DNS Based Malware Protection

It is important to protect your systems via multiple security best practices. Most users are well familiar with some the common solutions like password assistants, anti-malware and web proxy. One less frequently used but strong defense is a DNS based protection.

Why DNS Based Protection is Effective
DNS is one of the foundational elements of the Internet. Almost all traffic headed for Internet needs to first talk to a DNS server. Based on a valid response from your DNS server, your computer can proceed to the next step.

As an example, when you attempt to go to www.google.com, the conversation is

Computer - I’d like address for www.google.com
DNS Server - It is 216.58.194.164, bye!

This conversation happens billions of times a day and serves millions of users. DNS was designed to be simple and effective. It was not designed to police the traffic. Therefore, if you wanted to visit www.malicious.com, a normal DNS server will give your computer the address so that you visit the site (and get compromised).

Now, if we had a DNS server that _did_ police the traffic, you could avoid the “bad neighborhoods”. It is very hard for a user to keep tabs on where all their browser/email/applications are connecting. However, a DNS server has to answer all those queries. A little help from your DNS server can therefore go a long way.

The conversation with your DNS server would be

Computer - I’d like address for www.googlle.com
DNS Server - I don’t think you should go there., it is not safe.

For humans it is easy to mistake www.google.com and www.googlle.com to be the same site. Not for DNS. Your DNS will clearly tell you, when is a site is not NOT safe.

How Do I Configure for DNS Based Protection
Use Open DNS Servers
– 208.67.222.222
– 208.67.220.220

I recommend using OpenDNS Home. It is extremely simple to configure with _very_ detailed step by step instructions. One last important detail, it is free for personal use.