Slashdot Mirror
Domain: scrubit.com
Stories and comments across the archive that link to scrubit.com.
Comments · 43
-
Not a "bad idea", but... apk
"You are better off setting up upstream DNS server on router and use hosts file on that, but you are bound to memory on router." - by Anonymous Coward on Friday April 19, 2013 @05:47PM (#43498681)
That's actually NOT a "bad idea" because it offloads the RAM usage on a computer (once a hosts is cached in RAM by either the faulty with larger custom hosts files local dns clientside caching service OR by the local kernelmode diskcaching subsystem (that caches hosts file data when you have to turn off the faulty dns clientside cache service)).
Yes, you are correct that you'd be "memory-bound" on router memory limits (& NOT all routers have rules tables for that either, OR demand custom firmware mods)... but, it's also a way (other than doing it on a system that houses a DNS server program - most run in RPL 3/Ring 3/usermode though, vs. custom hosts merely acting as a filter for the IP stack itself in Ring 0/RPL 0/kernelmode - fastest mode of operations possible for software on a PC).
A DNS server program WILL respond to & obey blocks (or hardcodes for speed to favorite sites too) in custom hosts files, so yes/again - that IS a valid idea.
I just don't waste CPU cycles, RAM, & other forms of I/O that DNS servers (which waste a lot more power/electricity as a separate 'upstream machine' especially) or even DNS server programs running on a SINGLE system the way I do it... "less moving parts" complexity MY way, too!
HOWEVER:
I don't "hate" DNS servers!
In fact - I use them myself (since I don't attempt to resolve 'every host-domain there is online' via hosts, only my favorites @ the top of the file, 20 of them, which beats hashtable indexing or b-tree binary seeks past 2++ million records no less).
I use specialized REMOTE (not locally here as a separate redundant wasteful recursive server or even as a service/daemon) FILTERING DNS SERVERS that help block out malicious sites/servers/hosts-domains via DNSBLs:
---
Norton DNS:
198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40OpenDNS:
http://www.opendns.com/home-solutions/
208.67.222.222
208.67.220.220ScrubIT DNS:
67.138.54.100
207.225.209.66Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
ALL in layered formation in both my network connection AND my Cisco/LinkSys stateful packet inspecting router.
(Again - for the concept of "layered-security"/"defense-in-depth": The best thing we have going currently vs. malicious threats online & otherwise...)
APK
P.S.=> DNS also has KNOWN BIG ISSUES - ones I like to avoid by setting one up in recursive mode (which you DO have to do for them to update/be current) locally here either as a separate system OR even a single program on a single system (especially the unpatched for 1/2 a decade++ now "Kaminsky flaw" from ISP's especially, which also take longer for IP Address resolutions of host-domain names too mind you)... here is a list of SOME of them for your reference:
A DNS FLAWS LIST OVER TIME FOR REFERENCE (only partial):
---
DNS flaw reanimates slain evil sites as ghost domains: -> http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/
---
BIND vs. what the Chinese are doing to DNS lately?: -> http://yro.slashdot.org/st
-
Re:Upstream
Filtered DNS does this already if you choose to use it.
-
How I use BOTH custom hosts & DNS... apk
"That is why you should use a white-list private dns server" - by Anonymous Coward on Monday January 07, @12:36PM (#42506751)
Why should I run a DNS server @ home?
As a separate machine it would EAT UP ELECTRICITY, & truly add complexity I don't NEED!
On my single home system?
It would do the same, as well as eat up CPU cycles, RAM, & other forms of I/O for something I don't need vs. what the combination of custom hosts files (which yes, overcome some issues on DNS like dns poisoning, dns servers going down, slower resolutions from remote DNS) & yes, on the single system I have (@ home)!
---
IMPORTANT: & I can't stress THIS enough!
Also PER MY SUBJECT-LINE ABOVE, which is what I *think* you all mess up on, as to HOW I USE CUSTOM HOSTS FILES?
CLUE: I don't ATTEMPT to have every single host-domain name in existence resolved to IP address here!
What DO I ACTUALLY DO?
I 'hardcode in' only my 20 top favorites sites in it!
The rest of its entries are blocked out KNOWN malicious sites/servers/hosts-domains that serve up malicious script code, malware, phishing/spamming, adbanners, & such (which eat your bandwidth you pay for, as well as poison you).
Once more - I hardcode in where I spend 95% or more of my time online (for reliability vs. downed or DNS poisoned DNS servers, and for faster resolution from local address once they are reverse DNS pinged for proper resolution).
AND?
