Kevin J. Bowman - a pilgrim trying to be the hands and feet of Jesus

dispossessed

ScrubIT - Good Protection & Free

Monday, March 05, 2007 3:19 PM

When you get something for free, Great is asking too much. So I was not disappointed when the ScrubIT DNS service turned out to be good not great. I was expecting a product that would be delivered a fair rating, instead I am relieved to say "No, it was Good!"

Allow me to explain what makes this service good.

1. A fair balance of blocking and permitting - I have used and paid for some services that feel 2/3 of the internet is bad. Yes it's true people can post inappropriate pictures in Yahoo groups. This is not a reason to block all of Yahoo Groups. The ScubIT folks seem to agree. Blatantly pornographic sites are blocked, while sites like Yahoo Groups, and YouTube where porn slips into a much larger net, are open. This alone earned Scrubit a great deal of satisfaction from my book.
2. No Impact on Speed - This is HUGE for me. I pay good money to surf the internet at high speed. I do not want to be crippled by proxies and other services that slow my connection down. I had no visible impact on my surfing, and my benchmark and traceroutes had no noticeable speed differences either.
3. On the border of of necessity but intentionally ignored in my assessment is the need for a third DNS server. I had to code in a dead local address to my Linksys router to keep it from acquiring and therefore assigning a non-protected DNS server to my DHCP nodes. This simple step would offer a great functional improvement.
   

Now allow me to opine on how I see the future for ScrubIT. Using a modified version of the GPL code for the WRT54G the ScrubIT folks should sell their own firmware. This firmware would add 3 essential processes that would catapult this service past great into the arena of perfect.

1. Refusing to pass traffic traveling across the TOR network. Since the service is merely a DNS server my queries were passed onto the FreeDNS servers when encrypted with TOR. This meant the average 16 year old tech geek could easily circumvent the security added by mapping these protected DNS servers.
2. Policy that blocks all traffic on port 53 to servers other than the ScrubIT assigned servers. By encoding this policy into the Firmware itself, it forms a VERY secure bond to the sites protected by the ScubIT servers. The ability to set a policy like this is available on most office routers, it is not however available on the stock Linksys firmware.
3. Using DDNS to identify registered routers and allow customized DNS filtering based on user preferences. I requested to be included in their Beta of their paid service, however as of today (3 days since requesting) I have not been granted beta access. I assume that their Beta is a software installed on the machine, rather than a service provided at the router level. However by building a customized firmware this service could be moved to the router level and therefore protect ALL NODES on that network.

Overall, this was a very positive experience and I will be leaving their free service in place on my home network. I also would recommend that small step to anyone concerned about a good protection solution for their home network. I will post in the next day or two a step by step tutorial on using ScrubIT with a Linksys router.

UPDATE:03/07/2007 - They are blocking Moviephone a popular site for viewing trailers for upcoming movies. This is the first "false positive" I have come across. If you are a movie fan you should keep this in mind.

UPDATE:03/10/2007 - They have added Blogger to their block list. I am appealing it using their service. That will be a "no deal" for me.

UPDATE:03/13/2007- Blogger is back online through the ScrubIT servers.

Labels: Porn, ScrubIT

1 comment - Permalink -

Snoopstick & ScrubIT

Friday, March 02, 2007 4:57 PM

2 great products have come out in the recent dates that pair together well for protecting our families from the dangers of online pornography. Whenever I lecture on this subject, I always point out that protection has to be three fold.

1. PUBLIC PLACES & AGREED ON SPACES - All computers should be in locations within the home that are public and shared between multiple members of the family. NO ONE (Dad & Mom) included should be privately using a computer. No closed doors! is the most important line of defense.

2. PROTECT THE MACHINE - Accountability is key in this pursuit. Every family should have software in place that allows parents and the other spouse to see ALL online activity. Monitoring and Filtering is a practice that should be disclosed to all family members. Remember the battle is for the heart and mind and so the family should be together in the discussion.

3. PROTECT THE NETWORK - In addition to filtering and monitoring the computer parents must also be aware that Sony PS3 - Nintendo DS - Nintendo Wii - TiVo and other net connected devices can also be used to surf internet photos. Additionally through the usage of Linux boxes, Live CDS, and other techniques PC filters can all be avoided. I have been discouraged recently since Linksys stopped supporting the abilty to parental control on the router. However I was excited to see there is a new (less end-user friendly) solution.

There is so much more to be said about these issues, but this is not a lecture about internet protection. For that you will need to invite me to come spend a weekend with your church. This is about the Snoopstick and ScrubIT service.

Snoopstick - I don't have one yet so my comments are based on what I read on the site. As soon as I can get one of these cats I will give a more thorough review. Snoopstick looks like a similar product to SpectorPro which I have recommended for some time. The advantages of Snoopstick is it seems to have easier remote access.
One other potential advantage of the Snoopstick over SpectorPro is that the programmers could set it up to require both (mom and dad) USB keys to uninstall and disable the filter. This protects couple who choose to use the configuration from the temptation of disabling the filter for their own addictions. At this time Snoopstick does not contain that functionality, but it would make it a perfect product.

ScrubIT - Since Linksys stopped shipping WRT54Gs with the Parental control option I have been discouraged about the 3rd line of defense in protecting our families. ScrubIT answers those concerns by providing DNS servers that can be set at the router level. The free service has no customization but they are working on a beta that will allow some level of customization. I will try out their DNS servers this weekend on my home network to see if this is a solution to add to my presentation.

I am excited about these new products. I will have more post soon once I am able to use them both.

As always when I am this subject, I want to remind you of the importance of these discussions. I believe in this SO MUCH that I will bring your church a presentation that will look candidly at these issues. In the full weekend we spend time with the parents talking about the spiritual realities and offering practical solutions to these issues. We spend time with your youth group challenging them to understand God's passion for their purity. Finally Sunday morning we can present a presentation about Godly passion and Carnal passion.

The future strength of our churches is based on our acceptance of God's call to true religion. This is an important part of our pursuit of purity.

Labels: Porn, Purity, ScrubIT, SnoopStick

1 comment - Permalink -

"I want to prepare like an evangelical; preach like a Pentecostal; pray like a mystic; do the spiritual disciplines like a Desert Father; art like a Catholic; and social justice like a liberal."- Mark Driscoll

© 2003 - 2008 Kevin J. Bowman

CSS By Mad Season Design
Courtesy Open Web DesignThanks to Web Hosting Geeks