How effective is OpenDNS?

Comments

5 comments

  • Avatar
    rotblitz

    Summarizing my understanding: You'll want to use OpenDNS as DNS service on one Windows XP computer only, not on your entire network.

    "This can be done correct?"

    Yes, follow these instructions: https://store.opendns.com/setup/operatingsystem/windows-xp

    "How effective is it as blocking sites (especially porn sites and Facebook) and preventing infections?"

    OpenDNS is an online DNS service and not a local AV program. To efficiently protect against infections, you must run a lcoal AV progam anyway. OpenDNS as DNS service can block domains only. If these domains host e.g. malware or especially are used by malware to "phone home", and you have'm blocked with your settings, then you are protected. That said, there is protection, but not prevention.

    OpenDNS is very effective with blocking domains. You would block porn sites by selecting the related category for blocking, and regarding Facebook, you would add facebook.com to your "always block" list.

    Please note, if the users are admins on this computer, they can simply undo your settings to use OpenDNS, and they would have 8147 other methods to circumvent any restrictions, not just OpenDNS. So take care that they all have only a regular user account on this computer. Else you gave every control already out of your hands...

  • Avatar
    blackhawk99

    Thank you very much Rotblitz! This is very helpful! Is there any way to set a password so that the settings in OpenDNS can't be changed?

  • Avatar
    rotblitz

    Not sure what you mean be "the settings in OpenDNS".

    Your OpenDNS account is protected by a password anyway, if this is what you mean.

    In case you mean the TCP/IPv4 settings in the properties of your active internet connection on the computer, I have already answered to this: "if the users are admins on this computer, they can simply undo your settings to use OpenDNS". That said, users must be regular users, not admins. And no, there is no special password for these settings. Why should there be? Either they are admins, then they are the gods of the computer by intention, or they are regular users, by intention.

  • Avatar
    blackhawk99

    Thank you. Well I ask because I know other programs such as antivirus can be password protected and even admins need the pass to alter a setting.

  • Avatar
    rotblitz

    Yes, but network settings is a pure Windows function, not an additional program. Imagine, each Windows admin function would be protected by a different password, how frustrating!

    And yes, all admin functions are indeed password protected. You need an admin's user ID and password to become able executing them. So, this is exactly what you were asking for. You just must do it right.

    If you're a geek, you can create a kind of "power user" profile with group policies or such, something between an admin and a regular user. This is all foreseen in Windows and well documented at the MS sites. This profile (and users belonging to it) are then for example able to still install programs and to run dedicated programs requiring admin rights, but e.g. not to change network settings etc. Especially in an AD environment you are easily able to have a differentiation between a (local) computer administrator and a global administrator. For example, you could disallow changing the network settings by local admins.

Please sign in to leave a comment.