Every time you use the internet to find a website you're using a Domain Name Server (DNS) to actually locate the physical server. The DNS is what translates the nice friendly URL (eg offbeatmammal.com) to the IP address which identifies the actual server.

The problem is that the DNS service isn't that clever, and hasn't changed much since its inception. It doesn't help with spelling mistakes (eg google.cmo or googel.com) and it doesn't do anything to protect you from phishing attacks

Well. That was until a year or so ago, with the arrival of OpenDNS. Up until then most DNS services have been provided by ISPs simply delivering a replication of the available information with no intelligence or added value. OpenDNS offer two very valuable 'add-ons'.

The first is typo correction. If you make a common mis-spelling for a URL that doesn't have a legitimate site assigned to then the OpenDNS service simply corrects your spelling behind the scenes and you go where you meant to.

The second is an active anti-phishing solution. Using information from third parties such as SpamHaus OpenDNS checks the request and warns you if you're heading into trouble. Because the check happens at the server there is no delay while a browser plug-in goes off to check if the site is good or bad.

As OpenDNS have a very sophisticated caching solution, with none of the requirements of the legacy DNS providers (and because it's their business after all) their DNS servers are very fast.

OpenDNS is very simple to configure. In fact, there is no software to download or install as every network capable computer (no matter what operating system) can simply be set to override the default ISP provided settings with the OpenDNS server settings (there are also options for quickly setting up home and corproate networks in a totally transparent way) - it took about 30 seconds when I switched my laptop to use their servers.

Although the OpenDNS service is free to end users they will be making money by delivering sponsored results if you type in a non-existent URL that they can match in a similar way to Googles AdWords.

While the idea behind OpenDNS isn't new, unlike solutions like DNS Redirector it's free and doesn't require an install.

At the moment the OpenDNS service doesn't include additional services such as ad blocking or customization (eg specific over-rides for suspected phishing sites or common typos) but over time I can see this service evolving. For now however it's a great little solution all of its own....

Hot on the heels of the Windows Line OneCare 1.6 update comes the public beta of OneCare 2.0.

As well as beefing up the security features of the engine this new version offers a bunch of cool new features that make keeping your home PCs secure and performing well a little bit easier

• Multi PC management - designate a hub PC and then add additional PCs to your OneCare circle using a common Windows Live ID. You can then see the status of the other PCs within the group.
• Printer Sharing - share your printer with all the PCs in your OneCare circle
• OneCare Online Photo Backup - paid storage will be available online for photo backups (currently not in the beta)
• Securing wireless networks - if your router is supported OneCare 2.0 will allow you to secure your wireless network
• Startup tuneup
• x64 support

One thing that I really like about this version is that the backup feature is aware of Windows Home Server functionality so if you're using that as your network backup solution then it won't panic because your data isn't safe.

If you have an existing OneCare subscription then you won't be able to activate the beta using that existing account, but you can enable the multi-pc feature if you sign in (but not activate - you need a product key for that) with a Live ID.

You can sign up for the beta here, discuss it in the OneCare support forums, and follow the news on the OneCare blog.

This is a slightly scary development - using the "invisibility" of Flash content to search engines and other parsing tools to hide that fact that you're visiting a phishing site.

Hopefully the corpus of smart users will flag these sites as quick as they get up and running and so the browser, ISP, mail and search engine filters will be able to kick in and protect the less savvy masses.

In the meantime make sure you warn all your friends to follow some really simple rules to avoid phishing traps - a bit of education now will save you a whole lot of grief when they get sucked in.

I had to give up on my previous blog solution because the comment spam was getting out of control and it was hard to manage. That led me to Community Server which has a better approach to spam control.

That now means that with the basic out-of-the-box facilities and a couple of excellent add-ons [6 rules and Akismet] I've not had a single spam comment get published, and almost no collateral damage.

But, even though the spam comments are not getting published they keep on coming. Today alone I've had to make about 80 entries for one site go away. What's even stupider is that the site isn't currently promoting viagra, breast enlargements or unlimited free porn.... it's spruiking badly worded investment tips in (in some cases) companies who don't even match the claimed stock ticker!

Makes me wonder why they bother! They're getting no benefit from their efforts and I could certainly do without the time wasting while I hit delete on their quarantined rubbish.

They keep trying to fill my mailbox up as well. Luckily a combination of SpamCop.net and Outlooks junk filters means that it's very rare that I actually see anything that's too time wasting. And I feel good because I report almost every one of the spam emails I get via SpamCop. For good measure I also install the Project Honeypot spambot catcher on pretty much any site I work on.

Currently listening to: Driftkikker What

While these shields won't need dilithium crystals they will eventually help you on your continuing voyages through the Internet.

