Advice Request Serious security question ... is your black hole bigger than mine?

Please provide comments and solutions that are helpful to the author of this topic.

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
To all members adding URL blacklists in UTM-fw-router, pi-holes and u-Block-plussers I am challenging them: are you sure your black hole is bigger than mine?

Have a look at the blacklists I have piled up using a DNS - Browser build-in and just one (optional) extension.

  1. Use Quad9 as DNS service (already predefined in Edge Chromium)
    Quad9 DNS has three massive DNS sources. 2 antivirus sources, 1 corporate threat detection (e.g. for ransomware/spear phishing), 1 botnet and 1 spam.
    The documentation of Quad9 I could find mentions some of the initial partners: I have made the ones with large blocklists bold: IBM’s X-Force, Abuse.ch, Anti-Phishing Working Group (APWG), Bambenek Consulting, Cisco (Umbrella DNS network), F-Secure, mnemonic, Netlab (Passive DNS), Payload Security (Crowd Strike) , Proofpoint (email protection), RiskIQ, and ThreatSTOP (MyDNS).

  2. Browser build-in blocklists (Edge Smartscreen - Chrome Safe Browsing)
    Since 2019 Smartscreen does not include your SID anymore. It stils sends the URL in plain text, but because it is send over HTTPS it is encrypted. So for MT-members with a a moderate form of compulsive malware paranoia disorder (CMPD), there is no reason to disable it anymore. Chrome's Safe Browsing pushes hashed lists to clients every half-hour, so while this is better in terms of privacy, the Chrome URL-blacklist on average is 15 minutes behind Edge cloud based only Smartscreen.

  3. One malware protection extension of choice
    Based on this thread (link) I will grant MT-members an additional malware protection blocklist. Personally being a "less is more" fan, I am not adding any malware protection extension. Because I I am planning to enable HomeCare on my new TP-link AC4000 router, I added this option to level the playing field (so practically using one more URL-blacklist from TrendMicro in the router). When I interpret the results published by @Evjl's Rain correctly I would suggest
    a) Bitdefender Traffic light - when your main concern is Phishing
    b) Norton Safe Web - when your main concern is malware (will probably soon also include Avira's URL blacklist)
    c) Malwarebytes Browser Guard - good overall performer with adblocker

EDIT: just received new TP-link AC4000 router with Trend Micro home care.

So I ask all paranoid UTM-wallers, Pi-holers and u-Block-plussers do you seriously think your black hole is bigger than mine?
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
1. Have you set up Quad9 just in Edge or also at system level?
2. For the time disadvantage of Chrome, you could use the Microsoft Defender Browser Protection extension in Chrome and that way add SmartScreen to Chrome.
3. From testing done here (@Evjl's Rain) Bitdefender TrafficLight beats all other extensions in phishing and malware protection.
His conclusion was that SmartScreen (native to Edge or as extension for Chrome) combined with Bitdefender TrafficLight is a strong and still light combo.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
1. Have you set up Quad9 just in Edge or also at system level?
2. For the time disadvantage of Chrome, you could use the Microsoft Defender Browser Protection extension in Chrome and that way add SmartScreen to Chrome.
3. From testing done here (@Evjl's Rain) Bitdefender TrafficLight beats all other extensions in phishing and malware protection.
His conclusion was that SmartScreen (native to Edge or as extension for Chrome) combined with Bitdefender TrafficLight is a strong and still light combo.
:) just in browser
 
F

ForgottenSeer 85179

In my FritzBox router i add encrypted NextDNS (NextDNS default profile)
In Edge i add my own encrypted (more strict) NextDNS profile.

NextDNS use 48 sources for security: metadata/threat-intelligence-feeds.json at master · nextdns/metadata (github.com)
It also include Google Safe Browsing, see Tutorial - NextDNS: a DoH/ DoT guide | MalwareTips Community so not only Edge is protected with Safe Browsing but the whole sytem.

Beside that i only use AdGuard with default AdGuard Base filter & Kees' list and activated URL-tracking cleaning. None other filter (not even malware) is activated.
If ads (e.g. YouTube) weren't so annoying, i wouldn't even use AdGuard extension as Kees' list can be used native (little bit restricted) in Edge.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
So I ask all paranoid UTM-wallers, Pi-holers and u-Block-plussers do you seriously think your black hole is bigger than mine?
Thanks for the push in the right direction. After the recent DNS test, which I refused to believe, I tested it myself and cleanbrowsing has indeed fallen behind.
So I have switched to Quad9 and enabled DNS Cache service, DoH does not work without it, but the next Windows will need it anyway, so whatever, Gru. :cautious:

1. Quad9 as ordered, System and Browser, Cloudflare came close, but not close enough, cleanbrowsing did not block a single link this time (even days old).
2.-3. Yandex uses its own pathetic blocklist, so I installed Netcraft again, mostly for blocking malicious scripts and XSS, blocking port 80 might help as well.

