|At a glance|
|Product||Bitdefender Box () [Website]|
|Summary||Security appliance designed for home use|
|Pros||• Does not need to be inserted between router and network
• Includes Bitdefender software subscription
• 24×7 phone support
|Cons||• Inspects only outbound traffic to internet
• Not easy to install
Bitdefender is a Romanian cybersecurity and anti-virus software company founded in 2001, serving both corporate and home users. Like other AV and anti-malware companies, Bitdefender’s products are available in different suites covering Windows, Mac OS, Android and iOS devices.
However, today’s security threats aren’t limited to devices running popular OSes. So Bitdefender Box was launched back in 2015 to address security for the Internet of Things. The product has had time to evolve since then. So I expected a mature product, capable of handling most anything thrown its way. That’s not what I discovered, however.
On the surface, the Box is a pretty unassuming device. It is a small white plastic square measuring just 3.5″ x 3.5″ by 1.1″ high. The front has a single LED on the underside, and the rear has just two 100 Mbps Ethernet ports and power port. So if you have internet service over 100 Mbps, you can skip the rest of this review.
I’d show you a picture of the Box’s components, but Bitdefender made the box with a plastic clip that would have broken had I tried to pry it open. This 2015 DigitalTrends review says Box has a single-core 400MHz MIPS microprocessor, 16 MB of flash and 64 MB of DDR2 RAM. It also has a 2.4 GHz 802.11bgn radio that is used only if you configure Box as a router.
Bitdefender Box Rear
Before physically connecting the device, you install the Bitdefender Box App on your iOS or Android device. Note, the Bitdefender Box App is different from the Bitdefender Box Agent. The App is used to manage the Box and the network and provide notifications of issues on your network. The Agent is installed on devices and provides additional security protection. I’ll describe both the App and Agent in more detail throughout this review.
The Bitdefender App can be installed on iOS and Android devices. I installed the Bitdefender Box App on my iPhone 6s running iOS 10.3.3. I then followed the instructions on the printed installation pamphlet that came with the Bitdefender Box. The installation methods include installing the Box with a router, with an Apple Air Play device, or without a router. I followed the instructions to install the Box with a router.
Once the App is up and running, you’re able to connect the Box to your network and complete the install steps on the App. The primary installation method for the Box is to connect a single Ethernet cable to either of the Box’s Ethernet ports and the other end of the Ethernet cable into a LAN port of your router as illustrated below.
Bitdefender Box Installation
Once connected, the Box will send a DHCP request to your router to get IP address information. The Box will then statically assign itself an IP address and subnet mask on the same network as your router, as well as statically assign the router’s IP as its gateway. The Box will then try to access your router and disable its DHCP server. If the Box can’t access your router and disable your router’s DHCP server, as in my case using a Ubiquiti Edge Router Lite, you’ll be directed via the App to log into your router and disable the DHCP server on your router manually.
Once the DHCP server is disabled on your router, the Box will become the DHCP server for the network. The Box will provide IP addresses on the same subnet as the router via DHCP to all devices on the network. In addition, the gateway and DNS IP addresses provided by the Box to your devices will be the Box’s IP address.
The Bitdefender Box relies on your router to manage your Internet connection, and per Bitdefender, “Box has no perceivable impact on your network as long as your Internet speed does not exceed 100 Mbps.”
Once the Box is installed, the App presents a message that it will take an hour to see details about your home devices, as shown below. I confirmed with Bitdefender tech support that information in the App refreshes every 60 minutes.
Bitdefender App Startup
How Does It Work?
Devices protected by the Box will now have an IP address on the same subnet as the Box and your router, and the Box’s IP address as both their gateway and DNS server. When a device on the network sends data to the Internet, such as a request for a web page, it will send the request to its gateway, which is the Box.
Here’s where it gets interesting. The request sent by your device has your device’s IP address and MAC for source addresses, plus the website’s IP address and the Box’s MAC address as destination addresses. So the Box will inspect the request. If the Box deems the website you’re going to is potentially unsafe, it will drop the request
If the request is deemed safe, the Box will rewrite the request with the device’s IP address and the Box’s MAC address for source addresses, plus the website’s IP address and the router’s MAC address as destination addresses. The Box will then forward the request to your router.
