Found this one on SourceForge, any experience with it? http://sourceforge.net/projects/phishblock/?source=navbar http://phishblock.org/ PhishBlock is a security program that detects and blocks Phishing, Pharming, Hacker's C&C(Command and Control) Servers which are located in databases with URLs, DNS hostnames, and IP Addresses. This program detects and blocks Malware URLs, bad Hosts, and bad IP addresses. Main Features: Detect/Block Phishing/Malware based on URL. Detect/Block C&C Server (Botnet) based on DNS hostnames & IP Addresses. Detect/Block Fraud/Scam/DDos/Fake Contents based on URL & DNS hostnames. Using Low Memory and barely affects network performance or cpu usage. Scanning Internet Browser Cache for Malware by Yara Rule (6,000rules). Database Contents (SourcehishTank.com, Spam404.com, ClamAV.net etc.): Phishing C&C Servers Fake Content Get Rich Quick Scam Malware Fraud Spam Rogue Pharmacy DDos Service
FYI. October 27, 2014 : PhishBlock Version 0.9 First Published Being that is brand new, caution is advised.
Installed. Exception Fault on Running (Win8.1x64) Uninstalled cleanly though. Probably like Peerblock or something.
Yes...the default installator is for 64 systems but on "files" tab you can get versions for others systems http://sourceforge.net/projects/phishblock/files/?source=navbar BTW...after twice installation on my XP I get window of PhishBlock only for few seconds and then just BSOD. It needs more time and job to be stable.
I wonder, what is the difference in comparison to alternative DNS servers with zero impact on performance, since it uses the same databases and blocks the same.
It is explained in post#1. So it uses different source, and also have malware scan by Yara signature (Yara is a malware analysis/classify framework very popular in this field). Personally I also feel it's more like Peerblock as Mayahana said, except it also handles domain name. BTW, though alternative DNS doesn't consume machine resource, it can delay connection, depends on distance btwn the DNS server & your network. When I used Comodo DNS I felt noticable slow down.
Those databases are used by DNS servers, they actually uses even better and Yara signature is not so special as they present it, so overall is not really worth trying.
I don't agree, from my experience those alternative DNS are not so quite effective. Norton DNS is much less effective compared to real Norton's safeweb protection, and Comodo DNS is also limited either for phishing & malware protection. I regard them as added layer of web protection, not a main one. However I also think Phishtank, spam404 and ClamAV are not great source. And I agree that 6000 Yara sigs are not so special, actually IMO they should remove this feature. I wouldn't use this unless they made significant improvement.
Agreed. The specialized DNS seem pretty limited, but also I view these databases as a supplement. I don't find the Kaspersky Gateway database (for phishing) all that hot either, but it's there - and it's a layer. Right now I use Kaspersky on the UTM, Clam on the transparent bridge UTM, and Norton on the dekstops/notebooks with no protection on Android/Tablets. So this product would have a marginal use for me - at best. Anyone using something like Norton, Trend, etc will likely not benefit at all from it.
When I recall correctly, Crowdstrike uses Yara + Clam + Snort rules to feed their big data analysis (see f.i. Panda Putter report) http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf Looks like phishpoint is an endpoint focussing on URL-blocking based on simpler analysis on the endpoint. To me it seems more logical to offer this as UTM service on a router.
I think Peerblock is focussing on IP-address blocking.. and PhishBlock is focussing on URL-blocking and alternative DNS. To me it seems this is a difference from Peerblock.. look at http://phishblock.org again. v0.9.1 is released.
