Something I forgot to mention in the video - it's astronomically rare for a legit website to get block by one of the DNS providers. If you notice a site does get blocked, they might have been caught trying to spread something by one of the CTI groups and got added on a blocklist.
I've got a couple theories on why this is happening. The first is that it might have something to do with an option that can be toggled to allow it to startup with the system and override the UAC warning. I don't think this would be the issue though. The more likely issue is that it allows the user to have granular control over the network and the app isn't signed. The dev, henrypp, seemed like he would have done it if there was a way to do it without having to pay to do it. Most CAs charge about $400/year, which is an unreasonable cost for someone who makes a free program. MS says they want devs to do this for safety reasons, but some open source devs can't accommodate for the cost. Thread: github.com/henrypp/simplewall/issues/211 I looked through a couple VT scans and noticed the newest version for some reason has 8 detections. I ran 3.8 as well and it only had detections from SecureAge and Trapmine. Given how much the tool is used by others and that I've ran it myself for years without issue, it seems like these are consistent false positive issues.
@@KenHarrisio i also think its false positive. also i have bitdefender installed in my system and when i boot my system every time simplewall ask for evevation permission bec bitdefender somehow mess with that and can also see on vs total. now i hate how only trusted antivirus even do such kind of sentic things fuck that to who support coward monopoly
Based on this video, I turned off the default DNS on Firefox and changed the DNS from Cloudflare to Quad9 on my computers, phone, tablet, and router. I passed on ControlD for now because you said it is not needed and an account is required. Good video. Thanks.
Excellent information and another great video, Next DNS and Quad 9 and Cloudfare are the best DNS options in terms of security I guess, please kindly make more details videos on deep configurations of Windows Firewall for advanced security and other software firewalls.
Why dont google and opendns use this blocklist ? Also, couldn't this blocklist be used from the client side, either in advance of the request , OR after the ip address is resolved, but before the site is accessed ?
My guess would be they don't want to accidentally block legit websites/services, through this has been extremely rare in my use. If I understand your question, you're asking if you can use the blocklist on your PC? If so, there's a couple different options I know of. Something with built in blocklists such as Portmaster (which have a lot of similarity to DNS providers and can be turned on/off as you see fit). Windows Firewall also has the ability to block connections, though it isn't as user friendly.
Yeah, it'll work through Portmaster! In the settings panel at the top of the page, you can change your DNS provider. I personally prefer to set DNS through Portmaster, but it'll work well through Windows too. The following two lines should work for DoT: dot://dns.dns0.eu?ip=193.110.81.0 dot://dns.dns0.eu?ip=185.253.5.0 The following should work for DoH: dns0.eu
@@KenHarrisio Thank you. I am currently using the default DNS provider, which I believe is Cloudflare. Would you recommend switching to DNS0? I often game and do streaming, so I am concerned about any potential negative impact on performance.
@@J-Ernie Hey John, I just recognized your channel. I'm glad to see you're still around! In your case, it'll be a toss up. Cloudflare's speed is going to be hard to beat. I imagine even a 10ms difference in competitive PVP could be a big difference. You could try a before/after test on speedtest[dot]net and see what it would look like for your area. If the latency would be an issue to change DNS from the OS/router level, you could just switch providers through browser settings and still get some of the benefits.
great video Ken. Thanks for all the info. Is my Pi hole considered a DNS firewall? I have all my devices DNS changed to an extra Pi4 that all my internet goes thru then to my devices. Even my linux machines
You talk about tagging but everyone is allowed to know i'm using virtio drivers. My hardware? Windows never gets too see that part unless i pass through my gpu. Windows is for playing games, use it like that and you'll worry less about malware and security. After all, who cares my windows vm has malware.😉
Yeah, some of the dns providers can cause speed issues. I've been using Quad9 for several years and haven't noticed any issues, but your milage may vary depending on where you're located. Thanks for letting me know about TwinGate. I hadn't heard of them before.
Yes, good coverage, I think the industry term to put out there (at least until they change it) is called; DNSSEC. It runs on the same port, 53, but is encrypted. I want to say Google's and cloud flare both use DNSSEC by default. The problem can arise from greedy, data hungry ISP because essentially, they are DHCP'ing your publicly visible WAN IP address. So even though you have established DNSSEC at your Router, your ISP is up stream from you in the hierarchy and they have ways of, similar to the way you can inadvertently be split tunneling your VPN which is a security concern because of identity leakage, you have to go back and verify your configuration because your ISP will go back through and split tunnel your DNS so they can keep their sweet sweet revenue stream which is your data, they literally do not care about your security. And so we have a fundamental incentive disalignment.
DNSSEC does not _encrypt_ anything; it adds a digital signature to verify ("authenticate") the data. Your ISP can still snoop on your DNS queries, but can't necessarily intercept/redirect your queries. DNS over TLS (HTTPS) is what you're thinking of.
For anyone wondering what Hawk_112 is talking about, here's an article: www.quad9.net/news/blog/sony-s-legal-attack-on-quad9-censorship-and-freedom-of-speech/ I've used Quad9 for about 4 years and they've been solid as a rock.
What are you talking about, LOL? you really do not have any idea how surveillance works. DNS Provider? Budd DNS is a distributed "system". There are no "providers", you can run your own Recursive DNS server within your network, and you don't need to use a "Public" Recursive DNS server. Just get Pi-Hole if you want to do it the lazy way, it's free. Also, The government isn't going to use DNS to catch you. and your ISP can still track the websites you connect to, especially since they are routing you internet traffic. 😂 Also, a VPN has nothing to do with protecting your privacy or identity from the government, and especially the website you are connecting to, especially when you need to log in. The ONLY valid reason to use a VPN is to stop MITM or to allow you to access another LANs internal resources. No other reason. If the "Government" wants to see what you're doing, they can still track what is going into and out of that tunnel endpoint.