OK, I changed my “keyword.URL” manually, as Jacob suggested.Now, I’m gonna try to do a clean install of CIS, just to be sure that there’s nothing wrong with it and my search behavior will remain as it is:)
edit:Everything’s fine.Just to ask-why comodo doesn’t prevent the change of the search behavior?
edit2:I found the PSC-EXAM, but the log is too compromising and I’m not gonna give it here, sorry!
So, finally.That’s what i was looking for>
http://img810.imageshack.us/img810/9814/59617829.th.png
There is something between comodo and yahoo after all.How this Yahoo search appears between comodo logos, if not?Sorry for all these questions, but I’m very curious person.
Despite HeffeD’s claim that it is common for a nameserver (DNS) to redirect you to a search page on a failed lookup, that is definitely not true. I have yet to see a corporate DNS server waste their time with such shenanigans. Most ISP’s are not not using redirecting DNS servers. Some ISPs and some public DNS servers do the redirect but it is not a commonplace tactic. In most cases, users get confused when the redirect happens plus it screws over web apps that expect an error page for a failed lookup rather than getting pushed to some search page so the DNS provider can collect some revenue for this “service”.
Comodo’s “secure” DNS servers will redirect to a search page when it should be returning a failed lookup. This is why I won’t use Comodo’s DNS servers. OpenDNS does this, too, and why I won’t use their DNS servers. My ISP starting doing this about a year ago but, at least, gave an option for their customers to opt out of this highly non-standard “service” which violates DNS standards. When I enter an invalid domain then I expect to get back an error, not some search page. This gives me clear evidence that I entered the URL incorrectly or that domain really doesn’t exist (like someone gave me a bad URL). Getting a search page means that I really don’t know that the specified domain does not exist. The search page is NOT an error page.
If you want to see if a DNS server redirects (to a search page or anywhere else instead of returning the standards-compliant error status), use Steve Gibson’s DNS Benchmark utility (http://grc.com/). It will show redirecting DNS servers in olive color with a hollow circle/dot. You can even right-click on the list of results to remove all redirecting DNS servers to toss them away and just see the good ones.
The following is an extract from an article of http://www.pcmag.com/article2/0,2817,2369279,00.asp
It could enlighten the discussion.
"I asked Alex Eckelberry, president and CEO of Sunbelt Software, just what distinguishes the ClearCloud service from OpenDNS, Comodo’s secure DNS, or Google’s Public DNS. He responded “OpenDNS is a Cadillac Escalade, ClearCloud DNS is a Porsche.” He then clarified, “OpenDNS is a very sophisticated system that includes content filtering. ClearCloud is just focused on malware sites,” and noted that the free edition of OpenDNS doesn’t block malware sites.
According to Eckelberry, ClearCloud is quite a bit faster. “OpenDNS does a lot of incredible things, but these come at a performance cost,” he said. Configuring ClearCloud is simpler, too, requiring one minor network configuration change. Sunbelt even offers a utility to manage that change for Windows users. "Unlike OpenDNS, we don’t care where your IP originated from … so we don’t have to worry about updating dynamic DNS, etc.
Eckleberry reminded me that DNS-based content filtering can only block whole domains and thus doesn’t offer the URL-level filtering of advanced parental control systems. He advised, "If you’re not worried about content filtering then ClearCloud is better. If you want content filtering, use OpenDNS.
As for Comodo, Eckelberry admitted that it simply “comes down to technical testing as to which is better at blocking based on threat data.” He did point out that Comodo makes money by forwarding blocked pages to Yahoo while, at least at present, Sunbelt isn’t trying to make any money from ClearCloud DNS."
Personaly, I don’t mind if Comodo makes or not money with its DNS so long as it doesn’t reduce the security of the user.
I think perhaps you misunderstood what I was saying. I said DNS services. This would be a third-party DNS service such as OpenDNS.
And yes it is common, even from an ISP. This is the very reason why Firefox extensions like NoRedirect exist. Their sole purpose is to kill an attempted redirect.
