low impact web filtering without an antivirus

Discussion in 'other anti-malware software' started by acr1965, May 5, 2012.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have decided to not use a real time antivirus as I don't like the resource usage. But I would like to be able to have a program to block malicious url's/IP addresses that stays up to date. I'm not 100% sure I need such a program to scan web pages in real time, so maybe one that updates blacklisted sites often would fit my needs. I have tried WOT and it's ok although I have some doubts about it being updated quickly. I've tried the AVG link scanner and it's ok but my web browsing takes a hit because all the links seem to be scanned real time, same issue with the web scanner by Bitdefender. I hear Panda has a nice one that can be installed separately but have not tried it.

    Is there a web filter that blocks black listed url's and IP addresses which is updated regularly (such as hourly or several times a day)? Or would a host file or DNS service be better for my needs? Or maybe a firewall that updates a black list regularly? I use Ad Muncher but it does not reliably block malicious sites. I also use Chrome with scripting disabled but that is white list based and I'm not sure how effective it is if a white listed site is hacked.

    Any suggestions?
     
  2. Sevens

    Sevens Guest

    I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

    http://www1.k9webprotection.com/
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Have you considered using light virtualization with an anti-executable? Virtually no impact on performance, and extremely secure. You could use something like Shadow Defender, and Appguard. Very Secure, and very light weight. It would be extremely difficult to keep any blocklist up to date for zero day malware. AV's have to rely on generic heuristic signatures to block by behavior to bridge the gap. I would reevaluate your intentions of trying to rely on a blocklist. Its not a good strategy. Its a good tool to add to your security setup, but not good for being your sole defense.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    If you decide to stick with your plan which I would not advise then K9webprotection is very good as Sevens has posted. You could also look into using a DNS service like Open DNS.
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have sandboxie paid version and am looking for a way to block malicious IP's and url's. I'm pretty sure sandboxie can protect against most web threats although I have read sbie does not protect against some. I have sbie to be able allow direct access in my browsers to bookmarks, cookies and preferences. That's about the only way I'll use sbie as I have to save many new bookmarks daily.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't believe blocking IPs is possible in sandboxie, it's really not meant for blocking anything (of course you can block all but the processes you allow) like that.
     
  7. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Wow, I just tested this out and it works quite well. I might add this to my arsenal of security. It also seems super lightweight on resources too.
     
    Last edited: May 5, 2012
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Really? I did not realize that. Blocking IP's or url's is not possible with a sandboxed browser? Ad Muncher seems to work ok when my browser is sandboxed and I think it blocks ads from loading as opposed to just hiding them...I could be wrong about that though.
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I used K9 Web Filter for several years, and it works great! Beware of possible conflicts though. I was having a problem installing and updating Prevx 2 once, and it took me forever to realize that it was K9 Web filter that was blocking Prevx 2 from communicating with the Prevx server. It has since been fixed, but I thought I should inform you in case you run into similar problems to help you save time in trouble shooting. It took me days before I realized the problem. Also it caused a slow down in webpages loading at times, and sometimes pages would have anomalies in them. Its content blocking is superb though, and it blocks most malicious web pages. Its web filtering works much better than my Netgear Prosecure UTM if that gives you any ideal of how great it works.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I think DW meant that SBIE itself does not block URLs but while using a sandboxed browser, Panda, Traffic Light, MBAM or any of the other available applications that block URLs work just fine. I am not using any but I tried a few, Panda URL filter is the one I liked best.

    Bo
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    OK. I was aware that sbie could not block IP addresses. Does Panda use a blacklist or does it scan for threats in real time through their cloud somehow? Also, is there a way to install just the web scanner and is the web scanner configurable (ie. white list, etc)?
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    It downloads definitions to your computer 3 or 4 times a day, you can follow the updates in a folder that Panda uses located in Document and Settings. To install it, you have to install the toolbar. After you install the Panda toolbar, you can uninstall it immediately. It also installs something else which you can also uninstall. Afterward, only the Filter remains. I only used it for a few days but I thought it was pretty good even though its not configurable.

