So many different ways to block malware URLs......

Discussion in 'malware problems & news' started by 800ster, May 12, 2014.

Thread Status:
Not open for further replies.
  1. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    203
    Does anybody have any info on how malware site lists are sourced? There seems to be so many options for blocking bad sites, phishing, parental controls etc. that I wonder if they are separately maintained or not. Does this layered approach help or do they come from fundamentally the same source (e.g. I have heard Brightcloud for example provide backend services to some AVs).....so it is just wasted duplication? I have no problem if there is overlap but it would be nice to know if any are obvious copies.

    E.G. there can be malware lists for filtering from:
    - Search engines
    - Browsers directly (e.g. Chrome)
    - Browser add-ins such as Adblock, Trafficlight
    - Antivirus software
    - ISP blocking (e.g Sky Shield in UK) or other DNS services (e.g OpenDNS)
    - Hosts files lists (e.g. MVPS)
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    As fast as malicious links and sites appear, disappear, and move, I question how effective any attempt to blacklist them can be. It could work with sites that stay for extended periods but too often it's not the case. The only realistic way a link or site can be determined to be malicious is for something or someone to visit it. Even with the services that get their data from the users browsers, the user is counting on the idea that someone else was there before you and that the malware was discovered. The problem is worse when the malware starts infesting ads. The users actions are taken out of the equation. IMO, all of these services have the same problem that AVs have been facing. There's too many, they move too fast. The lists are never complete or completely up to date. IMO, the best defense against malicious sites and ads is a combination of apps and/or extensions, like Request Policy and NoScript or Proxomitron.
     
  3. guest

    guest Guest

    I still think that they're somewhat helpful. But the thing I am agreeing with noone_particular is to also use something like NoScript which can define what's being loaded regardless if the website is malicious or not.

    EDIT: I know that I have been praising HTTPSB a lot these last, but it helps me to know what I shouldn't allow by blocking domains of known baddies with some HOSTS database.
     
    Last edited by a moderator: May 12, 2014
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I also like Request Policy for this purpose. IMO, it's far more likely that a user will encounter a malicious site via an infected ad or malicious javascript. It's much less likely that they'll choose to visit such a site. With Request Policy, those connections aren't made unless the user allows them.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Also throw in an ad blocker and the browser is pretty nicely secured. Beyond that, some form of anti-executable using a default deny approach and not much out there, currently, can do harm. An application firewall isn't too many people's cup of tea, but that's also a nice security layer if set up properly.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Don't forget IP blocking (PeerBlock), browser/system settings (Chrome/Windows policies, IE Restricted Sites, SpywareBlaster), proxies (SquidGuard), gateways (Untangle), parental control (K9 Web Protection), router (Tomato), firewall (Online Armor), etc.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.