Review: K9 Web Protection

Thanks for this great article. I’ve been looking for a filter and will definitely give this one a try.

Once installed K9 monitors all web surfing activity, whether it is through Internet Explorer, Firefox or Opera.

Hi David, you are correct, but that’s the whole point. If it’s going to protect users from sites, it’s going to have to monitor all activity.

Hi. I have read some reviewers concerns regarding this product in the sense that all your internet activity is fed back to Blue Coat’s servers rather than being blocked locally. Therefore, there are some serious privacy concerns here.

Hi Someone,

I share in your concern over privacy issues, but in order for K9 and its ilk to work, the pages you visit have to go through their servers. Without that happening there’s no way they can tell if what you’re browsing is appropriate or not.

Also, bare in mind that as you surf the Web your IP address is being recorded to whatever server you visit. It’s a matter of trust with services like this.

Hi Everyone,
I want offer to clarify a few things, which may help alleviate some concerns.

(First, Ken, thank you for the review. We’re grateful for the kind words.)

K9 relies on Blue Coat Web Filter (BCWF for short) for ratings. BCWF is our commercial-grade filtering system. BCWF has several components, including a large database of ratings and a dyanamic, real-time rating function.

When a K9 customer tries to surf somewhere, there are three actions and four possible outcomes. Generally, omitting gory tech details, it works like this:

1) K9 says, “Have I asked about this website before?” K9 consults a local cache (sitting on the PC) for a rating for that site. If there’s a match, K9 doesn’t bother to query BCWF.

2) If there is no match in the local cache, K9 sends a query to BCWF: “What’s this URL rated?” BCWF consults its internal database to see if there’s a match. If so, it sends a category back to K9. (NOTE: It’s the URL, NOT the page, that gets examined at this point. Also, BCWF doesn’t know or care whether that particular instance of K9 will block or allow that site).

3) If there is no match in BCWF’s database, BCWF will fetch the page that the URL references, and do an intelligent scan on the page. Very proprietary, very cool (and completely NOT keyword-based). We call this process DRTR (Dynamic Real-Time Rating). IF DRTR can, with high confidence, determine the probable category of the site, it returns that rating.

4) If DRTR cannot with high confidence return a category, the response back to K9 is “unrated”.

NOTE2: In developing DRTR, we spend most of our energy trying to figure out how to recognize content that would put a page into a category that is most commonly blocked, across many languages.

NOTE3: Although BCWF is not perfect, it is very accurate. We receive between 50 and 80 MILLION rating requests every day from our user base. We have millions of computers protected by BCWF. And commercial organizations HATE “false positives”, so we work very hard not to mis-categorize something and cause it to be blocked unnecessarily. Our customer base, including K9 users, really keeps us on our toes. And every user instantly gets the benefit of what we learn from all that traffic.

So as was pointed out by Ken, to do its job, K9 will query BCWF to get a rating for a site.

Now, the key here is that, while K9 does in fact query BCWF, it does not forward personally identifying information, nor do we keep personally identifying information or surfing habits associated with any particular instance of K9. All blocking is done LOCALLY by K9 itself.

If you look in the K9 Admin tool, you’ll see that K9 keeps a history of the surfing behavior. THAT IS THE ONLY PLACE where such a history is stored. ON that computer, and ONLY on that computer.

Generally, Blue Coat is a “trusted brand” for enterprise customers. We’re deployed by large enterprises world-wide to enhance Internet security and performance.

K9 is our “community outreach” effort, not our main line of business. It wouldn’t make sense for us to risk our trust reputation with enterprise customers over K9, especially since we have no need to.

We’re serious about protecting our customers’ privacy. We don’t want to be in the business of having your personal surfing history for a wide variety of reasons. So we don’t gather and don’t keep data that we don’t need to deliver our functionality. And we don’t need that data for K9 to do its job.

I hope I wasn’t too long-winded, because I really do want folks to feel comfortable with K9. We’re trying hard to do our part, and we welcome feedback and questions, both on the product and on how we’re doing as a company.

(By the way, you can find more long-winded thoughts of mine at my blog - TheInternetParent.blogspot.com )

Best regards,
John Carosella
Vice President, Content Control
Blue Coat Systems, Inc.

Hi John,

Thanks so much for taking the time to stop by and clarify how K9 operates. You guys have really put a lot of thought into it and I’ve really enjoyed your product ever since I installed it last year.

