Does your VPN block malicious websites? Here's why you should check

Malware Magnifying Glass
Image Credit: Shutterstock (Image credit: Andriano.cz / Shutterstock)

VPN providers add all kinds of bonus features to try and attract new customers, and although some of these are marketing gimmicks, others have real value. 

For example, NordVPN, Private Internet Access, ProtonVPN and others all have the ability to block ads, trackers, phishing and malicious websites. Connecting to the VPN keeps you safer online, and cutting down on ads might improve your speeds, too.

It's easy to dismiss this, especially if you already have antivirus, a security suite and a bunch of other anti-malware apps. When you've already got web filtering from a top antivirus vendor, why do you need anything more?

That seems to make sense, but there's a problem. Just connecting to the VPN might disable some, if not all of your current browsing protection, leaving you far more exposed than you might think. Keep reading and we'll explain why.


DNS filtering keeps you safe online

Security software might use several techniques to block malicious websites, but one of the most popular is DNS filtering. Here's how it works.

When you enter a domain name such as techradar.com into your browser, your device can't immediately communicate with the site. It needs the website IP address, first. It gets this by sending the domain name to your ISP's DNS (Domain Name System) server, which looks up the site and returns its address.

Security vendors sometimes take advantage of this scheme by reconfiguring your device to use their own DNS server. Try to reach a URL the company thinks is malicious, its DNS server doesn't return the IP address, and you're unable to access the site.

This doesn't offer quite as much protection as you'll get with specialist software. A DNS filter can block or allow traffic, and that's it. But a browser-based ad-blocker can analyze web pages as they're downloaded, allowing it to make much smarter decisions about what it shows, and what it doesn't.

DNS filtering is easy, though, and as it comes bundled with your security app, it protects all your devices without having to install any extra security software.

DNS

(Image credit: Shutterstock/Funtap)

VPN apps and DNS

One of the problems with DNS is most devices send DNS queries in plain text, where they're easily accessible to others. If you're using the internet on public Wi-Fi, this could allow the hotspot operator or nearby snoopers to monitor the sites you're visiting.

Connecting to a VPN fixes this as the service replaces your current DNS server with its own, and all DNS queries are sent through its secure encrypted tunnel.

While this is great for privacy, it's bad news if you rely on that DNS server to block phishing sites, manage a parental controls system or anything else. That protection almost certainly won't be available while you're connected to the VPN.

Don't panic, this doesn't mean you're left defenseless. Most antivirus engines use several layers of protection, and they'll have plenty of alternative ways to detect and block threats. Many apps don't use DNS filtering at all, and for instance your ad-blocking browser extensions should probably work as normal.

Don't just assume you're safe, though, either. You need to find out more.

Blocked access to website

(Image credit: NordVPN)

Make sure you're safe online

It's easy to test web filtering software to see if it works with a VPN. If you have a parental controls app, or anything which blocks access to particular types of website, just try accessing those sites with the VPN turned off, then with it turned on.

When you can't run tests, search the vendor's website for information about how it works. If web protection is based entirely on DNS filtering, it'll probably be disabled when you're using a VPN; if it uses some other technique, you'll probably be safe. If in doubt, contact the vendor and ask.

If your current VPN has any built-in web filtering, make sure it's turned on. In NordVPN's Windows VPN client, for instance, go to Settings, General, and enable the CyberSec option.

And the next time you're shopping for VPN deals and you see a provider offering malware blocking, don't automatically dismiss it. Sure, a VPN isn't likely to give you the same web protection as a specialist antivirus. But there's no harm in having a second layer of security, and in some situations it might be the only browsing protection you have.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.

TOPICS