CNET también está disponible en español.

Ir a español

Don't show this again

Stimulus deal deadline French's Mustard Beer Trump bans TikTok New Apple 27-inch iMac MacOS Big Sur Public Beta Samsung Galaxy Note 20

ScrubIt antiporn DNS heralds future security services

ScrubIt is an interesting content filtering system that works by replacing your DNS server.

I am not looking forward to the day that my son goes online, because then I'll have to have The Talk with him. About safe surfing. Sites he can and cannot view. Or I'll have to somehow rig the family computer or our home network's router so he can't view the sites I don't want him to. More likely, I'll do both.

There are products that can help: Filtering systems (like Naomi) that work on PCs, and services that work with popular routers, which attempt to block your computers from viewing entire classes of sites (porn, shopping, gambling, you name it) that you don't want them to access.

There's also a new solution, ScrubIt, which is a replacement DNS (domain name system) service. Once you configure your computers to use it instead of the DNS that your ISP directs you to by default, all sites must pass through the ScrubIt filter before the content can make it onto your network.

It's a good solution in many ways, especially since the filtering technology and "black list" database of blocked sites is maintained centrally; there's no updating needed at your home. But like any filtering and blocking technology, it can likely be easily routed around by a well-motivated 12-year-old.

I've only seen one other similar service: OpenDNS, which we use at my house. This product is pitched as a high-performance and antiphishing DNS, not a parental-control solution. Like ScrubIt, it's free to use: OpenDNS makes money by serving up its own keyword-based advertisements when you type a Web address incorrectly. ScrubIt will eventually offer customized filtering, for a fee.

The launch of ScrubIt reminded me of the likely growth of DNS-delivered security solutions. I would not be surprised to see security software vendors like Symantec begin to offer antispam and antiphishing services through DNS. Separating some security functions from the PC is a good idea--it takes the load off of PCs and reduces management headaches.

But once people start changing their DNS servers around, we're also going to have bad guys using the trend for their own purposes. They'll try to set up nearly the worst possible security hack: Getting unsuspecting users to switch to a compromised DNS server. Such a service could collect a staggering amount of confidential information from users.

Just something to watch out for. Don't go changing DNS services on a whim.

Found on: LifeHacker (see the discussion thread; it's interesting).

More security info: CNET's Security Center.