Recommend DNS services to fight against malware

Discussion in 'other anti-malware software' started by Kernelwars, Aug 17, 2010.

Thread Status:
Not open for further replies.
  1. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Details of Dyndns servers are here http://dyn.com/dd-fastest-free-recursive-dns-service So sweet, first they suck, then work really really hard, now the best or as good - might as well make an article about the journey :)

    I checked Norton and it says:

    no wonder I thought Norton was pretty good as well, heh. Or is blocking not the same? I thought Norton DNS was like their Web Safe Lite, just without the toolbar. May be not. But not so optimal if server vs. your computer is terrible. The more choices the better.
     
    Last edited: Aug 18, 2010
  2. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    It seems they just came out with it http://www.nortondns.com/ allows you to view logs, and toggle on/off the DNS service.
     
  3. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
  4. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    I have always wanted to ask this and so maybe someone here can answer. Has anyone tried any local DNS proxy along with OpenDNS or DynDNS? I tried Acrylic DNS proxy once with OpenDNS but there was an IP address mismatch error and the content filtering did not seem to work and so i uninstalled it.
     
  5. LODBROK

    LODBROK Guest

    I used the tool properly and exactly the way I wanted to use the tool - to test from my location the subject of this thread, "Recommended DNS services to fight against malware."

    The server scan has value for noobs and has no relevance to this thread. Having used it ages ago, it's a function I no longer require.
     
  6. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    I'm using Acrylic DNS Proxy with DynDNS and was using it with OpenDNS. I haven't had any IP address mismatch errors. I don't need or want content filtering, so I can't help you there.
     
  7. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Oh then something wrong happened in my case (im no expert) but content filtering is a vital part of OpenDNS "to fight against malware".
     
  8. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Unless I'm mistaken, both DynDNS and OpenDNS give you phishing protection right out of the box. The content filtering options provide additional filtering above that base level which may already be covered by other layers in your security setup.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    DynDNS also gives you real malware protection out of the box. It also has an option (registered only) to block ads/popups which is nice, and to turn off non-existent domain redirects. Another reason why I'm really starting to like DynDNS over OpenDNS is that my router has a built in IP Updater for it, no software on the PC required.
     
  10. Morro

    Morro Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    355
    Location:
    Netherlands
  11. LODBROK

    LODBROK Guest

    I had completely forgotten about Google Public DNS.

    From what I can tell, OpenDNS and Google DNS both filter based on Google's Safe Browsing initiative which is built into Firefox and Chrome. The filters are stored locally in the browser files urlclassifier3.sqlite (FF) and Safe Browsing Bloom (Chrome). So, I don't see where those DNS services would add anything if you're running those browsers where that protection is enabled.

    Consider if you use UltraDNS/Comodo, DynDNS/Norton or Sunbelt, you would add another filtering level on top of Safe Browsing.

    While we're at it, using the WOT and Adblock Plus (with the Malware Domains subscription) extensions pile on even more filtering.
     
  12. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Just ran Steve Gibson's DNS Benchmark and have found that even DynDNS intercepts bad domain names. I guess hard luck for free users.
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You can turn it off for free, register for a free account.
     
  14. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
  15. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
  16. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Yes, in fact I've just changed my ISP DNS to Norton , really like it , very cool :thumb:
     
  17. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    I am currently trying clearcloud not bad at all.... I have norton dns running on some client pc's..smooth so far..:rolleyes:
     
  18. Morro

    Morro Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    355
    Location:
    Netherlands
    I see, thanks Lodbrok. :thumb:
     
  19. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    No, I think OpenDns is a bit more unique than that. They have their own Phishtank http://www.phishtank.com/index.php Not that difficult to find links Firefox does not block, well also DynDns I guess! On the other hand if you do same click, click test on a site listing malware, direct links to exe-files, flash/pdf exploits etc. OpenDns would be silent. Is useless for "malware" category, what DynDns call "Spyware". Don't know how they manage "enterprise" malware blocking, may be they also use DynDns/Barracuda :)

    Phishtank is also used by UrlVoid http://www.urlvoid.com/ if testing directly is considered too risky. Try hotbar.com - Firefox/Goolge ignores, DynDns and many others do not. The more the better as long as long as no computer is hurt. To cover malware/"virus" area I think Norton, ClearCloud and DynDns are the only free ones.

    Btw, if this blocking is interesting and you are using Avast do not disable Network Shield. It also blocks away and supplement both DynDns and browser filter.
     
  20. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    I use DynDNS with the Block Viruses, Fraudulent Activity and Phishing (Low) Defense strategy coupled with block categories: conficker worm, phishing, gambling, spyware, and spam. I have also disabled the landing page for NXDOMAIN responses. All this is enabled in my router to auto update as I change settings within DynDNS without extra software.

    In Firefox I also have Adblock Plus with EasyList and Malware Domains both up to date.
     
  21. guest

    guest Guest

    After read most of the post is still not clear for me which one is better OpenDNS or DynDNS?
     
  22. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    I tried all of these, except DynDNS. So I'll give it a go.

    Although everyone will have different results with benchmarking, my internet provider was reported to be the quickest, OpenDns second, Google third, ClearCloud, then Norton, then DNS advantage which supposedly has Australian server.

    Tested all with many links, some very old, rogue sites, as not everyone is landing on zero day links on the first day, right?

    Look forward to these getting better (seemed to block about 1/7), but personally, if my intention is to block bad sites, I'd still prefer a different approach, such as WOT, with say Avast or Malwarebytes paid which block a lot of sites.

    guest, haven't tried DynDNS, but OpenDNS would be suitable say if children use the system, for example, excellent adult, drug filters etc.
     
  23. guest

    guest Guest

    Thanks for the advice Saraceno, which tool did you use to bechmark the DNS?
     
  24. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Not sure on its accuracy, but Gibson's DNS benchmark test. I had all the images ready to upload, results etc (after seeing languy99's videos), but cleaned out my desktop files.:oops:

    With the ones I mentioned, the speed difference for me from my location, not much between them. I ran each for a day or two. All depends on your internet service provider, for example, you might notice the alternatives (Norton, Google) provide faster page look up than your current provider. My current internet provider is quicker, but the alternatives do have other benefits, such as when you mistype a URL, such as google with an extra 'o', they'll still access the intended page.
     
  25. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Another good utility is Google's Namebench here http://code.google.com/p/namebench/ but its testing time is too long whereas DNS benchmark hardly takes any time. Also Namebench leaves a lot of temporary files in temporary folder after completion.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.