"Oh.. borrow your friend's PC. After you finish browsing, ask them to re-install everything. Do this every day."
Have you ever wished you had a friend who was this kind?
This screenshot was taken from Windows Vista (see the tab at the bottom), running VirtualBox, which is running Linux Mint 12, which has Firefox browsing webpages and AdBlock Pro installed.
It is not the fastest way to browse the web. But it is the safest.
Why would you want to do this?
The advantage to running a virtual machine (VirtualBox, VMWare, there are many to choose from) - is that it sandboxes whatever applications are running on the machine. It's easy to take a snapshot of the machine's state and revert to that snapshot later.
Can't you do that in Windows? Yes. Sort of. Windows has System Restore - but it has it's problems.
Windows System Restore automatically creates restore points, that allows reverting the state of executable files. There are many details of System Restore I won't go into - nor claim to know anything about. What's important is - it's all automatic. If you wait a month or two, old restore points will be overwritten with newer restore points.
If you inadvertently install malware, if it isn't detected before an old enough restore point is overwritten, the only mechanism for removing the virus is an AntiVirus (AV) program, or manually. So you're at the mercy of AV and websites to keep your browsing safe.
Also, System Restore is a time consuming process. You might not want to spend 10 minutes every day restoring your system to a restore point. With VirtualBox, restore points snapshots can be restored relatively quickly, depending on the size of the virtual machine. I've got Linux Mint set up on a small, 8GB drive, so snapshots take about 15 seconds to save and restore.
My Horror Story
Last week I was getting ready to do my taxes on my laptop, when, browsing to yahoo.com to check e-mail, the website returned with "Welcome to nginx!". After looking into this problem for several hours, it became clear that:
1) no antivirus program website says anything about "Welcome to nginx!"
2) the anti-spamware program I was using didn't find all the cookies that another program found
3) the process for fixing "Welcome to nginx!" involved posting log output onto a forum and waiting for experts to respond with recommendations
4) "Welcome to nginx!" issues have been showing up for several years now, with apparently many different causes
Number 3 killed me. I didn't have several weeks to figure out what was wrong with my laptop - I needed to go forward with my taxes right away. And doing my taxes on a potentially infected machine was not an option.
Time to format the hard-drive and re-install the whole laptop from the ground up!
I suppose I could have relied on System Restore - but even if I reverted to the oldest restore point, there was no way to know if my system would be clean, because the source of the problem couldn't be found.
Using VirtualBox as a Sandboxed Browser
At this point it became clear that I would always be at the mercy of someone else to keep my system clean. Websites have to be free of malware. Antivirus programs have to stay up to date. It's an endless cycle of malware development and anti-malware response.
The source of all malware is almost always the internet. The only alternative is someone giving you a CD/DVD/USB disk that is infected.
So why not uninstall the browser from the main OS? This is exactly what running the browser exclusively on a virtual machine allows you to do. For most browsing it does the job quite adequately.
Do It Yourself Steps
Here's how:
- Download VirtualBox (or whatever virtual machine you like best). [If you like another virtual machine better - please tell me and I might switch.]
https://www.virtualbox.org/wiki/Downloads
- Download Linux Mint (or whatever OS you like best). [I like Linux Mint because it's free, and it comes with Flash Player, and websites like youtube and vimeo work fine.]
Download the iso image, which VirtualBox can open just as if it was an installation CD/DVD. You can also burn the iso image to a CD if you like - but it isn't required.
http://www.linuxmint.com/download.php (DVD, 32-bit - or try the others)
- Create a virtual machine in VirtualBox, set it up as recommended (1024MB RAM might be overkill, but it's what I'm using, and an 8GB disk, although smaller might reduce snapshot saving/recovering).
- Run the virtual machine in VirtualBox. This will bring up the first boot wizard and you can select the Linux Mint ISO file as a boot in the browse folder button. This is identical to booting a machine from a CD. Linux Mint should come up (it may require you to create a user account before logging in - just follow the steps).
- Install Linux Mint onto the virtual machine. Once the OS is up, you'll be tempted to run various apps - go ahead. But it's still running like an OS from a CD. The Install To Harddrive should be right there on the desktop which will start the process of installation. Run this. Answer all the questions. Wait for it to install, which takes about 20 minutes or longer. After the install is finished and Linux has booted up from the hard-drive, you can add the Guest Additions
- Install Guest Additions and a File Share. If you want to transfer files between your main OS and the virtual machine, install the guest additions from VirtualBox (not from Linux) - it's in the Devices pull down menu. It will start an app and it might complain "are you sure?" - type "yes" and hit return. When this has finished, you should be able to create a file share from VirtualBox as part of the virtual machine's settings. [If you took any machine snapshots before this, it may complain that the machine is not mutable and can't add a share, so do this before taking any snapshots.]
I created a file share called VirtualBoxShare. At this point, I could open a terminal (UXTERM or some such) and type "su" to log in as superuser, then type "ls /media" and sf_VirtualBoxShare shows up in the list.
- Mount the file share. This is optional. As superuser, you can transfer files around, but if you want access from the regular account, log in as su, and type "mount -t vboxsf VirtualBoxShare /home/<your username>/ShareDir" where you replace ShareDir with whatever directory you want, and <your username> with whatever your username is. If this doesn't work, try just typing "mount" to see all the mounts available and find the file share that VirtualBox created in the previous step. "chmod 777 /home/<your username>/ShareDir" or "chmod 777 /media/sf_VirtualBoxShare" might help too...
Bask In the Boundless Safety of Sandboxed Browsing
That's it. From there it was easy to take a screenshot from Windows, paste it into Paint, and save the file into the VirtualBoxShare directory I had set up on VirtualBox, then open Firefox from Linux Mint, log into blogger.com and post that picture by selecting it from ShareDir - the directory I had mounted.
[And at this point, there's really no more need for any browser in Windows. All file downloading can take place in the virtual machine, and files saved in the file share if you want to run them from Windows.]
Don't forget to take a snapshot of the disk image. Then upon closing the virtual machine, restore to the snapshot. Any malware that might infect the machine after taking a snapshot is wiped out in the few seconds it takes to restore to the snapshot.
