What's your favourite web/url/IP/reputation filter setup and why

Discussion in 'other anti-malware software' started by Kees1958, Nov 16, 2011.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Staying out of risky areas is one of the (counter) measures to mitigate the risk of infection through the world wide web. There are several ways of achieving this (DNS-level, Browser-level, Plug-in level)


    A second way to mitigate the risks of infection is to increase control on the most commenly used attack carriers (dynamic content, e.g. scripts, adds, PDF's, flash movies, etc), through browser options or plug-ins. See http://www.symantec.com/business/threatreport/build.jsp

    Just wondering what Wilders Members are using as easy and cheap means of mitigation.

    Regards Kees
     
    Last edited: Nov 16, 2011
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Web/URL/IP/Reputation
    Using Norton DNS malware domain protection (configured in router). Using Chrome's phising protection (is some kind of hash mechanism downloaded and used locally in Chromium). Added Avast Webrep for reputation indexing of Search results and page visits. Using McFee SiteAdvisor as a post visit check. Those work on different levels and are the most effective in terms of download speed and webbrowsing performance tests. The effectiveness of those counter means are estimated between 30-60%, so adding more won't add much protection.

    Norton: AV background, is handled at DNS-servers of Norton, so the delays are not noticeable. I disabled Chromium DNS prefetching.
    Chromium: the Chrome phising blackist is based on the largest crawler mechanism in the Western World. It checks URL hashes in a very efficient manner with update intervals of half an hour (according the Google info).
    Avast Webrep: I like the fact that Avast AV-intelligence is used to reduce false positives (reason I prefer it over WOT) and the fact that it is (with WOT) the fastest search plug-in for Chrome.
    McFee SiteAdvisor: the disadvantage of McFee (on Chrome) is that it acts as a post-visit check (the advantage for Chrome is that it is only an icon, no other visible screen pollution). Having the two pre-visit filters (at DNS level=Norton and and Browser level=Chrome URL hash check), I also opted for pre-visit check when searching (Avast WebRep) and a post-visit check (SiteAdvisor). Site Advisor is noticably slower than Avast WebRep in displaying the result. So this asynch slow post visit check does not interfere with my browsing habits (I am reading the page when Sitedvisor does its works) and adds a last check on URL after the page is rendered.


    Attack carrier mitigation
    Using chrome's internal sandbox to mitigate javascript, PDF and flash (copied Chrome's internal flash and PDF plug-ins for use in Chromium, have not installed adobe PDF or FLash) with enforcement of running PPAPI flash in Renderer and using Native Clients for all web applications.

    I think the security advantage of running low rights of renderer and plug-ins is so substantial, I do not need any NoScript like functionality (or browser virtualisation) with Chromium. Only running Adblock plug-in. This is questionable enhancement, although one could argue that any Add Block like functionality reduces the chance of being lurged to pesky websites.
     
    Last edited: Nov 16, 2011
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    -Norton DNS
    -WOT

    [the Malware Domains filter of ABP
    -and more than that-...;)
    is included in WOT.]
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Norton DNS
    Panda url filter
    Ad block plus on firefox
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    norton dns
    panda url filter
    wot
    ad block plus
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I personally use no extensions, but two of my relatives have been running BitDefender TrafficLight and WOT, plus Norton DNS.

    I prefer BitDefender TrafficLight and WOT over McAfee SiteAdvisor and avast! WebRep.

    WOT may not be 100% perfect (nothing is), but it does have quite a few reliable sources, such as Phishtank.

    avast! WebRep is more like what users like or what they don't like, isn't it? If I hate dogs and cats, I will hate associations helping these animals; therefore, I'll rate their websites with a low rating. What's going to stop that? If many thousands of people hating dogs and cats do that, then we have thousands of ratings saying that those websites are bad.

    This kind of reputation service is not of my liking. I prefer services that keep focus on real dangerous websites, regardless of what they are.
     
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    DynDNS
    Adblock Plus with malware domains subscription on both Firefox and Chrome.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I recall (or think to remember) that VLK (of Avast) has stated that the webrep was checked by the automated web crawlers of Avast (link will be automatically checked by Avast automated malware analysis).

    But please tell me when this is not the case
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    To be honest, I limited my self to the scarce info I find. I do remember vlk mentioning a link -http://forum.avast.com/index.php?topic=71981.msg601295#msg601295

    So, are user ratings checked for malicious code by avast! lab? I got my doubts, and it wouldn't make much sense, would it? After all, considering what vlk mentions in that post of his, part of avast! WebRep protection is provided by the users who "spot" and report fraudulent websites (no malicious code in them, simply fraudulent). The same is not to say that they can't rate a website with a low score, just because they feel like it.

    -edit-

    I've seen quite a few screenshots over avast! forum that show WebRep ratings showing that a website has this or that score due to X number of votes. So, this is coming from the avast! users, correct?
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I just stick to the built in Chrome checks on sites and downloads.
     
  11. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,101
    Location:
    Adelaide
  12. BonskY

    BonskY Registered Member

    Joined:
    Jul 4, 2011
    Posts:
    69
    Location:
    Longueuil, Canada
    From Google Chrome and Firefox always updated

    OpenDNS + WOT+ AdBlock and no Pr0n ! :cool:

    And in case of failure...Sandboxies !

    Have nice day guys
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Google DNS doesn't use any filtering.
     
  14. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Nothing, just Sandboxie to contain anything.
     
  15. wat0114

    wat0114 Guest

    Primary DNS = ISP
    Secondary DNS = OpenDNS

    Windows Firewall w/Advanced security to restrict application remote port connections and force applications to DNS lookups with DNS Client service disabled.

    IE 9 Smartscreen filter
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    WOT/Trafficlight for search results and for DNS I use Comodo.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I being wanting to find a good Web/URL filter for a long time and I think I found it 10 days ago when I installed Panda URL filter. Tried AVG link scanner and Traffic Light before and did not feel convinced of its effectiveness as they never detected any site as malicious during real life browsing and only detected a few sites as malicious when trying URLs from MDL and other sites.

    On the other hand, even though Panda URL filter has not detected any malicious site during my normal browsing, it has blocked every malicious URL from MDL and malwareurl that I have tried except two. I am kind of convinced that it works well, I also like that it can be installed without having to install the antivirus.:cool:

    I am also using Norton DNS off and on and Firefox with NoScript and Adblock plus.

    Bo
     
  18. enemyofarsenic

    enemyofarsenic Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    63
    :thumb: great thread...
     
  19. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
  20. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Norton DNS
    WOT
    Web protection enabled in MBAM Pro and Emsisoft Anti-Malware
     
  21. progress

    progress Guest

    I agree - that's the problem with WOT :doubt: I guess Norton DNS or McAfee SiteAdvisor are better alternatives :)
     
  22. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    This Poll fits perfectly...;)
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Probably listed in order of preference...

    Chrome's anti-malware and anti-phishing
    Norton DNS
    MBAM Pro website blocking
    WOT extension
    TrafficLight extension
     
  24. tomazyk

    tomazyk Guest

    Dragon's and Firefox's build-in defences + AdBlock Plus
     
  25. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Norton DNS
    Panda URL Filtering
    Adblock Plus
     
Loading...
Thread Status:
Not open for further replies.