Results 1 to 10 of 10
  1. #1
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Internet FIltering at the system level

    This is related to recent posts re AdAware, SpyBot and A Bunch of Old Stuff (and probably a few others), especially where they've delved into the use the hosts file. I've used eDexter and DNSKong, from Pyrenean, for the last couple of years, and am surprised they haven't rated a mention anywhere in the lounge.

    eDexter is a tiny personal web image server. It eliminates the error messages due to blocked sites and can substitute gifs of your choice for blocked images. All that pretty much eliminates any delays due to the blocking. It can be used with hosts and/or DNSKong.

    DNSKong is a (pseudo) local DNS server. It filters against a list of (partial) domain names and substitutes the localhost IP address for blocked sites. It blocks more sites with less effort than hosts, and is easier to manage. I used to maintain a fairly effective hosts file with the help of Ray Marron's Hostess (includes a program to manage hosts), SMartin-Designs and Gorilla Design Studio (effectively an in depth tutorial on hosts). Now, with DNSKong my maintenance time is less than 10% of what I used to spend on hosts, and the breaches are less frequent too.

    Both programs are easy to set up, but need a bit of thought about your filtering preferences. The two extremes are to leave everything open and add to the filter list as needed, or to button up everything and add to the pass filter list as needed (the only way to go if you're genuinely paranoid). I took the middle ground with a pre-prepared filter list.

    The only problems I've had with these programs have been of my own doing. Because they're so unobtrusive, I tend to forget about their presence, and as a result don't always do the obvious check in their logs when I can't reach a new site.

    In addition to the offerings from Pyrenean, I use ZoneAlarm for a firewall, and AntiVir Personal Edition to keep the viri at bay. As with the above, they're both priced right too. I also run AdAware monthly in case something has snuck in (very rare). Occasionally I need to call in Pop-Up Stopper to handle an unruly, but otherwise useful site. With these guys all discreetly and effectively doing their thing, my paranoia levels tend to remain tolerable and I get presented with cleaner pages, faster.

    If nothing else, the first four links lead to some excellent <font color=4682b4>light</font color=4682b4> reading for anyone curious about the workings of hosts, etc.
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    I do not understand why you spent so much time 'managing' your Hosts file. Generally, this is thought to be a 'set and forget' arrangement. With eDexter running, it makes the Hosts file even quicker to use.

    I am not clear of the benefits of DNSKong over Hosts/eDexter.

    Additionally, I have a right-click Context Menu addtion that allows me to toggle the Hosts file on or off -- in case I need to visit a site that is on the list. Can DNSKong be deactivated this easily?

  3. #3
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    <P ID="edit" class=small>(Edited by TimOz on 10-Apr-03 15:29. Added presets comment and PS)</P>The time taken to maintain hosts wasn't that much, but with DNSKong it's even less. Mostly the maintenance was to edit out sites that I need, each time I updated my hosts with a new version from Martin, and irregular updates to add sites that I wanted to block as I ran into them. Now, with DNSKong, I only add new sites and they crop up less frequently than when I relied on hosts.

    eDexter certainly helps when you use hosts, and I also use it with DNSKong. And, as you note, eDexter needs hosts so mine's still present, but has only two lines (One for "localhost", the other for "filtered.by.edexter".)

    I use the "named" and "pass" filter files with DNSKong. A "presets" filter is available for known IPs, but I don't use it because I've found some sites change their IPs too often to make it worth the effort.

    The "named" filter is roughly equivalent to a hosts file, in that it lists the domain names that you want to block. The advantage over hosts is that it supports partial domain names (not wildcards, just any complete segment(s) of a domain name). That is, a single line in "named" with "ads" blocks all sites with "ads" as a segment of their domain name, where an old copy of Martin's hosts uses over 40 lines to do the same. The bonus is that any new sites with "ads" are automatically blocked. My "named" filter has under 3,000 lines, compared to Martin's latest hosts with nearly 14,000.

