By Ron Benvenisti: This article is geared to those computer users who know how to do some basic configuration but haven’t set up filtration yet or who do not want or can’t afford to pay ongoing fees.
None of this is rocket science (at least to me!) and if the step by step instructions are followed with a fair amount of concentration, you should have no problems. If you are of the faint-hearted when it comes to computers, let an expert handle it. But for those that are somewhat tech-savvy, here’s the step by step.
I am presenting two free yet very effective solutions.
The first is the K9 filter which can be downloaded for Mac or PC from here: http://www1.k9webprotection.com/getk9/download-software
For quick start installation and configuration information go here:
http://www.bluecoat.com/doc/9712
I recommend reading over this before the K9 install. It’s straightforward and simple,
You can configure a few standard levels of filtration and customize each one plus additional sites you want to block can be added on the fly even without a password. K9 must be installed on every PC and is great if you don’t have any other wireless devices besides PCs or Macs, like Smartphones, iPads, Xbox, Wii, and the like. If you do, check out the second option. You can also use both.
The second option is OpenDNS Family Shield (or Parental Controls). This has strict blocking and is not changeable. There is also The Home version which is configurable, requires an account to set filtration levels and black and white lists. You can find out more about the Home option here: https://store.opendns.com/get/home-free
More and more people are using the various OpenDNS products, especially the Enterprise version for schools, businesses and corporations. There is no hardware or software to install and even a large company or school can be set up in less than an hour.
In this article I will be explaining how to install the more strict OpenDNS Family Shield option.
Keep in mind that with both K9 and OpenDNS it is up to you to decide who controls the passwords and configuration. With K9 the administrator can always bypass it; with OpenDNS you can always change to another DNS. It’s best to entrust someone else to set the K9 password and lock down the OpenDNS settings from Administrator so no other users can change network settings. If you don’t trust yourself please avail yourself of the YishmorEini accountability program here: http://yishmoreini.com/ Most likely you will find your Rav participating.
If you find any of this too daunting YishmorEini will do it for you for a one time charge. YishmorEini does not make a profit and you only pay for the install to cover expenses. There are no other charges. YishmorEini covers it going forward. Again, you can click on the link above or on the ad on this page for
details.
To install OpenDNS Family Shield on individual computers:
Mac OS X:
—————
Go to System Preferences.
Click on Network.
Select the first connection in your list and click Advanced.
Select the DNS tab and add 208.67.222.123 and 208.67.220.123 to the list of
DNS servers.
Click OK
Give it a few minutes for your “address” to propagate over to OpenDNS.
Clear browser caches as applicable:
Firefox: Tools, Clear Recent History, click cache, Clear now, Restart
Firefox
Safari: Empty Cache, Empty, Restart Safari
Windows 7:
—————-
Click the Start Orb, then select Control Panel.
Click on Network and Sharing Center.
Click on your primary connection or Local Area Connection under Active Networks.
Click the Properties button.
Windows 7 may prompt you for permission to make network setting changes.
Highlight ‘Internet Protocol Version 4′ and click Properties.
Click the radio button ‘Use the following DNS server addresses:’ and type 208.67.222.123 and 208.67.220.123 in the Preferred DNS server and Alternate DNS server fields.
Click OK button, then the Close button, then Close again. Finally, close the Network and Sharing Center window.
At this point, we highly suggest that you flush your DNS resolver cache:
(go to Start, Run, type cmd.exe, Okay, when the DOS screen opens type ipconfig /flushdns, enter, close DOS window after confirmation) and clear web browser caches as applicable:
Chrome: Tools, Clear Browsing Data, Empty the cache, Restart Chrome
IE: Tools, Internet Options, Delete, Check Temporary Internet Files, Delete,
Restart IE
Firefox: Tools, Clear Recent History, click cache, Clear now, Restart
Firefox
Safari: Empty Cache, Empty, Restart Safari
Opera: Settings, Delete Private Data, Detailed Options, Check Delete Entire
Cache, Delete, Restart Opera
It’s a good idea to close and restart your browser to ensure that your
OpenDNS settings have taken effect.
Windows XP:
——————
Select Control Panel from the Start menu.
Click Network Connections from the Control Panel choices.
Choose your connection from the Network Connections window.
If you have more than one, choose your default/current connection (Wireless or Ethernet).
Click Properties button.
Select Internet Protocol (TCP/IP) and click Properties.
Click the radio button Use the following DNS server addresses and type 208.67.222.123 and 208.67.220.123 in the Preferred DNS server and Alternate DNS server fields.