I use Filtering DNS servers I use (secured vs. malware, malicious scripted sites, phishing/spamming & more) external to my home:
---
Norton DNS:
198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40OpenDNS:
http://www.opendns.com/home-solutions/
208.67.222.222
208.67.220.220ScrubIT DNS:
67.138.54.100
207.225.209.66Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
To do the rest!
---
"instead of a blacklist
I generate my custom hosts file via this security (and speed, reliability & performance enhancing) program I wrote:
Both in 32 bit &/or 64 bit form... why?
* Please - DO read what it does for you... it explains it in a short 16 point list, so you can UNDERSTAND how I utilize custom hosts files for security, speed, reliability, privacy, & more... & yes, it works!
APK
P.S.=> Sometimes, I TRULY do *think* you guys THINK I use hosts to "resolve the entire internet" & again, so it "sinks in":
NO, I don't DO that... see above!
(See what I use custom hosts for in that programs' link above (it will explain it to you without ME having to do it for the 100th time here on slashdot))...
... apk
-
That's NOT disproving my points... apk
Running a DNS server, for what? To add complexity & waste electricity on a SEPARATE system here?? NO thanks...
OR
Even running it as a service on my single system here (wasting memory, CPU cycles, & RAM + other forms of I/O too), for doing what a TIGHTLY INTEGRATED part of the IP stack already does in a custom hosts file does already??
Again - no thanks!
* Besides - DNS does have issues in redirection DNS poisoning as well (in recursive mode and odds are you HAVE to set it up that way)... yes, you can point to the roots, but it's not like those CAN'T be floored too (that's a possible).
I don't have DNS, I use them myself... however, I use specialized FILTERING ones (vs malicious exploits) from the list below:
Norton DNS:
198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40OpenDNS:
http://www.opendns.com/home-solutions/
208.67.222.222
208.67.220.220ScrubIT DNS:
67.138.54.100
207.225.209.66Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2APK
P.S.=> Disprove the list of points that custom hosts files give you that are in the link to my program... go for it (you obviously can't & that's that)...
... apk
-
Saves electricity, cpu cycles, RAM, I/O & more
Plus, what I do adds "layered-security"/"defense-in-depth", for less cost, since I supplement using hosts with filtering DNS servers!
However - Filtering DNS servers that are external to MY home & power bill here.
Thus, saving the electricity on doing it with a separate system especially (or just on cpu cycles, RAM, & other forms of I/O dns has if run as a service or daemon) + added complexity.
That's in BOTH my IP stack settings for DNS, as well as in my router, for "layered-security"/"defense-in-depth"... My p.s. below has the list I use.
What I do in my last posts' no trouble - happens for me "automagically", every 12 hours (or manually if I wish) - I designed it that way!
I do both (and a lot more security-wise) as a "security-supplement"'s to one another, & that's also no trouble @ all either - Despite DNS' known issues with recursive setups issues - yes, it's a known issue...
* So, & even if say, ICANN gets compromised & you pointed your DNS to it? I won't be @ least... how/why?
Well, since where I spend a good 99% of my time online's "hardcoded" @ the VERY TOP of my hosts file as favorites!
Thus - I resolve them, myself... & they are "reverse DNS" ping resolved (vs. the in-arpa "TLD" that keeps that information...) right when the hosts file's built...
APK
P.S.=> FILTERING EXTERNAL-TO-MY-HOME DNS SERVERS I UTILIZE IN COMBINATION WITH A CUSTOM HOSTS FILE (and a lot more, like NoScript in Mozilla based browsers etc./et al):
---
Norton DNS:
198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40OpenDNS:
http://www.opendns.com/home-solutions/
208.67.222.222
208.67.220.220ScrubIT DNS:
67.138.54.100
207.225.209.66Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
Again - I use those BOTH my IP stack settings for DNS, as well as in my router - for "layered-security"/"defense-in-depth"...
... apkb
-
"The OffSpring" said it best, in "All I Want"...
http://www.youtube.com/watch?v=us8OhI-OTHg
"Day after day your home life's a wreck
The powers that be just
Breathe down your neck
You get no respect
You get no relief
You gotta speak up
And yell out your piece
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
How many times is it gonna take
Till someone around you hears what you say
You've tried being cool
You feel like a lie
You've played by their rules
Now it's their turn to try
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
I said it before
I'll say it again
If you could just listen
Then it might make sense"* A huge "amen" to that...
I.E.-> Many of "the powers that be" are DOING IT WRONG!
They ought to be using their control of "the pipes/tubes" on the internet to do what GOOD "filering" DNS servers are up to, which is filtering out KNOWN SOURCES of malicious content online!
(E.G.-> malware, malicious script, poisoned banner ads, sites that serve up malicious content in general, spam, & phishing mails also, etc./et al...).
No, instead, this is what folks get - spying on them? WTF!
