LifeHacker indicates that OpenDNS offers protection against the Conficker worm. The idea is to prevent individuals for going to sites the OpenDNS database knows to be infected.
I have been experimenting with an online service called OpenDNS for some months now. I must give credit to a Leo Laporte’s podcast for bringing this service to my attention.
Most tech folks are probably familiar with the role played by a DNS server. As I understand the purpose of the DNS server, it functions to translate the web address we enter into the IP of the server. The IP number directs the query to the needed machine.
My understanding of how OpenDNS works is that the DNS server could perform functions between this translation. It could check the request against self selected filter options and tell you that you really don’t want to go to the site you have requested. It could also record information about your Internet use. It might seem that these are sinister functions, but you may want to impose well defined types of filtering on your own activity (e.g., don’t let me go to known phishing sites) and you may be interested in your patterns of Internet use. I am guessing my service provider (the University of North Dakota) at this moment has a record of the activity originating from the IP of the computer I am using anyway. Perhaps the issue is – who do you trust?
The filtering options in OpenDNS are quite specific (phishing is the only one I apply) and may be of interest to institutions/businesses who feel the need to apply filtering.
The process of making use of OpenDNS is fairly simple. You add the OpenDNS IP as your preferred DNS. You create an account on OpenDNS and set preferences regarding what type of filtering you prefer and whether or not you want to log your activity.
I am not concerned about Conficker because I use only Mac computers and I have been commenting this security risk because the problem interests me. If you intend to use OpenDNS as a way to deal with this particular threat, read the LifeHacker post carefully. I am not certain that the way I have the service configured would do the trick.
