Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
VPN and DNS
DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe
Message
<blockquote data-quote="HarborFront" data-source="post: 722475" data-attributes="member: 55987"><p>On a recent <a href="https://medium.com/@nykolas.z/dns-performance-comparison-google-quad9-opendns-norton-cleanbrowsing-and-yandex-d62d24e38f98" target="_blank">post</a>, I tried to compare the performance of a few DNS resolvers. However, as some people pointed out, the results were not really fair. I can not compare Google’s <em>8.8.8.8</em> against Quad9’s <em>9.9.9.9</em> or Norton ConnectSafe, as they do things very differently.</p><p></p><p>Yes, they are both DNS resolvers, but Google’s goal is to provide an unfiltered DNS. Nothing is blocked or restricted.</p><p></p><p><a href="https://www.quad9.net/" target="_blank">Quad9</a> and OpenDNS, on the other hand, filter out malicious content to help protect their users. Services like <a href="https://cleanbrowsing.org/" target="_blank">CleanBrowsing</a> and Yandex, also remove pornography from the DNS responses. The level of complexity increases as you try to do more.</p><p></p><p>So today, I decide to test a few of the most popular filtered DNS resolvers that restrict access to malicious content. How good are they? Do they really improve the security of someone browsing the web? Are they worth the trouble?</p><p></p><p>We will find out…</p><p></p><p>I chose those popular (and free) services that are supposed to block access to malware, phishing and bad stuff in general:</p><p></p><ul> <li data-xf-list-type="ul">Quad9: 9.9.9.9</li> <li data-xf-list-type="ul">OpenDNS: 208.67.222.123</li> <li data-xf-list-type="ul">Norton ConnectSafe (Malware, Phishing and Scam sites): 199.85.126.10</li> <li data-xf-list-type="ul">Comodo Secure: 8.26.56.26</li> <li data-xf-list-type="ul">Yandex Safe: 77.88.8.88</li> </ul><p>I am not looking to test their performance. Or how fast they are. But I am trying to see how well they block access to malicious domains.</p><p></p><p><span style="font-size: 15px"><strong>TLDR</strong></span></p><p>All these providers do very little to block access to malicious content. On a list with 30 random known-malicious domains, OpenDNS blocked 3 of them (10% success rate) and Comodo blocked other 4 (~10% success rate).</p><p></p><p>These domains were all blacklisted by Google Safe Browsing, some major antivirus engines and most of them on phishtank. Still, almost none of them got blocked.</p><p></p><p>Quad9 did not block any of those malicious domains. Read more for details.</p><p></p><p><span style="font-size: 15px"><strong>Testing</strong></span></p><p>To test the usefulness of these providers, I spent a few hours trying to find malicious domains. I researched a few sites from security providers, malware lists, phishing lists and sites like that. I also went to my own email looking for malicious links.</p><p></p><p>On each one, I visited the site itself to confirm that the phishing (or malware) was still active and live. After that, I did a DNS lookup using the specific service to check if the domain was blocked or allowed. Pretty simple.</p><p></p><p>Enough introductions, let's see how it went.</p><p></p><p><span style="font-size: 12px"><strong>Test 1: New phishing (recently added to phishtank).</strong></span></p><p><em>*Blocked by Google SafeBrowsing as deceptive. URL: aosieuuw[.]com[/]bigmoneydoc/new/home/</em></p><p></p><p>Quad9: Not Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>None of them blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 2: Day-old phishing (paypal fake login page).</strong></span></p><p><em>*Blocked by Google SafeBrowsing as deceptive. URL: </em>pkgzmt[.]com/signin/</p><p></p><p>OpenDNS: Blocked</p><p>Quad9: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>Only OpenDNS blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 3: Fake Facebook Login page</strong></span></p><p><em>*Blocked by Google SafeBrowsing as deceptive. URL: </em>0-facebook[.]com[/]</p><p></p><p>Comodo Secure: Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Quad9: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>Only Comodo Secure blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 4: Old Phishing page (still active)</strong></span></p><p><em>*Blocked by Google SafeBrowsing as deceptive. URL:</em>www[.]bhargavi.org[/]mainpayuk[/]</p><p></p><p>Comodo