Good filtering DNS servers for people to consider using (since I noted them above):
Options for "DNSBL filtered 'secured'" DNS servers for single system users/non-networked users (on the job using AD networks or otherwise):
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as
-
"The OffSpring" said it best, in "All I Want"...
http://www.youtube.com/watch?v=us8OhI-OTHg
"Day after day your home life's a wreck
The powers that be just
Breathe down your neck
You get no respect
You get no relief
You gotta speak up
And yell out your piece
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
How many times is it gonna take
Till someone around you hears what you say
You've tried being cool
You feel like a lie
You've played by their rules
Now it's their turn to try
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
I said it before
I'll say it again
If you could just listen
Then it might make sense"* A huge "amen" to that...
I.E.-> Many of "the powers that be" are DOING IT WRONG!
They ought to be using their control of "the pipes/tubes" on the internet to do what GOOD "filering" DNS servers are up to, which is filtering out KNOWN SOURCES of malicious content online!
(E.G.-> malware, malicious script, poisoned banner ads, sites that serve up malicious content in general, spam, & phishing mails also, etc./et al...).
No, instead, this is what folks get - spying on them? WTF!
Good filtering DNS servers for people to consider using (since I noted them above):
Options for "DNSBL filtered 'secured'" DNS servers for single system users/non-networked users (on the job using AD networks or otherwise):
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as
-
I supplement custom hosts files w/ better DNS too
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apk/b
-
I supplement custom hosts files w/ better DNS too
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apk/b
-
Options for "DNSBL filtered 'secured'" DNS servers
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apkb
-
Options for "DNSBL filtered 'secured'" DNS servers
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apkb
-
2 things (absolutely FREE)... apk
1st - Better FILTERING DNS servers & 2nd - A program that creates a custom HOSTS file (I wrote it) that's both 32-bit &/or 64-bit for Windows:
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Then there is also this program I wrote that 2 makers of custom hosts file data are hosting for me (hpHosts/malwarebytes + hostsfile.org/securemecca.com):
You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do):
What's it do for you?
It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++")
---
1.) Offers massively noticeable increased speed for websurfing via blocking adbanners
2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).
3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malwa
-
2 things (absolutely FREE)... apk
1st - Better FILTERING DNS servers & 2nd - A program that creates a custom HOSTS file (I wrote it) that's both 32-bit &/or 64-bit for Windows:
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
D.) Plus:
Comodo Secure DNS:
http://www.comodo.com/secure-dns/switch/windows_vista.html
8.26.56.26
8.20.247.2---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Then there is also this program I wrote that 2 makers of custom hosts file data are hosting for me (hpHosts/malwarebytes + hostsfile.org/securemecca.com):
You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do):
What's it do for you?
It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++")
---
1.) Offers massively noticeable increased speed for websurfing via blocking adbanners
2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).
3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malwa
-
Re:Assuming you're not just "trolling" (u are)?
1.) DNS has issues, for starters: Would you like a list of problems it's seen over time? Just ask. See below also...
---
2.) You're also adding on "weight" of extra programs that the hosts file can do the SAME JOB FOR, for less!
Especially for a home setup using a single system only.
Since hosts files are simply a filter for the ring 0/rpl 0/kernelmode Pnp designed (Windows &/or MacOS X) IP stack based on the best there is in BSD ones (most all OS are here)? They are less layered on b.s. & thus, are more efficient.
I.E.-> The IP stack, as well as the ring of privelege/CPU opertions it runs from? It is as fast & efficient as it gets, vs.:
A.) Loading on more programs like a local DNS server, especially in recursive mode!
(Potential DNS poisoning/redirect problems & can be done in SECONDS over the 51/53 port series iirc)
B.) Doing so results in eating up more CPU cycles, RAM, & other forms of I/O needlessly & illogically... as well as electric power too.
---
HOWEVER:
I can see using a DNS server, IF you have an Active Directory OR have to manage 100's to 1,000's of servers, but not for a single PC @ home!
(Mainly due to what I wrote above regarding electrical power usage, since programs do NOT "run for free", as well as CPU, RAM, & other forms of I/O)...
Still - To each his own on that account... there's logical ways of doing things, & illogical wasteful ways too.
---
DNS issues? It's even being noted in security forums today @ SOPHOS, here:
Regarding Anonymous making threats to "take down" the root 13 DNS servers!
Yes - it is a possible, but unlikely, possibility of happening!
However, DNS poisoning & redirects, especially to recursive setups of DNS, and odds are you HAD to do that on yours most likely too?
No mere possibility of problems...(Again - want evidences of that? Ask!)
APK
P.S.=> Of course, IF you need DNS services (and we all do, even hosts file users) and you are a single system user especially?
