Symantec's Norton DNS service to block malware
Symantec's Norton DNS is a free DNS service which uses a special name server to block known malware and phishing websites. It's currently still in beta, but users can already put it to the test. To use Norton DNS, go to network settings and replace your current DNS addresses with the Norton DNS IP addresses (184.108.40.206 and 220.127.116.11).
For less-hardened Mac OS X and Windows users, step-by-step instructions can be found on the Norton DNS homepage. A wizard which will make the requisite changes automatically should be available shortly. The Norton DNS IP address can, of course, also be entered in a router or gateway so that all (DHCP) clients connected to that device use the service automatically.
Norton DNS automatically blocks access to domains which Symantec's anti-malware labs have previously identified as malicious. Symantec feeds the name server with the URLs collected by its Norton SafeWeb service. If a user attempts to visit a nefarious web page, the name server diverts the browser to a warning page. In contrast to phishing filters in most browsers, Norton DNS does not currently offer users the option of visiting the web page anyway. Symantec says that it does, however, intend to place a link on the warning page to allow access, despite the warning, at some point in the future.
According to Symantec manager Dan Nadir, the service will continue to be made available free of charge after the beta phase is completed. Symantec states that it does not collect any statistics and does not store queries made through the service. In future, the service will also be expanded to allow filtering of sites containing content deemed not safe for children.
The DNS service runs on servers distributed across twelve data centres worldwide. This should keep access times low and speed up the display of web pages. The servers are currently able to deal with up to five million queries simultaneously. Should the service prove to be a success, Symantec will expand this capacity. There are also plans to make the service DNSSEC-capable once DNSSEC becomes widely used.
- Anti-phisher community: Initial scores, a report from The H.
(Uli Ries / crve)