low impact web filtering without an antivirus

I have decided to not use a real time antivirus as I don't like the resource usage. But I would like to be able to have a program to block malicious url's/IP addresses that stays up to date. I'm not 100% sure I need such a program to scan web pages in real time, so maybe one that updates blacklisted sites often would fit my needs. I have tried WOT and it's ok although I have some doubts about it being updated quickly. I've tried the AVG link scanner and it's ok but my web browsing takes a hit because all the links seem to be scanned real time, same issue with the web scanner by Bitdefender. I hear Panda has a nice one that can be installed separately but have not tried it.

Is there a web filter that blocks black listed url's and IP addresses which is updated regularly (such as hourly or several times a day)? Or would a host file or DNS service be better for my needs? Or maybe a firewall that updates a black list regularly? I use Ad Muncher but it does not reliably block malicious sites. I also use Chrome with scripting disabled but that is white list based and I'm not sure how effective it is if a white listed site is hacked.

Any suggestions?

 

I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

http://www1.k9webprotection.com/

 

Have you considered using light virtualization with an anti-executable? Virtually no impact on performance, and extremely secure. You could use something like Shadow Defender, and Appguard. Very Secure, and very light weight. It would be extremely difficult to keep any blocklist up to date for zero day malware. AV's have to rely on generic heuristic signatures to block by behavior to bridge the gap. I would reevaluate your intentions of trying to rely on a blocklist. Its not a good strategy. Its a good tool to add to your security setup, but not good for being your sole defense.

 

If you decide to stick with your plan which I would not advise then K9webprotection is very good as Sevens has posted. You could also look into using a DNS service like Open DNS.

 

I have sandboxie paid version and am looking for a way to block malicious IP's and url's. I'm pretty sure sandboxie can protect against most web threats although I have read sbie does not protect against some. I have sbie to be able allow direct access in my browsers to bookmarks, cookies and preferences. That's about the only way I'll use sbie as I have to save many new bookmarks daily.

 

I don't believe blocking IPs is possible in sandboxie, it's really not meant for blocking anything (of course you can block all but the processes you allow) like that.

 

Wow, I just tested this out and it works quite well. I might add this to my arsenal of security. It also seems super lightweight on resources too.

 

Really? I did not realize that. Blocking IP's or url's is not possible with a sandboxed browser? Ad Muncher seems to work ok when my browser is sandboxed and I think it blocks ads from loading as opposed to just hiding them...I could be wrong about that though.

 

I used K9 Web Filter for several years, and it works great! Beware of possible conflicts though. I was having a problem installing and updating Prevx 2 once, and it took me forever to realize that it was K9 Web filter that was blocking Prevx 2 from communicating with the Prevx server. It has since been fixed, but I thought I should inform you in case you run into similar problems to help you save time in trouble shooting. It took me days before I realized the problem. Also it caused a slow down in webpages loading at times, and sometimes pages would have anomalies in them. Its content blocking is superb though, and it blocks most malicious web pages. Its web filtering works much better than my Netgear Prosecure UTM if that gives you any ideal of how great it works.

 

I think DW meant that SBIE itself does not block URLs but while using a sandboxed browser, Panda, Traffic Light, MBAM or any of the other available applications that block URLs work just fine. I am not using any but I tried a few, Panda URL filter is the one I liked best.

Bo

 

OK. I was aware that sbie could not block IP addresses. Does Panda use a blacklist or does it scan for threats in real time through their cloud somehow? Also, is there a way to install just the web scanner and is the web scanner configurable (ie. white list, etc)?

 

It downloads definitions to your computer 3 or 4 times a day, you can follow the updates in a folder that Panda uses located in Document and Settings. To install it, you have to install the toolbar. After you install the Panda toolbar, you can uninstall it immediately. It also installs something else which you can also uninstall. Afterward, only the Filter remains. I only used it for a few days but I thought it was pretty good even though its not configurable.

Bo

 

ok, thanks for the info

 

Panda web-filter is great, and barely uses any resources at all.

 

I'm going to try MBAM Pro web filtering with real time protection disabled and see how it goes. Does anyone know what services, blacklist sites, etc that MBAM uses in its web filtering?

 

I'm also a huge fan of Bluecoat K9. And it's free.

 

just use Norton ConnectSafe

 

But would it conflict with other web filters like dns services or add-ons(wot, trafficlight) or Security Suite built-on web filters?

Because it says here, 'While some product suites include Web filtering, these filters may not be as robust or detailed as Blue Coat’s technology. We recommend that you use K9 instead of the Web filter you find in a product suite, unless it’s based on Blue Coat’s K9 technology.'

Also because it says here, 'K9 Web Protection is compatible with the following third-party personal firewall and Internet security products:

Personal firewalls: Comodo
Anti-virus products: Avast, Avira
Internet security suites: McAfee, F-Secure, Norton/Symantec, Computer Associates and Check Point ZoneAlarm'

Which means other products suites are not compatible, right?

 

is anyone using the k9 product with ad muncher?

 

Set Norton DNS or Comodo as default in either your Router (preferable) or your network connection (it is explained at Norton ConectSafe website). Check with your real browsing history which DNS provider scores better for you (don't use a default set, Chrome and Comodo use a two phase caching mechanism, top ranked websites are all in this DNS "super" cache, so theoretical test will differ from real life experience, use a list based on your browsing history/surfing habits).


Use Chromium for a while, enable Phising and Malware protection. Check for yourself using Malware Domain Lists or others, both websites and downloads will be catched with this combi. Absolutely lowest on impact on performance. Only not using any kind of protection will have less drag on system.

DNS filtering
==> it doest not happen on your PC, but on the server of the DNS provider, so effective and impact free

Google's Phising & Malware
==> based on part of the webaddress which is updated every half hour and loaded in browser (in memory, so near zero I/O). When part of the pattern matches the webaddres (a so called "index" match), the full adress is checked against a second black list with full addresses, but organised in pattern index (to minimize search & IO time). So instead of searching through all streets in the USA for roads with nasty potholes, it first checks on postal code globally then zoom's in on street name/house numbers

Check it your self, and the results will convince you


At javascript.
Chrome does not uses shared libraries, but assigns hidden classes to Javascript. This is simular to the ASLR randomising mechanism, but on a much more detailed level for code libraries, so I would not worry about Javascript whitelist being hacked. Chromium now runs with Untrusted (in Win7) and AppContainer (in Win8 ), sandboxes, so I would not worry about Javascript white list being hacked (renderer boxes now run Untrusted with build in Chrome flash and pdf running low, so javascript in Untrusted can't touch plug-ins running Low integrity).

 

Thanks for the advice, I appreciate it.

 

I would like to try a dns service other than what my ISP has. But I have personal issues with Norton and Comodo. Is there a good free DNS service besides these two that offers malware site protection? I would probably be willing to pay for one as well if it was effective and always up to date.

 

I tried K9 today, and it protect great, but it is a bit to overbearing for my tastes. I still think Panda has the best web filter. Wish they would make it a stand alone download.

 

I think this is the same only stand alone.

http://software.visicommedia.com/en/products/antiphishing/

 

The Proxomitron: http://en.wikipedia.org/wiki/Proxomitron

IP blocking: Peerblock, and use the provided malware and other lists from iblocklist.