I’ll also start making visits to your blog. I took a quick glance and saw some great material out there.
Again, thanks and keep up the good work!

Good product. It had me all the way up to its inability to support multiple configurations for different users. Too bad…. Serious negative to a great product. Unfortunately, its a deal breaker.. Let me know when they decide to add this essential feature.

I understand your point, Eric. I, too, wish it had that capability, but I can also understand their position as well.

I plan on doing an interview with John Carosella, their VP of Content Control, in the very near future. I will ask him to provide a response to that.

So stay tuned!

I have tried many other filters and so far this one is the best I have used. The K9 filter is very effective and does not slow your computer down. The software is disabled by password so it is probably best to let someone other than yourself have password rights if you are the one most tempted by online porn. Go to http://www.k9webprotection.com to find out more about the K9 filter and download.

Eric,
We do recognize multiple user profiles as an important feature. However, in many cases, if it’s just two profiles your family needs, (filtered and unfiltered), the block page can deliver this kind of functionality (sort of).

Many people don’t realize that the block page offers the opportunity to switch to “monitor only” mode (currently, fixed at 15 minutes at a time). So if you are surfing and want “unfiltered” service, (and you have the admin password — or access to the person who has it) once you hit a block page you can select “allow all categories”; you’ll be unhindered for the next 15 minutes.

Not multiple profiles, but still useful in many cases.

Thanks for the kind words.

Does it run under Linux OS ?

Hi Daniel,

According to their web site, this is not offered for Linux OS: http://www.k9webprotection.com/faq.html#4

Thank you for dropping by.

However, we do have a partnership with LinSpire…it’s not K9, but it is Blue Coat Web Filter that does the background work, for their SurfSafe product (visit http://www.linspire.com/surf_safe_info.php for details). Note that it says “Powered by Cerberian” - that’s the company that Blue Coat acquired in 2004. Old logo, current technology.

I just happened across this filter the other day. I had been a user of content protect, but became very unsatisfied with these last couple updates when things started malfunctioning with my computer. I uninstalled it, and all was well. I am delighted so far with K9 web protect. It provides the features we needed, and at a wonderful price. Some other filters may have a couple other bells and whistles, but I have a hard time complaining about something that is this free! From what I can tell this program provides great protection, wonderful accountability, and is very minimally intrussive. That was one of my bigger complaints with content protect–it blocked a lot of good content. In fact, one time I remember it blocked its own site! I am a pastor of a Baptist church, and I have begun recommending this to my people so that their families stay protected and together. Thanks K9 Web Protect!!!

Thanks for your comments, Ben. I had most of the same experience you had with ContentProtect though never saw it block its own site before.

We have web filter at my work, which is a large corporation. They track everything that goes on with web surfing. If a inappropriate site is viewed a big nasty BLOCKED image pops up on the screen and IT is sent an email. I use K9 to prevent that from happening, that way K9 will catch the site before it attempts to go there. That way the site is still blocked, but IT and my manager’s don’t receive an email. The software is awesome and a good to have if you have a computer job like I do.

Hi John,

Well that, indeed, is an interesting use of K9. Very clever!

John - very interesting indeed. It’s good to see K9 put to use for small and medium businesses, no matter how you use it.

This might be a good opportunity, Ken, to remind your readers that K9 is free for home users; but organizations, please purchase your commercial license…(we offer very competitive pricing, and it’s an important way we’re able to keep K9 free for families.)

Thanks all, for your continued support.

Best regards,
jc

Very nice tool, I do very like the web-admin-interface. Just my 2 cents… I have installed and tested the K9 on my PC, found it very usefull. So I decided to install the K9 also on my 11-yo son’s PC. But…it didn’t filter anything. Where was the hack? Running the Comodo firewall on all our PCs I ordered my son to click on ‘deny’ button everytime the allow-deny question apears. So he clicked on ‘deny&remember’ during the K9 installation, when FW asked for K9filter validation Allowing the K9filter called by ‘all parents’ solved this problem and the dog is barking.

Hi Edgarius. Hehe…glad you found the solution to that. I, too, am running Comodo, and I wonder if members of my family inadvertently check that box as well. Thanks so much for stopping by and hope to see you return!

Huh. I didn’t know about that either! I’m going to forward this to our support and development folks. At the very least, we should have an online-support solution to this situation.