These are excellent options:
Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:
Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)
That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!
(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)
ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!
( & it's possible to use ALL THREE in your hardware NAT
-
Re:And people ask me why I don't use Chrome
I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).
That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).
Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...
LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]
-
Re:And people ask me why I don't use Chrome
I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).
That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).
Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...
LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]
-
Good DNSBL filtering DNS servers 4 security
That actually use "DNSBL filtered 'secured'" DNS servers for the purposes of security online:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least: Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE! DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...
HOWEVER?
DNS' better than trying to say, lol, hardcode in EVERY hosts-domain to IP address possible in a custom HOSTS file for example (keeping up with the changes would be the problem as far as "hardcoding in" the equation records). HOSTS are better used for doing a small group of "favorites" (sort of a 'little black book' of girls' phone #'s basically instead of looking through the ENTIRE phonebook each time etc.) &/or BLOCKING OUT known malicious sites/servers/hosts-domains + adbanners (for speed & yes, even security, because banner ads have had their share of malicious script code in them also over time as well).
The way that I use them in layered/phalanx style defensive formation noted above helps for security, bigtime & especially by using ALL of them in "layered-security"/"defense-in-depth" style I noted above in BOTH hardware &/or software setups of the IP stack + router level security... in combination simultaneously, along with other means (like I use in a custom HOSTS file, + AdBlock/NoScript/IE9 TPL's, Opera urlfilter.ini, IE restricted zones, etc., vs. online threats mostly))
... apk
-
Good DNSBL filtering DNS servers 4 security
That actually use "DNSBL filtered 'secured'" DNS servers for the purposes of security online:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least: Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE! DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...
HOWEVER?
DNS' better than trying to say, lol, hardcode in EVERY hosts-domain to IP address possible in a custom HOSTS file for example (keeping up with the changes would be the problem as far as "hardcoding in" the equation records). HOSTS are better used for doing a small group of "favorites" (sort of a 'little black book' of girls' phone #'s basically instead of looking through the ENTIRE phonebook each time etc.) &/or BLOCKING OUT known malicious sites/servers/hosts-domains + adbanners (for speed & yes, even security, because banner ads have had their share of malicious script code in them also over time as well).
The way that I use them in layered/phalanx style defensive formation noted above helps for security, bigtime & especially by using ALL of them in "layered-security"/"defense-in-depth" style I noted above in BOTH hardware &/or software setups of the IP stack + router level security... in combination simultaneously, along with other means (like I use in a custom HOSTS file, + AdBlock/NoScript/IE9 TPL's, Opera urlfilter.ini, IE restricted zones, etc., vs. online threats mostly))
... apk
-
Me too (but 4 DIFF. reasons)... apk
I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).
That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).
Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...
LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
... apk
-
Me too (but 4 DIFF. reasons)... apk
I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).
That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).
Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!
---
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!
(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...
LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
... apk
-
How's DNSBL going to "harm security"?
Explain how DNSBL adversely affects SECURITY specifically someone, please (per this quote from the article here today):
"the method of DNS filtering proposed to block supposed infringing sites opens up enormous security holes that threaten the stability of the internet itself"
Because I have seen DNSBL's be used to AID SECURITY, ala:
---
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
I.E./E.G.-> I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary) - I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side)...
* Which are ALL/EACH examples of "filtering" DNS that use DNSBL's FOR THE GOOD of others online (to block out KNOWN BAD SITES/SERVERS ONLINE!).
APK
P.S.=> Now, some b.s. artist MAY mean that DNSBL's (DNS Block Lists) "harm":
1.) Illegal file sharers' "freedoms" (freedoms to STEAL is about it), but that's NOT about security being harmed @ all, whatsoever...
2.) Nor is it harming "freedom of speech" if DNSBL's are kept strictly to blocking out known bad sites/servers that serve up malicious scripted exploits, malwares, & the like (and YES, illegally shared files along with child pornography & the like etc./et al)...
... apk/b
-
How's DNSBL going to "harm security"?
Explain how DNSBL adversely affects SECURITY specifically someone, please (per this quote from the article here today):
"the method of DNS filtering proposed to block supposed infringing sites opens up enormous security holes that threaten the stability of the internet itself"
Because I have seen DNSBL's be used to AID SECURITY, ala:
---
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
I.E./E.G.-> I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary) - I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side)...
* Which are ALL/EACH examples of "filtering" DNS that use DNSBL's FOR THE GOOD of others online (to block out KNOWN BAD SITES/SERVERS ONLINE!).
APK
P.S.=> Now, some b.s. artist MAY mean that DNSBL's (DNS Block Lists) "harm":
1.) Illegal file sharers' "freedoms" (freedoms to STEAL is about it), but that's NOT about security being harmed @ all, whatsoever...