Click OK
Clear web browser caches as applicable:
Chrome: Tools, Clear Browsing Data, Empty the cache, Restart Chrome
IE: Tools, Internet Options, Delete, Check Temporary Internet Files, Delete,
Restart IE
Firefox: Tools, Clear Recent History, click cache, Clear now, Restart Firefox
Safari: Empty Cache, Empty, Restart Safari
Opera: Settings, Delete Private Data, Detailed Options, Check Delete Entire
Cache, Delete, Restart Opera
Windows Vista:
———————
Click the Start Orb, then select Control Panel.
Click on View network status and tasks.
Click on View status.
Click the Properties button.
Vista may ask for your permission to make changes. If so, click the Continue button.
Select Internet Protocol Version 4 (TCP/IPv4), then click the Properties button.
Click the radio button “Use the following DNS server addresses:” and type in OpenDNS addresses, 208.67.222.123 and 208.67.220.123, in the Preferred DNS server and Alternate DNS server fields.
Click the OK button, then the Close button, and the Close button again.
Close the Network and Sharing Center window.
Clear web browser caches as applicable:
Chrome: Tools, Clear Browsing Data, Empty the cache
IE: Tools, Internet Options, Delete, Check Temporary Internet Files, Delete
Firefox: Tools, Clear Recent History, click cache, Clear now
Safari: Empty Cache, Empty, Restart Safari
Opera: Settings, Delete Private Data, Detailed Options, Check Delete Entire
Cache, Delete
To install OpenDNS Family Shield on a router, protecting all devices that
connect to the net through it:
Linksys Router:
———————-
Enter the router’s IP address in a new browser window.
http://192.168.1.1 is the default Linksys router IP address.
Enter the Network password.
The “Enter Network Password” window will appear. Skip user name and type the router’s password (admin is the default password, if you haven’t changed it) and click the OK button.
Type in OpenDNS addresses, 208.67.222.123, 208.67.220.123, in Static DNS 1
and Static DNS 2 fields.
Click Save Settings button.
Netgear Router:
———————–
Type the router’s setup URL (http://www.routerlogin.net, or http://192.168.
0.1 or http://192.168.1.1) into a web browser address bar.
http://192.168.1.1 is the default Netgear router IP address.
Enter the password.
Type in OpenDNS addresses, 208.67.222.123 and 208.67.220.123, in Primary DNS
and Secondary DNS fields.
Click Apply button.
Wait for the settings to be updated.
D-Link Router:
———————
Enter the router’s IP address (http://192.168.0.1) in a new browser window.
This will be the computer’s Default Gateway IP address. The Default Gateway is the IP address of the D-Link router. By default, it should be 192.168.0.1. Most D-Link devices use the 192.168.0.X range.
Enter the router password.
Note: if you have not changed the original settings, the default username is admin and the password is blank (nothing).
If you forgot the password, you will have to reset the router to it’s default settings by inserting a paperclip into the opening marked “Reset” on the back. Hold the clip in place until the lights go off and then release.
The default username and password should now work.
Click on the Manual Internet Connection Setup button at the bottom.
Enter the OpenDNS addresses, 208.67.222.123 and 208.67.220.123, in Primary DNS Server and Secondary DNS Server fields.
Click Save Settings button at the top.
Generic Router:
———————–
Open the preferences for your router.
Often, the preferences are set in your web browser, via a URL with numbers (example: http://192.168.0.1). You may need a password.
If you’re like me, and you set the router password long ago and cannot remember it now, you can often reset the password to the manufacturer default by pressing a reset button on the router itself.
Sometimes preferences are set via a CD or program application for your router, which you installed on your computer when you added the router. If so you can also use that. (You still may have to reset).
Find the DNS server settings.
Scan for the letters DNS next to a field which allows two or three sets of numbers, each broken into four groups of one to three numbers like x.x.x.x or xxx.xxx.xx.xx or the like.
Put in the OpenDNS server addresses, 208.67.222.123 and 208.67.220.123, as your DNS server settings and save/apply.
After any Router Install, also clear your browser cache:
Clear web browser caches as applicable:
Chrome: Tools, Clear Browsing Data, Empty the cache
IE: Tools, Internet Options, Delete, Check Temporary Internet Files, Delete
Firefox: Tools, Clear Recent History, click cache, Clear now
Safari: Empty Cache, Empty, Restart Safari
Opera: Settings, Delete Private Data, Detailed Options, Check Delete Entire
Cache, Delete
Close and restart your browser.