I don’t know if it is possible to bypass the personal FW (from the K9 side) to avoid this kind of ‘problem’ I have described. Because (in my opinion) both FW and K9 worked perfectly:
- FW was (unintentionaly) set to deny the K9filter connection to BlueCoat DB
- K9 didn’t get any ‘villainous’ information about entered URL, so it decided that the URL is ‘OK’

One solution would be to stop the FW during the K9 installation process (manualy-not so ellegant, stop-via-K9-installer - may be impossible).

You might take into consideration also the possibility of some kind of ‘checking’ process - K9filter should get information, whether the BlueCoat DB was contacted or not. If not, there should be displayed some kind of information instead of displaying the ‘not validated’ URL.

OK, sorry for my wise-thoughts, I am former IT-forensic scientist now working as security/ITsec auditor and expert witness and it’s midnight around => ‘going to sleep

P.S. Please John, give me info how you have solved this issue.

Hoping someone can help me. A friend of mine is using k9 and is very pleased with the product. However, her 16 year old somehow managed to break the administrative password and reset so he could view some sites he is not to be viewing. He also changed the password so that his parents cannot prevent this. We are wondering how he managed to break the password, and is there a way his parents can rectify this? If they uninstall and then re-install, would that do the trick? Thanks in advance for any help you can give!

Hi Susan, thanks for dropping by to ask this. John Carosella, a VP of Blue Coat, regularly monitors these comments, so I’m sure he’ll respond. If not, I know how to contact him.

But this is curious. I wonder if maybe it was more likely he found or guessed the password rather than breaking into K9 to find it, but I suppose anything’s possible. The parents will need the password to uninstall it, but that may be too extreme. Instead, they should just reset the password AND the default settings, then add their own settings to ensure the teen hasn’t approved sites he shouldn’t be going to.

Then they should proceed with grounding the boy for a month at least.

Thanks Ken

My first thought too was that he must have guessed the password, but my friend says she used a brandnew password that she felt he wouldn’t be able figure out. Either he guessed, or he’s a whole lot more computer savy then we’d all like to think.

At this point they can’t do much since he’s refusing to give them the new password he set up….so I have encouraged them to unplug the computer and lock it in their storage shed until he has a change of heart (grins). However, not a long term solution by any means since my friend relies heavily on e-mail to minimize rural isolation.

Anyway, perhaps with a few days of having no access to the computer at all, he’ll re-think his options. I just thought I’d see if I could get any information that would help her.

Ohmygosh, Susan! The nerve of that kid! It’s a classic powerplay, it sounds like. You’re a good friend to be finding out what can be done.

Something comes to mind about the password though. Perhaps it’s possible that their browser is configured to remember and therefore pre-fill the password field? Just a guess. Or if the kid is really that tech savvy, perhaps he’s installed a keylogger to record all sorts of things.

Anywho, I hope he realizes the error of his ways and decides to play nice.

okay Ken….now keeping in mind the only two real things I know about computers is 1) where the power button is, and 2) how to do some serious shopping online (LOL), can you give me a reasonably simple step-by-step on how they can check the configuration, and correct it if need be? I really appreciate your help!

It sounds like maybe that 16 year old needs to do without the the computer for a while! Parents can (if they have the guts to do it) have a lot of leverage against a 16 year old, and they don’t need to know what he’s looking at–they already know that he is looking at what he shouldn’t. That’s just my opinion.

Sure. Try these steps:

1. Go to your Tools menu in the menu bar.
2. Select Internet Options.
3. Go to the Content tab.
4. In the middle of that window will be something call AutoComplete. Click on the Settings button.

There are several check boxes to choose from that, when enabled, will save information that’s been placed into fields on a web page. So the next time you enter text into that field the next time you visit that page, it should be present.

It’s very useful for it to do that, but as you can see, it can be dangerous if not used properly. The trick is to have it prompt you each time you enter a password or tell the browser not to save that type of information at all.

That said, I’m still thinking that there’s something else afoot here, like a keylogger, something that runs invisibly in the background that records what’s being done on the computer: sites visited, applications opened, passwords entered, etc.

I hope that helps.

Hi Ben, I could not agree with you more. Part of the power kids have is what the parents give them. Sometimes it’s because the parents feel they’re not qualified to enter the tech realm, which gives kids immediate control over that domain, and has we’ve seen here, locking the parent out.