Secure: Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Quad9: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>Only Comodo Secure blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 5: Malicious domain distributing malware (still active)</strong></span></p><p><em>*Blocked by Google SafeBrowsing, SiteAdvisor and Norton SafeWeb. URL:</em><a href="https://www.virustotal.com/#/url/d027411f59522ba7852418c8ab4b8693990da3908cb33dfb2bb5c348c7d54787/detection" target="_blank">ibtrainings[.]com</a></p><p></p><p>Quad9: Not Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>None of them blocked the domain (surprising that Norton did not block it as Norton SafeWeb API flags as malicious).</p><p></p><p><span style="font-size: 12px"><strong>Test 6: Foreign bank phishing (still active)</strong></span></p><p><em>*Blocked by Sophos, Kaspersky, Fortinet. URL: </em><a href="https://www.virustotal.com/#/url/e9e56bfb7851eab0c21f8e8db6b64bf9706f1bb67f0ba57ac13ebc31454a0fa3/detection" target="_blank">santandernetweb[.]com</a></p><p></p><p>Quad9: Not Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>None of them blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 7: Phishing / fake Download domain</strong></span></p><p><em>*Blocked by Google & ESET. URL:</em><a href="https://www.virustotal.com/#/url/5d6116edaf477b3c04bc3aed6eab1e92aae85e2937459b0b3c5d190a15cc8f2d/detection" target="_blank">upgradepc[.]centraloperatingupgradesalways[.]stream</a></p><p></p><p>Quad9: Not Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>None of them blocked the domain.</p><p></p><p><span style="font-size: 12px"><strong>Test 8: Malware / Drive by Download domain</strong></span></p><p><em>*Blocked by Google & ESET and Sophos. URL: </em><a href="https://www.virustotal.com/#/url/b0ba20b2ac1261a9dfc7c3d120d79a979320c98ab312f860ed9d38b8089b4ec2/detection" target="_blank">adultpro[.]xyz</a></p><p></p><p>Quad9: Not Blocked</p><p>OpenDNS: Not Blocked</p><p>Norton Connect Safe: Not Blocked</p><p>Comodo Secure: Not Blocked</p><p>Yandex Safe: Not Blocked</p><p>None of them blocked the domain.</p><p></p><p><span style="font-size: 15px"><strong>Summary</strong></span></p><p>I was not happy with the results. The more domains I tested, the more disappointed I got with the results. I had more than 30 random malicious domains for my informal research, but only reported the first 8 above because almost all others had the same result: "not blocked".</p><p></p><p>I think the lesson here is clear: Google Safe Browsing does a lot better than almost any of the DNS-based filters and they can not be used alone for security. In fact, they seem to do very little to help block access to malicious domains.</p><p></p><p><a href="https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f" target="_blank">DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe</a></p></blockquote><p></p>
[QUOTE="HarborFront, post: 722475, member: 55987"] On a recent [URL='https://medium.com/@nykolas.z/dns-performance-comparison-google-quad9-opendns-norton-cleanbrowsing-and-yandex-d62d24e38f98']post[/URL], I tried to compare the performance of a few DNS resolvers. However, as some people pointed out, the results were not really fair. I can not compare Google’s [I]8.8.8.8[/I] against Quad9’s [I]9.9.9.9[/I] or Norton ConnectSafe, as they do things very differently. Yes, they are both DNS resolvers, but Google’s goal is to provide an unfiltered DNS. Nothing is blocked or restricted. [URL='https://www.quad9.net/']Quad9[/URL] and OpenDNS, on the other hand, filter out malicious content to help protect their users. Services like [URL='https://cleanbrowsing.org/']CleanBrowsing[/URL] and Yandex, also remove pornography from the DNS responses. The level of complexity increases as you try to do more. So today, I decide to test a few of the most popular filtered DNS resolvers that restrict access to malicious content. How good are they? Do they really improve the security of someone browsing the web? Are they worth the trouble? We will find out… I chose those popular (and free) services that are supposed to block access to malware, phishing and bad stuff in general: [LIST] [*]Quad9: 9.9.9.9 [*]OpenDNS: 208.67.222.123 [*]Norton ConnectSafe (Malware, Phishing and Scam sites): 199.85.126.10 [*]Comodo Secure: 8.26.56.26 [*]Yandex Safe: 77.88.8.88 [/LIST] I am not looking to test their performance. Or how fast they are. But I am trying to see how well they block access to malicious domains. [SIZE=4][B]TLDR[/B][/SIZE] All these providers do very little to block access to malicious content. On a list with 30 random known-malicious domains, OpenDNS blocked 3 of them (10% success rate) and Comodo blocked other 4 (~10% success rate). These domains were all blacklisted by Google Safe Browsing, some major antivirus engines and most of them on phishtank. Still, almost none of them got blocked. Quad9 did not block any of those malicious domains. Read more for details. [SIZE=4][B]Testing[/B][/SIZE] To test the usefulness of these providers, I spent a few hours trying to find malicious domains. I researched a few sites from security providers, malware lists, phishing lists and sites like that. I also went to my own email looking for malicious links. On each one, I visited the site itself to confirm that the phishing (or malware) was still active and live. After that, I did a DNS lookup using the specific service to check if the domain was blocked or allowed. Pretty simple. Enough introductions, let's see how it went. [SIZE=3][B]Test 1: New phishing (recently added to phishtank).[/B][/SIZE] [I]*Blocked by Google SafeBrowsing as deceptive. URL: aosieuuw[.]com[/]bigmoneydoc/new/home/[/I] Quad9: Not Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked None of them blocked the domain. [SIZE=3][B]Test 2: Day-old phishing (paypal fake login page).[/B][/SIZE] [I]*Blocked by Google SafeBrowsing as deceptive. URL: [/I]pkgzmt[.]com/signin/ OpenDNS: Blocked Quad9: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked Only OpenDNS blocked the domain. [SIZE=3][B]Test 3: Fake Facebook Login page[/B][/SIZE] [I]*Blocked by Google SafeBrowsing as deceptive. URL: [/I]0-facebook[.]com[/] Comodo Secure: Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Quad9: Not Blocked Yandex Safe: Not Blocked Only Comodo Secure blocked the domain. [SIZE=3][B]Test 4: Old Phishing page (still active)[/B][/SIZE] [I]*Blocked by Google SafeBrowsing as deceptive. URL:[/I]www[.]bhargavi.org[/]mainpayuk[/] Comodo Secure: Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Quad9: Not Blocked Yandex Safe: Not Blocked Only Comodo Secure blocked the domain. [SIZE=3][B]Test 5: Malicious domain distributing malware (still active)[/B][/SIZE] [I]*Blocked by Google SafeBrowsing, SiteAdvisor and Norton SafeWeb. URL:[/I][URL='https://www.virustotal.com/#/url/d027411f59522ba7852418c8ab4b8693990da3908cb33dfb2bb5c348c7d54787/detection']ibtrainings[.]com[/URL] Quad9: Not Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked None of them blocked the domain (surprising that Norton did not block it as Norton SafeWeb API flags as malicious). [SIZE=3][B]Test 6: Foreign bank phishing (still active)[/B][/SIZE] [I]*Blocked by Sophos, Kaspersky, Fortinet. URL: [/I][URL='https://www.virustotal.com/#/url/e9e56bfb7851eab0c21f8e8db6b64bf9706f1bb67f0ba57ac13ebc31454a0fa3/detection']santandernetweb[.]com[/URL] Quad9: Not Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked None of them blocked the domain. [SIZE=3][B]Test 7: Phishing / fake Download domain[/B][/SIZE] [I]*Blocked by Google & ESET. URL:[/I][URL='https://www.virustotal.com/#/url/5d6116edaf477b3c04bc3aed6eab1e92aae85e2937459b0b3c5d190a15cc8f2d/detection']upgradepc[.]centraloperatingupgradesalways[.]stream[/URL] Quad9: Not Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked None of them blocked the domain. [SIZE=3][B]Test 8: Malware / Drive by Download domain[/B][/SIZE] [I]*Blocked by Google & ESET and Sophos. URL: [/I][URL='https://www.virustotal.com/#/url/b0ba20b2ac1261a9dfc7c3d120d79a979320c98ab312f860ed9d38b8089b4ec2/detection']adultpro[.]xyz[/URL] Quad9: Not Blocked OpenDNS: Not Blocked Norton Connect Safe: Not Blocked Comodo Secure: Not Blocked Yandex Safe: Not Blocked None of them blocked the domain. [SIZE=4][B]Summary[/B][/SIZE] I was not happy with the results. The more domains I tested, the more disappointed I got with the results. I had more than 30 random malicious domains for my informal research, but only reported the first 8 above because almost all others had the same result: "not blocked". I think the lesson here is clear: Google Safe Browsing does a lot better than almost any of the DNS-based filters and they can not be used alone for security. In fact, they seem to do very little to help block access to malicious domains. [URL="https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f"]DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top