Do you block certain domains?

Discussion in 'polls' started by wat0114, Dec 8, 2013.

?

Do you block certain domains?

  1. No

    34 vote(s)
    68.0%
  2. Yes, by whitelisting in the browser

    3 vote(s)
    6.0%
  3. Yes, by blacklisting in the browser

    4 vote(s)
    8.0%
  4. Yes, by whitelisting using other method

    1 vote(s)
    2.0%
  5. Yes, by blacklisting using other method

    8 vote(s)
    16.0%
  1. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,380
    Location:
    West Yorkshire, UK
    Multiple ways to reduce attack surface, where is the evidence that blocking domains reduces the amount of security intrusions ?
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,737
    Location:
    Toronto Canada
    No I don't.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada

    For example, malicious code hosted on .ru, .vn, .cm, & .am sites. If these are excluded with a whitelist approach, they are of no concern. The user would have to deliberately allow them.

    EDIT

    Good grief, I guess I should have clarified blocking of "javascript" from the get-go of this thread :(
     
    Last edited: Dec 15, 2013
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,737
    Location:
    Toronto Canada
    I'm sure NGRhodes knows how this works but doesn't answer his question regarding proof. At least it doesn't for me.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Statistically I think most malicious domains are Chinese or Russian. Google put some research out about it a while back.

    If we're talking Javascript, then I whitelist.
     
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,737
    Location:
    Toronto Canada
     
    Last edited: Dec 15, 2013
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada
    Perhaps let NGRhodes respond.
     
  9. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,380
    Location:
    West Yorkshire, UK
    Is there any evidence in practice or lab conditions that blocking TLDs would actually reduce the amount of malware the average web surfer would get ?
    If you are already running some other tool for security, e.g. AV and anti malware or anti execution, do tests show blocking TLD's offer any extra protection ?

    Without this information there is a risk of spreading FUD about the actual usefulness of blocking TLDs for security purposes.

    I do think blocking specific known bad domains [sub domains of tld's for clarity] is useful (and there are stats about on the web to prove usefulness of this), but TLDs I don't know.

    Cheers, Nick
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada
    If I stumble upon a normally safe site that's been exploited with js injection to redirect users to a malicious website that downloads trojans to the user's machine, then am I not left unaffected if one of the domains I've blocked is that of the malicious site? BTW, I would rather use as much as what's built-in to the O/S and browser as opposed to 3rd party utilities. I agree blocking TLD's is very broad in nature as opposed to sub-domains but it achieves the same results but with less granularity. I can always, and have, allowed sub-domains of my choice as I see fit.

    EDIT

    Maybe I've been too unclear throughout this thread, so I'll attempt to explain further...

    Let's say I default deny js but I whitelist only the following:

    .com
    .ca
    .gov
    .org
    .edu
    .uk
    .net

    I use a script blocking extension in the browser to allow only specific sites of my choosing that may fall under the category of the ones blocked by default, such as maybe somesite.ru, or anothersite.ko...just examples. If I happen to land on a site that has been js-exploited to redirect visitors to, say, badsite.cn, I should be unaffected because those domains are blocked by default.

    Yes there are exploits found on some sites with the domains I've whitelisted, but by default-denying all others, I reduce the chances - attack surface - of stumbling upon exploited sites, because it is fact there are exploits found on so many listed in McAfee's most dangerous domains list.

    There are other means as you mention, Nick, but why not utilize what's available in the browser or at least through a browser extension, since it's not only effective but it eliminates additional code introduced by 3rd party apps that might be used?
     
    Last edited: Dec 16, 2013
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Who cares about lab conditions? We know that malware is often hostedn on .cn and .ru. That should be the only 'evidence' necessary to support a claim that blocking domains can be beneficial to security.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    No i dont but EAM can be a bit intrusive in some rare cases. :D
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada
    Here we go, in addition to Hungry Man's support, another "heavy weight" member using a simiilar approach (right under Additional intrusion mitigation):

     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,881
    ditto ;)
     
  16. guest

    guest Guest

    @wat0114

    So I take it as you want to focus more on the contents of websites instead of the websites themselves?
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada

    Yes and no. I avoid all non-whitelisted domains as much as possible, because I rarely visit them anyway, but if I feel a want/need to visit a web site under one of them, I exercise careful control of the content I allow.
     
  18. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Yeah, sometimes i have to deactivate it to be able to see some websites.
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I'll bet false positives would be far more likely than any working malware with such a country-based whitelist.
     
  20. guest

    guest Guest

    Although it's possible in your case, it's impossible in mine. Sometimes (many times?) I need to access strange websites to get the info I was looking for. So my only option is content filtering.

    I'll tell you something, most unusual behaviors I've encountered in various websites are from .com-based websites. So manual TLD blocking barely gives any effect for me.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,079
    Location:
    Canada
    Yes, .com is the worst. of course I allow it within settings in Chrome, but then I use httpsb extension to filter the contents of the sites i visit, allowing only the required content.
     
  22. Pandora Box

    Pandora Box Registered Member

    Joined:
    Dec 6, 2013
    Posts:
    25
    Location:
    In a doghouse
    I only block ad links that keep pop up in my pc inside
    C:\Windows\drives\etc\host :p
     
  23. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,217
    Well, if I setup PeerBlock for blocking some IP's:

    Google -> Blocking 131,071 IP's

    Microsoft -> Blocking 1,849,147 IP's

    Spyware -> Blocking 285,056 IP's

    Hijacked -> Blocking 7,810,037 IP's

    This is just a partial list.
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yes, by blacklisting - Other... via my router. And block some IP's/ranges with Comodo FW.

    ... but I picked the wrong thing by accident, like a dumb arse, and went and screwed this whole poll up (picked whitelisting - yes instead). I'm so used to applying that default deny/whitelist regimen that it's just like a reflex.
     
  25. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I let SmartScreen take care of it for me. I don't feel the need to block entire TLDs.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.