Can't find the answer?

Click here to request support from a Secure Command representative.

Request Support

Internet Cleanroom Personal Edition Browser

User Guide

Chapter 1

Introducing Internet Cleanroom™ Personal Edition Browser

Secure Command’s Internet Cleanroom™ Personal Edition Browser is a patent-pending revolutionary approach to surfing the Internet securely.

Internet Cleanroom™ fully virtualizes the Firefox™ browser in its own operating system transparently to the user. When you launch our browser, we create a virtual machine and operating system on the fly in which the browser runs. The virtualization is done behind the scenes (though you’ll see some hints of this when it starts), so that all you need to do is just launch the browser as you normally would but get high security protection against Internet threats.

Now when you surf the Internet from Internet Cleanroom™, all your actions will be contained within the virtual machine. Any malicious code that downloads will be contained within this virtual environment from which it cannot escape. Every time you terminate the browser, any malicious code is wiped out regardless of what type or whether it has ever been seen before.

Just as importantly, every time you start the browser it starts in a pristine state with no spyware, adware, or other malicious software running in the virtual machine.

Internet Cleanroom™ also gives you the ability to surf with privacy. When this option is enabled in the preferences menu (and it is enabled by default), the machine starts in an anonymous state with no information about you. This means the web sites you visit will not have any cookies or personal information about you on your machine they can use to track you. Likewise, after your session is finished, any information left in the virtual machine about where you visited is wiped away. Any cookies that may have been deposited are also discarded. No history of your session is retained.

Alternatively, you can keep your bookmarks, history, web passwords, cookies, and extensions from session to session to make your web browsing experience seamless from session to session by clicking the appropriate option in the preferences menu, with no loss of security.

With this brief introduction, jump in and use Internet Cleanroom™ just like you would your normal browser – just don’t confuse the two as they have very different security properties. Look for the Internet Cleanroom™ logo in the upper right hand corner to know if you are surfing in a safe browser!

Back to top

Chapter 2

How it Works

Internet Cleanroom™ Personal Edition Browser provides you full protection against a wide range of Internet-based threats, including hackers, downloaders/droppers, password stealers, key loggers, botnets, spyware, Trojan horse programs, and even rootkits that attempt to download to your machine when you surf the Web.

The approach we take is very different from current approaches you find on the desktop today, and compatible with them all the same. Current approaches try to find malicious software on your desktop, and then remove them. The problem with this approach is that the security software has to know the signature of the malicious software in order to find it. If the malicious software changes its code by a few bits, then it can foil these signature-based techniques. The other problem with these approaches is many forms of malicious software are sophisticated enough that they compromise the operating system to lie to the security software about their presence. Finally, once malicious software installs itself on your system, it is very difficult to get rid of it without rebuilding the host operating system from scratch. In other words, closing the barn doors after the horse has already bolted isn’t very effective!

Internet Cleanroom™ works by launching a Firefox browser in its own operating system — an Ubuntu™ Linux environment that runs in a virtual machine. In this case, we use VMWare®’s Player™ to provide the virtual environment. Internet Cleanroom™ provides the operating system and browser. When you launch the Internet Cleanroom™ Personal Edition Browser from the desktop, we create the operating system in its pristine state using VMware Player™ and launch the browser from within the pristine operating system. Fortunately, we take care of handling all the details for you, so all you have to do is launch the browser just like you would any other browser.

The approach we use shown in Figure 1 is whole system virtualization. In other words, we run the browser in its very own operating system, called the guest operating system, not as part of your host operating system. We use an Ubuntu™ Linux operating system to run the browser. Since we use a different operating system from your Windows host Internet Cleanroom™ provides even more security through diversity. Since we run the browser in its own operating system, this means that whatever happens in the guest operating system stays in the guest operating system, as depicted in the Figure 1.

Don’t be fooled by weaker approaches that run the browser natively on your host operating system – these other approaches will still pose significant risk to your host operating system. Also because we terminate the guest operating system and restore its pristine state every time you start the browser or restore it (manually or automatically after a configurable exposure time), we ensure that any malicious code that may have downloaded or hackers that may be in the guest system are wiped out. This is effectively like re-building your operating system from scratch every time you run your browser, but it takes seconds to do it rather than hours.

Figure 1: Virtualization is used to block attacks against the browser
and its operating system from infecting your host operating system

Back to top

Chapter 3

Getting Started

Step 1: System Requirements

To get started, first make sure you meet the following system requirements.

System Requirements:

For installation, Internet Cleanroom™ requires approximately 1GB of disk space to install the guest OS and Internet Cleanroom™ software and related software distributions.

Step 2: Download Software

a. Visit http://www.vmware.com/download/player/ to download VMware Player® 2.0 or later. VMPlayer is required to run Internet Cleanroom™ Personal Edition Browser.

b. Visit http://www.securecommand.com and download Internet Cleanroom™ Personal Edition Browser software. This software distribution includes Internet Cleanroom™ Console, ICSupport application, Firefox® 2.0, Ubuntu™ 7.0.4 Linux operating system, cwRsync, Xming, and the Java™ Runtime Environment 6.x.

