severely limited and thus prevents the exploitation of most known security gaps.
- Resetting BitBox has no effect on the installed extensions or toolbars in the browser. However, the installed add-ons are reset each time BitBox is restarted if the option for persistent data is set accordingly.
- BitBox forces the installation of its own VirtualBox version with proprietary changes, currently (August 2015) VirtualBox 4.3.20_Sirrix. An existing general VirtualBox installation must be uninstalled beforehand, even if it is the same (4.3.20) or a newer release.
System requirements
- Windows XP (up to version 3.2.3) / 7/8/10 and Linux
- min. 1.5 GiB free hard disk space
- 1 GiB RAM at least, 2 GiB or more is recommended
- current hardware (e.g. processor virtualization )
See also
Web links
- BitBox: Product page of the manufacturer Rohde & Schwarz Cybersecurity GmbH
- BitBox: Information from the manufacturer
- BitBox download and brief description from heise.de
- BitBox download and brief description from Chip Online
Individual evidence
- ^ Homepage Rohde & Schwarz , accessed October 10, 2017.
- ↑ Alex Hofmann: Security startup Sirrix goes to Munich tech company. In: gruenderszene.de. Gründerszene, May 6, 2015, accessed on January 22, 2017 .
- ↑ Pcwelt.de: BitBox (Browser-in-the-Box) , accessed on February 13, 2015.
- ↑ R&S Browser in a Box. Retrieved April 4, 2020 .