Other times, it’s that parents feel like they should be a friend to their children and want to be accepted as such by them. I’m not saying that parents can’t be friendly, but they can do so without being a friend, thus putting themselves and their kid on equal terms.

Yes, a little computer-free time is in order.

Ken…

I’ll pass the information along so they can check configuration. You mentioned a keylogger…is there a way for them to check if he has downloaded something like that?

Ben….I absolutely agree, but having said that, because he has been physically violent toward them in the past, I know they are quite intimated by him, and unfortunately their fear has sent him a message that it’s okay to use threat of harm to get his way.

You’re both awesome for taking the time to respond to my questions. Hopefully the information I pass on can be used to get one step ahead of him…..beat him at his own game, so to speak.

You’re welcome, Susan. Wow, it sounds like it’s worse than I thought. I hope things work out for them all.

As for the keylogger question, that’s sort of tricky as by its very nature, it’s designed not to be easily found. The best advice I can offer you on that would be to press the following keys on the keyboard: Ctrl-Alt-Delete.

Pressing these three keys simultaneously will call up a window giving you access to a tab called “processes”. That will list all the things that are running on the computer in the background.

Now, assuming there is a keylogger and assuming that it can be displayed in this list, you can Google the names one at a time to at least learn what those programs are.

Also, two can play that game–all they have to do is put a key logger of their own on the computer and wha-la! They’ll have the new password. But honestly, it sounds as though have already lost not only the battle, but the war. Very sad, indeed! I feel bad for them.

LOL…funny you should say that, Ben. I did a web search on keylogger to see what came up….found a free one and promptly sent an e-mail to my friend suggesting she fight fire with fire and download the program.

The situation is frustrating for me also. This boy is my birth son….my friend, his adoptive mom. Last year she asked if he could come live with us because they had become so frightened of him….I said yes. Not once in that time did he EVER pull this kind of BS on me….reason: he knows that in all of two seconds he would VERY swiftly be reminded who the parental figure is! Unfortunately when I re-located to Nunavut in 2006 he chose not to come with me, and returned to his parents.

I continue to encourage them to take a strong stand with him (should have done it years ago, in my opinion) before the trouble becomes ten-fold, but also know their fear of him is not unjustified. To date, he has been caught viewing website on how to make everything from drugs to bombs, and some of the most demeaning porn one could imagine. It frightens me to think what’s in store for him if he continues on this path! Nonetheless, they are his parents and all I can do is be supportive to them in whatever manner I can. I think denying him access to the computer/internet is a good starting point.

So Sorry Susan! I know it is a particular heartache because of the relation.

Susan,

I appreciate your concern - it is a valid one. After reading the post about your friend, I suspect that the following happened:

1. Your friend’s email inbox is accessible by anyone who uses her computer (a stored email password is very common).

2. Your friend’s son clicked the “forgot password?” link near the K9 login box. This sends a 24-hour temporary password request to the K9 license server. A temp password is sent automatically (and immediately) to the email address we have on file.

3. The son retrieved this password from his mother’s email inbox and used it to change the password for K9. He may have also used it to change the email address for her K9 account (all done within the K9 administration pages).

This situation is avoidable only if the email address used to register for K9 is one which only the adult/administrator can access. At this point, there are a couple options that she has:

a. If only the password was changed (not the email address), she will be able to perform the same procedure outlined above to change the password back. Also, the email address will need to be changed as well.

b. If both the password and email address have been changed, she will need to speak with her son and together they can uninstall K9 (using the password he set), reboot the computer (very important), and then she can proceed to request a new K9 license using a secure email address (I might suggest a free one from http://www.gmail.com).

As you can see, if K9 is set up properly using a secure address, it is a very secure program (more secure than any I have come across). In the future we hope to add some other measures to verify identity before sending any temporary password out. For now, I hope the information above helps!

Thank you,

Richard Ashcraft
Support Administrator
K9 Web Protection

Hi Richard, sometimes it’s the simple things that get overlooked. Great response and thanks so much for stepping up to help.

Hey everybody: another reason to consider using K9 — great support!

Hello all -

When installing K9 and signing up for your license, it is very important to choose an email address that is *NOT* accessible by anyone besides yourself. We do not use your email address for any reason (it is never sold, and we don’t spam) - except for support issues. For example, if you forget your password, it is possible to request a temporary password to be sent to your email address on file. If your kids can read your email, they can access that temporary password and do what they want with your K9 installation.