Personally I would prefer Neustar DNS (Ultra DNS), but without a secure DNS, that is just unacceptable these days, regardless of the speed and filtering. :(
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
NextDNS use 48 sources for security: metadata/threat-intelligence-feeds.json at master · nextdns/metadata (github.com)
It also include Google Safe Browsing, see Tutorial - NextDNS: a DoH/ DoT guide | MalwareTips Community so not only Edge is protected with Safe Browsing but the whole sytem.

It is great NextDNS uses Google and 48 sources, but URL blocking is a numbers game, so good sources monitor many requests, typically
a) large DNS networks (e.g. Cisco Umbrella)
b) Search engines (they see with their crawlers and search engine a massive volume of web requests)
c) Devices with OS-related/provided malware protection (e.g. Windows)
d) UTM corporate router vendors associated with an AV (e,g, Fortinet and Sophos)
e) Antivirus companies with many installs (e.g. Bitdefender, Norton/Avira and Avast/AVG).

These are the sources which really beef up the URL blacklist and Traffic Intrusion protection, so the NextDNS URL blocklist protection probably comes from 99% of 1 source (Google) and 1% of the other 48 sources.

I told you so and will do it again: my URL black hole is bigger than yours :)

@security123 I am using your list in Edge, inspired by @oldschool . I just added a youtube adblocker which i only enabled on https://*.youtube.com Works okay so far.
 
Last edited:

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
PS

I don't bite, just seeking a healthy discussion on different viewpoints with UTM-wallers, PI-holers and uBlockPlussers

Just killing Covid19 time, better having a friendly discussion with forum members than an argument with my girlfriend (I loose the majority of those discussions anyway and even the ones I seem to win feel like a loss).

So come on MT-forum compadres, hit me..

:)
 
Last edited:

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Nothing to contribute here as modem controlled by IP and can't change it without some work, which I'd rather not since I'm lazy even during CoronaTime.
Then again, maybe somebody posts easy bridging instructions, like for dummies! ;)
Your lean more towards simplism (like me), I am seeking discussions with 1 million plus rules UTM-wallers, PI-holers and uBlockPlussers :)
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Before NextDNS i used PiHole (with Unbound) and ~2 million block list but the maintenance was really painful
So your a converted PI-holer? How long are off your blacklist addiction? Was it hard to hand over the managemen of the blocklists to NextDNS?

Never had a weak moment to add blocklists to uBlock? Since PI-stopped facilitating ABP like blocklist many PI-holers changed to uBlockPlussers. :)

Did you get threatening private messenges on security forums when you turned into a "simpler is better" activist? (Being a maintainer of Kees1958 most prevalent list qualifies as a " less is more " activist ).
 
Last edited:
F

ForgottenSeer 85179

Wow a lot of questions :D

So your a converted PI-holer? How long are off your blacklist addiction? Was it hard to hand over the managemen of the blocklists to NextDNS?
Yeah i use PiHole a long time.
The blacklist addiction increased over time with PiHole but decreased with NextDNS.
The switch was very easy and relieving.

Never had a weak moment to add blocklists to uBlock? Since PI-stopped facilitating ABP like blocklist many PI-holers changed to uBlockPlussers. :)
Before my PiHole times i use some extra blocklists in uBlock Origin but my goal was network wide blocking with less performance loose on desktop/ in browser.
The stopped ABP compatibility start me thinking about the whole move to something else but at the time my uBlock Origin lists wasn't much nor i wanted change that.

Did you get threatening private messenges on security forums when you turned into a "simpler is better" activist? (Being a maintainer of Kees1958 most prevalent list qualifies as a " less is more " activist ).
I moved to different forums and finally found MT as best and also leave other's. I never get any threatening messages but some unwanted or annoying answers directly from lists maintainer at mainly GitHub and PiHole forums.
Most annoying was fighting against nonsense blocking like Windows telemetry.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@security123

I am glad you changed insights, I am a happy user of your Edge blocklist. I don't mind the fact that the other list is occasionally overwritten.

As posted I only use Blank tab and Youtube Adblock extension (the first only allowed on new tab, the last only on youtube.com).

Your list fits perfectly in Occam Razor's principle of simple is better


👏👏👏 thanks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top