Filtering Technology
Back to comparison start.
| Awareness Technologies Web Filtering | BASCOM Patronus—Filtering Designed Specifically for Libraries | ContentWatch NetNanny and ContentProtect | CyberPatrol Online Protection PRO | CyberPatrol Parental Controls | CyberPatrol SiteSURV Web Filtering | Cymphonix Network Composer | IBOSS WEB FILTERS | NetSentron | Netsweeper | OpenDNS Enterprise | SafeSquid - A Web Filtering Proxy | SmoothWall Guardian Web Filter | SmoothWall Guardian Web Security (Filter + Anti-Malware) | Untangle Education Standard Package | Websense Web Security | Website-Echo | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Process for Categorizing a Site | We use the CommTouch list which is recognized as being one of the two most complete and well maintained URL lists. | Our SiteCAT system crawls the web 24/7 categorizing content on the web. Sites may be submitted by customers for human review/update. As sites our crawled, our automated system performs several types of analysis on the content of the site to determine a category. Some sites are also flagged for human review. These sites are manually reviewed/updated by our human researchers. | Our SiteCAT system crawls the web 24/7 categorizing content on the web. Sites may be submitted by customers for human review/update. As sites our crawled, our automated system performs several types of analysis on the content of the site to determine a category. Some sites are also flagged for human review. These sites are manually reviewed/updated by our human researchers. | Our SiteCAT system crawls the web 24/7 categorizing content on the web. Sites may be submitted by customers for human review/update. As sites our crawled, our automated system performs several types of analysis on the content of the site to determine a category. Some sites are also flagged for human review. These sites are manually reviewed/updated by our human researchers. | Cymphonix uses three tools in parallel to manage its Web-filtering task. The first tool is a database of disallowed sites. It's simple and powerful but the problem with using this tool by itself as the main method of Web filtering is obvious: sites change on a daily or even hourly basis. A static defense against a dynamic threat will fail over time. Though this type of tool is simple, fast and excellent at defending against known threats, it's only as good as the last update. Ironically, many vendors go to great lengths to cite the size of their databases as a measure of their product's Web-filtering strength. We think numbers are important, but focusing on just one dimension is misleading. A more important number to consider is how many tools are working together to do the job. We use three. The database is just the first one. The second tool we use is our Keyword Analysis Engine, which scans the URL for text strings that suggest an inappropriate site. This tool is dynamic and can help keep up with the changing environment of the Web. As you know, the limitation of only using keywords for Web filtering is the risk of false positives and false negatives. For example, someone going to visit Essex, Connecticut might want to visit the city's Web site at www.essexct.com beforehand to get information on attractions. It's too bad, but filters using only keywords as their primary defense would block the site. On the other hand, if someone put up a site about the city that included offensive content and named the Web site something innocuous like www.bland.com, keyword filtering would not flag that site. Solutions that rely too heavily on keyword analysis run into a lot of false positives that end up blocking legitimate sites. Lots of appliances use keyword analysis because it is efficient and has a small footprint. That's great if there isn't enough space to create a more sophisticated database with processor-intensive tools. Cymphonix Network Composers have plenty of room and processing power to run multiple tools. That's why we add our third tool, the Real-Time Analysis Engine. This part of the XLi OS scans the actual content of the Web page, as well as the structure, the text, and other content. The Real-Time Analysis Engine then runs a set of heuristics to deduce whether a site that sounds naughty is actually innocent or an innocent site is really the naughty one. Finally, because no single solution, or even the best-engineered trio of solutions, can be a hundred percent tailored to your organization a hundred percent of the time, we also provide an easy way to add, delete, or reclassify sites. And because we know building and maintaining a site list is a lot of work, XLi keeps the list intact when you upgrade or change appliances. | Automated processes. When a category not in database is detected, it runs through AI for potential 'adult' or 'proxy' content. If positive, a temporary block page is presented. Ultimately the site is sent for human review then pushed to the appliance and all other appliances in the field. This is dynamic and in real time insuring no gap in sites processed. | 4 step real time process: 1) Domain name (URL) check against 80 supplied blacklists 2) Check and block on file extensions and MIME types 3) Check on ICRA tags on the web page against the configuration 4) Checks web page against weighted phrases | When a new website is discovered by any one of over 40 million worldwide Netsweeper users, the URL will be directed back to Netsweeper's headquarters where a proprietary, Artificial Inteligence tool will automatically download the specific address, scrap the content of the entire page, run the content by a series of templates designed and then intelligently assign the URL a category. The URL and the assigned category will then be delivered back to the original requesting user in addition to supplying this new information to a global network of categorization servers that store a database of over 3.8 billion pre-categorized URLs. This process takes 3 -5 seconds to run. | Websites are categorized using a combination of user-submissions and third-party data sources. Administrators can customize these categories for their own network using whitelists and blacklists. | Web crawlers + Manual | Library administrators may categorize lists of sites themselves using a simple web interface. The processes by which SmoothWall categorizes sites vary, some are entirely automatic, and others have human input. | Library administrators may categorize lists of sites themselves using a simple web interface. The processes by which SmoothWall categorizes sites vary, some are entirely automatic, and others have human input. | -Block 100M+ classified websites in 53 categories and 20+ languages. -Great for: Traditional sites like porn, gambling, social networking & more. -Block new and unknown sites as users browse to them with eSoft's dynamic filtering and Distributed Intelligence Architecture (DIA). -Great for: Rapidly changing sites like proxies, phishing, IM, P2P & more. -Leverage eSoft's Threat Protection Team for best-in-class online security. -Great for: Spyware, phishing and virus distribution sites. -Block encrypted sites by IP address. -Great for: Proxies and other sites that use https to obfuscate themselves. -Now with SafeSearch - filters search engine results. -Includes password overide capability | Website management | |||
| Percentage of Category Decisions Reviewed by Human | 100 | Nil, unless specifically requested for recategorization by a client. | 100 | Variable | Variable | less than 1% | 80% | ||||||||||
| Description of Each Content Category with Example URLs | http://www.bascom.com/pdf/BASCOM_filter_category_descriptions.pdf | The Network Composer's database currently lists over 66 million URLs classified into over 90 categories including Pornography, Child Pornography, Mature Content, Drug, Hate, Criminal Skills, Hacking, and Weapons just to name a few. Additionally, because of the dynmaic nature of the Internet, Network Composer provides real time content and keywork analysis of web pages to prevent access to new or changing sites with inappropriate content (in 20 international languages). | Ads Adult Content Alcohol/Tobacco Art Auctions Audio & Video Bikini/Swimsuit Business Dating & Personals Dictionary Drugs Education Entertainment File Sharing Finance & Investment Forums Friendship Gambling Games Government Guns & Weapons Health Image/Video Search Jobs Mobile Phones News Organizations Political Porn/Nudity Private Websites Real Estate Religion Restaurants/Food Search Engines Services Sex Ed Shopping Sports Streaming Radio/TV Technology Toolbars Transportation Travel Violence & Hate Virus & Malware Web-Based E-mail Web Hosting Web Proxies | Academic Fraud Sites that promote educational fraud, including but not limited to plagiarism and cheating. Adult Themes Sites that are adult in nature and are not defined in other rating categories. Note: This category should only be turned on if you want to be very restrictive on your network. Advertising Sites that serve advertising. This category is specifically aimed at identifying ad servers. Note: not available as a filter at this time. Adware Sites that distribute applications which display advertisements without user's knowledge or choice. Does NOT include sites which serve advertising. Alcohol Sites about alcohol use, commercial and otherwise. Auctions Sites for buying and selling via auction. Automotive Sites about automobiles, including manufacturers, news, reviews and hobbyist information. Blogs Sites that are personal or group journals, diaries or publications. Business Services Sites for corporations and businesses of all sizes, especially company websites. Chat Sites where you can chat in real-time with groups of people. Includes IRC. Classifieds Sites for buying and selling (or bartering) goods and services. Dating Sites for meeting other people. Drugs Sites about illegal or recreational drug use. Ecommerce/Shopping Sites that are online stores for products and services. Educational Institutions Sites for schools, covering all age levels and types. File storage Sites that offer space for hosting, sharing and backup of digital files. Financial institutions Sites for banks, brokerages, trusts and other financial organizations. Forums/Message boards Sites with discussions, including bulletin boards, message boards and forums. Gambling Sites that offer gambling or information about gambling. Games Sites that offer game play and information about games (news, tips, cheat codes). Government Sites operated by government agencies, including city, state, regional, county and federal levels. Hate/Discrimination Sites that promote intolerance based on gender, age, race, nationality, religion, sexual orientation or other group identities. Health Sites that offer information about health care and health services. Humor Sites that are intended to be funny or humorous. Instant messaging Sites that offer access or software to communicate in real-time with other individuals. Jobs/Employment Sites that offer job listings, resume services, interview coaching and similar employment-related services. Lingerie/Bikini Sites displaying or dedicated to lingerie/bikini that could be considered adult-only. Movies Sites that promote movies or offer movie watching online. Music Sites about music, including news, band and fan information. News/Media Sites that offer news and information, including newspapers, broadcasters and other publishers. Non-profits Sites for non-profit or charity organizations and services. Nudity Sites that provide images or representations of nudity. P2P/File sharing Sites that facilitate the sharing of digital files between individuals, especially via peer-to-peer