Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    719
    Thanks
    11
    Thanked 70 Times in 55 Posts

    Web filtering keeps you a little safer




    TOP STORY


    Web filtering keeps you a little safer


    By Susan Bradley

    Web-filtering services can provide additional security and protection from Malware.

    Several vendors now provide this valuable service.

    The full text of this column is posted at windowssecrets.com/top-story/web-filtering-keeps-you-a-little-safer/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Oct 2003
    Location
    Ohio
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Setting the DNS is a little hassle for an experience user and very unlikely for the novice. I've been using a free utility for a couple years called DNS Jumper - I believe it may be the only such tool out there and it works like a charm. It basically makes it drop-down easy to set your DNS to wherever you want, and even tests the speed of one you have selected or all of them to show you which one's faster.

    Its home page is here:
    http://sordum.3eeweb.com/?p=4573

    And as you pointed out, some like Comodo block some of the bad guys. Granted, this is at the PC level and not at your router, but its testing would be useful there. Most people use whatever their ISP provides, never knowing they can get a little speed boost as well as a little added safety in some cases.
    Last edited by betona; 2012-04-05 at 06:20.

  3. #3
    New Lounger
    Join Date
    Feb 2010
    Location
    Alberta
    Posts
    7
    Thanks
    0
    Thanked 1 Time in 1 Post

    HOSTS File Interception of Malicious Sites

    I have used OpenDNS in the past, but found that, on occasion and although I has set no restrictions, it suddenly decided I could not watch YouTube or access some site or another due to my 'policy', then later reverted to working -- as far as I could tell -- properly. I had not set restrictions.

    Currently, I use Google DNS rather than my ISP's DNS, as I figure it is probably very accurate. See https://developers.google.com/speed/public-dns/faq It claims to be unfiltered and says,

    " Does Google Public DNS offer the ability to block or filter out unwanted sites?No. Google Public DNS is purely a DNS resolution and caching server; it does not perform any blocking or filtering of any kind. We believe that such functionality is best performed by the client. If you are interested in enabling such functionality, you should consider installing a client-side application or browser add-on for this purpose.

    For site filtering, I have used Spybot Search and Destroy's immunization for many years now and consider it a must-have. http://www.safer-networking.org/en/download/index.html

    I run the scan periodically, but don't worry to much about some of the cookies it turns up. It has on occasion found more undesirable things on machines for me, though. I generally use it as part of my clean-up of friends' machines, along with (indispensable) Malwarebytes.

    My understanding is that this free application (I found it is worth a donation) maintains a list of bad IPs that that it injects into the HOSTS file on the user's computer and silently and unobtrusively redirects those IPs to 127.0.0.0 It seems completely unobtrusive, but needs regular manual updating and immunization. I tried the new beta and found it unintuitive and slow, but the tried-and-true 1.62 version has served me well on many machines. It has other protections which I can't claim to really understand, but which seem to be reasonably lightweight, and, of course, there is the scan.

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    London, England
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Other options

    Hi

    Currently I use the HOSTS file provided by http://winhelp2002.mvps.org/hosts.htm How does this differ from 3rd party web filtering products?

    I also note that Steve Gibson has been promising a GRC Net Filter for the last several years (see http://www.grc.com/nf/netfilter.htm ). He seems to have gone completely off line for some time, does anybody know if he is OK and if he intends to continue the Net Filter? I hope so because I started using his freeware programmes with the original ASPI_ME back in the day and I find his products amazing.
    When arguing with an idiot make sure they are not doing the same.

  5. #5
    New Lounger
    Join Date
    Mar 2012
    Posts
    10
    Thanks
    2
    Thanked 1 Time in 1 Post
    DNS tracking and filtering is ideal for government/commercial information harvesting and control, some versions of it are already in place in jurisdictions where information access is restricted.

    In corporate networks, set up your own web proxy, but not for the purpose of catching malware. (Smoothwall is free.) No DNS system can keep one of your trusted sites from getting hacked.

    The best way to protect against these things so far is Firefox with NoScript, and a behavior-limiting software firewall (Private Firewall, free, has picked up where KPF left off). Backed up by AVG or the like. This way, a user has to allow the malware to run with two or three different explicit 'allow' actions. Works best of anything I've ever tried, it takes a determined user to infect a machine. For the corporate dummy users, hide the desktop and menu links to IE but leave it installed for updates, and don't give them the password to an admin account on the machine.

    Bottom line: DNS filtering can only give a false sense of security, in my humble opinion.

  6. #6
    New Lounger minnetonka's Avatar
    Join Date
    Dec 2009
    Location
    Nevada, USA
    Posts
    3
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Here comes big show of ignorance

    I too, use Spybot Search Destroy Immunize, NoScript, Avast paid, SpywareBlaster paid, AdBlock Plus, Better Privacy. Have been trying to figure out whether to get w/ VPN service and then read this.
    Confused if this is a parallel protection or something quite different? Do one or both? Great article, just that now I'm left confused what's best for an all-in-one solution for both desktop and wi-fi laptop I might use at Starbucks, for example.
    Action speaks louder than words but not nearly as often.
    --Mark Twain

  7. #7
    New Lounger
    Join Date
    Feb 2012
    Location
    PA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It looks like OpenDNS Premium is still free. It has a limit of how many sites you can manually block.

