small office dns

[holden j caufield]

This is small office with sbs. They are not technical and regardless of what AV I put on the computers there are always 2 people who end up with some virus (2 dedicated laptop users). I had originally put the cox dns as the forwarders as that's what I thought would be the fastest for them. Would I be better off putting in something like opendns. Anyone use them for awhile instead of the isp dns as the forwarder.

 

[AnonymouseUser]

I always use OpenDNS as my first choice, then either 8.8.8.8 or 4.2.2.1 as my secondary DNS. While OpenDNS does block some malware sites, it doesn't block ads, and ad servers are frequently hacked to serve malware. If you really want to block most malware, use DD-WRT or Tomato for Ad-blocking. These solutions block ads and most domains that are known for hosting malware, though it may also break a handful of websites.

 

[mxnerd]

Change DNS is useless if they get virus via email.

 

[Enigma102083]

Change DNS is useless if they get virus via email.

While I can't speak with certainty regarding the OPs clients, I can say that the majority of viruses I've seen in the wild over the last year have been drive-by java exploits, not email infections.

 

[holden j caufield]

yes I think I've seen mostly scripts I'd switch them over to firefox and run noscript but that breaks some of the functionality for their websites and I'd have to baby sit their browser usage. I'm hoping either opendns or maybe special hosts files for the worst offenders will block a lot at the source.

 

[AnonymouseUser]

I'm hoping either opendns or maybe special hosts files for the worst offenders will block a lot at the source.

OpenDNS will only block a minimal amount of sites unless you pay for their premium services. Using Hosts files can work but requires a lot of work installing and maintaining.

Using one of the adblocking solutions mentioned above will cover all current and future machines with minimal setup and rare (if ever) maintenance. Those routers will stay up-to-date by updating their sources on a regular basis.

 

[mxnerd]

Other options : Norton Online Family or K9 Web Protection and block the sites they shouldn't visit.

 

[MustISO]

Lock their workstations down. Unless they need Java and Flash for business, remove it. Install Firefox with AdBlock as the only browser choice and lock that down as well. OpenDNS is a decent option as it can do some filtering.

 

[owensdj]

OpenDNS will be better in terms of speed, reliability, and security, but it probably won't help the virus situation.

Is it possible the 2 laptop users are getting infected while connected to another network?

 

[rsutoratosu]

open dns is great.. i use it for all my sbs clients