A free DNS service from nonprofits Global Cyber Alliance and Packet Clearing House launched Thursday will block users and devices from visiting known malicious websites, acting as an “immune system” for internet-connected devices.
The new Quad9 Domain Name System (DNS) filtering service is aimed at individual users, micro-enterprises and small businesses, but will be useful for any enterprise that doesn’t have a dedicated IT team, the alliance’s Executive Director for the UK and Europe Andy Bates, explained to CyberScoop.
“We’ve made it as simple as humanly possible,” he said.
Using threat intelligence feeds from IBM’s X-Force security service and 18 other partner organizations, Quad9 compiles a constantly updated blacklist of known bad websites — ones that contaminate visitors with malware or are used to control infected computers. If a user clicks on a link, for instance in a phishing email, Quad9 will block the move.
The 18 other partner companies include Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ and ThreatSTOP.
Every website on the Internet has a unique numerical address – known as an IP address. But to make web-surfing and search easier, those numerical IP addresses are translated into the familiar .org or .com internet URL’s. That translation is done by a global system of computers called DNS servers. When a user clicks a link, or types a website address into the browser window their computer consults the DNS to find out the IP address of the site.
Quad9 provides a DNS service that anyone can use for free that blocks known malicious sites. “We’ve blacked out all the numbers in the phone book that connect to cybercrime sites,” said Bates, protecting users from the theft of their personal information, infection with ransomware and malware, and other online fraud and crime.
Bates said there were three gripes about DHS filtering that made it difficult. “It’s too complicated to do, or too expensive, or they’re worried about their privacy,” he said, adding that many services which offer DNS filtering collect data — for instance which websites users visit — and sell it, for example to help advertisers target them.
“Data mining of our DNS requests is a very profitable business that creates a gigantic privacy problem,” noted one of the pioneers of DNS, Paul Vixie in an email to CyberScoop. He urged users to “check the the credentials” of any DNS service they use, including from their own internet service provider.
As non-profits, added Bill Woodcock, executive director of the Packet Clearing House, the organizations running Quad9 were prohibited under British law from monetizing such data. “We don’t even collect it,” he said, adding that because they did not keep records of users’ web-surfing, the service was already compliant with Europe’s looming new privacy law, the General Data Protection Regulation.
He said the groups were publicly audited every year and that Quad9 technology was transparent, “so we can be technically audited, too.”
Bates said the Quad9 service took just a few minutes to set up, by changing a single setting on a user’s computer or other device. “There are video tutorials … we’ve made it simple for people without technical capabilities,” he said.
“It offers privacy, performance …. and it’s free,” added Woodcock, “So that takes care of the cost issue.”
Vixie said that ideally, “For the best possible privacy and security, every network should run its own DNS server. This is not rocket science, and the software needed for it has been free since 1986 or so.” But for those that wanted to outsource, Quad9 was a “trustworthy provider.”
Unless users are running their own DNS server, computers tend to employ the one provided by the ISP.
Some kinds of filtering can slow internet browsing because of the need to communicate with a DNS server halfway around the world. According to a release about the new service, Quad9 works without compromising browsing speed because it uses PCH’s network of global assets — “Quad9 has points of presence in over 70 locations across 40 countries” today, the release says. adding the number is expected to double over the next 18 months, “further improving the speed [and] performance … for users globally.”
Woodcock acknowledged that there was an issue with false positives — sites wrongly listed as malicious. He said Quad9 would conduct regular “reputation scoring” on the threat intelligence providers. “We’re aware of this issues, it is a concern … It’s instrumented and there’s a quality control feedback loop,” he said.