The instructions on this page are also very important if you want to have essentially complete virus and malware protection for Windows. It is also valuable for Ubuntu Linux, but primarily if you are running Windows Internet communications or "social" software within the Wine application on Ubuntu, which is almost never necessary since Ubuntu has replacement applications for nearly all the popular software of those types. Many people may elect to leave out this part because they haven't heard of it before, or they may think that it is too difficult. However, I encourage you to implement the important protections on this page so that you may get the truly superior protection that you want. Also, whether you are running Windows or Ubuntu, why not make your computer invisible to hackers and speed up Internet communications?
To do this you should do the following:
1. Use DNS Servers that offer both Speed and Security.
A. Set them up for use in your Windows or Linux operating system.
B. Set up your hardware firewall so that it uses protective DNS servers if not otherwise specified by your operating system.
2. Stealth Your Firewall
3. Encrypt Your Wireless Signal with Strong Encryption
First...
1. Use DNS Servers that offer both Speed and Security
Set them up for use in your Windows or Linux operating system.
There are a number of free DNS servers that offer powerful malware and virus protection, reliability, and impressive speed. They work this way by either not allowing connection to web pages that are known to be infected or by giving you the choice of whether or not to establish contact. Most viruses and malware may not even make it to your computer for your computer to have to deal with. They update their databases so that when the affected websites are no longer infected, then communication with those websites is allowed again.
At this time, I recommend using the following eight DNS addresses in the following order:
198.153.194.1, 8.26.56.26,198.153.192.1, 8.20.247.20, 156.154.71.1, 156.154.70.1, 208.67.222.123, 208.67.220.123
If your use is not for home use only, then do not use the DNS addresses provided by Norton: 198.153.194.1 and 198.153.192.1.
Primary DNS: Either 198.153.194.1 or 8.26.56.26 from Norton and Comodo, respectively.
Secondary DNS: 198.153.192.1 or 8.20.247.20 also from Norton and Comodo, respectively.
Both Norton and Comodo provide virus and malware protection.
The other ones 156.154.71.1, 156.154.70.1 are from DNS Advantage and 208.67.222.123, 208.67.220.123 are from OpenDNS.
If you are interested in encrypting your DNS server access, OpenDNS also offers that service. (Go to their site for details.)
Different DNS addresses even from the same provider may NOT offer the same protection characteristics. Primary and Secondary servers are used so that if the Primary server has downtime, your computer can automatically switch to the Secondary server, and your Internet communication is NOT interrupted. In this case, I have chosen Internet servers from two separate companies to enhance the probability that the communication will not be terminated.
The DNS address for DNS Advantage (156.154.71.1) appears to be very fast. From my computer system, these DNS services (using specifically the DNS addresses stated previously) may have a response time of around 15 to 20 milliseconds.
If you have not configured the local network on your computer with primary and secondary DNS server addresses, your computer may be automatically selecting them via communication with your router or modem using the IP address of your router or modem as though it were a DNS address. In such case, the communication may slow down to over 200 milliseconds response time from the DNS server. When your computer asks the information from your local network, your local network will typically reference your hardware firewall settings and use whatever DNS server address your firewall is setup to use---including automatically finding one. The overhead is significant and may result in over 200 milliseconds overall response time to get the needed IP address from the DNS server, and that is the case even if you have setup very fast DNS server addresses in your firewall.
However, if you setup your computer to use specific DNS server addresses, it will ignore any DNS addresses that you have setup in your firewall, if any. Instead, it will directly access the DNS servers with a typical response time (depending on the speed of your Internet service) of perhaps 14 to 20 milliseconds---if you choose fast DNS servers. I have actually timed them for my system and locality using Verizon FIOS as my Internet provider, and recommend fast ones, as noted above.
Sometimes different DNS addresses for the same DNS server company will have significantly different response times, and some DNS addresses will offer services (such as malware protection) that other DNS addresses do not, even from the same DNS server company.
