With just a few clicks, you could better arm yourself against hackers and block advertisers from tracking you online.
Cybercrime is projected to cost the global economy more than $2 trillion a year by 2019 according to market analysts Juniper Research, and many of those scams start with phishing — tricking people into clicking on nefarious links through legitimate-looking emails.
An easy way to block these attacks: Change the Domain Name System (DNS) that your computer uses. Most computers connect to the DNS that’s automatically set by their internet service providers, but there are safer alternatives.
How it works
Every URL — like MarketWatch.com — has a unique numeric address, called the IP address, attached to it. When you click a URL, it is routed through the DNS, which allows users to connect with the website’s servers. In other words, a DNS translates the numeric address into words that make sense to humans.
The DNS services that your internet service provider connects to automatically are likely not as secure as they could be, said Mukul Kumar, chief information security officer at Cavirin, a Santa Clara-Calif.-based cybersecurity company. He recommends changing your DNS service to one of a handful of alternative options from either Google GOOG, +0.44% , security company Cloudflare, or Quad9 — a new DNS from the nonprofit Global Cyber Alliance, an international group that fights malicious online activity. The Google, Cloudflare and Quad9 DNS services are all free.
Users can set up a new DNS with a few clicks. On a Mac, go to System Preferences, click “network settings,” click “advanced” and “select DNS.” Then change your server location to the desired DNS address. For Google, 22.214.171.124; for Cloudflare 126.96.36.199; and for Quad9, 188.8.131.52. Save settings, and you’re done. Windows users can take similar steps through its “control panel.”
How services compare
Cloudflare is a relatively new DNS service and has the fastest performance for 72% of locations around the world, according to tests from security researcher Nyokolas Z. Second and third place respectively in terms of speed were Google and Quad9.
Quad9 checks URLs agains a huge list of compromised sites that’s maintained by 19 different security intelligence firms, to ensure the URL has not been flagged for being dangerous in the past. If it has been, Quad9 will block the site. Unlike Cloudflare and Google, the organization behind Quad9 describes its service as “entirely altruistic,” created in partnership with IBM IBM, +0.32% and security company Packet Clearing House (PCH). Quad9, a nonprofit, doesn’t charge consumers for the service and promises not to collect or sell user data.
“Every DNS service you use is mining data and selling it to advertisers,” said Caleb Barlow, vice president of threat intelligence at IBM. “But Quad9 also prevents companies from tracking users.”
Privacy laws instituted by the Obama administration were overturned in April 2017, which means internet service providers can now sell your browser history to advertisers without your consent. Using Quad9 or a similar private DNS could block that. Quad9 can prevent malware such as the recent Russian software called VPNFilter, which infected hundreds of thousands of devices across 54 countries, according to John Todd, executive director at Quad9.
“Within a few minutes everyone using Quad9 — even people already compromised — would be protected from these threats,” he said.
Using Quad9 — or any other DNS service — is not a fix-all for hacks, however, said Mike Banic, vice president of marketing at automated threat management solutions company Vectra, based in San Jose, Calif. Because Quad9 blocks malicious domains or IP addresses that have already attacked in the past, a cyberattacker who really wanted to get into your computer or organization could find a way around it by using a fresh IP address or domain, he said. Any DNS service should be used in addition to existing firewalls and malware, said Todd.
“Quad9 offers privacy, but it will not prevent other services from tracking,” he said. “We aren’t a replacement for in-depth firewalls, we are an additional layer of security. For users, we are the first line of defense — and since we are free there’s no reason not to do this.”