  8. #8
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    859
    Thanks
    12
    Thanked 3 Times in 3 Posts
    I use L3 DNS servers w/o blocking. The services that do proactive blocking sometimes block harmless things that I want to check out. For instance, Comodo blocks ALL parked pages on the premise that no one wants to see ad filled pages. But in this case, I DID want to see what the guy was doing. So I dumped their secure DNS because they do not offer a real-time option to override their blocking.

  9. #9
    New Lounger
    Join Date
    Apr 2012
    Location
    Northeastern Illinois
    Posts
    2
    Thanks
    0
    Thanked 1 Time in 1 Post
    Just read the article and noticed that you are using a non-routable address in the paragraph for policy 1:

    Policy 1: This base-level filtering blocks malware, phishing sites, scam sites, and Web proxies. For this level, set your DNS entries to 192.153.192.40 and 198.153.194.40.

    Shouldn't that first octet start with 198 like all the others?

  10. #10
    New Lounger
    Join Date
    Apr 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So how do these DNS-filtering services you speak of (I won't say "recommend", but really, that's what it amounts to) make their money? Do they track activity and sell that info to advertisers? Do they inject ads into one's web surfing in some way? Do they rely on upselling into their paid services? What's in it for them? I looked at two of their sites and didn't see anything that answered these relatively straightforward questions. Any reasonable user should ask about such things prior to making use of an apparently "free" service on today's Interporn.

    It's very odd that there's *no* mention whatsoever of this topic in your article.

  11. #11
    New Lounger
    Join Date
    Apr 2012
    Location
    Northeastern Illinois
    Posts
    2
    Thanks
    0
    Thanked 1 Time in 1 Post

    Steve Gibson is alive!

    He (Steve Gibson) is alive and well. You can watch his video webcasts, called "SecurityNow", every Wednesday @ live.twit.tv or download the recordings from http://www.grc.com/securitynow.htm
    Last edited by FixMeister; 2012-04-05 at 12:31. Reason: Add clarifications

  12. The Following User Says Thank You to FixMeister For This Useful Post:

    minnetonka (2012-04-05)

  13. #12
    Lounger
    Join Date
    Dec 2009
    Location
    Fort Collins, Colorado
    Posts
    31
    Thanks
    3
    Thanked 1 Time in 1 Post
    Thanks for your article. I always wondered how this works. I have a related question -- How does one keep peer-to-peer traffic off of the local network? My ISP won't block it. I don't have control of the computers that connect by Wi-Fi, but I do control the router and could install hardware if needed.
    Any comments would be appreciated!
    Dave

  14. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    225
    Thanks
    0
    Thanked 55 Times in 35 Posts
    There's a typo in number 1 - should be 198 not 192. Apologies.

    For this level, set your DNS entries to 192.153.192.40 and 198.153.194.40.

    Should be 198.153.192.40

  15. #14
    Lounger
    Join Date
    Apr 2011
    Posts
    44
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Comcast may block legitimate email from foreign sites w/out notice

    I have friends in various foreign countries, including France, England, and Australia. Without warning, Comcast has blocked incoming email from legitimate providers in each of these countries. Is this what Ms. Bradley means by: "Along with DNS, some ISPs (such as Comcast) include Web filtering — also called content filtering — for additional security?"

    When Comcast blocks the incoming mail, sometimes the sender gets a bounce message from Comcast. Equally often, they have no way to know that Comcast has blocked the email. Nor do I. This happened with some important email from my bank in France, for example.

    Each time it happened and I found out, I called Comcast's security division. They would check, discover that the particular domain had a block on it, and then release the block. This might last for a while, or the block might reappear a few days later. If this is web filtering, Comcast's version is not worth the trouble it causes.

    After dealing with this for a couple of years, I found the solution. I use gmail for all my foreign correspondents. I really hate doing this, but there is nothing else I can do until I change providers.

  16. The Following User Says Thank You to RandySea For This Useful Post:

    minnetonka (2012-04-05)

  17. #15
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    424
    Thanks
    12
    Thanked 36 Times in 33 Posts
    Hmmm. I've been using OpenDNS at home for a while now and it seems to work well, but your comment about the change in business-version policy prompted me to think again.

    2.5 years ago the OpenDNS president wrote to his business users, when introducing new business versions, "the free version you use and love today, what we’re calling OpenDNS Basic, is not going away. Ever." Now, that same president appears to be channeling Ron Ziegler (Richard Nixon's press secretary) with his announcement that "that statement is no longer operative" (though, of course, he didn't put it in those words, even when directly challenged on the blog which you cited).

    I'll continue using free OpenDNS for now but will also keep an eye out for alternatives just in case they decide to renege on their word for home as well as business users. If you don't need anything more in your own business than the 'home' version I'd encourage you to use it if you can get away with it, given that you were unambiguously told that you could do so forever a while back.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •