Lead Image © enciktep, 123RF.com

Lead Image © enciktep, 123RF.com

Seven free blocking filters for ads

Ads Subtracted

Article from ADMIN 59/2020
By
We compare seven free blocking filters for advertisements and look at how they integrate into the network.

Some websites overdo advertisements, piling on pop-ups, video snippets, and product placements in your browser. If the editorial content only appears as an afterthought, it's time to filter out the ads.

An ad filter can be applied to each individual device or make the ad invisible for all clients on a network at a central location. In this article, I compare ad blockers that run on the router or on a device on the network, in which case, the terminal devices do not require any additional software.

Requirements

The ideal setup would have an ad blocker running on low-cost hardware or directly on the existing router, and I would like to be able to make changes to the blacklists if the software filters out too much (or too little).

The ad filter must function in the local language. Even the best software is useless if it does not recognize regional advertising. Finally, I want the ad blocker to prevent access to websites with dubious content or adult entertainment, where applicable.

Candidates

The test candidates come in the form of add-ons for an existing (router) operating system or as additional hardware. Pi-hole, the best-known candidate, has to face the challenger AdGuard Home and the outsider eBlocker. pfBlockerNG, Unbound-Plus, and Adblock join the fray for networks with pfSense, OPNsense, and OpenWrt, respectively. The NxFilter DNS appliance rounds out the list.

All candidates in Table 1 are free of charge and use free blacklists. If no suitable hardware is available on the local network, costs are incurred for a small-board computer (SBC) such as a Raspberry Pi.

Table 1

Ad Filters

Software Adblock AdGuard Home eBlocker NxFilter pfBlockerNG Pi-hole Unbound-Plus
Examined Version 3.8.15-1 0.102.0 02.04.05 04.03.06 2.1.4_21 5.0 0.5
Origin Germany Russia Germany Korea USA/Canada USA Austria/Czech Republic
Popularity + ++ + + +++ +++++ +
Language Ash Go Java, Ruby Java Shell Bash, PHP, C Python
Platform OpenWrt Linux, FreeBSD, macOS Rasp Pi 2/3/4 Linux, macOS, Windows pfSense Linux OPNsense
Available Since 2015 2018 2016 2013 2015 2016 2019
Mode of Operation DNS sinkhole DNS sinkhole DNS sinkhole or firewall DNS sinkhole Firewall rule DNS sinkhole DNS sinkhole
Multilanguage Blocking Lists + +(1) + +(1) +(1) + +(1)
Additional Blacklists + + + + + + +
License GPLv3 GPLv3 EUPL EUPL free for up to 25 users Apache v2 EUPL v1.2 BSD 2-clause "Simplified"
DHCP Server +(1) + + + +
Hardware Costs (approx.) $45 $50 $50 $50 $150 $50 $150
Admin Interface + + + + + + +
Graphical Evaluation + + +
Protection of Minors + + + +(2)
Safe Search + + +(2)
DNS over HTTPS + + + +(3) +
Clients Individually Configurable + + + +(2) +
(1) Upgradable. (2) With pfSense methods (complex in part). (3) Manual adaptation at the command line.

Black Holes

Most ad filters work on the same principle: They integrate into the network as DNS servers and respond to queries from the clients. The terminal devices ask the new DNS server for name resolution and receive a stored IP address.

Unlike a conventional DNS server, however, the ad blocker answers those DNS queries that are on its blacklist with a shrug of the shoulders (i.e., a DNS sinkhole). From the client's point of view, this website does not exist, and the browser cannot load the advertisement.

How does the advertising filter know that a DNS query leads to an advertising domain? The software uses publicly available lists that collect web addresses and domains for advertising. These blacklists work like spam lists for email servers.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Filter DNS queries with Blocky
    The Domain Name System is repeatedly the target of or is leveraged for attacks on corporate infrastructures; however, it also lets you protect corporate networks against attacks and malware. The Blocky DNS server sets up quickly to secure DNS queries and DNS filtering for corporate networks.
  • DNS filtering with authentication
    Filtering HTTP connections and employing traditional proxy servers can protect users from web threats but also increase latency. DNS filters would be a better option, but they lacked authentication – until NxFilter came along.
  • Solving the security problems of encrypted DNS
    DNS encryption offers WiFi users good protection in public spaces; however, in the enterprise, it prevents the evaluation and filtering of name resolution.
  • Spam protection using SpamAssassin
    The intelligent, modular SpamAssassin email filter provides a variety of advanced tests for detecting unwanted junk email.
  • Professional protection for small and mid-size enterprises
    To what extent does the Untangle NG Firewall, where apps come together like pieces of a jigsaw, meet customer criteria for protection, usability, price, and support?
comments powered by Disqus