So, again, to emphasize - PLEASE use an email address that only you can access.

One other pretty nice feature that K9 does is it will send an email to your address when it is uninstalled…in case your kid guesses your password and tries uninstalling it without your knowledge…

Hi Nathan,

Thanks for pointing that out. I’m sure that’s overlooked more than we know.

Just wanted to take a few minutes to thank all who took the time to respond to my initial inquiry. The situation is now resolved….seems not having access to the computer was indeed as strong motivator….he gave up the password he created. We’re still not sure how he managed to do this in the first place as he is remaining tight-lipped, but hopefully this is the end of the nonense!

You guys have been absolutely incredible in your helpfulness, and I just wanted you to know how much it is appreciated!

I have a suggestion to ensure this never happens again…
Set the e-mail to someone outside the family so that there’s no record whatsoever of their password on the computer (ie. yourself, Susan, as long as you’ve never accessed e-mail on that computer. Or if you make an extra e-mail account with a completely new password solely for that purpose). Then have that set to be the e-mail for K9, and promptly request a new 24-hour temporary password. That will reset the program so that there’s no way the password can be intercepted, or guessed.

…I know this from experience, as it’s what I’ve done to myself in an attempt to pit my own teenage wits against those of this filter.

So far the filter is winning.

Hi Jimmy. If more parents took even a portion of the time you do in protecting your family’s computer, there would be fewer inappropriate websites being reached. Thanks for dropping by!

I hate this product! my teenager is very net savy and instantly found a way around it. And the bigger problem was that it cant show that she got around the filter so i didnt know and she obviously wasnt going to tell me. I would not recommend this product to anyone whos child knows how to use a computer.

Sarah, I’m sorry to hear that news, but I don’t think you can blame K9. If you could read the handful of comments just above this one you’ll find that there was a similar situation where a tech-savvy child circumvented his parent’s access to K9 as well, but that’s not K9’s fault. The most likely explanation (just an educated guess at this point, of course) is that either the kid reset the password by telling K9 to send one. If the kid knew how to get to that email address, then he has the keys.

Hello. Having my own two young daughters, I’ve just started digging around for monitoring and filtering software. This looks good, I will probably take it for a test drive. But before I do, I have a couple questions. 1) I have a feeling that Sarah Berry’s frustration is a result of her kid’s use of a proxy server. I know the high school I work at, this is a constant battle. We are constantly blocking new proxy sites. Has any progress been made on this front? Until this problem is solved, internet filters are practically worthless. Although, while the kids are still young, the use of a filter would prove useful. 2) Has anyone tried installing the program under an administrative login, and then having separate user logins for the family members? Would this, in effect, be useful in differentiating the different members and their internet activities? Or no? Just a thought.

Hi John, yes, please do give it a spin as I think you’ll find it very useful. I’m not affiliated with the product, so I’m speaking from personal use.

As for your suggestion, I believe you’re on to something with a proxy server being a possible component to Sarah’s scenario. I’m curious to know what type of filtering software you’re referring to that your child’s school uses. I know at my children’s school they rely on a service that’s supposed to update their filters, but it’s highly possible that it’s a challenge to keep up with all the sites meant to bypass filters.

I’m not a big fan of using logins on Windows. Logins for software, sure, but I find the act of having to switch profiles on a computer is cumbersome. Having said that, I’m not sure it would solve things as a kid could still request a password be sent to their parent’s email account, and assuming they have access to it, then you have a problem.

Thanks so much for stopping by to comment. I hope you’ve subscribed to keep up with what I post.

Here is my question:

Will k-9 allow me to monitor the web browesing activities on my pc, without any visible sign that k-9 is running? I’d like it to remain out of site, without and pop up messages ro warnings for the sole purpose of monitoring, not blocking.

Hi m,

If I’m not mistaken, yes, you can configure it to accept everything while monitoring and not alert you to any inappropriate sites.

Thanks for taking the time to comment here.

All you have to do to delete the admin logs is to delete the Urls document in the k9 folder

@Pete
I’m a little behind in approving comments. Sorry for the wait. But thanks so much for your input.

Is it possible that itake the k9 off my computer because I would like to download limewire and I can not do so

@anonymus
You can only uninstall K9 if you know the password to do so.