The longer version:
Without turning this too much into a lesson on networking, here’s how it works. Computers and web browsers don’t work on names, even though it looks that way. They work with IP addresses, and here in the US, most are still a set of four number separated by periods. Example: 22.214.171.124 is an IP address. It’s the IP address of this web page.
When you type in a name of a web page, your computer begins a process of asking “what does that name mean?” and getting an answer in the form of the four numbers. When you typed in the www.computer-studios.com address of this page, or clicked on a link that brought you here, your computer asked another computer, called a DNS Server, for the numbers that are the IP address of this web page – 126.96.36.199. The name of that computer it asked is a DNS name server. Every Internet Service Provider (ISP), like PacificBell/SBC/AT&T, Cruzio, or got.net has to provide one or more DNS server. The process of converting a name, like http://computer-studios.com into the number 188.8.131.52 is called DNS resolution, and it goes on all the time when you’re browsing the Internet on your computer.
The bad guys want control of your computer. Why? Because they can make money using it as their own. Not a lot for one PC, but they’re after control of thousands. They are hiring smarter and smarter computer guys to accomplish this goal. Consequently, the techniques they’re using to try to get control of your computer(s) are more advanced than ever. They can make money by renting out the use of your computer to other people, who can use it to do evil in the world.
One of the ways they figured out how to do this is to get your ISP’s DNS servers to provide you with wrong information. Instead of handing your computer back the accurate, true address of a web page you’ve just requested, they have figured out how to get that DNS server to give you the address of a web server they control! That web server publishes a web page that looks like the real one (or maybe not – you might not know what the page is supposed to look like). Big difference, though. The fake web page has content in it that will install bad, unwanted programs into your PC. All you had to do was view the page. (As I said, the bad guys have hired better and better talent.)
Are You Already Confused? Want Help!
So, how does OpenDNS fix this problem? You (or we) configure your PC or network of PCs to get the DNS resolution from the secure DNS name servers at OpenDNS. There are two DNS name server addresses – 184.108.40.206 and 220.127.116.11. There is no software to install. There’s an excellent set of instructions at the OpenDNS site that will show step-by-step what to do to make this change. You can change back at any time. The service, at our level, is free. They sell it to larger companies.
Once you’ve made these changes, how does it work? You browse the way you always have, using the browser of your choice. When you open a web site, your computer asks the OpenDNS servers for those 4-digit IP addresses. Here’s the difference – they’ve kept track of sites that have recently been compromised. If you request one, you’ll get a page from OpenDNS that tells you this, instead of the infected or compromised page. The page they provide has a bit of advertising on it. That is how the service can be “free.” And because you don’t actually visit the web page that has the garbage in it, your PC doesn’t get infected.
To make a metaphor, it’s like being in the airport, ready to get on a plane. As you walk up to the ticket counter to check in, an assistant at the counter sees you’re wearing the secret decoder ring that identifies you as a member of the club and says – “Don’t get on this plane. That guy there in the argyle sweater? He’s coming down with the flu and is super contagious right now. You don’t even want to be on the same plane with him.” And presto – you take the advice, get on a different plane and don’t get the flu.
If you go a step further, and sign up for a free account, and register your computer or your network with them, then you can get reports that will tell you exactly which web sites were avoided. I did this. I’m also not getting as many advertisements and banner ads as a result. You can also configure your DNS account to avoid certain types of web pages, including pornography, nudity, hate-sites, and so on. This can be very handy for home networks. You set up the account, and configure the Internet router to give out these DNS entries, and suddenly all the PCs on your network don’t pull up the websites with the stuff you don’t want the kids to see. And it was free. Oh, yeah. You can look at the report and see the sites that weren’t displayed.
I think its very cool. I (Warren) have been using it here and at home for a couple of months, and it works well. If you’re not comfortable at making these changes, we can help or do it for you. It’s definitely worth doing.