I was asked to take a look at ThreatSTOP the other day. Although it’s not very clear from the website after signing up I found out the basics. It’s essentially a lot like OpenDNS. In fact, it’s so much like OpenDNS that I actually confused idwhen I said what it was because he thought that’s what I was talking about. It’s not exactly like OpenDNS - there are a few differences.
First the similarities. They both rely on DNS to protect consumers (not websites) from contacting “bad” sites. They both require that you use their sites to perform the lookups on your behalf. They also share some of the same negatives - bad guys who use IP addresses are unaffected by this mitigation. It’s always reactionary - meaning it won’t block you from going there until it knows it’s bad. And if you’re paranoid, don’t forget that they both get to see every site you intend to contact.
Now for the differences. It appears that OpenDNS has quite a bit of added customization that you can put in front of it - allowing customized blocklists. OpenDNS also uses a block page, which theoretically could see the actual URLs you are going to (since it takes over the DNS for them - rather than simply blocking the request completely). Lastly, and the most import difference between the two: OpenDNS focuses on Phishing and ThreatSTOP focuses on malware infested websites.
Maybe one of the two companies should just buy the other? Not that I use this kind of stuff, but for those who do, it seems like you’d want to be protected from both threats as a consumer, not just one or the other.
Thanks for taking a look at ThreatSTOP
ReplyDeleteWe have some information on our website about OpenDNS. Here is a copy and paste but it can be found at the website www.threatstop.com:
Open DNS is a great service for having a secure, relatively clean DNS service that will deny you and your users access to malware domains known to OpenDNS. As a general rule we figure it is a complement to the standard ThreatSTOP service since it will block some things we do not block and miss many things we do block. The reason why it blocks stuff we do not is that it is able to discriminate between domains that are hosted on the same IP address. The reason why it blocks a lot less is that a) it misses domains it doesn’t know about whereas ThreatSTOP blocks the IP address used by multiple bad domains and b) it offers no protection at all to botnets that call home - or malware that is downloaded from - urls with a hard coded IP address in it. Finally, as a subscriber, if you use our DNS servers in place of OpenDNS for your DNS you will the same service as you get from OpenDNS.