April 10, 2020

Thoughts on the BitDefender Box 2

The BitDefender Box 2 is a device that promises to help the security of your network, in particular with all the IoT devices that fill the typical home these days. The key features it advertises are detecting anomalous behaviour from devices, protecting users from malware and phishing in addition to the usual parental control features and blocking users from sending sensitive data over insecure connections. This product sounded interesting to me, and I felt the extra layer of protection may be useful for my parents. With that in mind I got this product at the end of this year to test it out on their network.

Bitdefender Box 2 provides a fairly nice summary of approximate traffic over the last 24 hours. Bitdefender Box 2 provides a fairly nice summary of approximate traffic over the last 24 hours.

How it fits into the network

The Box 2 is a pretty flexible device in terms of how you set it up and by default will provide WiFi. I set it up a bit differently as there was already a mesh WiFi setup in place. Therefore my final setup was Modem -> BitDefender Box 2 -> Switch -> WiFi. The switch was in place because there were several devices which needed a wired connection and this way that wired traffic is still filtered via the Box 2.

If you are just using the modem/router combo that your ISP provided you for WiFi, then you might as well go ahead and just do the ISP device straight into the BitDefender Box 2 and now use the WiFi from that. In the event you find the WiFi lacking you can always setup a more powerful WiFi router or mesh WiFi later. The setup process is via an app which will guide you through the default setup and prompt you to disable wifi on your ISP router and provides the option to copy the configuration for you. I did not test that functionality, but I have read reports that it works well as long as your device is on their list. An example setup process for a personal router is here.

Security features

Vulnerability Scanning - This is one of the most visible features because it will pop up as a notification every time a new device connects to your network. So far all but one device has received a green ‘no vulnerabilities detected’ report. The one device that did not was a device which according to the report had an outdated library in use which could allow privilege escalation, remote code execution etc. At this point, of course, there is not much you can do to improve the situation if the firmware is already up to date, but the BitDefender Box promises it will keep your device protected. The box will presumably block any external connections which attempt to reach this device on that port. If the threat is inside the network I am not sure if it would be able to do so much, I could telnet to the vulnerable port, but that would be expected as it was a web control panel for the device. Perhaps it could detect malicious actions as it does perform deep packet inspection (DPI), but I would suspect it is more about protection from external threats.

You can choose a device in the app and see any vulnerabilities. You can choose a device in the app and see any vulnerabilities.

Malware & phishing protection - I tested this functionality by visiting some ‘test’ malware and phishing sites. These are sites used for testing AV software which is meant to be universally flagged despite not actually containing anything malicious. In this it performed as expected and blocked the connection, I also tested a few actual reported phishing websites, and those were also blocked correctly. I did not visit any real malware sites, but I became aware that a few weeks after installation that a block had occurred after one of my parents clicked a bad link. So I have reasonable confidence in this feature, I would definitely not rely on it to be 100% successful, but I would not rely on any security solution to do that. Overall I feel this does add an extra layer of protection and in particular, for those less confident safely browsing the web it can be a useful additional safety net.

IOT protection - I cannot comment on this feature other than what I mentioned above with the vulnerability scanning. The Box 2 does prompt you when it does some sort of action, and so far I have had none concerning an IoT device misbehaving. In the event something was misbehaving, such as a security camera, then I would expect to get a notification and the device to be blocked in some manner.

Security software - Perhaps the biggest argument for how the ongoing subscription is a great value deal is that you get the suite of security software included in the subscription for all the devices in your home including Windows, Mac, Android and iOS devices. This is perhaps less of a draw for those who prefer just to run the very capable built-in AV, but the target market of this device is likely to include those that might prefer something like BitDefender. As a suite of software which has scored highly in many tests, you could certainly do much worse than to use this software, and it comes with a host of other features such as parental control, remote wipe and so forth.

The BitDefender Central app

The app is being frequently updated so a lot of this may change, but at the time of writing, I have found it a perfectly competent app though it does feel like it could be a bit more polished. One of my favourite features is the nice view of how much traffic has passed through the network over the last 24 hours, while this is not the most useful information I find it quite interesting to see when the peaks are.

On the app, you can also see the report on any threats over the last few days and click through to find out more. Also, this will highlight ‘at risk’ devices, this will usually be devices that you have installed BitDefender on, but part of the protection is off.

If you have a child, this is also where you can use the parental control features such as to pause the internet for them. In a similar vein, you can enable privacy mode to disconnect the connection for dedicated smart home assistants such as HomePod, Alexa and Google Assistant devices. This will not block the connection to phones or prevent the endpoints used by these services, just the physical devices themselves.

The competition

The original BitDefender Box is widely credited with being the first consumer device of this type on the market and has focused on the fact that with more and more devices on your network that you do not control you may want some security for that. There a number of competitors for this which also charge a subscription including the subjectively attractive Norton Core and F-Secure Sense. However if the subscription is something that puts your off, or you want something with a bit more user configuration then take a look at Firewalla. They have a number of different versions to suit your performance needs and provide a long list of features.

Final thoughts

In conclusion, I feel the device is a very solid purchase for anyone wanting to add another layer to their home network security, and in particular for the target market who want something that requires minimal setup and maintenance. Though this is by no means a substitute for taking care and not clicking links that you are not expecting or from emails trying to create a sense of urgency to rush you into action without taking time to think.