Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Browser Protection and Secure DNS

  • Please log in to reply
1 reply to this topic

#1 dallas7


  • Members
  • 9 posts
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:09:23 AM

Posted 13 November 2009 - 04:28 PM

Socially engineered exploits (drive-by, phishing, etc.) on the World Wide Web are rising to the top of the leader board as the preferred method of hijacking your computer and degrading your quality of life on the Internet. I'd like to throw in my two sense and post up on the subject of...
Web/URL Filtering and Secure DNS:

The following recommendations are in addition to and compliment whatever single point or layered anti-whatever protection strategy you use.

With respect to DNS speed, many claims have been made. Theoretically, it is most likely the DNS servers provided by your ISP will be the fastest. Others claim so and so is the fastest because of this that and the other thing. The only way you can find out is to test. This is done best with Gibson's "dnsbench" available at http://www.grc.com/dns/benchmark.htm . Just download it an run it; no need to extract or install.

OpenDNS, DNS Advantage and a relative newcomer, DynDNS's Internet Guide, are obsessed with keeping their servers safe and patched. This was made clear in recent history by the DNS cache poisoning exploit revealed by security researcher Dan Kaminsky. Believe it or not, a huge number of servers still run un-patched against this and other exploits. Not so with those three.

At https://www.dns-oarc.net/ you can run a quick security test of the DNS servers you're set up with right now. Click on the "Test your DNS" link at the top. The IP addresses reported may or may not be the same as ones you have configured on your computer.

Note that in order to take advantage of the anti-bad stuff services offered by OpenDNS and DynDNS, you need to create an account and enable them via Web page settings panels.

OpenDNS - if you are using Firefox 3.5 and in the Options Security panel the two "Block..." options are checked, you are already using most of the same filtering used by OpenDNS: Google's Safe Browsing initiative. (I believe Google offers a toolbar for other browsers.) OpenDNS has been aggressive in efforts to make a good thing better with their Smart Cache and DNS other enhancements. Be aware you become their tester when you use OpenDNS.

DynDNS Internet Guide - They offer optional configurations that mirror those of OpenDNS and filtering is based upon the highly acclaimed Barracuda database. (FYI: Internet Guide can be integrated with their long-standing dynamic DNS hosting service.)

DNS Advantage - These are the free servers made available by Neustar's Ultra DNS. They provide customized secure DNS services for governments and corporations most of which trickle into to DNS Advantage. Unlike OpenDNS and DynDNS, their anti-bad stuff is "built in" and, as of this writing, can't be tweaked by way of account access. They have "...teamed up with several leading third-party security companies to keep a...list...of harmful websites..." These are the DNS servers a geek should implement on Aunt Petunia's and Uncle Ernie's computers. :flowers:

Other anti-bad stuff Web protection:

Finjan Secure Browsing - This is a free add-on for Firefox and a helper object for IE. Finjan is its own security entity but partners with IBM and WebSense for filtering. In addition to injecting rating icons in search engine results and other links, Finjan scans Web pages in real time as they render in the browser. Way cool. They have their own scan technology and partner with McAfee, Kaspersky and Sophos. If they ever go to a paid model for this add-on, my Pay Pal account is ready. :thumbsup:

Web of Trust (WOT) - For Firefox and IE, uses the Panda database as well as WikiPedia, Open Directory, and Digg for filtering malicious Web sites . You don't have to take heed of or contribute to the community based ratings; the YouTube-like commentary is mostly worthless and has begun to border on anarchy. You need to create an account in order to tweak the level and quality of alerts, but the defaults work just fine.

Dr. Web Link Checker - This adds a right-click "Scan with Dr. Web" menu item which will allow you to scan a site prior to visiting it. You have to think about doing that - it's not automatic.

Ad Block Plus - Another Firefox add-on. You don't need to configure for ad blocking but you should subscribe to the EasyPrivacy and Malware Domains filters.

Anti-Virus programs: many security suites have their own Web protection. For example, I use G Data Internet Security which uses Netcraft filtering in its Web Protection module.

I take advantage of all five of the above and DNS Advantage. Even on my old 1 GHz PIII laptop, there is no significant slow down in my Web habits. My current E8400/G35 "production" desktop doesn't even know they're there.

The individual Web sites above provide more-than-adequate detailed information about their respective wares. Any questions you might have about the services and how to use them can be answered by browsing those pages. Your opinions might differ from mine, but I can stand corrected, if necessary, on any factuals.


Edited by dallas7, 13 November 2009 - 04:44 PM.

"Machines making machines... How perverse!" -C3PO
Win7-HP-SP1-64; Online Armor ++; Zemana; Malwarebytes Pro.

BC AdBot (Login to Remove)


#2 Andrew


    Bleepin' Night Watchman

  • Moderator
  • 8,260 posts
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:23 AM

Posted 13 November 2009 - 11:22 PM

Excellent post, dallas7!
Posted Image

Edited by Amazing Andrew, 13 November 2009 - 11:23 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users