Your router will receive the request, strip off the MAC addresses and perform Network Address Translations (NAT) where it will rewrite the request with the router’s IP address as the source and the website’s IP address as the destination. The router will update its NAT table to remember the request came from your device’s IP address. The packet will then be forwarded out your Internet connection.
Once the packet returns, your router will check its NAT table and see the above request for the web page came from your device’s IP address. The router will then rewrite the packet with your device’s IP address as the destination.
Now comes a key sequence. Since the router didn’t receive the original request from your device but rather the Box, it doesn’t have your device’s MAC address in its ARP cache. Subsequently, the router does an Address Resolution Protocol (ARP) request to get the MAC address of your device. Your device will reply directly to the router’s ARP request with its MAC address, allowing the router to forward the packet withyour device’s IP address and MAC address as the destination addresses. This allows the router to forward the return traffic directly to your device, bypassing the Box!
The above may seem overly detailed, but it highlights a key aspect of how the Box inspects traffic. The Box inspects outgoing traffic only!
I also noticed the Box does not inspect DNS requests. Although the Box announces itself via DHCP as the DNS server on your network, it is simply forwarding DNS requests to the DNS IP addresses it received via DHCP from your router.
The Box stops you from getting to a malicious site by inspecting outbound traffic. All outbound connections are checked against the Bitdefender cloud. If the URL you’re trying to reach is detected as malicious, the outgoing request will be dropped and the App will present a message like the phishing protection message I received while browsing the Internet from a PC behind the Bitdefender Box.
Bitdefender Browsing Protection
The Box also continuously scans your network for possible security holes. According to the User Guide, the Box “scans your network and identifies all vulnerabilities present on the connected devices and network equipment that can lead (to) remote, unauthorized access, data theft or malicious attacks” by doing a Vulnerability Assessment. You are then notified of detected vulnerabilities via the Bitdefender Box App. The Box didn’t detect any vulnerabilities on my network.
To test if the Box protects against Denial of Service (DoS) attacks, I used Nmap‘s packet generator, nping. As a baseline test, I sent 1000 TCP SYN packets at 1000 pps from a test PC to a second PC running the Bitdefender Agent (which I’ll cover shortly), with both PCs on a network outside the Bitdefender Box network. My PC with the Bitdefender Agent saw and replied to all 1000 packets, meaning the Agent didn’t detect a possible DoS attack. Below is the nping command I ran from my test PC.
nping -tcp -p 5000 –flags SYN -c 1000 –rate 1000 172.24.2.100
I then ran the same nping test, this time with my test PC outside the Bitdefender Box network and the PC running the Bitdefender Agent inside the Bitdefender Box network. I got the same result. My PC with the Bitdefender Agent saw and replied to all 1000 packets, telling me the Box didn’t detect a possible DoS attack. To be fair, I didn’t expect the Box to detect this traffic, as it would have to inspect incoming traffic to do so.
I also used the nping command to detect if the Box detects a high volume of outgoing traffic, such as might be generated by a zombie device participating in a DDOS attack. With my test PC behind the Box, I used the same command as above and targeted my router outside the Box network. My test PC successfully sent 1000 TCP SYN packets in 1.83 seconds to my router outside the Box network without triggering a warning or block from the Bitdefender Box. The end result of these simple tests is it appears the Bitdefender Box does not detect potential DoS attacks, either incoming or outgoing.
Parental controls are not part of the Bitdefender Box solution, either via the Box or the Agent. However, with your Bitdefender Box subscription, you can install Bitdefender Total Security for Windows, Bitdefender Antivirus for Mac and Bitdefender Mobile Security for Android devices. Only Bitdefender Total Security for Windows software includes Parental Controls. These three software solutions are outside the scope of this review.
To test Bitdefender’s Anti-Malware protection, I used the malware test site http://www.wicar.org/test-malware.html.
First, I used a PC without the Bitdefender Agent but with Microsoft Defender to see what would happen. When I tried to download the test malware with the Google Chrome browser, I got the warning shown below, meaning Chrome blocked the test malware.
Google Chrome Anti-Malware Protection
Second, on the same PC without the Bitdefender Agent but with MS Defender, I tried to download the test malware with the MS Edge browser and got th warning shown below. As you see, MS Defender detected the test malware.
Microsoft Anti-Malware Protection
Third, I took a second PC running Bitdefender Agent and connected it behind Bitdefender Box. When I tried downloading the test malware, I got the below warning.
