Discussion in 'polls' started by wat0114, Dec 8, 2013.
Such as .ru, .info, .vn, etc...and if so, how?
I'm not being targeted, so why should I block legitimate sites along with malware sites? The Internet is global guys, it's not as if you're going to be infected visiting .ru sites without social engineering.
On the web I do not block any. There is no point in blocking entire domains on the web, as not every website from a risky area is infected nor every user a malware author/hacker. There is only one exception that I previously had when my torrent client was in use. That was a block list for China, as there are still a large amount of botnets and spammers flooding torrent connections. Whether that does any good is still hotly debated. I have found very few instances where I needed to connect to domains such as .info, so I don't really concern myself with it.
No not really. I probably could have formulated better/more poll questions, though mostly I'm just curious if there are a significant number of people blocking certain domains.
Yep, me neither. I visit .ru sites quite regularly. Can't say the same for .vn but I don't block any domain in general. Eset sometimes blocks a website but with noscript only turned off on whitelisted sites (+ sandboxie) I didn't have trouble with malware for quite a long time.
Just to be clear, I only used .ru and the others as examples, as opposed to singling them out.
I don't think there are many people bothered to maintain domain blacklists. It should be the job of web filtering services.
No, I really don't see a need.
Domain specific allow/deny rules can be used for various client-side purposes such as:
- Blocking communications with malware serving domains
- Blocking communications with advertising networks, analytics servers, etc
- Blocking communications with domains associated with undesired phone-home activity
- Blocking communications with domains that serve content that is inappropriate for the user's age
- Controlling whether HTTP, HTTPS, or both can be used
- Controlling email and other types of messaging
and they also can be used server side to restrict which clients are allowed to communicate, filter messages, etc. Even aggressive "deny all, allow few" type approaches are useful in some contexts. Such as when configuring a client for use by a child, configuring a browser profile and/or computer for sensitive (financial, whatever) use only, or configuring a server that you know should only be accessed by certain clients within a certain domain.
Given that server host/domain names can change, client IP Address and rDNS can change, rDNS information can be out of date or forged, friendly looking host/domain names can map to threatening IP Addresses and systems, IP Addresses can be used instead of hostnames, systems can be multi-homed, the use of content delivery networks, etc there can be false positives and false negatives. In some cases IP Address range based blocking can help, but even that can be problematic too especially when it is static rather than dynamic.
So although it is common to utilize domain specific blocking for one or more purposes, the specific context and objectives and limitations must be considered. There is nothing wrong with blocking entire TLDs and/or country IP Address ranges if the communications that will block are not needed or desired. You'd want to be pretty sure about that though, since such blocks are broad. Especially if (some of) the blocking will be silent.
I misread the poll and voted the last option. I don't block specific countries. I do block specific sites, corporations, and IP ranges, examples: known adservers, Facebook, Twitter, and with one exception (that I'm reconsidering) Google. I block specific IP addresses and ranges with the firewall using its custom address group feature. I use Proxomitron to block sites by name. Its blockfiles accept wildcards for domains, subdomains, etc.
What is your definition of domains?
For example, https://www.wilderssecurity.com/ is a domain.
The Poll is for domains, such as my above example. But your above description in this post is for Internet top-level domain.
One of the way to block domains is through Host file, which should be included in your Poll.
This Host file is created in your Windows OS by Microsoft.
Yes, I didn't think otherwise.
Top level domains.
So I just put "other" which could entail hosts files or another means not directly through the browser.
No I don't
I use the Malware Domains list for Adblock plus a Hosts file to blacklist known bad sites.
Nope, I don't find it necessary....yet
With so many security-conscious members in these forums, I'm surprised there aren't more people blocking notoriously dangerous tld's by default and whitelisting only the sites they want. This at least has the beneficial effect of reducing the attack surface, as has been pointed out by Windows_Security
No need for it. It wouldn't really fit in well with my setup. I do, however, use HTTPSB but that's less about security and more that I prefer to surf that way.
Yes, using Firefox extension BlockSite Plus:
No I don't see the need personally to block any top level domains. As for blocking specific websites I have not done that for years, and stay well away from any website blocking software, for the simple reason that sometimes I want to visit websites that are included in blocklists.
Separate names with a comma.