The idea behind this project seems to be to protect the browser (and thus the user) by ensuring that 'bad' content never actually reaches a point where it can interact with the system. It seems to operate at a layer between the firewall (blocking network access unless on certain ports or from certain remote end-points) and an anti-virus package which tries to recognise and block payload delivery.

The aim with BrowserShield is to be able to examine the incoming stream of data and interpret it - as JavaScript, images, executables etc - and before it ever gets to a place where it could do damage render it harmless. It will receive regular updates to its rules so it knows what it's looking out for - and hopefully the nature of how it works means that it will help to prevent the prevalence of zero day attacks.

It's going to be good to see things like this working with the existing Microsoft OneCare, Internet Explorer anti-phishing filter as well as solutions such as the OpenDNS project and similar efforts to help you steer clear of bad sites in the first place.... it's another weapon for the good-guys in the arms race that's making the Internet a very ugly place.

While these shields won't need dilithium crystals they will eventually help you on your continuing voyages through the Internet.

The idea behind this project seems to be to protect the browser (and thus the user) by ensuring that 'bad' content never actually reaches a point where it can interact with the system. It seems to operate at a layer between the firewall (blocking network access unless on certain ports or from certain remote end-points) and an anti-virus package which tries to recognise and block payload delivery.

The aim with BrowserShield is to be able to examine the incoming stream of data and interpret it - as JavaScript, images, executables etc - and before it ever gets to a place where it could do damage render it harmless. It will receive regular updates to its rules so it knows what it's looking out for - and hopefully the nature of how it works means that it will help to prevent the prevalence of zero day attacks.

It's going to be good to see things like this working with the existing Microsoft OneCare, Internet Explorer anti-phishing filter as well as solutions such as the OpenDNS project and similar efforts to help you steer clear of bad sites in the first place.... it's another weapon for the good-guys in the arms race that's making the Internet a very ugly place.

I'm terrible at remembering passwords. And if they change then I'm really in trouble! Luckily my life has been made much easier over the last few years thanks to the great guys at Ewise.

They provide automated, scripted login to just under 300 financial accounts (mostly US, UK and AU based but others from Hong Kong, South Africa and others) and they add others at a fairly regular rate.

The great thing about this service is that it's very secure. All the passwords are stored (heavily encrypted) either on your machine or an a 'portable profile' (can be a USB key, memory stick or even a floppy)

Once you've added an account to your profile getting the current balance (or logging on) is as simple as one click. And for all your accounts you only need to remember the one password for your user profile. When you visit the aggregator the last recorded balances are displayed so you can decide which accounts need refreshing, or with one click update them all. 

Because their service uses an ActiveX control for the encryption it's not yet available for platforms that don't support that technology... but I'm sure they'll find a way if they get enough interest!

What makes it especially good is because you're not tempted to click on a link in an email to access your bank records - because it's easier to use their aggregator login - it reduces the risk of phishing attacks. You're also less likely to write the password to your bank account on an easily lost bit of paper - again, because it's so easy.

I'm terrible at remembering passwords. And if they change then I'm really in trouble! Luckily my life has been made much easier over the last few years thanks to the great guys at Ewise.

They provide automated, scripted login to just under 300 financial accounts (mostly US, UK and AU based but others from Hong Kong, South Africa and others) and they add others at a fairly regular rate.

The great thing about this service is that it's very secure. All the passwords are stored (heavily encrypted) either on your machine or an a 'portable profile' (can be a USB key, memory stick or even a floppy)

Once you've added an account to your profile getting the current balance (or logging on) is as simple as one click. And for all your accounts you only need to remember the one password for your user profile. When you visit the aggregator the last recorded balances are displayed so you can decide which accounts need refreshing, or with one click update them all. 

Because their service uses an ActiveX control for the encryption it's not yet available for platforms that don't support that technology... but I'm sure they'll find a way if they get enough interest!

What makes it especially good is because you're not tempted to click on a link in an email to access your bank records - because it's easier to use their aggregator login - it reduces the risk of phishing attacks. You're also less likely to write the password to your bank account on an easily lost bit of paper - again, because it's so easy.

Here's something MSN and Yahoo!, A9 and the other search guys could learn from.... Google now warns users before sending them to suspect sites.

The concept is similar to SiteAdvisor (now owned by Mcafee) but doesn't require any end user install and, because it's server side, it's quicker.

This is a really good thing because it's extending the anti-phishing capabilities that are appearing from various vendors which when combined with good anti-virus solutions makes the, frankly rather scary, Internet a much safer place to play.

Here's something MSN and Yahoo!, A9 and the other search guys could learn from.... Google now warns users before sending them to suspect sites.

The concept is similar to SiteAdvisor (now owned by Mcafee) but doesn't require any end user install and, because it's server side, it's quicker.

This is a really good thing because it's extending the anti-phishing capabilities that are appearing from various vendors which when combined with good anti-virus solutions makes the, frankly rather scary, Internet a much safer place to play.