Phishing Protection — Comparing DNS Security Filters
- Thread starter HarborFront
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- May 13, 2017
- 2,633
You should setup both and let the system/software decide, which one to use. The only problem is, that some DNS services support only IPv4.
- Sep 5, 2018
- 132
Thanks @HarborFront for the test. Thanks to you, I know about and am now using CleanBrowsing. Next time, could you test AdGuard DNS also?
Adguard DNS is not so great at malware/phishing blocking. maybe with old links, it can block something
In this category, Neustar recursive DNS > CleanBrowsing >>> Quad9, seem to be top choices
In this category, Neustar recursive DNS > CleanBrowsing >>> Quad9, seem to be top choices
Anyone tried KeweonDNS? Looks pretty impressive
What is keweon?
This word comes form the germany words "KEine WErbung ONline" which means translated to english "no advertising online".
In the meantime keweon is more than a stupid Adblock System:
Its DNS-over-HTTPS is here
keweonDNS - now with DoH on INTRA - Post #1608
Note :- Found it in Blokada. For Windows read the above XDA-developer forum
@Evjl's Rain - Can you run a test on it, if possible? Thanks
What is keweon?
This word comes form the germany words "KEine WErbung ONline" which means translated to english "no advertising online".
In the meantime keweon is more than a stupid Adblock System:
- - Advertising Blocking
- - Privacy Protection
- - App Protection
- - Malware Protection
- - Popup Blocker
- - Privacy Protection
- - Ransomware Protection
- - Spyware Protection
- - Tracing Protection
- - Tracking Protection
- - Virus Protection
- - Faster Internet
- - Lower Bandwith usage on Mobile Phones
- - Fake Software Filter
- - Fake Online Shop Filter
- - Phishing Protection
- - and a lot of other things
Its DNS-over-HTTPS is here
keweonDNS - now with DoH on INTRA - Post #1608
Note :- Found it in Blokada. For Windows read the above XDA-developer forum
@Evjl's Rain - Can you run a test on it, if possible? Thanks
Last edited:
- Jun 4, 2017
- 174
I am using Cisco Umbrella and CleanBrowsing (both paid) depending on the needs of my different systems. I have to say that Cisco Umbrella (paid OpenDNS Prosumer) has the best detection rates in my test, even better than CleanBrowsing.
You have to take into consideration that the free OpenDNS servers are not offering malware protection as Umbrella does.
So my vote goes to Cisco Umbrella & CleanBrowsing
You have to take into consideration that the free OpenDNS servers are not offering malware protection as Umbrella does.
So my vote goes to Cisco Umbrella & CleanBrowsing
- Jan 10, 2017
- 1,061
I use it with a DNS-Changer on my Smartphone. Very fast and good ad blocking. I love it 
it's not easy to compare this DNS with adguard and others because I don't have enough links now but after some testing with a few malwares and many phishing links
- Adblocking: adguard = keweon, maybe adguard is slightly better. No clear indicator but they both worked
- Phishing: adguard is slightly better. Both are nowhere near neustar DNS -> still the best
- malware: adguard = keweon (I only had 6 links) => not a reliable test
I can't test CleanBrowsing now. It's not usable for me at the moment
- Adblocking: adguard = keweon, maybe adguard is slightly better. No clear indicator but they both worked
- Phishing: adguard is slightly better. Both are nowhere near neustar DNS -> still the best
- malware: adguard = keweon (I only had 6 links) => not a reliable test
I can't test CleanBrowsing now. It's not usable for me at the moment
- May 4, 2018
- 2,261
Based off the list and if the list comes into a solid performance on testing I may think about using this DNS service.
Would like to know myself how this does. Didn't even knew this existed, thank you @HarborFront for showing this in the thread.
~LDogg
What is with the over-preoccupation with anti-phishing ? Anti-phishing, like other web content filtering, adds next to nothing to overall security.
The only place that I see people fret over web-content filtering is on the forums. So it must be a paranoia thing.
The only place that I see people fret over web-content filtering is on the forums. So it must be a paranoia thing.
- May 13, 2017
- 2,633
Roughly 90% of all malware come via the browser (the rest via emails and links again), so avoiding landing on an infected webpage is the basics.
Not to mention, that recent phishing sites (IDN) can fool even skilled users showing the proper certificate, unless you check, who it was issued for.
Not to mention, that recent phishing sites (IDN) can fool even skilled users showing the proper certificate, unless you check, who it was issued for.
People must be awfully high risk web surfers, otherwise web content filtering is an absolute waste of resources.
Web content filtering is the least effective protection - even worse than signatures.
The rationale for focusing upon web content filtering so much is erroneous.
People act like every other web page is malicious, and that just ain't true. It seems to me to be nothing but a whole bunch of needless paranoia.
Combine safe DNS, add HOSTS filtering files and then add 5 browser filtering extensions. It's just ridiculous.
The likelihood of a person ever even needing the above, is probably about the same odds as that person winning money in the lottery.
The odds that such filtering will ever save a person from being infected is probably worse.
The likelihood of a person ever even needing the above, is probably about the same odds as that person winning money in the lottery.
The odds that such filtering will ever save a person from being infected is probably worse.
My sister was clicking on recipes on Face book and other items like that and getting hit with the non-closable support site with voice. I told here to push the power button, wait a bit and start it back up again. I had an extra Malwarebytes Lic so I installed that. Now thing seem better.
- May 9, 2015
- 630
You advocating every other web page would be safe is a terrible advice. One need not be paranoia in anything but should be aware of what he/she does. Web content filtering helps to protect you from not only malware but phishing, scam sites etc which no "lock down" configurations can protect you
You advocating every other web page would be safe is a terrible advice. One need not be paranoia in anything but should be aware of what he/she does. Web content filtering helps to protect you from not only malware but phishing, scam sites etc which no "lock down" configurations can protect you
I didn't advocate that every other webpage is safe.
I didn't say not to use filtering.
What I said was excessive web content filtering adds next to nothing to overall security.
There are bunches of people on the forums that emphasize excessive web content filtering, but they don't really know what it does, how it works, and most importantly the nature of malicious URLs and links.
Last edited by a moderator:
- May 13, 2017
- 2,633
Just blocking porn blocks ~5% malware and if you block malware at DNS/system level, it even blocks some malware downloaders, like ransomware.
That is just some number you came up with and it isn't accurate.
If you don't visit porn, then you don't have to filter for porn. A solution so simple that it is brilliant and orders of magnitude more effective than using multi-layered web content filtering.
I do a lot of really high risk surfing as part of my job, and I can tell you from firsthand experience that web content filtering adds next to nothing to overall protections.
Web content filtering is more important to the person's psychological state than to any really significant layer of protection.
People on the forums promote web content filtering but they don't know what they're talking about. That's what I am pointing out.
The worst are those that think somehow they will visit a website like MalwareTips, click on something, and then get re-directed to some webpage that looks like MT that unknowingly downloads and installs stuff in the background that will smash their system. There are so multiple layers of misunderstanding in such thinking.
Web content filtering is more likely to allow you to infect yourself than to save you. It's just not very effective. It is known for high false negatives. The disadvantages are numerous and high.
Last edited by a moderator:
Similar threads
