K9 Web Protection w/Malware Rules?

Has anyone contemplated using the free K9, but turning everything off except for;

Spyware/Malware
Spyware Effects (Joke/Unwanted)
Suspicious
Phishing

Bluecoat is what they use, which I found very effective with ZyXEL UTM appliances(NGFW). I sold off my ZyXEL because I am moving up to speeds that surpass it (150/150 or 300/300, possibly 1Gigabit). I really miss the power of Bluecoat that was on the ZyXEL. So far in testing, this is the same URL protection as ZyXEL, and it appears to offer no additional latency to web browsing, and it is free.

I can't see why I shouldn't use this as an additional, final layer?

http://www1.k9webprotection.com/

 

I use it and it kicked in at times, but I never checked the URL:s it reported. I combine this on a almost locked down PC for online banking/shopping with Bitdefender Trafficlight, Avast Security Online, Adguard and Webutation plugins. (Chrome browser)
Even with all of these plugins I cant say I feel any slowdowns.

/E

 

I've been testing this for 24 hours, and so far I am impressed. Essentially I disable ALL features, including HTTPS notifications. (but leave HTTPS filtration on) Then enable the above categories + Web Advertisement category blocker.

This is a very strong web filtration, with this solution alone I was running 90-95% blocking of malware sites on various domains. When added to my already existing solutions, it was 100% raw filtration of every malware link I attempted to pass. So I am feeling pretty good about my protections at this point, and Bluecoat is another 'zero impact' layer - since I ditched the ZyXEL I really missed Bluecoat.

 

I had used K9 long time with same category blocked as you, and their algorithm seems to near to Trend. "Suspicious" tend to produce many FPs while can block many unseen malicious sites. It even block mistyped url (e.g. www.wllderssecurity.com). Like you said, one should uncheck all option in "Safe Search" unless he use it as a parental control. In "Other Setting" I only check in "Filter secure traffic" to block bad https sites.
Side notes:
-You can't use k9 and DNS Crypt at the same time as k9 regard DNSCrypt as a bypass attempt.
-You can use k9 with your hosts file, but when a site is blocked by hosts in some situation k9 may warn it as a bypass attempt.
-You can use k9 with URL filtering addon like sokatech do, but some blacklist blocks 127.0.0.1 (k9's interface is in 127.0.0.1:2372).
-Sometimes you may want to disable k9. Disabling service is not enough and it causes you can't connect internet at all. You have to disable its driver.

 

K9 use same technology has $20,000+ Enterprise Appliance - and it's free. Very powerful.

 

Thx, I am going to play with it, seems ok at first impression, works with norton DNS.

I am skeptical towards URL blockers. IMO it is a numbers game, meaning Chrome and M$ would have the best coverage.

 

Let us know what you find. This is like tossing a 20K filtration appliance on your network from the looks of it using the filters myself, and Yuki use, while disabling the other crap (except HTTPS scanning). I am very impressed with what it grabs so far.

 

Tried the Web Advertisements, but when Google ad server is blocked, it also blocks the page itself, so I skipped that (using uBlock for that). I am using Spyware/Malware, Spyware Effects, Suspicious, Phishing.

Does not seem to have an impact on dowload speed, idle it uses 0.02 - 0.08 and when filtering web content between 0.11 and 0.33% on my PC (a modest Pentium dual core G3240).

It also keeps logs on the webtraffic. What surprises me is the fact that Norton DNS still works, but where as Norton DNS normally kicks in before other URL filters running as part of the browser or as extension. I got only one safe connect warning during a test, simular to a proxy service. Is there detailed info on the technology it uses/it is based on?

 

Side notes 2:
It seems k9's database includes some major blacklisting such as malwaredomainlist and nothink.org so if you want to test it use other blacklist such as malc0de, CleanMX, or malwareblacklist.

It's blacklisting capability loose its accuracy a bit in non-English minor regional websites. It's no surprise, every url blocker by company in English-spoken area shows same tendency. Kaspersky (Russia) admitted they loose accuracy in Chinese website.

Oh, please don't call them as crap because originally k9 is parental control though you can use it as malware/scam url blocker.

Surprisingly, k9 can be used with almost all form of url/ip blocking software including secure DNS, Peerblock, Traffic light or other addon, and most AV's url filter. It's hard to find their technical documentation, I suppose it uses transparent proxy but don't have confirmation. It can bu used with other proxy-type url filter such as Kaspersky AV.