2.) Nor is it harming "freedom of speech" if DNSBL's are kept strictly to blocking out known bad sites/servers that serve up malicious scripted exploits, malwares, & the like (and YES, illegally shared files along with child pornography & the like etc./et al)...
... apk/b
-
Animats what about this/these option(s)?
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 67.138.54.100) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* Personally speaking - I use ALL 3 of them, "in combination". Yes, I am using that latter term loosely is why I quoted it!
(Mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary, I can "fall back on" the others listed above...)
I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (OS/software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least...
See - I don't know if Moxie Marlinspike's DNS solution for SSL protection via a browser addon's the answer either, ala http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22DNS%22+and+%22Moxie+Marlinspike%22&btnG=Search&gbv=1&sei=zwPhTs2wOMrL0QGTs-StBw
OR
If OpenDNS' tool here is either!
However: They're better than nothing!
(It's that, or use the "secured DNS" (filtered rather via DNSBL) that I use, & the way that I use them in layered/phalanx style defensive formation noted above, if not ALL of them in "layered-security"/"defense-in-depth" style... in combination simultaneously, along with other means (like I use in a custom HOSTS file vs. online threats mostly))!
(Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE, that DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...
So - lastly:
Yes, I also know who you are Mr. Nagle, especially via your RFC I complimented you on this past week here no less on -> http://tech.slashdot.org/comments.pl?sid=2556266&cid=38265686 )!
Yes - I respect that in fact.
I.E.-> Not everyone, especially on
... apk
-
Animats what about this/these option(s)?
Options for "DNSBL filtered 'secured'" DNS servers:
A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do
It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...
---
B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq
---
& of course
C.) Open DNS (208.67.222.222 or 67.138.54.100) -> https://store.opendns.com/get/home-free
---
EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!
(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)
* Personally speaking - I use ALL 3 of them, "in combination". Yes, I am using that latter term loosely is why I quoted it!
(Mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary, I can "fall back on" the others listed above...)
I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (OS/software-side), as well as in my LinkSys/CISCO router here (hardware-side))...
APK
P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least...
See - I don't know if Moxie Marlinspike's DNS solution for SSL protection via a browser addon's the answer either, ala http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22DNS%22+and+%22Moxie+Marlinspike%22&btnG=Search&gbv=1&sei=zwPhTs2wOMrL0QGTs-StBw
OR
If OpenDNS' tool here is either!
However: They're better than nothing!
(It's that, or use the "secured DNS" (filtered rather via DNSBL) that I use, & the way that I use them in layered/phalanx style defensive formation noted above, if not ALL of them in "layered-security"/"defense-in-depth" style... in combination simultaneously, along with other means (like I use in a custom HOSTS file vs. online threats mostly))!
(Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE, that DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...
So - lastly:
Yes, I also know who you are Mr. Nagle, especially via your RFC I complimented you on this past week here no less on -> http://tech.slashdot.org/comments.pl?sid=2556266&cid=38265686 )!
Yes - I respect that in fact.
I.E.-> Not everyone, especially on
... apk
-
Ok, "making a 'guest appearance'" now... lol! apk
I don't *think* you guys understand HOW I utilizing a HOSTS file, because of what you said about it being "monolithic" - I don't use it as a "DNS substitute" for all addresses possible online (because I would even find THAT HILARIOUS to try to do from a HOSTS file)!
FOR SECURITY:
I just do NOT setup local ones @ home (no point to burn the extra CPU cycles, & thus, electric power, or RAM + other forms of I/O used in them).
I do so for security, and just because of things like:
1.) This issue (it has a patch by the way) & vs. this, & the other numerous troubles in BIND over time, which are numerous (another 'case-in-point'/e.g. is "the Kaminsky Flaw" & other redirect/dns-poisoning attacks that have happened over time the past few yrs. now).
2.) I currently BLOCK OUT 1,624,230++ KNOWN BAD SITES/SERVERS/HOSTS-DOMAINS in it that are KNOWN to serve up malicious exploits of various types in it, mostly... this is for security purposes, & specifically what's called "Layered-Security"/"Defense-in-Depth" security.
FOR EXTRA SPEED:
A.) I "hardcode in" about 250 of my FAVORITE sites into it (where I spend 99% of my time online), but, I don't attempt to "resolve the entire internet" via HOSTS either (which is what it sounds like you're thinking)... Doing this results in FASTER ONLINE WEBSURFING PERFORMANCE & is faster resolutions of hosts-domain names to IP Addresses, by far, than calling out to a remote DNS server, by orders of magnitude, & runs LESS RISK of being infested via redirected/DNS-poisoned ones too as noted above.
