Does Norton ConnectSafe (DNS) really work?

Discussion in 'other anti-malware software' started by Anguel, Jan 7, 2016.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  2. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    Are you sure that this one is blocked by Norton DNS? I think it is only blocked by Norton Internet Security if you have installed it...
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    It looks like you are right! I've just changed to Norton ConnectSafe with the least restrictive settings (Security) and checked with Cyberfox, which Norton doesn't offer phishing protection, and the amtso phishing test page does indeed load. Hmm. Norton ConnectSafe and the Norton security products are supposed to use the same Safe Web database.

    I'll have to check why. Thanks for pointing that out. :thumb:
     
  4. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Based on my old observations* Norton ConnectSafe blocks access to any website rated Warning by SafeWeb and nothing else. Known phishing pages (except from a website rated Warning) and Caution rated websites are not blocked. The toolbar in Norton products will at least warn# about all these and also has heuristics to detect possible phishing pages.

    *May be as old as three years https://www.wilderssecurity.com/thre...on-connectsafe-at-phishing-protection.340181/

    #Last time I checked, nearly a year ago, the toolbar does not block access to the websites rated Warning. (A full page block will appear but the page will be downloaded.)
     
    Last edited: Jan 12, 2016
  5. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Norton ConnectSafe free DNS service does not block this test page even if set to policy C.
    Check the Anti-Malware vendors listed on Amtso Phishing Testpage for support.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I have already asked Symantec about this and will update this thread when I hear something.
     
  7. haakon

    haakon Guest

    Thanks.

    I disabled BDIS-2016's phishing protection for this. (It blocks the amtso phishing test page in Cyberfox X64 and Chrome Portables and in QuiteRSS, a QtWeb Kit news reader.)

    I've been using Norton ConnectSafe Security/Policy 1, 199.85.126.10 & 127.10, for a while and the page does load here in Cyberfox, too.

    But it did block something a couple months ago while I was banging open PhishTank links. Which means it interceded for this system before BD or SafeBrowsing or MBAM Premium.

    I think PhishTank would be a better venue for members in this thread to use than amtso.

    Just for fun, check these...
    https://www.dns-oarc.net/oarc/services/dnsentropy
    https://www.dnsleaktest.com/

    I get a bunch of Neustar 156.154.162.xx DNS IPs. Which makes sense.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    This first test doesn't load for me.

    The second one says I'm about 300 km away from where I am because that is where the nearest server is. Using Norton ConnectSafe the leak test says my ISP is in the USA and is NeuStar... I don't know what that means.
     
  9. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    OpenDNS works with PhishTank, they are mostly focused on phishing sites, not malware sites. Norton does block malware as well, but you have to use the correct DNS address. They have several and they block different stuff. Not sure if malware is covered by the base one.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    The three choices for Norton Connectsafe are:

    • Which content filtering policies are available for home and personal use?
      The following three pre-defined content filtering policies are available for home and personal use:

      Policy 1: Security (199.85.126.10 and 199.85.127.10) This policy blocks all sites hosting malware, phishing sites, and scam sites. To use Policy 1, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 199.85.126.10 and 199.85.127.10.

      Policy 2: Security + Pornography (199.85.126.20 and 199.85.127.20) In addition to blocking unsafe sites, this policy also blocks access to sites that contain sexually explicit material. To use Policy 2, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 199.85.126.20 and 199.85.127.20.

      Policy 3: Security + Pornography + Other (199.85.126.30 and 199.85.127.30) In addition to blocking unsafe sites and pornography sites, this policy also blocks access to sites that feature mature content, abortion, alcohol, crime, cults, drugs, gambling, hate, sexual orientation, suicide, tobacco or violence. To use Policy 3, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 199.85.126.30 and 199.85.127.30.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I'm running that now but I didn't realise it would take so long. I haven't timed it but it must be getting close to 2 hours by now. o_O
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    OK, it's finished and no surprise really that my ISP is quickest.

    I would love to know what www.google.com is hijacked means though. All eleven servers showing in the results all show the same. At the time of the test I was using OpenDNS if that makes a difference.
     
  13. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    I have the impression that Norton DNS blocks from time to time - it is not something one can rely on... This confirms my negative impressions about Symantec.
    Now I am testing Malwarebytes Premium and Avira's Free Browser Plugin besides my main Kaspersky IS 2016, I also use Untangle's paid WebFilter. But for now it looks like Kaspersky IS 2016 is the one that blocks most reliably the links I pasted (e.g. from Zeustracker).
     
  14. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @Krusty13
    I guess it means that You are redirected to google.com.au
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Yes, that would make sense.

    Thanks.
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I have just been informed Norton ConnectSafe should be blocking the AMTSO phishing test page.

    I'll update if I hear more.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Sorry for the delay. I've just found this thread and forgot to update it.

     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.