 

I have disabled Web Advertisement blocking, as Windows_Security found out, it can cause issues. Otherwise, the malware/phishing/junk blocking works wonderfully well. As Yuki pointed out, you can stack it with other products, and it seemingly has no real impact, or incompabilities.

I am suitably impressed with this as another layer!

 

Windows version and browser details omitted in compliance with Wilders "on my system" standards.

Quick & dirty unscientific test on my system with K9 as configured by Mayahana in #1:
Opened 20 of the most recent CLEAN MX malware sites.
K9 detected 10 and then immediately F-Secure Ultralight beta, 7 of those missed by K9.
Changed K9 to “monitor” and revisited the 10 K9 detects and FSUL caught all of them.
Three were missed by both.

So, K9 works “ahead of” FSUL, possible the same for any other URL filtering solutions.
FSUL detected immediately after a K9 miss.
FSUL caught 7 of the 10 K9 misses.

K9 doesn’t work at all with another browser.

I have another my system and BD TrafficLight blocked 19 of those 20 in simultaneousity with the other my system over a period of about 5 minutes. Oh no! Too much nasty details...

Cheers.

 

The consensus so far it seems - this is a good 'layer' that compliments other things.

I suspect Bluecoat grabs a lot, but not everything. Then add in Trend's URL stuff, and it grabs a ton more. Then add in other layers, and you have a seriously strong security layer.

 

This is some genuine local proxy filtration, a true gem. Excellent find Mayahana and thanks for bringing it up. After reading through the FAQ as to why they give it away for free along with other documentation, I am truly impressed. It's great seeing larger corporations giving back to the community like that and especially with the online safety of kids in mind. Seems quite robust. Easy to add entries to the blacklist as well. I will try this on the iPhone tomorrow as well.

 

"in compliance with on my system standards" please explain

 

zyxel usg 2000 is available with blue coat
http://www.zyxel.com/us/en/solutions/Content-Filter-20110704-759040.shtml
ofc it is not cheap ~1000euro per anno, USG 2000 about 5000 euro ^^

(usg 1000 can not handle 1gbit in firewall, only 400mbit)

300mbit --> USG 300, much cheaper

from my view - see signature. have your web software secure and always uptodate and get the know passive security windows offers (eg hosts file).

 

Now I am lost. I though blue coat uses other IP-block sources. Most of these 'openly distributed sources' receive their input from malware researchers, in a sense this could be seen as 'user driven', but

 

ASUS w/Trend, and Untangle w/all engines enabled is fine and 1Gbe capable. However I miss Kaspersky Gateway and IPS for sure - it's a powerful aspect of ZyXEL. if I have a sub-100mbps connection the ZyXEL is easily the best, and least expensive option for remarkable NGFW Layer-7 protection.

 

Mayahana, did you try the new RC of Hitman Pro Alert?
This is a gem in some of my layered setups, I really like the Crypto Ransomware protection it offers and of course the way they cryp everything you type in the browser. (Even in the free version)
You can download it from Marks sign: https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-140#post-2445583

/E

 

I have used this in the past. It works well as a filter, but I found that it slowed down the loading and rendering of pages, so I discontinued using it.

 

You have the SAME setup I do!

 

I had installed K9 last week with no problems at all until today that I installed nod32 antivirus. There is a conflict that I cannot understand and the result is no internet connection! Anyone ever had similar problem and is there a solution? (I unistall k9 and everything went back to normal)

 

Both local proxies are probably trying to filter http traffic at the same time. Try disabling the web (http) scanning module in nod32 first and see if that works. Then you can try fiddling with port/ip settings after.

 

Did some reading on UTM based solutions, this quote is from an old (sponsored) comparative test

This suggest you should also enable HACKING category in K9 Webprotection (Bluecoat ended third, just after second place Fortinet with Checkpoint the surprising winner of this sponsored test)

 

I actually had hacking enabled already. I prefer Fortinet for URL filtration, but there isn't a stand-alone Fortinet solution, and I do not want to buy a Fortigate 80D right now for my home. Trend (ASUS) has remarkable filtration quality as well, so I already have that as a layer.

 

I stopped using this. Not because of any issues - quite the contrary. But because I have enough protection/layers already, and it's simply not needed. Right now everything on my network passes through;

ConnectSafe DNS
Trend URL/Fingerprint
Untangle (2 AV engines + Adblock/Webfiltration)
Chrome Phishing/Malware Scanning
Norton Toolbar
Norton 2015 AV
uBlock with ALL databases enabled

Anything else is really pointless right now. But I found no issues with K9 and someone would surely benefit adding it to a layer, as I would if I didn't have Trend on the router level.