If you followed the steps correctly you should now be good to go.
NOTE: Cablevision Modems can not be configured for OpenDNS. Verizon FiOS Routers can be configured for OpenDNS through advanced setup options.
Again, if this is too much for you contact YishmorEini. We will work with you and your Rav.
i just downloaded k9 and im very happy,
What is the downside of using OpenDNS home version ?
Can the home version be installed with Optimum/Cablevision ?
Open DNS will only work for a user without administrative rights otherwise they can just change which dns server to use.
@ Wondering: More whitelist/blacklist options and category customization. Install on PC if you have no router, just the CV modem. CV modems are not DNS configurable (also mentioned in article).
@3 Anonymous: Stated in article. Important point.
Ron: Is there any good filter or accountability program for Android phones?
There is a filter that works well for android pltforms. It is the Mcafee Family protection.
As a TAG volunteer, I must advise you that although the filter works very well, it is not a perfect solution, because it allows you to customize and allow whichever site you want to, i.e. opening youtube.com will allow you to view ALL youtubes…
Not perfect, but will work fine for now. Until Jnet is done with their software for androids (I know they work on it)
I hate to put this in the open(and feel free not to post if you so wish) but K-9 is VERY easy to bypass. All it takes is a few minutes of Googling around. At the most the administrator will get a notification of sorts. It is far from ideal.
opendns is awesome, no downsides. no software slowing down your computer any computer coming into the home or office is automatically filtered and you can get around it unless someone resets your router
also I believe k9 is available for android.
Regarding Android Smartphones that’s a whole other article which I have sort of planned but for now, since “@The real deal” and @”Louis” brought it up, I will say the Android Smartphone is the easiest platform to bypass. Even applications like McAfee which say they can’t be uninstalled can be undone in a couple of minutes. There is NO solution for Android other than having both of these done: 1. The ISP removes 2G/3G/4G data from the plan and 2. Removing (hacking) the wireless modules out of the phone entirely (on your own or a by a guy like me). To remove wireless from an Android phone, the phone has to be “rooted”. Rooting will also allow the removal of any filter, monitoring or other protection app no matter what type of secure passwords or administration functions the app has including using the dial pad with a password entered through that. And yes, you can always find the wireless modules on the net to put back on. Consider: over 10 million Android phones are rooted and can be rooted in less than 10 minutes. Even though this will void the warranty, it is easy to restore the phone to “un-rooted stock” condition in less than 5 minutes if you need any warranty repairs. The provider has no way of knowing if the phone was ever rooted of not.
Even if the phone hasn’t been rooted, every phone has a recovery mode which will restore the original settings and blow away any apps that didn’t come with the original ROM in the phone including McAfee and whatever else. That takes about 5 minutes. You can use OpenDNS on Android and get the same functionality as McAfee for free (instead of $19.95) which is just allowing you to set blocks and allows at will so your on your own trust. Because of the way the Android operating system is built (A Java based Android specific API on top of an open source Linux OS kernel) and the way the phone itself is designed to interact with that with modules that allow easy ways to change and modify it’s internals, there is and will NOT be a way to filter them. If anyone could do it they would have figured it out by now because Android is already in it’s 4th Generation and the basic architecture of the phone is not planned to be changed any time soon. I would love to see Jnet or anyone else beat the Android design but I’m not holding my breath. IMHO OpenDns is the way to go on Android maybe in combination with SMS Tracker (which is an accountability option) that also can track your every phone call, text, location and movement patterns. (No more AC for you!!) I can’t stress this enough: Anything on Android (and iPhone) can be defeated in minutes by rooting or “jailbreaking”. All you need to do is Google it and you’ll be done in a few minutes. If you don’t need to play Angry Birds or sync your calendar – just get a plain old “Dumb” phone that will give also give you texting. If you think Android is a problem now, it’s rolling out in almost every appliance in the house as we speak. Talk about getting burned by the stove………
OpenDNS is far more effective if you put it directly on the router. It also helps if you can run a custom firmware like tomato or dd-wrt on the router that can intercept port 53 requests. That will solve the problem that @3 Anonymous raises.
Open dns has a big problem in that it doesnt block google images.correct me if I am wrong
@J Good point. That’s why I have those installs in the article. TCP/IP Port 53 (DNS) is not so much a problem with OpenDNS because it is not using BIND. Could be viruses could exploit 53, but i have seen those as mostly “false positives”. In any case OpenDNS protects against that as well as the MANDATORY AV software installed on the machine.But if you’re really paranoid and have the time and patience to muck around with your router ROM I would go with OpenWrt.