software, including torrent sites. Parked Domains Sites that are placeholders "parked" for future use. Current uses may include single-page advertising sites. Photo sharing Sites for sharing photographs, as individual images, galleries and albums. Podcasts Sites that offer podcasts, digital media files distributed over the Internet, often using syndication feeds, for playback on portable media players and personal computers. Both audio and video podcasts are included. Politics Sites about politics, politicians, political parties and organizations. Government sites are separate. Pornography Anything relating to pornography, including mild depiction, soft pornography or hard-core pornography. Portals Sites that offer gateways to the Internet as a whole, often including bundled services on their own site. Proxy/Anonymizer Sites providing proxy bypass information or services. Also, sites that allow the user to surf the net anonymously, including sites that allow the user to send anonymous emails. Radio Sites that offer online radio listening or promote radio stations. Religious Sites about religion, religious teachings and groups, and spirituality. Research/Reference Sites such as encyclopedias, dictionaries and other research-related resources. Search engines Sites that offer result listings based on keywords. Sexuality Sites that provide information, images or implications of bondage, sadism, masochism, fetish, beating, body piercing or self-mutilation. Social networking Sites that promote interaction and networking between people. Software/Technology Sites about computing, hardware and technology, including news, information, code and vendor information. Sports Sites about sports of all kinds, from professional to amateur, from news to league information and schedules. Tasteless Sites that contain information on such subjects as mutilation, torture, horror, or the grotesque. Television Sites that promote television shows or offer television watching online. Tobacco Sites about tobacco use and related products, commercial and otherwise. Travel Sites with travel information and services, including reservations for airlines, cars, hotels, vacations, and trips. Video sharing Sites for sharing video content. Visual search engines Sites for searching for images based on keywords. Weapons Sites about weapons, commercial and otherwise. Webmail Sites that offer the ability to send or receive email. | Adware Alcohol Anonymizer/ Proxy Art Business/ Services Cars/ Transportation Chat/IM Community Sites Compromised Computers & Technology Criminal Skills/ Hacking Dating Download Sites Education and Reference Entertainment/ Videos Finance Gambling Games Government Hate Speech Health Home/Leisure Humor Illegal Drugs Job Search Mature Military Miscellaneous Music News Non-profits Nudity Personal Webpages Pharmacy Phishing/ Fraud Politics & Law Pornography/ Sex Portal Sites Proxy/ Anonymizer Real Estate Religion Restaurants Search Engines Shopping Social Networking Spammed Sports and Recreation Spyware & Malicious Sites Tobacco Translator Travel Violence Weapons Web-based Email | http://www.pearlsw.com/resources/quoteOptions/echofilters.pdf | |||||||||||
| Categories Vendor Recommends for CIPA Compliance | http://www.bascom.com/pdf/BASCOM_filter_category_descriptions.pdf(See all categories coded in red for Malicious and Offensive.) | pornography, child pornography, mature content, drugs, hate, criminal skills, hacking, weapons, etc. | Adult Pornography Child Pornography Proxy Virus Malware Adult | OpenDNS ensures your compliance with regulations that protect students from harmful online content. OpenDNS is the easiest way to achieve CIPA (Children’s Internet Protection Act) compliance necessary for E-rate funding by blocking adult sites. | http://www.untangle.com/cipa_whitepaper.html | 45 | |||||||||||
| Granularity of Your Block List | Block to page level |
Block by IP address Block by hostname Block by top level domain |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by top level domain | Block by top level domain | Block by top level domain |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by IP address Block by hostname Block by top level domain Block to page level |
Block by hostname |
| Examples of Each Item Selected Above (Granularity) | Patronus has the ability to block down to a directory or page level. For example, Patronus can block "adult.example.com", "example.com/adults/", or "example.com/adultpic.jpg". | Domains may be specified in the custom block list by domain name. Sub-domains can also be specified. Example: "somesite.com" - Blocks all content on somesite.com. Example: "chat.somesite.com" - Blocks access to chat.somesite.com, but allows access to www.somesite.com, products.somesite.com, etc. | Domains may be specified in the custom block list by domain name. Sub-domains can also be specified. Example: "somesite.com" - Blocks all content on somesite.com. Example: "chat.somesite.com" - Blocks access to chat.somesite.com, but allows access to www.somesite.com, products.somesite.com, etc. | Domains may be specified in the custom block list by domain name. Sub-domains can also be specified. Example: "somesite.com" - Blocks all content on somesite.com. Example: "chat.somesite.com" - Blocks access to chat.somesite.com, but allows access to www.somesite.com, products.somesite.com, etc. | The Network Composer enables organizations to get down to granular Internet optimization for elimintating threats while monitoring traffic down to the exact type of content going through the company's pipeline. The appliance can actually give you "deep packet inspection" from layers 3 to 7, along with a real-time HTTPS scan, so you can look into encrypted sessions to make sure they're not security risks. You can choose to filter by active directory group, IP address, MAC address, URL, host, all the way down to filtering the specific content within a webpage. | Block base domain twitter.com but allow a specfic organizations twitter page. Or Block facebook.com but allow a specific page on facebook. This will still analyze the page to strip unwanted content from within these pages | * Access policies can be defined based on client IP or IP ranges * Access policies can be defined based on user-names and user-groups (created within SafeSquid Web Interface) * Access policies can be defined based on user-names and user-groups from an external authenticating server, like Active Directory or LDAP * Granular access policies for full access, mild filtering or strict filtering, based on IPs, IP ranges, user-names and/or user-groups * Blocking websites to specific or all users/groups, based on website category, e.g. games, email, news, adult, etc. (31 categories) * Blocking web pages to specific or all users/groups, based on specific keywords and phrases found in the page * Blocking applications to specific or all users/groups, based on signatures, e.g. MSN Messenger, Yahoo Messenger, Google Talk, Download Accelerators, Media Players, etc. * Blocking access to specific or all users/groups, based on time and/or day * Blocking content to specific or all users/groups, based on content/file/mime type, e.g. audio, video, application or .mp3, .zip, .flv, etc. * Blocking cookie exchange between specific or all users/groups, and unwanted hosts, e.g. Ad servers * Blocking unwanted ads and banners from web pages to specific or all users/groups * Real-time blocking of Pornographic Images from almost any source * Enforcing SafeSearch option to specific or all users/groups, on search engines like Google, Yahoo, Bing, by overriding user preferences, to prevent users from searching for, or search engines from displaying unwanted content in search results. * Enforcing YouTube Safety Mode to specific or all users/groups, by overriding user preferences, to prevent users from searching for, or YouTube from displaying unwanted videos in search results. For details, see - http://www.safesquid.com/html/portal.php?page=110 | ||||||||||
| Frequency of Updates to Blocked Site List | Daily | Every night | Hourly | Hourly | Hourly | Daily | Real Time 24/7/365 Dynamically | Netsweeper operates in real-time. As new sites are found, they are immediately added to the Master Category List and distributied to the global network of content servers. | Continues process, real-time updates | Minimum Daily | Minimum Daily | Updated on-the-fly | Once every 24 hours to servers | ||||
| Description of How Updates are Applied | Automatically downloaded in the background. | Automatically overnight | The system uses a small set of local data files. The client portion of the software manages version information for local dat files on each machine and provides automatic download and install of updates (both executable files and data files). By default, client software checks for updates once per day. The server portion of the software gets data file updates hourly. Server updates are also done automatically and require no input from customers. | The system uses a small set of local data files. The client portion of the software manages version information for local dat files on each machine and provides automatic download and install of updates (both executable files and data files). By default, client software checks for updates once per day. The server portion of the software gets data file updates hourly. Server updates are also done automatically and require no input from customers. | This is a completely hosted system. No updates are required for customers. | Software, firmware, content filter, and anti-virus definitions are automatically updated daily. Filter avoidance definitions are completed hourly. | Dynamically. No libraries to load or updated. | The administrator receives a notification email with a general description of the updates. In most cases the update is transparent. In a few cases a notification that a reboot is required. | Not applicable. Netsweeper operates in real-time. | Because OpenDNS is cloud-based, with no software to install, updates are instant and seamless, in realtime. | Whenever a user requests for any website, the cProfiles module verifies if the website is listed under the specified categories. It first checks its cache for an entry. If the entry is found in the cache, cProfiles adds the profile instantly to the request. If the entry is not found in the cache, the cProfiles module sends a query to SafeSquid's Content Categorization Service (CCS), and caches the results. cProfiles uses DNS technology to query the CCS. Unlike legacy technologies that forces users to store huge databases, cProfiles caches only 'really visited' websites and therefore, utilizes very little system resources. Since the categorization happens in real-time, users do not have to regularly download updates to keep their database up to date. For details, see - http://www.safesquid.com/html/portal.php?page=132 | Automatically | Automatically | Untangle Server keeps a local copy of the ESoft database. If you visit a website that the ESoft database doesn't know about, ESoft phones home to the ESoft service, then writes the new information to the ESoft database. | Seemlessly to echo servers | ||
| Block Page Displayed or Blocking Transparent to User | Transparent | Displayed | Transparent | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | Displayed | ||
| Items that Can Be Included on Block Page (if applicable) | Customizable message | Password override |
There is a generic block page Category causing the block Password override |
There is a generic block page Category causing the block |
Category causing the block Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
Category causing the block Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
