What's your favourite web/url/IP/reputation filter setup and why

[Kees1958]

Staying out of risky areas is one of the (counter) measures to mitigate the risk of infection through the world wide web. There are several ways of achieving this (DNS-level, Browser-level, Plug-in level)


A second way to mitigate the risks of infection is to increase control on the most commenly used attack carriers (dynamic content, e.g. scripts, adds, PDF's, flash movies, etc), through browser options or plug-ins. See http://www.symantec.com/business/threatreport/build.jsp

Just wondering what Wilders Members are using as easy and cheap means of mitigation.

Regards Kees

[Kees1958]

Web/URL/IP/Reputation
Using Norton DNS malware domain protection (configured in router). Using Chrome's phising protection (is some kind of hash mechanism downloaded and used locally in Chromium). Added Avast Webrep for reputation indexing of Search results and page visits. Using McFee SiteAdvisor as a post visit check. Those work on different levels and are the most effective in terms of download speed and webbrowsing performance tests. The effectiveness of those counter means are estimated between 30-60%, so adding more won't add much protection.

Norton: AV background, is handled at DNS-servers of Norton, so the delays are not noticeable. I disabled Chromium DNS prefetching.
Chromium: the Chrome phising blackist is based on the largest crawler mechanism in the Western World. It checks URL hashes in a very efficient manner with update intervals of half an hour (according the Google info).
Avast Webrep: I like the fact that Avast AV-intelligence is used to reduce false positives (reason I prefer it over WOT) and the fact that it is (with WOT) the fastest search plug-in for Chrome.
McFee SiteAdvisor: the disadvantage of McFee (on Chrome) is that it acts as a post-visit check (the advantage for Chrome is that it is only an icon, no other visible screen pollution). Having the two pre-visit filters (at DNS level=Norton and and Browser level=Chrome URL hash check), I also opted for pre-visit check when searching (Avast WebRep) and a post-visit check (SiteAdvisor). Site Advisor is noticably slower than Avast WebRep in displaying the result. So this asynch slow post visit check does not interfere with my browsing habits (I am reading the page when Sitedvisor does its works) and adds a last check on URL after the page is rendered.


Attack carrier mitigation
Using chrome's internal sandbox to mitigate javascript, PDF and flash (copied Chrome's internal flash and PDF plug-ins for use in Chromium, have not installed adobe PDF or FLash) with enforcement of running PPAPI flash in Renderer and using Native Clients for all web applications.

I think the security advantage of running low rights of renderer and plug-ins is so substantial, I do not need any NoScript like functionality (or browser virtualisation) with Chromium. Only running Adblock plug-in. This is questionable enhancement, although one could argue that any Add Block like functionality reduces the chance of being lurged to pesky websites.

[PJC]

-Norton DNS
-WOT

[the Malware Domains filter of ABP
-and more than that-...
is included in WOT.]

[kjdemuth]

Norton DNS
Panda url filter
Ad block plus on firefox

[Amit]

norton dns
panda url filter
wot
ad block plus

[m00nbl00d]

I personally use no extensions, but two of my relatives have been running BitDefender TrafficLight and WOT, plus Norton DNS.

I prefer BitDefender TrafficLight and WOT over McAfee SiteAdvisor and avast! WebRep.

WOT may not be 100% perfect (nothing is), but it does have quite a few reliable sources, such as Phishtank.

avast! WebRep is more like what users like or what they don't like, isn't it? If I hate dogs and cats, I will hate associations helping these animals; therefore, I'll rate their websites with a low rating. What's going to stop that? If many thousands of people hating dogs and cats do that, then we have thousands of ratings saying that those websites are bad.

This kind of reputation service is not of my liking. I prefer services that keep focus on real dangerous websites, regardless of what they are.

[Trooper]

DynDNS
Adblock Plus with malware domains subscription on both Firefox and Chrome.

