Consumer Reports recently advised Mac users to dump Safari in favor of Firefox or another Web browser. The main reason: Safari doesn't have the built-in protection against phishing scams that Firefox, Opera, and some other browsers do.
Phishing is when nefarious programmers set up fake Web sites, then attempt to dupe you into divulging personal information. They can then sell that information or use it for identity theft.
We've told you before what you can do about phishing. (For a summary of that advice, see "Commonsense Precautions.") But there's another tool you can use in your defense, a free service that will give any browser on your Mac--including Safari--a full set of antiphishing tools (plus other security features). That service is called OpenDNS, and it's a free replacement for your ISP's domain name servers, which you're probably using now.
How It Works
A domain name server looks up addresses in the Domain Name System (DNS). It translates domain names (www.macworld.com, for example) into numerical Internet Protocol (IP) addresses (70.42.185.230, in the case of Macworld.com). When your browser loads a Web site, it uses this IP address to find the site's server.
By default, you probably use the DNS servers that your ISP provides. (You can see which DNS servers you're using in System Preferences: Network.) These servers are typically specified automatically when you set up your Internet connection. But just as there are numerous phone directories available, there are many different DNS servers you can use--you aren't required to stick with the ones your ISP offers. OpenDNS is one such alternative.
[ILLUSTRATION OMITTED]
It's also one that comes with features your ISP's DNS servers probably lack. One of those features is phishing protection. Once you've set your Mac to use OpenDNS's DNS servers, the service will check any URLs you're trying to reach against a list of sites suspected of operating phishing schemes (OpenDNS's own PhishTank project maintains the list). If a site you're trying to reach is on the list, OpenDNS will block access to it. And you get that protection not only in your browser, but in any application that uses DNS, such as an RSS reader.
OpenDNS can provide this service for free because it changes the way your browser behaves when you enter a nonexistent URL. If you enter, say, asdfjklasjxznn.com in your browser, you'll normally get a "page not found" error message. But if you load it using OpenDNS, you'll get an ad. If that bothers you, you can pass on the service. To my mind, it's a small price to pay.
Setting It Up
The details of using OpenDNS instead of your ISP's DNS servers vary depending on your version of OS X, your Internet connection, and your current DNS configuration. I can't spell out specific steps for every permutation of OS X and network setup. But I can provide some generic advice, a specific example, and a pointer to OpenDNS's own user-friendly installation instructions.
First, here is the generic advice: To replace your ISP's DNS servers with OpenDNS's, reread the installation instructions that your ISP provided. When you get to the step about setting up the DNS servers, replace whatever DNS server IP addresses your ISP has given you with OpenDNS's addresses: 208.67 .222 .222 and 208. 67 .220 .220. Save your changes, and you're done.
To give one example, say you're using the following setup: you're running OS X 10.5 on a machine that connects to the Internet via AirPort, and the DNS server is defined on that Mac, rather than assigned remotely by another machine on the network.
Launch System Preferences and open the Network pane. Select AirPort in the leftmost column and click on Advanced. In the new sheet that drops down, click on the DNS tab, and then click on the plus sign (+) at the bottom left of the DNS Servers window. The cursor will move to a blank line in that window; there, type the first OpenDNS DNS server address, 208.67.222.222. Click on the plus sign again, and then enter the second OpenDNS address, 208.67.220.220.
[ILLUSTRATION OMITTED]
If you see any other addresses listed above these new entries, click on each one and then click on the minus sign (-) to remove them. (If you see grayed-out entries, that means another machine--your AirPort Base Station or another router, for instance--is providing the DNS server information. If that's the case, you'll need to change that machine's DNS server information to point to the OpenDNS servers.) When only the OpenDNS servers'
The OpenDNS Web site has a number of how-to guides for OS X and other operating systems, as well as for 14 different brands of home routers, including the AirPort Base Station.
The changes you've made should take effect in about a minute or less. To confirm that your system is using the new DNS, open up Terminal (in Applications: Utilities), and type nslookup www .macworld.com.
That should return the IP address of Macworld.com, as well as the address of the DNS server that did the lookup; in this case, the latter should be 208.67.222.222 or 208.67.220.220.
The Final Word
Changing DNS servers isn't difficult, and OpenDNS can offer a good line of defense against phishing scams. But no antiphishing tool is 100 percent accurate, so you should still practice "safe clicking." Also, OpenDNS doesn't work for everyone. If that's the case for you, the advice in "Commonsense Precautions" could still help you avoid the phisher's hook.
Rob Griffiths is a senior editor at Macworld.
RELATED ARTICLE: Commonsense Precautions
Despite the technical tools that are available, such as OpenDNS, common sense is your best defense against phishing scams. Here are two basic rules for keeping your self safe.
Be Careful What You Click On I recently received an e-mail purporting to be from Google's Ad Words program. The text of the e-mail asked me to go to http;//adwords .google.com/select/login and update my payment information--in other words, my credit card number.
Trouble is, the URL shown in text wasn't the URL that the link actually pointed to. In Safari and other browsers, if you have the Status bar showing (in Safari, View: Show Status Bar), you can hover the cursor over a link and see what URL it really points to; if you hover your cursor over links in iChat and Mail, the real URL will appear in a little pop-up window.
I won't tell you the URL the fake link really pointed to (just in case you might be tempted to go there). Let's say that it was http://www.adwords.google.com .xxyyzz.cn/select/Login.
While the first part of the URL looks legitimate, the end--xxyyzz.cn--doesn't. . It's a good idea to read URLs from right to left. If the end of the domain isn't what: you'd expect, don't go there.
Even if the URLs agree, it could still be ". a phishing attempt. If you get an e-mail purporting to be from your bank that asks you to follow a link and provide some account information, instead type your bank's URL in your browser directly, then log in to your account. If the message is legit, you should see a copy there.
[ILLUSTRATION OMITTED]
Be Careful What You Say if you do click on a Web link or an e-mail link, use good judgment about providing information.
Simple common sense should tell you to be wary of any Web site that asks for any confidential information, such as your Social Security number, credit card number, bank account, or bank routing number. Triple-check the site URL before providing such data. addresses are visible, click on OK. In the AirPort screen, click on Apply.
Комментариев нет:
Отправить комментарий