Category causing the block Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
There is a generic block page Category causing the block End user ability to override Customizable message Password override |
Customizable message |
There is a generic block page Category causing the block End user ability to override Customizable message |
||
| Additional Comments on Blocking | A block page can be enabled or it can be left transparent to the user. | Patronus gives librarians the ability to instantly override the filter for a specified period of time using a profile that provides adult access. An adult profile can be created to provide completely unrestricted access or access to everything except malicious sites. This gives Librarians local control so access can be opened for adults as needed. Different levels of access can be provided for workstations used by adult patrons, young adults, and children. A Librarian can also use a web-based interface to remotely change a profile for a workstation. Also, provides peer-to-peer blocking to prevent p2p traffic from clogging up network and using bandwidth. Also, when a site is blocked, the reason for blocking can be shown and the following information can be displayed: Contact Name, Email Address, and Phone Number. | Network Composer can be configured to display a block page or leave it transparent. Additionally, Network Composer allows you to go beyond traditionaly block/allow rule sets for your network. You can shape and prioritize your traffic the way you see fit. For example, say that you don't want to completely block access to a site such as YouTube.com; however, you want to limit the amount of resources it uses. You simply set up the URL YouTube.com to never use i.e. more than 20% of your bandwidth at any given moment and give it a low priority. This insures that other information in your pipe (such as education and research categories) are given a higher priority and thus, more bandwidth. | Block page is customizable at the group level. Also, option to allow overrides through LDAP. Can be transparent or block. | Using the systems web-based administration tools, the administrator is provided the tools to deliver either standard or customized deny pages. Customized pages may also include Netsweeper's newest eSafety Messaging pages that are served up with specific information regarding the subject matter initially requested. Such categories now include the following to name only a few: social networking, pornography, criminal skills, profanity, substance abuse, weapons, etc. | You can customize the block page displayed, or redirect to an internally hosted page. | You can create your own custom html pages (with company logo and custom messages) that should be displayed to users, when a requested content is blocked. Different messages can be displayed for different events, based on users/groups, or type of content blocked, e.g. pages blocked when unwanted words are found, websites blocked by categories, time-based blocks, etc. | When blocking https traffic, the webpage being blocked will just return a "Page cannot be displayed" error message. | |||||||||
| Does filter provide dynamic filtering of pages as they are accessed? | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes |
| Does content filtering work on a weighted system controlled by administrator | Yes | Yes | N/A | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | N/A | Yes | |||
| Describe how dynamic content filter can be changed by administrator, if applicable. | Administrator can assign different levels of access to workstations, users, or groups of users. Patronus has a new Anywhere Filter option that provides security for mobile devices. For additional information on the Anywhere Filter, visit anywherefilter.com | Administrators of the system can provide specific data to filter for. If this data is found, the system immediately sends alert notifications to the administrator. Also, our chat filtering component comes pre-set with a large number of offensive and/or inappropriate terms. Use of these terms by a user will also trigger an immediate notification to the administrator. | Administrators of the system can provide specific data to filter for. | Add to allow/block for instant affect on network. Or change categories/Custom | The administrator can set the categories as well as adjust the phrase weightings. | Netsweeper comes complete with an Web-based administration module that is completely managed by an assigned administrator. This super user will have access to the entire system and may even assign other administrative rights to others within the organization. These 'sysop' permissions can be as generous or restrictive as seen fit. | Using the whitelist and blacklist, administrators can customize which pages are accessible to users. | ||||||||||
| Can filter by file type | Can block by MIME type--applies to all categories |
Can block by extension--applies to all categories Can block by protocol--applies to all categories |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by MIME type--applies to all categories Can block by protocol--applies to all categories |
Can block by extension--applies to all categories Can block by extension within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category Can block by MIME type--applies to all categories Can block by MIME type within a category Can block by protocol--applies to all categories Can block by protocol within a category |
Can block by extension--applies to all categories Can block by MIME type--applies to all categories Can block by protocol--applies to all categories |
Can block by extension within a category Can block by MIME type within a category Can block by protocol within a category |
Can block by extension--applies to all categories Can block by extension within a category |