pageoneresults - 5:04 pm on Jan 25, 2010 (gmt 0)

The thing about the security software is that it should be the last line of defence, whereas too many see it as the first.

I'm one of those who see it as a first line of defense at the moment. Yes, I'm running XP on this system. Windows 7 on another and then I have an iMac.

I use very little in the way of anti-malware programs. I use Microsoft Security Essentials (simple, unobtrusive, free and with a reasonable reputation).

Isn't MSE a first line of defense? Just from a different provider? And what about all the Windows Security issues that make Front Page here at WebmasterWorld? ;)

encyclo, I spent some time this weekend performing various research into the IPs that were being blocked as malicious IPs. I only took 3 of the almost 10 now and did some digging. Using various Reverse IP lookups, DNS lookups, etc. I was able to make a determination that Malwarebytes was right on target by flagging those IPs. It didn't matter to me that there may be other sites sharing that IP that may be of interest to me. The first 50 websites I extracted from one report were ALL garbage. In the other instances, a large percentage of them were bad neighborhoods. One look at the TLDs and you could clearly see what the neighborhood was like.

During my research, I also came across a variety of resources that looked at IP Reputation. I found a few tools that allowed me to enter an IP and see that the IP(s) I was researching were flagged as being less than safe, in the yellow/red zone of the reports. And yes, I understand that it would be a mistake to make an assumption on that warning alone due to the shared IP environment. But, what if, just what if, there were enough sites on that IP that were flagged as being unsafe?

I don't know about you, but if I were an engineer trying to determine one of the many signals I could use to thwart a bad visitor experience, I'm going to look at the IP neighborhood. Sure, there are going to be some IPs that this won't apply to due to the sheer volume. But, if I can use this methodology on smaller scale operations where the volume is manageable, I just may find that to be a valuable piece of information, I'm referring to IP Reputation. :)