B.) For blocking out adbanners, which have housed malicious script code in them MANY times in the recent past & before that even (last 8 yrs. or so I have records of this in multiple occurences for example), & for the fact that adbanners take away bandwidth & speed YOU THE USER PAY FOR OUT OF POCKET!
In fact, for websurfing? By feel alone, I can basically get as fast as any FIOS connection because of this, & getting ALL of the possible bandwidth I paid for...
By the by: I do utilize DNS servers (albeit, 'external' ones/non-local to my computer here):
Norton DNS:
https://dns.norton.com/dnsweb/homePage.do
Open DNS:
https://store.opendns.com/get/basic
ScrubIT DNS:
In a "truimvirate formation" (w/ in my Windows IP DNS settings + Hardware Router firewall)
Why?
Simply because they FILTER OUT known malicious sites threats too (phishing, spamming, & other malicious things like scripts for attack or that serve malware etc.).
* Anyhow/anyways: HOSTS work, & for extra speed & security online!
(It just works... especially mine since it's been built since 1997 for the above, & gets stronger every 15 minutes - plus it uses 0.0.0.0 for faster parsing, & I cut the local DNS cache in Windows (slows down on larger HOSTS files) & cache it like any file is cached, via the local kernelmode diskcache subsystem for reads/subsequent re-reads...!)
APK
P.S.=> I have it FULLY automated too, every 15 minutes it's being fed with data to block out adbanners + known malicious servers noted above from a pristine TEMP/SCRATCH copy from 17++ reputable & reliable sources for that in fact!
I don't lift a finger to do it - pure "automagic" operations & has been since oh, roughly/approximately 2002 or thereabouts!
(E.G./I.E.-> From 1997-2002 I built it using MS-Access for removal of duplicates, then Delphi app 2002-2010 which was FINE for the smaller lists of that data the way I built it's deduplication/normalization algorithms).
Now, it's built in a system that my nephew & I co-wrote in Python (I stuck by it because it's set deduplication/normal
-
Supplement HOSTS w/ better DNS too
Mainly these 3 (which integrate into your IP stacks' settings & hardware router/firewalls too) - Each has a writeup on how/why/when/where they work too:
---
Norton DNS:
https://dns.norton.com/dnsweb/faq.do
OpenDNS:
https://store.opendns.com/get/basic
ScrubIT DNS:
http://www.scrubit.com/index.cfm?page=faq
---
* EACH does a heck of a job supplementing online security (in addition to my custom HOSTS file + Firewall rules tables I noted in my prior post I am replying to now)...
APK
P.S.=> It's ALL about "layered-security/defense-in-depth" first of all, but the nicest part? Well... THAT, is the added SPEED this layered security setup of mine yields (in addition to hardening the TCP/IP stack vs. attack, mostly via this -> http://msdn.microsoft.com/en-us/library/ff648853.aspx )...
... apk
-
Norton DNS/Open DNS/ScrubIT DNS
Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:
Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)
HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")
HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!
(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)
ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!
( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...
STILL, DNS HAS PROBLEMS... MANY PROBLEMS OVER TIME & EVEN RECENTLY BEYOND THAT OF THIS ARTICLES' POINTS:
---
BIND vs. what the Chinese are doing to DNS lately? See here:
http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
---
SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:
http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/
(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)
---
DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):
http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/
(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)
---
Moxie Marlinspike's found others (0 hack) as well...
Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...
(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack
-
Protective methods vs. ZITMO (& others like it
Which is a ZEUS botnet variant, albeit for "smartphones" (specifically ANDROID iirc):
http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search
SO, how to do THAT?
Well, use a custom HOSTS file on ANDROID
(Albeit, a modified one, filled with entries blocking out known bad sites/servers/hosts-domains that serve up malware like this, + their botnet C&C servers too):
ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:
---
Infected Androids Run Up Big Texting Bills:
http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills
---
It's easily done too, via the ADB dev. tool (Android Debug Bridge):
---
1.) Mount ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS
2.) Copy over your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so
(Otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).
---
* DONE, & "easy as apple pie"...
APK
P.S.=> And, IF POSSIBLE? Also, alter your DNS servers to DNSBL filtering ones!
E.G.-> These 3 are really good vs. malware + phishing exploiters online:
Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:
Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)
HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")
HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!
(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)
ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!
( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...
HOWEVER:
This I have NOT tried on ANDROID, as I have with HOSTS files, but since it's doabl
-
DNSBL, if implemented vs. malware such as
Norton DNS does http://nortondns.com/ can be a GREAT thing to help stall, or even stop, the malware problem online.