Bitdefender Anti-Malware Protection?
As you can see in the lower right, it says "Found some malware. Windows Defender is removing it". I found this result interesting, as I had disabled MS Defender on this PC when I installed Bitdefender Agent. This made me wonder if Bitdefender Agent works with MS Defender to block malware.
So, for my fourth test, Idisabled MS Defender on my second PC. Doing so gave me the message you see in the bottom right that says"Windows Defender and Box Local Protection are both turned off".
Disable Defender = Disable Bitdefender Agent
Fifth, and last,I tried to download the test malware with my PCprotected by the Bitdefender Box but with MS Defender and Bitdefender Agent disabled. As you can see, I was able to download the test malware.
No Defender + No Agent = No Malware Protection
These results led me to some interesting conclusions. MS Defender and Google Chrome, as shown in my first and second tests, detected the test malware, without Bitdefender Box. In addition, as shown in my third and fourth tests, it appears the Bitdefender Agent works with MS Defender to block malware. Last, with MS Defender disabled and subsequently the Bitdefender Agent disabled, I was able to download the test malware leading me to conclude the Bitdefender Box does not detect malware.
Guest vs. Family
Once the Box is installed, it scans your network for devices and places all devices into the default Guest category in the Bitdefender Box App. Guest devices are protected by the Box only when they are on the Box protected network.
Using the Bitdefender App, you can manually move devices from the Guest to Family category. As you can see below, I have 4 devices in the Family category, and 2 devices in the Guest category.
If you change a device from Guest to Family, you can enable Manage this device, Local Protection, and/or Private Line protection on a Windows, Mac, or Android device. On an iOS device, you can enable Manage this device and/or Private Line Protection. Enabling any of these options on a device requires installing the Bitdefender Agent. In my anti-malware tests above, I had the Bitdefender Agent installed on one of my Windows PCs.
The Bitdefender Box inspects outgoing traffic from each device on your Box network. The Bitdefender Agent complements the protection provided by the Bitdefender Box with various features, depending on your device. The Bitdefender Agent installs on Android 4.0 and higher, iOS 7 and higher, Windows 7 and higher, Mac OS 10.7 and higher. The table shows Bitdefender Agent services by operating system, as listed in the Bitdefender Box User’s Guide.
|Windows||Mac OS X||iOS||Android|
|Personal Hot Spot||X||X|
Bitdefender Agent Service support (X = supported)
The Private Line feature is offered across all operating systems. The User’s Guide describes the Private Line as a Virtual Private Network (VPN) feature that provides "persistent protection for your devices even when they are outside the Box network". When you activate the Private Line feature, Bitdefender BOX will set up a secured VPN connection to protect your mobile devices outside your home network.
The remaining Bitdefender Agent features vary, based on operating system.
- Local Protection scans Windows files for malware and monitors applications for “malware-like” actions.
- System protection checks whether your operating system is up to date. TheBitdefender App provides notifications of applications that should be updated.
- Password/passcode protection checks to see if your passwords are considered “strong,” meaning they contain a combination of upper and lower case characters, as well as numerical and special characters such as #, $, or @. The App will display an icon indicating whether detected passwords are considered weak or strong.
- Vulnerability protection detects outdated applications. This protection is provided by the Agent and not to be confused with the network Vulnerability Assessment provided by the Box described previously.
- Free Space protection monitors your free space capacity to ensure temporary files and the browser cache don’t overload your system and slow it down. Free Space can be cleared from the Bitdefender App.
Local Protection on a Windows PC will run only if no active antivirus solution is detected. The User Guide instructs to remove any antivirus solution installed on your PC or the Local Protection feature will stay disabled.
I disabled Microsoft Windows Firewall and Defender on my Windows 10 PC, set it up as a Family device on the Box App, and enabled Manage this device, Local Protection and Private Line. The App tells you to browse to any web page like www.bitdefender.com in the device and an invitation to install the Agent will open in the browser. I was able to browse to yahoo.com without an invite. I then browsed to www.bitdefender.com, received the invite and clicked Join.
My PC downloaded the Agent executable, which I then installed. However, the Agent didn’t seem to do anything, and I noticed my PC was no longer listed in either the Family or Guest device list in the Bitdefender App. At this point, I concluded there was either an installation problem or user error, so I called Bitdefender support. Bitdefender Box offers free 24×7 phone support, and I was impressed that I got a live body on a weekend evening to assist me. The tech walked me through resetting the Box, and eventually we got the Agent to install on my PC.