    The "pass" filter is processed before "named" and lets through domain names that would otherwise be blocked by "named". This combination of the two filters lets me use a "broad brush" for blocking while letting through needed sites. My "pass" filter has 42 lines.

    DNSKong can be toggled on/off directly if you leave it in your system tray. If you choose to hide it, you can use a shortcut to toggle it. Much the same as eDexter. The tray icon lets you edit and reload the filter files. DNSKong can also optionally log it's pass and block activity so you can check it's effectiveness.

    PS Maybe all this should have gone to the IE forum, but at the time here seemed the right place because the filtering goes beyond IE - it also works for HTML email and other web access.
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  4. #4
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    HI, R2 ~

    I would be very interested in your Context Menu addition that would allow me to toggle the 'Hosts' file on or off. <img src=/S/please.gif border=0 alt=please width=31 height=23>

  5. #5
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    Hosts Toggle is hosted <img src=/S/grin.gif border=0 alt=grin width=15 height=15> by Gorilla Design Studio .
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  6. #6
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    Hi, Tim ~

    Thank you very much! That is a nice feature that is quite useful at times.

    I was excited to install Stephan Martin's 'Hosts' file, but was soon overcome with dismay. When I use his file, it completely arrests ability to load any pages. Now why would this occur? The volume? This doesn't make sense. Any input appreciated.

  7. #7
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    That does not make sense -- on the surface -- but this is Windows, so anything goes.[img]/forums/images/smilies/wink.gif[/img] Maybe a reboot is necessary (but I suspect you tried that).

    The volume should not matter -- again, Martin's list is so popular and so well-known that it is used by thousands of people every day. We would get tons of complains if many people had your experience.

    The volume could theoretically make things slightly slower, but most people find it imperceptible -- especially with eDexter.

    Tim, DNS Kong sounds quite cool -- I had just never bothered to check it out. By using smaller lists, the process shold be faster and cleaner.

    I actually created my own Hosts toggle -- but that one looks even cooler! I am going to look at his code to figure that out.

  8. #8
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    I'd like to see your opinion on DNSKong, if you get around to giving it a whirl. I'm still surprised that it seems to remain a well kept secret, despite it's effectiveness.

    It's worth reading through all the docco and hints in the links in this thread so you get a set up to suit your needs. Depending on your config you may not observe the speed improvement, especially since you already use eDexter. Since I switched from hosts, the only maintenance I do now is to add the occasional domain to the filters as needed, typically 2-3 a month. (It was more frequent in the first few weeks of using DNSKong, but has tapered off.)
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  9. #9
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    On the security board I frequent, DNSKong has been brought up several times. Every so often someone offers to give it a try and then report back. But, no one really has yet! I think it gets put on everyone's ToDo list and then never gets done. On any given day, I usually have about 5-6 projects on the computer -- plus my real job!

    DNSKong sounds great -- especially if someone maintained an up-to-date filter list. I think most people are content enough with Hosts/eDexter that they just haven't moved on. Others have fully embraced Proxomitron to take over multiple aspects of their security. I have NOT had the time to look into that either...

  10. #10
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Internet FIltering at the system level

    I did say "if you get around to it" <img src=/S/wink.gif border=0 alt=wink width=15 height=15> The beauty of DNSKong is that you don't really need anyone to maintain a filter list because as you adapt the initial lists while surfing, the benefits are cumulative and the maintenance becomes less and less. I started with the supplied "named" filter (adapted from Martin's hosts), and a quick check shows that I've only added about 40 entries over a couple of years. I had a look at Proxomitron and like the concept. But, as per your experience with DNSKong, I'm happy with what I've got. Also the setup seems quite involved and the capabilities a bit of an overkill for my current needs.

    PS. I've just added the development of a "real world" To Do list to my To Do list. The unique feature will be full support for creative procrastination, so as tasks become redundant over time, they automatically migrate from the To Do list to the Time And Effort Saved Through Effective Prioritisation list. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •