Q&A Best protection for iPhone?

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
I know iOS doesn't really need an antivirus, but still I'm using Avast free, which uses the phone's VPN profile for it's web protection feature. Because of this, I can't have other apps that also use a VPN profile, like DNSCloak for Quad9 or the Cloudflare's WARP app.
I'm wondering what is the best option? Avast? Quad9? NextDNS app, or is something like Malwarebytes Privacy VPN worth it?
 

SecureKongo

Level 29
Verified
Top poster
Well-known
Feb 25, 2017
1,826
I know iOS doesn't really need an antivirus, but still I'm using Avast free, which uses the phone's VPN profile for it's web protection feature. Because of this, I can't have other apps that also use a VPN profile, like DNSCloak for Quad9 or the Cloudflare's WARP app.
I'm wondering what is the best option? Avast? Quad9? NextDNS app, or is Malwarebytes Privacy VPN worth it?
Ditch the app, use this instead: NextDNS - Apple Configuration Profile
 

SecureKongo

Level 29
Verified
Top poster
Well-known
Feb 25, 2017
1,826
And that can be done with Quad9 too...
I can actually use NextDNS app, because it doesn't use a VPN profile, only DNS settings.
I think you are confusing something. NextDNS profile also only uses DNS settings and no VPN profile.
 

SecureKongo

Level 29
Verified
Top poster
Well-known
Feb 25, 2017
1,826
I meant that the app has no conflicts with other apps, so maybe is just easier to use. Is the profile superior to the app?
Not sure yet, but Apple seems to be removing outdated apps from the AppStore and the app didn't receive any update for more than a year, it could happen to NextDNS too. In the end it's up to you to decide what works best for you. :)

 
  • Thanks
Reactions: Templarware

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
Should I ditch Avast free? it the web protection better than NextDNS or Quad9, or the wifi scanner worth it?
 
  • Like
Reactions: Jack

Shadowra

Level 20
Verified
Malware Tester
Sep 2, 2021
967
Antivirus on iOS is useless because since the system is locked, you go through Apple Store to install your applications.
Then, Apple checks very regularly the apps present in its store.

It is certainly possible to bypass the lock, but I remind you that they are quickly corrected by Apple via updates so useless.
Use NextDNS or a VPN.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
776
I agree with @Shadowra as well. The only app that might be worth getting is iVerify for Individuals | Security App for iPhone and Android iVerify. They have in the past been the first app to detect indicators of compromise for the Pegasus malware and a few other iOS specific threats. While Apple has discouraged this practice, they've bent their rules a little for iVerify.

But I don't think this is a must-have app for iOS. iOS security is generally great and the kinds of exploits that target iOS users involve out-of-date OS'es or being heads of state or other high value targets. It takes millions of dollars of engineering and black market purchased exploits to build a single usable iOS exploit which Apple patches within weeks so they are not going to waste that on you.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
776
So, resuming. No need for AV. VPN isn't worth it and NextDNS is better than Quad9.
I would agree but I don't even think a custom DNS is necessarily worth it. It can have the downside of interfering with captive portals and enterprise networks that block or force a specific DNS provider.

In a lot of ways, a good system wide ad blocker like 1Blocker has built in blacklists for malvertising and malicious domains that are roughly as good as a dedicated blocking solution, and it's less intrusive or performance impacting.
 
  • Like
Reactions: blackice

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
I would agree but I don't even think a custom DNS is necessarily worth it. It can have the downside of interfering with captive portals and enterprise networks that block or force a specific DNS provider.

In a lot of ways, a good system wide ad blocker like 1Blocker has built in blacklists for malvertising and malicious domains that are roughly as good as a dedicated blocking solution, and it's less intrusive or performance impacting.
Doesn't encrypt anything in public wifi though...
 
  • Like
Reactions: Gandalf_The_Grey

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
True, it doesn’t. I wasn’t sure if you wanted web protection in terms of denying access to hosts that are known to be compromised, or want privacy from public hotspot operators.
In that case, how much of difference is there between the encryption of NextDNS and a VPN?
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
776
In that case, how much of difference is there between the encryption of NextDNS and a VPN?
This was why I was confused. NextDNS as far as I can tell is strictly a DNS provider. It upgrades all of your DNS to DoH (so encrypted host lookups) but it doesn't encrypt anything else in transit like a full on VPN.

IMO the value of encrypted DNS lookups is low unless you're really concerned about a DNS server spoofing back the wrong response.The security aspect of NextDNS is that it blocks "bad" hostnames the way that a PiHole does for a home network or the good old days of modifying your Hosts file.
 

SecureKongo

Level 29
Verified
Top poster
Well-known
Feb 25, 2017
1,826
In that case, how much of difference is there between the encryption of NextDNS and a VPN?
Encrypted DNS as the name indicates only encrypts your DNS queries. Your ISP for example can still see which website you are accessing. With a VPN the whole traffic is encrypted but therefor the VPN might log your data. That's the dilemma...