Using this method, response time will be reduced dramatically for initial contact to web pages and web page alpha-numeric links to other websites where information is loaded into the web page you are viewing. Plus, you can get effective anti-virus/anti-malware protection (at these fast speeds) if you choose the correct DNS addresses. Your computer temporarily stores the IP addresses for the websites that you view while you are viewing them, rather than accessing the DNS server each time. If you configure your computer to use specific DNS addresses, it will use them rather than those DNS addresses supplied by your router. Even when people do NOT configure their local network to optimize response time from the DNS server, most people may not notice much difference in their Internet experience because it is only the first contacts that are affected.
See below regarding how to do this.
OpenDNS
OpenDNS freely offers "Family Shield" using the DNS addresses 208.67.222.123 and 208.67.220.123 for the primary and secondary DNS addresses, respectively, shielding your computer from known porn sites. If you don't need added protection from viruses and other forms of malware (such as would normally be the case if you use Ubuntu Linux instead of Windows), this may be especially useful.
OpenDNS has good instructions on how to setup your computer to use specific DNS addresses at this link. However, the same basic instructions may be used for any DNS addresses. If you supply DNS addresses that are NOT from OpenDNS, you cannot check to see if your computer is actually using them when you click on the link provided by OpenDNS to check to see if you are actually using the OpenDNS service. You can test DNS server response times from your location by downloading and running the very useful and free program called DNSBench to run a benchmark of response times for various public DNS servers. When you click on the Nameservers tab within the program, the first two DNS addresses listed will be the Primary and Secondary DNS addresses that you are actually using on your computer. (If you are running Ubuntu Linux and you have the Wine application already installed, as discussed in the "Making and Install Disk (CD)" section, when you click on the install file for DNSBench to download it, instead of saving the file, just open it with the Wine Window Program Loader. In that way you don't even need to install it, unless you wish to do so.)
Set up your hardware firewall so that it uses protective DNS servers if not otherwise specified by your operating system.
Click here for an example of how set up your hardware firewall (within your router) for one particular hardware firewall/router/modem for Verizon FIOS Internet.
2. Stealth Your Firewall
If you have a hardware firewall (such as is common with routers), set it to stealth mode, so that hackers cannot even determine that your computer is turned on. (Stealth mode simply means that your firewall is set to NOT respond to Internet communications from any computer or server on the Internet unless you initiate those communications first. With your firewall setup in this fashion, a hacker's scans do not reveal to the hacker that a computer is even present at your IP address.) To setup your hardware firewall to operate in stealth mode, you must access its various features. I have instructions here for one kind of firewall/router/modem for Verizon FIOS Internet.
When you setup your hardware firewall to operate in stealth mode, I suggest that you ensure that your firewall will not respond to remote administration and that nothing is checked or setup to allow incoming ICMP echo requests (such as pings and ICMP traceroute queries). You may need to search the Internet for specific instructions for your hardware firewall/router model or contact your Internet provider for help in this matter (if they provided the equipment).
A good website to use to check whether or not your computer system is operating in stealth mode is "ShieldsUP!". Click here to go to "ShieldsUP!", then click on the "Proceed" button. Then click on "All Service Ports" to cause a scan of your computer's service ports. The analysis may take a minute or two. If your system fails in any way to meet the stealth rating, you need to adjust your hardware firewall.
3. Encrypt Your Wireless Signal
If you use wireless in your home, I suggest that you use encryption with the security type being of a type of WPA2 (such as WPA2-Personal) used with AES encryption. Set it to update every 15 minutes or less. Use a strong password with around 8 to 15 characters (mostly letters), with at least two numbers being within two separate words or within the same word or letter phrase, but not side-by-side. I recommend for ease of use that all the letters be lowercase. If you set up your firewall as stated above, every computer that connects to your wireless network will also be protected by the same firewall in stealth mode.
If you have a wireless notebook computer and you use it in a public place, then even if the firewall in that public place is not setup to operate in stealth mode, the ports on your computer should still be set to operate in "stealth" mode if you properly utilize a good software firewall.
Return to Setup Your Computer to Protect Itself and for Privacy (for Windows)