They filter on "malware-in-general" such as KNOWN bad sites/servers/hosts-domains, botnet C&C servers, & even bogus DNS servers by default (and their updates every few minutes for continuously updated protection are here http://safeweb.norton.com/buzz with site-checkers & even a removal appeals process etc./et al... IF a site does "clean up its act" etc. )
Another decent set of these are:
---
ScrubIT DNS -> http://www.scrubit.com/
&
Open DNS -> https://store.opendns.com/get/basic (with built in phishing protection even in the FREE basic model)
---
I use all 3 @ once in my NAT stateful packet inspecting Linksys/CISCO router + my IP stack setup for my Local Area Connection here... in layered security fashion!
* Each as a write up on how they work, why they help, & more... enjoy!
APK
P.S.=> Between the layering of Filtering DNSBL utilizing DNS servers listed above, because I use them ALL in "layered-security fashion" in both my routers & IP stack setup here in Windows, in combination with:
---
1.) A custom HOSTS file ( currently with 1,494,865++ entries of known bad sites/servers/hosts-domains, botnet C&C servers, & even rogue DNS servers blocked in it currently & growing "automagically" from 17 reputable & reliable sources for that type of data for HOSTS as well as DNSBL lists here from a Python script that does so for me),
and
2.) IP addressed threats inserted into my router & software firewalls
3.) And lastly, system security-hardening, in depth -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
---
?
I haven't caught a "malware of any kind" infection/infestation since, oh, around 1996 or so in fact!
"Layered security", the best thing we have going currently, really WORKS!
... apk
-
Very, VERY Good... apk
"I find the use of a good filtered DNS service that blacklists malware URL's upon discovery goes a long way towards limiting my exposure to this. Open DNS or Scrub IT works well. The only down side is they are often the target of DOS attacks, so their uptimes are limited. Be prepared to switch DNS settings when the "Internet" goes down. Most of my frequent sites, I keep in my local hosts file, so even if DNS goes down or DNS is hijacked, the link to my banking is still valid. Ruining as a normal user I can't be tricked into editing my hosts file. I don't have the privileges. Links; Open DNS http://www.opendns.com/ ScrubIT http://www.scrubit.com/ " - by Technician (215283) on Wednesday August 26, @01:53PM (#29204855)
See my subject-line, & this URL (especially points #'s 2 thru 5, because they cover a great deal of exactly what you state works, because, those points DO):
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):
----
IT WORKS...
How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3
----
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com
----
That's 'how well'... For going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!
APK
P.S.=> AND, what is a MAJOR portion of that guide (as far as "the beyond" part, above CIS Tool Guidance)? HOSTS FILES, & OpenDNS or ScrubIT DNS... & you think just like I do, & it does work, for all that you noted, plus more - think about THIS one:
Like IPSecurity Policies (also covered in my guide, acting as "layered security")? HOSTS files can LIMIT what even an already "taken in" malware can do online - because, IF/WHEN you block KNOWN "bogus servers" or bad adbanners (or even malicious websites)??
Well, if YOU cannot get to them, guess what? NEITHER CAN THE MALWARE... sure, some of you might say "but the malware could just use a static IP address vs. using HOST names or URL's to communicate back to 'home base/the mothership'" but, they can't do that, because ISP/BSP's "take down" KNOWN bad servers fairly quickly once they're discovered... & thus, using an IP address would be, self-defeating - where using URLs or DOMAIN NAMES allows malware makers/botnet masters etc. et al the ability to QUICKLY re-register said domain name once more, albeit, on a diff. server next rou
-
Re:Adware
I find the use of a good filtered DNS service that blacklists malware URL's upon discovery goes a long way towards limiting my exposure to this.
Open DNS or Scrub IT works well. The only down side is they are often the target of DOS attacks, so their uptimes are limited. Be prepared to switch DNS settings when the "Internet" goes down. Most of my frequent sites, I keep in my local hosts file, so even if DNS goes down or DNS is hijacked, the link to my banking is still valid.
Ruining as a normal user I can't be tricked into editing my hosts file. I don't have the privileges.
Links;
Open DNS http://www.opendns.com/
ScrubIT http://www.scrubit.com/ -
Re:!Censorship
Why must the government regulate content availability, rather than content filtering availability? That is, everyone gets the same internet, but ISPs get a gold star for offering a filtering service. They could offer separate DNS servers that filter out pornography, ala http://www.scrubit.com/ without taking away the freedoms of adults.