[Kees1958]

Quote:

Originally Posted by m00nbl00d

avast! WebRep is more like what users like or what they don't like, isn't it? If I hate dogs and cats, I will hate associations helping these animals; therefore, I'll rate their websites with a low rating. What's going to stop that? If many thousands of people hating dogs and cats do that, then we have thousands of ratings saying that those websites are bad.

I recall (or think to remember) that VLK (of Avast) has stated that the webrep was checked by the automated web crawlers of Avast (link will be automatically checked by Avast automated malware analysis).

But please tell me when this is not the case

[m00nbl00d]

Quote:

Originally Posted by Kees1958

I recall (or think to remember) that VLK (of Avast) has stated that the webrep was checked by the automated web crawlers of Avast (link will be automatically checked by Avast automated malware analysis).

But please tell me when this is not the case

To be honest, I limited my self to the scarce info I find. I do remember vlk mentioning a link -http://forum.avast.com/index.php?topic=71981.msg601295#msg601295

Quote:

WebRep is a combination of community voting and malware-related data feed from our virus lab.

[...]

On the onther hand, the community can usually very well tell whether a given e-shop is a good one or a poor one -- something our virus lab will hardly be able to do...

So, are user ratings checked for malicious code by avast! lab? I got my doubts, and it wouldn't make much sense, would it? After all, considering what vlk mentions in that post of his, part of avast! WebRep protection is provided by the users who "spot" and report fraudulent websites (no malicious code in them, simply fraudulent). The same is not to say that they can't rate a website with a low score, just because they feel like it.

-edit-

I've seen quite a few screenshots over avast! forum that show WebRep ratings showing that a website has this or that score due to X number of votes. So, this is coming from the avast! users, correct?

[Hungry Man]

I just stick to the built in Chrome checks on sites and downloads.

[The Seeker]

Ad Muncher.
Google DNS.

[BonskY]

From Google Chrome and Firefox always updated

OpenDNS + WOT+ AdBlock and no Pr0n !

And in case of failure...Sandboxies !

Have nice day guys

[Hungry Man]

Quote:

Originally Posted by The Seeker

Ad Muncher.
Google DNS.

Google DNS doesn't use any filtering.

[ExtremeGamerBR]

Nothing, just Sandboxie to contain anything.

Primary DNS = ISP
Secondary DNS = OpenDNS

Windows Firewall w/Advanced security to restrict application remote port connections and force applications to DNS lookups with DNS Client service disabled.

IE 9 Smartscreen filter

[cheater87]

WOT/Trafficlight for search results and for DNS I use Comodo.

[bo elam]

I being wanting to find a good Web/URL filter for a long time and I think I found it 10 days ago when I installed Panda URL filter. Tried AVG link scanner and Traffic Light before and did not feel convinced of its effectiveness as they never detected any site as malicious during real life browsing and only detected a few sites as malicious when trying URLs from MDL and other sites.

On the other hand, even though Panda URL filter has not detected any malicious site during my normal browsing, it has blocked every malicious URL from MDL and malwareurl that I have tried except two. I am kind of convinced that it works well, I also like that it can be installed without having to install the antivirus.

I am also using Norton DNS off and on and Firefox with NoScript and Adblock plus.

Bo

[enemyofarsenic]

great thread...

[treehouse786]

see this

[G1111]

Norton DNS
WOT
Web protection enabled in MBAM Pro and Emsisoft Anti-Malware

Quote:

Originally Posted by m00nbl00d

If many thousands of people hating dogs and cats do that, then we have thousands of ratings saying that those websites are bad.

I agree - that's the problem with WOT I guess Norton DNS or McAfee SiteAdvisor are better alternatives

[PJC]

This Poll fits perfectly...

[Page42]

Probably listed in order of preference...

Chrome's anti-malware and anti-phishing
Norton DNS
MBAM Pro website blocking
WOT extension
TrafficLight extension

[tomazyk]

Dragon's and Firefox's build-in defences + AdBlock Plus

[Atomas31]

Norton DNS
Panda URL Filtering
Adblock Plus