ebocious

Level 4
Just keep in mind, the above tests are focused on phishing. For some in the MT community, phishing is not the most important issue. Both internally (@Evjl's Rain DNS malware tests) and externally (I previously just searched around the net) -- it seems to me that Neustar is pretty good with malware. But this test result loosely correlates with Evjl's Rain's test results for both phishing and malware -- just in case there was any doubt about the testing.

Here is one web result from April 19. It's not a big test, so take it with a grain of salt.

View attachment 224578
I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.

That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!
 

Burrito

Level 20
Verified
I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.

That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!
Yeah, good points ebocious.

I don't rely too heavily on DNS, most of the time I forget about it actually.

I'm periodically surprised when it does block something.
 

Mahesh Sudula

Level 16
Verified
Malware Tester
There is not even a . 5% probability for a normal user to get into phishing link real time. I say simply it's impossible.
However do agree that malicious re directions cannot be avoided completely.. Like through a Porn website, 3 rd party hosted movie sites, Torrents many more...
A good security suite is ample enough for a normal user
DNS filters, hm yeah I too never use them!.. Just a well reputed Security suite + C'Sense
 

goodjohnjr

Level 1
I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.

That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!
Hello @ebocious ,

To me protection at the DNS level is just one small layer in an overall layered security strategy, I would not rely too heavily on it either, but it would not hurt to add it to your overall layered security setup.

-John Jr
 

ebocious

Level 4
Hello @ebocious ,

To me protection at the DNS level is just one small layer in an overall layered security strategy, I would not rely too heavily on it either, but it would not hurt to add it to your overall layered security setup.

-John Jr
Oh, not at all! I use CleanBrowsing on everything, even my phone. But it's mostly there for guidance; I rely on other tools for protection from malware.
 

goodjohnjr

Level 1
Oh, not at all! I use CleanBrowsing on everything, even my phone. But it's mostly there for guidance; I rely on other tools for protection from malware.
Hello @ebocious ,

I was not assuming whether you used it or not, I was just saying that in general, but thank you for sharing that; the main parts of my anti-malware defense strategy are/is primarily covered by other tools as well, and so I see that we agree on using layers of protection to protect against various threats.

-John Jr
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
Are there any good, effective and recommended filters and host lists from FilterLists in order to block malware/ransomware? thank you for posting them.
hi, there are not many. Almost all of them are not as effective as an extension + they will slow down ublock/adguard if you add them
I recommend using ublock or adguard as their primary function

here are a few acceptably good ones:
- https://hosts-file.net/emd.txt
- https://www.squidblacklist.org/downloads/dg-malicious.acl
- https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt
- haven't tested yet: https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

there is vxvault list but I don't think it's good enough

I might miss something but I think those are the best
 

Rebsat

Level 6
Verified
Thank you very much for the links bro (y)



While not hosts lists nor filter lists, there may be free capabilities that get at the same issue more effectively.

The perpetual MBAR Beta is not bad.
Would you please give me the link? Thanks



It tries to do too many different things.
How effective is it against malware/ransomewares? Do you recommend it to be added into my security setup? Thanks
 
Last edited:

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
How effective is it against malware/ransomewares? Do you recommend it to be added into my security setup? Thanks
it's very hard to tell because there are not many new ransomware links to test
malwarebytes extension is one of the best no doubt
however, its resource usage, bugs and fase positive rate are problems for many people
Windows Defender browser protection + bitdefender trafficlight are very light compared to MB but are also very very good

the best product may fail against 1 malware but the worst product might block it
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
@Evjl's Rain, is BTF better than Emsisoft? Just asking so I can give better educated advice.

~LDogg
hello, between these 2, it depends
- Emsisoft seems to be a faster than BDTL (BD waits until the result from their server comes -> the page will start to load. Emsi loads the page and looks up the result simultaneously)
- BDTL is more consistent than Emsisoft. I do think it blocks more
- Emsisoft can be better against PUPs/adwares while BD in general is known be very bad

I prefer BD, honestly
 
Last edited:

LDogg

Level 29
Verified
hello, between these 2, it depends
- Emsisoft seems to be a faster than BDTL (BD waits until the result from their server comes -> the page will start to load. Emsi loads the page and looks up the result simultaneously)
- BDTL is more consistent than Emsisoft. I do think it blocks more
- Emsisoft can be better against PUPs/adwares while BD in general is known be very bad

I prefer BD, honestly
Thank for your input and response, seems like both have their strong points then, the fact that BDTL still lets the page load is rather worrysome. Hoping something can be done about that in a fix.

Thanks again!

~LDogg
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
Thank for your input and response, seems like both have their strong points then, the fact that BDTL still lets the page load is rather worrysome. Hoping something can be done about that in a fix.

Thanks again!

~LDogg
hi, sorry I don't understand what you mean
BDTL: if the page is malicious, it will never be loaded
Emsisoft: lets the page load or file downloaded, if malicious -> blocks

I saw sometimes, emsisoft lets the malware touch the disk, then it checked and reverted the download -> messed up google chrome
BDTL will prevent the initiation of download
 

LDogg

Level 29
Verified
hi, sorry I don't understand what you mean
BDTL: if the page is malicious, it will never be loaded
Emsisoft: lets the page load or file downloaded, if malicious -> blocks

I saw sometimes, emsisoft lets the malware touch the disk, then it checked and reverted the download -> messed up google chrome
BDTL will prevent the initiation of download
Think I may think about replacing Emsisoft with trafficlight eventually.

~LDogg