Protecting Your Computer Online For Free
Protecting your computer online is a minefield of choices for a user to contemplate; should you trust the software you install not to be riddled with backdoors, the websites you visit to make sure their code isn’t riddled with malicious scripts or linked to malicious third-party sites, the ISP who provides your connection to stop the bad guys before they get to your home connection, or a combination of all to make sure you don’t get hacked/compromised/infected, become hijacked and join a botnet or lose your private information?
For my day job, I often see company networks relatively well protected with Next Generation Firewalls which inspect protect corporate networks from attack using advanced IDS/IDP/Content Filtering/Application Inspection features, but these devices cost a lot of money. So how to add some much needed protection to your computer, for free?
If you checkout my other posts here, you’ll notice I’m a bit of a Blue Coat fan. I’ve worked with their products for 10 years and have always been mightily impressed with their capability of protecting corporate users from websites which want to install malicious code or steal information. As with the Next Generation Firewalls, those Blue Coat products cost money, however there’s one product Blue Coat provides which is designed with home users in-mind and is free; K9 Web Protection.
K9 is specifically designed to allow Parental Control of children’s internet browsing, restricting which website categories your child can visit, how much time they can spend online and whether Search Engine Safe Search is enabled. Whilst this is great, K9 can also provide highly effective protection for everyone’s computer whether you have children or not.
K9 uses Blue Coat’s ‘Web Pulse‘ collaborative online rating system. Web Pulse is a global network maintained by Blue Coat which provides an almost instant rating of categorised and uncategorised web pages using many different methods such as page content, links on the page to other websites, DNS information, hosting history (e.g is the server hosting the website also hosting content from a known malicious source) and historical reputation. It rates 1 Billion+ requests per-day from 75+ million users worldwide. The ‘collaborative’ part of this system is that all of the Blue Coat corporate devices (the ProxySG, ProxyAV and PacketShaper), and existing K9 users feed uncategorised URLs to Web Pulse for it to rate. The effect of this is that any URL one user sends to Web Pulse for categorisation, other users of Web Pulse get the benefit of that categorisation. Thats very cool, no?!
I won’t go into getting the software install, there are some very good instructions on the K9 website on how it’s done, instead I’ll show you what you need to do to protect yourself from the bad guys online.
First, login to the K9 Web Protection (usually in Program Files / Blue Coat for Windows or Applications / K9 Web Protection if you use a Mac), and navigate to the ‘Setup’ section.
By default, when you install and activate K9, it blocks a number of categories out of the box.
You may want to keep those as is, however if you want a less restrictive, but still protected level of categories, choose ‘Custom’ then check the following.
Make sure you click ‘Save’ at the bottom of the page to finish the changes.
Finally, under ‘Other Settings’ (on the left), ensure that ‘Enable HTTPS Filtering’ is checked (this is the default).
Why enable HTTPS filtering? See below at the end of the document for more information.
A Real Life Use Case
As an example of how K9 can protect users online, lets take my wife’s internet browsing habits. She’s what I’d class as a ‘regular’ internet user, browsing shopping sites, checking her email, and watching TV online. My wife is a Filipino, so likes to keep up-to-date with programs from the Philippines. There are a few places online which allow this, but she primarily uses just one. That site is packed with advertisements, popups, and links to other external sites as I guess they have to pay for it some how, however, here’s a snapshot of the K9 Web Protection report from her Macbook.
So, as a ‘regular’ internet user, with no intention of visiting a site which is malicious, she’s visited something which is clearly classified as Suspicious or Spyware/Malware Source according to K9!
I mentioned above that you should ensure ‘Enable HTTPS Filtering’ is enabled in K9; the reason why is that malicious content is more and more often distributed over HTTPS. I recently came across some clients which were attempting to do just this when inspecting a Blue Coat ProxySG appliance. The following domains were those which clients were attempting to connect too –
baoh7q0me83hg.www5.jub.cc mojp2e.oul.su h53afv15zv6diw6xx.jub.cc 8enqzskkkn4kn061ee.oul.su uyx0v0en.ioh.cc 3kvte9y6i.vng.su 7hlaxwh4.vng.su 6e7ezku4z7142l.oul.su m6hot8f.www5.ioh.cc ek9hsz4kpw.sge.su 9usu4uw3hf9nynrr.jub.cc
Those domain name look suspicious straight off, no? Here’s a screen capture of those connection attempts. In this case, the client computer is attempting to make a HTTPS ‘CONNECT’ to the sites listed above. ‘CONNECT’ is the method used by HTTPS communication to setup the session between your client and the server on the internet.
In this case, as the customer was protected by a ProxySG appliance, the requests were blocked, however it is a good demonstration of why HTTPS, as well as HTTP should be inspected if you use K9.
So there it is, protect your computer (or Mac) online, for free. Install it now, before its to late!