A few years ago I was really paranoid about web browsing. I read about drive-by downloads, ransomware, viruses, cyber espionage, and more. The web seemed like a good neighborhood turned wrong with danger lurking every corner. I decided to come up with a strategy for browsing the internet securely.

Strict Security Principles in Practice

I have a friend who is very careful about his web browsing. He clears his cache after every web session, even on his own personal computer. He uses a web firewall plugin for Firefox to avoid turning on unneeded JavaScript plugins. He is an epitome of a security engineer who practices his skills even in his personal life. Although I too was a participant in the security field, I was not willing to invest as much time to extreme security in my own web browsing.

My Personal Strategy

I instead decided to purpose computers to do different things. I had a laptop for paying bills and doing my online banking. I used a virtual machine running a live Linux operating system to browse web sites. I had another with no personal files just to watch online videos. Of course, I had my work computer to do my work. This seemed a little annoying and a little costly, but it helped me mitigate risks as long as I stayed disciplined.

As time passed, I realized it become challenging to stay disciplined. I would need to wait until I got home from work to check the balance of my checking account. I could not use YouTube or Netflix while I grudgingly paid my bills. Sometimes I would review my online financial statements from the wrong machine. My good intentions went by the wayside.

Attempting to Build a Better Experience

I resolved to solve this by creating a more secure web browsing experience. I liked having a virtual machine which would retain nothing about the web browsing history and any files from the operating system itself. If only I could replicate this experience in a much easier to use version. Rather than having to spin up a virtual machine, wait for the live operating system to load, log in, install any necessary software packages not part of the default system, and, finally, open a web browser, I resolved to have the browser already be ready to run.

I explored using containers. A container is like a virtual machine running a live operating system. Right? I soon came to realize a container has no display and exporting the display would require a cumbersome setup to export the graphical display to a Windows machine. Why was it so complicated to have a secure web browsing experience?

The problem seemed more complicated than it was worth it. I decided it was easier just to stay disciplined in my web browsing habits.

My Ideal Solution Now Exists

Three years later I learned about a startup called WEBGAP who was building a better approach to secure web browsing. This company isolates the web browsing experience from the machine. That is what I was hoping to do with virtual machines and containers. They achieved a more ideal solution. It renders the web page on their servers, filters out any notorious content, and sends the rendering to your own web browser. Why did I not think about that?

I no longer have to wait for a virtual machine to boot or to connect to a container. I can simply open my web browser, use the service, and the web site loads as if I navigated to it directly. Neat!

This service allows me to improve my secure web browsing experience. I can use the native browser to log into my sensitive accounts, e.g., banking sites, and use this service for anything else. Now I can browse the web with greater confidence by having a potentially insecure web site in one tab while having my banking web site in another.

Watching YouTube in one tab and doing online banking in another tab.

The remote browser isolation service provides benefits my own previous attempts failed to do:

  • It allows for highlighting the text and copying it into the clipboard.
  • It securely downloads files into my download folder.
  • It prevents right-clicking (in the desktop version), which prevents me from opening another browser tab without the remote browser isolation service running.
  • It stops any malicious files at their servers, which means malware will not spread to other computers on my network.
  • It protected me from logging into a web site where the domain was different than the page where I entered my credentials.

This technology should have been invented decades ago.

Conclusion

I am excited about using a remote browser isolation service to secure my web browsing. Whether or not you decide to use this service, I advise you to define your own secure web browsing strategy. Consider using the Batman threat model to determine what needs protecting and how you will achieve it.

Disclosure: The company gave me a free trial, but did not ask me to write this post.

Before You Go

A Note from the Author

Join the “Black Hat Chronicles” fan group to get updates on my writing and an upcoming book. Visit https://goo.gl/forms/mtdRcj3vDJF3qkGo1 to join.

Stay secure, Miguel

View my linkedIn profile

The awesome artwork used to head this article is called Lone Soul and it was created by TickTockRobot.