That an extension exists doesn’t predicate that the behavior it modifies or blocks is exhibited at the vast majority of web sites. There are spelling add-ons, too, but that doesn’t prove that no one reviews their post or even the vast majority of users do not review their post before submitting it. It provides a function that the extension author personally wanted to exist. If you go through the list of Firefox extensions, there is a lot of junk there. No, I’m not saying NoDirect is junk. I’m saying that its existence doesn’t prove any statistically based claim on the prevalence of redirecting DNS servers.
I can start Googling around trying to find if anyone has gathered any statistics showing the prevalence of redirection in DNS services (unless you already now of some stats on this).
No stats, but I know most of the biggies do it. OpenDNS, UltraDNS (Which is what SecureDNS uses), Norton DNS…
I believe ClearCloud directs you to Google search, as I would also assume Google DNS does.
I know OpenDNS does the redirect to a search page (forget who but probably Yahoo). With OpenDNS, you would have to open an account with them, install their local DNS updater client (to update your account with them with your current IP address), and when you connect for the DNS lookup they use the IP address in your account to decide what settings to enforce on that lookup. They have several categories of sites that you can select to block along with adding up to 50 domains of your own. There is an option to disable the redirect to a search page on a DNS lookup failure but they definitely punish you for that choice. If you opt out of their redirection then you lose more features in your free account (which already has limited features). Those other features are totally unrelated to doing any online search so it is solely a punishment for opting out of the search redirect. If the punishment disabled features that I don’t need, maybe I’ll consider opening an OpenDNS account, install their DNS updater client, and configure my account to disable the DNS redirect (they call the option something else to belie what it is). My ISP lets me opt-out of the DNS redirect; however, I’d like to have backup DNS servers specified in the TCP/IP config for when there is a DNS outage with my ISP; however, I really don’t care for having to install an updater client to keep an account up to to date with my current IP address or even have to bother creating and keeping alive an account just to get around this stupid DNS redirection which is NOT for the benefit of the user.
I forgot about UltraDNS but would have to check again. CloudDNS definitely does a redirect to a search page (I like how they claim to be faster than OpenDNS because they’re a simpler service yet GRC’s DNS Benchmark proves otherwise). Google’s DNS servers do the redirect to a search page, too, but it seems inconsistent as to when it happens (or I just don’t their rules yet).
Note that a redirect to a search page is NOT a DNS failure for a lookup. That is why these DNS providers doing a search redirect are violating the RFCs that define the DNS service. You’re supposed to get back a failure status for a failed DNS lookup, not a URL pointing elsewhere. Verisign was the first offender with their redirects to a search page for the .com domain they were granted to administer. They led the way and showed other DNS providers just how they could punish their users while gathering revenue. And these are NOT just the free DNS providers. They include the ISPs who are billing you and other DNS providers that already had a revenue source for their service.
Did this ever get indoctrinated into RFCs regarding the definition of the DNS service? Of course, this draft comes after years of abusing the DNS service with the redirect ■■■■. Note that this draft, if ratified to become an RFC, will make it a violation for DNS providers to force their users into the redirection to a search page on a lookup failure." Section 7 indicates that users must be able to opt into or out of DNS Redirect services". So they MUST provide opt-out or opt-in choices to their users. Pretty much that means the DNS providers will need you to create an account with them and somehow figure out who you are by your IP address so they can match up the settings you chose in your account. Section 4 of the draft also mentions that the security offered by DNSSEC obviates the use of DNS Redirect. The client must have assurance that the DNS results come only from the DNS server to which they sent the request and not end up on some other domain. DNSSEC is incompatible with DNS Redirect. Yay!!! Death to DNS Redirect.
If Comodo ever makes good on their claim of providing secure DNS servers then that requires an eventual migration to DNSSEC along with the elimination of DNS Redirect. Alas, DNSSEC won’t be anything pre-Windows7 or pre-WindowsServer2008 users can utilitize. From what I see, DNSSEC will go into or is available in Windows 7 and 2008 and thereafter.
DNSSEC Deployment Guide
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7a005a14-f740-4689-8c43-9952b5c3d36f&displaylang=en
Windows client and server operating system compatibility with DNSSEC enabled root servers
My good ol’ Windows XP ain’t gonna handle DNSSEC, especially since it is an unsupported OS. Also, DNSSEC isn’t offered for free DNS service providers yet. A Google search didn’t find any lists of free DNSSEC providers. (I only scanned the first 10 pages of results).