As you can see in the screenshot, my Windows PC is listed in the Bitdefender App as a Family device, and Bitdefender has done a vulnerability check, checked for updates, password security, and free space.
Bitdefender Windows Agent
- Local Protection on a Mac OS X PC protects against infected files and automatically attempts to block or remove them. If the Agent can’t automatically block or remove the file, the App will notify you and you’ll have the option tomanually delete the file. The User Guide does not instruct to remove anti-virus software from a Mac.
- System, Password, and Free Space protection for a Mac is the same as for Windows.
- I did not test the Bitdefender Agent on a Mac OS machine.
- Passcode protection on an iOS device (such as an iPhone) is the same as described for a Windows device.
- Personal Hot Spot protection will inform you (via the App) that the Personal Hot Spot feature is enabled on your device.
- Antitheft protection will allow you to either lock your device from the App so it is accessible only via a PIN you set in the App, or Wipe your iOS device from the App to return it to factory defaults.
- Data Roaming protection on an iOS device will allow you to manage data traffic on your device when away from your network.
To test the Bitdefender Agent on my iPhone, I enabled Family protection on the Bitdefender App for my iPhone, and then enabled both Manage this device and Private Line, as shown in the image below.
Bitdefender Agent iOS
The smaller print on the bottom says “Pending Activation. To activate these options on (device) please visit any web page and an invite will open in the browser." I then went to a web page using the Google browser and got the prompt shown below to install the agent.
Bitdefender Agent Invite
I clicked on Join, but nothing seemed to happen. I again consulted Bitdefender tech support, and they advised that you can install the Bitdefender Agent on iOS using only the Safari browser. I eventually got the Bitdefender Agent to attempt to install, but then ran into the problem that I was already running “Mobile Device Management” on my iPhone, as shown below.
Mobile Device Management
To securely run various applications with my day job, we use a Mobile Device Management profile, and it appears an iPhone only allows you to run one Mobile Device Management profile on your device. Subsequently, I was not able to test the Bitdefender Agent on my iPhone.
- Local Protection inspects files for malware as they are installed on your device. You’ll receive a notification via the App if malware is detected.
- Passcode protection – same as previously described.
- Location protection shows your device location via Google Maps. It also provides the option to lock or wipe the device, as described above for an iOS device and allows you to enable an audible alarm on a lost device.
- Personal Hot Spot protection – same as on an iOS device.
- Data Usage protection allows you to set a data limit. A notification will be presented on the App when you are close the limit. If the limit is reached, your device will no longer be allowed to transfer data of the cellular network.
- I did not test the Bitdefender App on an Android device.
Bitdefender Box may have had the field to itself in 2015. But today it is competing with many other products. Mainstream consumer router makers are waking up to the heightened risk of life on the internet today and adding security features to their products. Luma was the first Wi-Fi System maker to include security features in its product when it launched last year. Many of this year’s crop of Wi-Fi Systems also have security features, including TP-Link Deco’s HomeCare, eero Gen 2’s Plus and ASUS Lyra’s AiProtection, which is also available on many of its RT series routers. And then there is Norton’s Core router, which has recently started shipping.
More direct competition for Box comes from the Cujo Smart Firewall that I recently reviewed. Both Cujo and Box provide browsing protection, but I found that neither do much for DoS or Parental Control security. However, Cujo inspects both incoming and outgoing packets, allowing it to detect malware, while the Box only inspects outgoing packets and relies on software to detect malware.
Bitdefender Box is listed at $129.99 on the Bitdefender website and includes a 1 year subscription to Bitdefender software. Cujo is listed at $99 for the device and $8.99/month, or $158 for the device and first year of service, or $249 for the device including a lifetime subscription. eero wants 10 bucks a month ($99/year) for Plus, while TP-Link and ASUS are not charging for their security features.
I end my tests of the Bitdefender Box underwhelmed. It provides some network protection in the form of browsing protection and vulnerability scanning. However, the Bitdefender Box doesn’t provide Parental Controls and doesn’t inspect incoming traffic. Further, it requires installing software on your devices,which I found challenging, for more complete protection. Bottom line: I wouldn’t choose Bitdefender Box as a security solution on my network. Maybe they’ll do better with Box 2.