    Bo
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    ok, thanks for the info
     
  14. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Panda web-filter is great, and barely uses any resources at all.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I'm going to try MBAM Pro web filtering with real time protection disabled and see how it goes. Does anyone know what services, blacklist sites, etc that MBAM uses in its web filtering?
     
  16. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    66
    I'm also a huge fan of Bluecoat K9. And it's free.
     
  17. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
  18. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    But would it conflict with other web filters like dns services or add-ons(wot, trafficlight) or Security Suite built-on web filters?

    Because it says here, 'While some product suites include Web filtering, these filters may not be as robust or detailed as Blue Coat’s technology. We recommend that you use K9 instead of the Web filter you find in a product suite, unless it’s based on Blue Coat’s K9 technology.'

    Also because it says here, 'K9 Web Protection is compatible with the following third-party personal firewall and Internet security products:

    Personal firewalls: Comodo
    Anti-virus products: Avast, Avira
    Internet security suites: McAfee, F-Secure, Norton/Symantec, Computer Associates and Check Point ZoneAlarm'

    Which means other products suites are not compatible, right?
     
    Last edited: May 6, 2012
  19. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    is anyone using the k9 product with ad muncher?
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    Set Norton DNS or Comodo as default in either your Router (preferable) or your network connection (it is explained at Norton ConectSafe website). Check with your real browsing history which DNS provider scores better for you (don't use a default set, Chrome and Comodo use a two phase caching mechanism, top ranked websites are all in this DNS "super" cache, so theoretical test will differ from real life experience, use a list based on your browsing history/surfing habits).


    Use Chromium for a while, enable Phising and Malware protection. Check for yourself using Malware Domain Lists or others, both websites and downloads will be catched with this combi. Absolutely lowest on impact on performance. Only not using any kind of protection will have less drag on system.

    DNS filtering
    ==> it doest not happen on your PC, but on the server of the DNS provider, so effective and impact free

    Google's Phising & Malware
    ==> based on part of the webaddress which is updated every half hour and loaded in browser (in memory, so near zero I/O). When part of the pattern matches the webaddres (a so called "index" match), the full adress is checked against a second black list with full addresses, but organised in pattern index (to minimize search & IO time). So instead of searching through all streets in the USA for roads with nasty potholes, it first checks on postal code globally then zoom's in on street name/house numbers

    Check it your self, and the results will convince you


    At javascript.
    Chrome does not uses shared libraries, but assigns hidden classes to Javascript. This is simular to the ASLR randomising mechanism, but on a much more detailed level for code libraries, so I would not worry about Javascript whitelist being hacked. Chromium now runs with Untrusted (in Win7) and AppContainer (in Win8 ), sandboxes, so I would not worry about Javascript white list being hacked (renderer boxes now run Untrusted with build in Chrome flash and pdf running low, so javascript in Untrusted can't touch plug-ins running Low integrity).
     
    Last edited: May 6, 2012
  21. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Thanks for the advice, I appreciate it.
     
  22. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I would like to try a dns service other than what my ISP has. But I have personal issues with Norton and Comodo. Is there a good free DNS service besides these two that offers malware site protection? I would probably be willing to pay for one as well if it was effective and always up to date.
     
  23. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    I tried K9 today, and it protect great, but it is a bit to overbearing for my tastes. I still think Panda has the best web filter. Wish they would make it a stand alone download.
     
  24. Sevens

    Sevens Guest

    I think this is the same only stand alone.

    http://software.visicommedia.com/en/products/antiphishing/
     
  25. Kobayashi maru

    Kobayashi maru Registered Member

    Joined:
    Nov 7, 2009
    Posts:
    124
    Location:
    Drivin' all night my hands wet on the wheel....
Loading...
Thread Status:
Not open for further replies.