-
Re:Hey Rocky, watch me pull a rabbit out of my hat
The trick is, by solving the problem at the wrong level, they can force that "solution" onto everyone. Thereby blocking all porn completely. If the only high-speed ISP around is porn filtered, then you can give up porn, or switch to dial-up! The solution should be handled via local software, but since no-one wants to bother with that, lets bump it up to the DNS level, not the ISP! I'm shilling today: http://www.scrubit.com/
-
Re:Filtering
Why must we fix this at the ISP level, when it's already solved at the DNS level for free? http://www.scrubit.com/
-
Re:Protect yourself with HOSTS
Another approach is to just block it in your HOSTS file:
A filtered DNS server goes a long way and often is already blocking the content before you learn about it. A filtered DNS server isn't just for NSFW sites. It's a good idea. Common phishing sites, malware, and porn are filtered cross platform. I use it all the time now.
http://www.scrubit.com/
It is community supported so when a new malware site pops up, anyone can report it so it can be quickly re-routed to the warning page instead of the bad page. -
Re:This was already covered on Ultra-Slashdot
Thanks Raymond A Carnie, but that is only good for the phishers you don't fall for.
I found that a popular porn filter is very good at weeding out fake business sites such as the fake pay pal and ebay fakes. This adds a strong layer of protection. They may send me a direct link to their fantastic deal on ebay, but when I get the scrubit page instead of ebay, then there is no way to give them real info by accident. Filtered internet is good for more than keeping the kids from surfing porn all day.
I have tried to go to some of the more obvious fakes to poison their login collection spoof site, but my DNS filter is often in the way. If you encounter a bad site, they have a quick browser button that you can add to immediately add a site to the scrub list. It's fast and works well. It's kind of like a RBL for websites instead of email spam.
http://www.webware.com/html/ww/100/2007/browsing_info.html
http://www.scrubit.com/ -
Re:alternative DNS
Searchq is ignored by Google. The next few things are obfuscation too.
I use filtered DNS. When these pesky links show up, and still require a DNS lookup, the filtered DNS takes care of it for me. It is good for most stuff that is NSFW. As a bonus, it filteres most phishing and malware servers. I love these guys.
http://lifehacker.com/software/security/block-porn-and-more-with-scrubit-240213.php
http://www.scrubit.com/ -
Re:The article author and submitter aren't too bri
The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.
Duh.
This is exactly what ScrubIT has been doing for a long time now. Instead of search results, it is DNS, which blocks malware sites. It has a function to submit sites to be added to the blacklist.
Many think ScrubIT as a filtered DNS service is just a porn filter to protect the kids. It's much more than that. It kills phishing and malware sites also. The only things it doesn't are sites that provide the IP address instead of using DNS. I've been very happy with it, except lately, it has had a couple outages. I'm on Comcast, so maybe they are blocking an alternate DNS server.
http://www.scrubit.com/
Does anyone else use ScrubIT and noticed any outages in the last couple weeks? -
Re:Real Deal EBay
It's easy to tell them apart.
I have two ways to tell them apart.
1 I don't have an eBay account. They are all phish. I love seeding their database with garbage.
2 Filtered DNS. Phishing sites are quickly reported and filtered. Most of my attempts to feed their database garbage results in a "this page has been scrubbed" page instead.
http://scrubit.com/
There is no software to download or install. It's simply a free filtered DNS service. -
DNS filtering
Use Scrubit DNS servers.
Put a real Password on your router.
Look at your router logs once in a while to make sure he didn't tamper with it.
Tell yourself you did everything you could when he goes over to his friends house for porn.
http://www.scrubit.com/ -
Re:Cost of rules and regulations
First the links in your sig are very funny. Well done.
Try Here.
Thanks. It's funny, I didn't make it there. I have kids and can't afford a RIAA attack so I am using filtered DNS. Following your link brought up a page somewhat like this..
http://test.scrubit.com/ It showed ThePirateBay as being scrubbed. Maybe later, I'll stuff this into my personal hosts file and try again later but that would be a moot point as the wireing job is long finished and apporved.
The link is safe for work. -
Re:Turn Off Javascript
To allow for KNOWN SAFE Javascript, and to limit the least without any other intervention required (automatically updated white lists:)
GetFirefox.com
AdBlock Plus
I could also recommend getting Peer Guardian (with HTTP blocking ON) to block against other known malicious sites.
You can set up a filtered DSN (ie: ScrubIt.com)
Finally, you could also find an application that will add a list of known baddies to your own HOSTS file (which would then force a known bad site to redirect to 127.0.0.1/localhost!) (ie: Spybot, Search & Destroy) -
Re:http://www.goatse.cx
It just wasted a post instead.
It's dead on two points...
1 hosts file blocks it
http://www.mvps.org/winhelp2002/hosts.htm
2 DNS blocks it. DNS 1 67.138.54.100 DNS 2 207.225.209.66
http://www.scrubit.com/
This makes many of the troll posts safe for work.