[nSLUG] Omniglobe Broadband: gratuitous nanny

Daniel MacKay daniel at bonmot.ca
Mon May 31 08:09:38 ADT 2010

Last month, a total non-geek acquaintance mentioned to me that he had some kind of virus on his Mac, and asked me if I would I look at it. 

His description of the problem was a little vague, as non-tech users' usually are, but the core of the problem seemed to be, when he visited a pr0n site, another site popped up offering him access if he got an account with it.  

It sure sounded like a virus or browser add-on to me, possibly DNSChanger.  I asked him if, while surfing, he'd had a site had offer him access to the pr0n if he installed this other thing, and he said that he had never clicked OK on that - and this particular user has a very good memory. (And, notice that he didn't just go and get an account with the popup site; he identified it as a virus of some kind.)

As a card-carryng CIPS I.S.P, I have pledged to help nongeeks in distress, so I was obliged to say yes, of course I would.

He brought his MacBook to my place yesterday morning - and it worked fine, which would have been very frustrating except he'd done a "Save As" of the popup / page HTML in question so I could look at it.

It turned out to be a page identifying "block.opendns.com."  His DNS settings were the detault, "obtain from dhcp."

I'm guessing that this is the DNS server he got by default from his ISP, Omniglobe Broadband, pointed to the OpenDNS nanny ("filtering") service.

I told him about Google DNS server, and the associated cost (some unknown loss of privacy, possibly far into the future) and he was not concerned, so I put the goog dns IPs into his Mac's network interface connection and sent him home to the South Shore.

He called a few hours later to thank me and say that everything, including the pr0n, was working perfectly.  (He'd already thanked me suffiently by leaving behind a quite substantial NSLC gift certificate that *he'd* gotten as a speaker's gift last month -- but it was satisfying to know we'd found the problem.)

More information about the nSLUG mailing list