Blocking based on DNS wud be real time.. whereas for browser based checking will only be updating definition once a while say every 2-3 hrs.Plus DNS based blocking means even other apps will be protected against malware sites, not just browser.If u didnt turn on comp for some reason for 1 or 2days, and a new malware site comes up, and when u turn on comp next time, ur browser has still not downloaded latest blacklist... there is chance u can get infected.But with DNS based blocking, it wont be the case.