Step 3: Install Software

a. Login as Administrator (if required) on your machine.

b. Install VMPlayer® 2.0. After installing, VMPlayer® will ask you to restart your machine. After re-starting your machine, launch VMPlayer® the first time and accept the End User License Agreement (EULA). Close out VMPlayer.

c. Install Internet Cleanroom™ Personal Edition Browser by double-clicking the Installer icon:

Figure 2: Follow the standard installation process from the InstallShield window shown here.

Step 4: Run Internet Cleanroom™ Personal Edition Browser

Figure 3: Internet Cleanroom™ Personal Edition Browser and Console
Back to top

Chapter 4

Internet Cleanroom™ Console

The Internet Cleanroom™ Console appears when you first start Internet Cleanroom™ Personal Edition Browser. Its purpose is to provide you control over the virtual machine the browser runs in, and also to inform you of the current status of the virtual machine.

Figure 4: Internet Cleanroom™ Console window shows the status of the Browser VM

The console normally lives in the system tray. You can make it disappear when you don’t need it by closing it. When you need it, simply double-click on the IC system tray icon.

The console shows you the current status of the virtual machine, which ranges from Inactive, Starting, Good, Cautionary, or Restore Now! with color states gray, blue, green, yellow, and red respectively. The VM Name shows the name of the VM, which for IC Personal Edition Browser will be Browser VM. The Time to Restore shows the amount left until the VM will enter the Restore Now! state. The longer it is exposed the more likely it is to be compromised. Therefore, the Time to Restore is configurable to restore the machine periodically. Alternatively, you can manually restore using the Restore button on the console, for instance, before you enter your user name and password on sensitive sites. The Status field provides information on the current status of the virtual machine. The Restore button can be pressed to restore the virtual machine back to its pristine state. You may do this at any time to start in a pristine state.

For the public beta edition, the Restore Now! condition is reached only when the Time to Restore timer counts down to zero. This indicates that the machine has been exposed to the Internet sufficiently long that you should restore the machine before entering any sensitive information into the browser such as user names and passwords. With auto-restoral enabled, the browser will automatically restore when the Restore Now! state is reached. See Chapter 5 for information on how to configure these preferences.

Back to top

Chapter 5

Setting Your Preferences

Internet Cleanroom™ Personal Edition allows you to set several preferences. To set preferences, from the Internet Cleanroom™ Console window choose File->Preferences.

Figure 5: Preferences window for Internet Cleanroom™ Personal Edition

From this window you can set your preferred browsing choices:

By default, Internet Cleanroom is configured to the Privacy state enabled. This means the machine will start in an anonymous state with none of your personal information on the guest operating system. Starting in an anonymous state will keep web sites from grabbing information about you (such as from cookies) from the browser machine. Further more, any remnants of your session that are stored on the virtual machine will be automatically removed after your session ends on the next restore or browser launch. This ensures that no one will be able to access your history records or cookies to see where you might have gone during your privacy session.

NOTE: Though the remnants of your session will be eliminated from the virtual machine, any network recording or network logs of your session, including your IP address, will not be altered or anonymized in any manner. 

While you may surf with the Privacy option for when you desire a private session, it is often useful to surf while retaining certain data from session to session. To keep data from session to session, check the Keep Personal Data option and select which data to retain from session to session, including web site passwords, cookies, history, bookmarks, and extensions. Keeping this data from session to session makes for a seamless browsing experience. However, you may selectively uncheck data you do not want to keep persistent from session to session.

NOTE: While this data is kept from session to session, all other data downloaded from the session, including any files you may download will be eliminated after the session is terminated or restored.

Figure 6: Auto-restore preferences

At the top of the preferences window, you have the option of enabling or disabling the auto-restore option. The auto-restore option will automatically restore the browser to its pristine state after a specified restoral period (configured in the Advanced option). This is useful to ensure that the browser machine is periodically “cleansed” of any malicious software or hackers that may have downloaded onto your guest machine. Click the Advanced button to set your auto-restoral preferences, including to prompt when the restoral period expires before auto-restoring and to provide warnings when the browser is about to restore itself automatically.

NOTE: When the browser restores itself, all data in the current browser session will be lost. For this reason, it is good to keep the Prompt notification enabled in case you are in a session you cannot terminate without losing data. After you complete your online session, then you can restore.

The restoral period can be set to any desired period. By default it is set to 2 hours. Increase or decrease it to your liking.  If auto-restoral is disabled, the browser will continue to run indefinitely until terminated by the user. Alternatively, the user can manually restore the browser through the console interface (see Figure 4).

NOTE: It is a good idea to manually restore the browser if it has been opened for an extended period of time before going to a site where sensitive information such as your user name and password will be entered. This will ensure any spyware or malware that may have downloaded during your session is automatically eliminated. Once the browser is restored to its pristine state, you can log in knowing that the machine is in its pristine state without any malware in the guest operating system running.

Back to top

Chapter 6

Trouble Shooting

If you run into trouble during installation or running Internet Cleanroom™ Personal Edition Browser, please see our Support web page first at: http://www.securecommand.com/support.htm .

Below is a list of some common problems you may run into.


Back to top

Chapter 7

Software Manifest and Resources

Internet Cleanroom™ Personal Edition Browser Public Beta 1.0 contains the following software distributions:

and the following 3rd party software:

All third party software is owned, trademarked, and provided under license by their respective owners. Please see their respective web sites (provided above) for questions on support and for software source code.

Back to top