@12 Anonymous: The next best thing for your Google account other than spray painting your glasses black (from the inside – it comes out better that way) is checking into Google’s own safety tools which you can find here: http://www.google.com/goodtoknow/familysafety/tools/
and you can configure from your Google account settings so it will work in any browser. Attempts at flesh recognition have been going on for at least 12 years that I know of but I don’t know of anything that is cheap and really works well. Skin-tone and clothing color are problems.
Ron… Why no answer to @7 ???
K9 does not work with Trend Micro anti virus. Open DNS does though.
What about a blackberry?
What aboutblackberrys? Are there any filters they would work with?
@15 Wondering
Because he’s right! There is one clean way to do it and it’s on the net, but you have follow the many steps and instructions very carefully. The point is that no solution is foolproof. Given enough time, research and effort…. It comes down to where you are holding with this issue. If you are honest with yourself about it being a real problem – and I mean honest – because it’s easy to rationalize when you’re in deep and you don’t know it – you can become desperate and on automatic pilot – you will Google your way right back into the depths – go with the accountability option and be willing to face the music with a Rav or mashpia. This stuff was always addictive and has ruined countless lives for centuries, just like any other addiction. It’s only the delivery mechanism that’s new and way too convenient. The Evil Inclination’s mantra is “Just one more time” – Turn it into one more victory. Every battle needs weapons. Only a fool would neutralize them or point them at himself or his loved ones. With the increasing onslaught and proliferation of moral decay, every “bullet” counts. You have to be diligent and stay on top of the situation, especially with kids and teens around. Make sure the stuff is still locked down and configured on a regular basis. Keep the machines always locked up or always in sight. Filters are only one weapon in a larger strategy borne out of commitment.
What about a Blackberry?
I do mot browsw google thru any account . If you go go google images it will show you sny image evrn those deemed improper by open dns .look in the open dnd forums . this is a known problem .
i installed k9 and few days later my internet stopped working completely, my technitian came and deactivated my k9 and my internet started working again, just be cautious when downloading it…
I have K9 and have no problems with it, but it could have conflicted with your software. Is there anything for cheap prepaid phones.
I have attempted to download K9 numerous times, and each time it has worked for several days, and then shut down my internet totally, giving me a K9 error message, forcing me to uninstall the filter. This issue seems to be common, as noted on various help sites (cnet.com etc.). Is this something bluecoat is working on?
can someone explain to me- do i have control of what type of websites it blocks out
Ron says “The Evil Inclination’s mantra is “Just one more time” – Turn it into one more victory.”. So True!!! I love this line, I will repeat it tomyself when I feel myself slacking. Truly brilliant. Thank you!
@21 http://www.google.com/goodtoknow/familysafety/tools/
In a previous post I mentioned that AFAIK Blackberry Internet can only be filtered on the BES server of the company that issued your Blackberry. If you are on Sprint they won’t activate it without the data plan.
@22 Someone could have messed with the K9 running service or it could be just got corrupted for other reasons like program conflicts, disk problems or whatever. K9 phone support probably could have helped you. If K9 gives you problems use OpenDNS.
Anyone know of a good filter for blackberry besides j-net
is there a filter for a blackberry?
Thanks Ron. Can you give us step-by-step instructions for setting up OpenDNS on Android? (I have a Droid X)
There was a question about blocking google images . Did anybody answer it ? Thank you
@30 Set DNS is the Android app for OpenDNS. The author is only recommending it for rooted phones. I use it on a rooted Optimus and it works fine. There’s a pro version which will run on non-rooted Droids, but I haven’t used that one. Details at: https://play.google.com/store/apps/details?id=uk.co.mytechie.setDNS&hl=en
To Ron and @15 Wondering
FYI, that is why I use the accountability program offered by Yishmoreini. Because I know that K-9 is just a matter of a few minutes to get around(tested it myself and I am far from a “techy” guy). I won’t place myself in a situation where I don’t feel protected.
Yishmoreini is the way to go of course with a filter and you need eyes too as we all can get around filters if we try.
A yishmoreini user.
@ K9 Downside
That’s exactly why my ad on TLS (with the eyes) links directly to YishmorEini……
Is there a way to completely remove internet abilitly permanently from a computer i let my kids use. thanks.