Author Topic: You can lead a horse to the water, but you cannot make it use NoScript..  (Read 56217 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi malware fighters,

The use of the script blocking extension NoScript inside Firefox makes it the safest browser around, but still the propagators of the use of the extension for complete in-browser security often feel like those lone prophets crying out in the desert, read about this here: http://forums.informaction.com/viewtopic.php?f=8&t=4571

You cannot row against the intentional omission of this vital security information, because trackers and profilers that earn from running scripts inside "your" browser like it if the majority of users do not know about such extensions like NoScript, HTTPS-everywhere, RequestPolicy etc. and rather take the risk of malcode in servicing their obfuscated adcodes then giving the browser back to the user, "yes you use it but you do not own what's going on under the hood", and with a combination of NS and RP you definitely do,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Then why doesn't Mozilla include it in the installation of Firefox? That's one of my beefs about FF. If you install it just in it's default state with no addons, it is less secure than IE8 is in it's default installation. Users should not have to look for addons and plugins to secure their browser, they should be included by default. I wouldn't use the addon anyway probably because I wouldn't like dealing with having to manually allow parts of web pages to load. I want to see everything on the page.  I don't even block ads , only popups and cookies which I allow selectively by site.

There are other things about FF that I don't like such as the download interface and the cookies management where I think IE8 is far better. I also have never found it to be any faster.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Hi malware fighters,

The use of the script blocking extension NoScript inside Firefox makes it the safest browser around, but still the propagators of the use of the extension for complete in-browser security often feel like those lone prophets crying out in the desert, read about this here: http://forums.informaction.com/viewtopic.php?f=8&t=4571

You cannot row against the intentional omission of this vital security information, because trackers and profilers that earn from running scripts inside "your" browser like it if the majority of users do not know about such extensions like NoScript, HTTPS-everywhere, RequestPolicy etc. and rather take the risk of malcode in servicing their obfuscated adcodes then giving the browser back to the user, "yes you use it but you do not own what's going on under the hood", and with a combination of NS and RP you definitely do,

polonus

Very well spoken, polonus..!!!
I wish we could spread the truth all over the forum, in every thread and all the topics out there... ;)
As long as users aren't aware of this, malware will keep mushrooming on the net.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I want to see everything on the page.  I don't even block ads , only popups and cookies which I allow selectively by site.

You just very well described the problem out there...!!!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Dch48,

Why it did not come in by default then. Well that is as easy one to figure that out, same answer as to the question as why no browser comes with an adblocker by default, because browsing is not essentially about the user but also for those that earn on the browsing of users (understandable because developers also have to feed their kids), as Google was one of the major Mozilla browser sponsors (and Yahoo for flock), they weren't actually very fond of the idea of a browser with the possibility to partially or totally block their code. Why do you think flock does not go on with developing a Mozilla type browser but comes with a GoogleChrome clone and go on in that direction? Because it is all about speed and features nowadays and browser developers cannot score with a "total security" concept, because users are not interested one hoot, only if their machine has been turned into a malware ridden door stopper, and then even a large majority haven't learnt any lesson. What also plays here is that with NoScript you have to click the NoScript icon once in a while to allow/disallow script running and that is too much asked from a user that only has the intellect to right click, left click and "click an option away", alas this goes for the masses, and that is why NoScript extension will have a long time to develop the critical mass to be adopted on a bit larger scale. Well one thing, knowing what I know now makes that I would not use a browser without it,

polonus
« Last Edit: June 25, 2010, 11:55:08 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Gargamel360

  • Guest
@Polonus

I drank the water......and came very close to spitting it back out.  But I gave it a little time, in a week or two it melted right into my regular browsing habits.  Now I have really learned to appreciate NoScript, do not like browsing without it.   
Maybe not water but wine?
An acquired taste, and gets better with age.

I still have not tried RP, but I likely will soon.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Well one thing, knowing what I know now makes that I would not use a browser without it,
polonus

That will lead to another very, very, very big +1 from me... ;)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi folks,

There is a barrier between those that understand why to use NS and those that lack that insight partially or completely or where it falls on deaf ears, but we that understand "will blow that NS horn, and welcome everyone that has awoken to its sound", welcome Asyn, welcome Gargamel360, and I know of many more here on these forums that are users of NoScript and that actually were saved by it from running malscript. How for instance would I dare to go to jsunpack or a javascript malcoded page without the NoScript visor raised?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I drank the water......and came very close to spitting it back out.  But I gave it a little time, in a week or two it melted right into my regular browsing habits.  Now I have really learned to appreciate NoScript, do not like browsing without it.   
Maybe not water but wine?
An acquired taste, and gets better with age.

Nice analogy, Gargamel..!! :)
And much more important, you're surfing much safer now...!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
There is a barrier between those that understand why to use NS and those that lack that insight partially or completely or where it falls on deaf ears, but we that understand "will blow that NS horn, and welcome everyone that has awoken to its sound", welcome Asyn, welcome Gargamel360, and I know of many more here on these forums that are users of NoScript and that actually were saved by it from running malscript.

Sure we will blow the horn... Over and over again, until we'll be heard...!
Also thanks for the welcome polonus, but I'm already on the train for a long time now and hope more security loving passengers will board the train in the near future..!!!!!!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Gargamel360

  • Guest
Yeah, I lack the knowledge to take the offensive against malware like many here can.
For now the best way I can fight it is to stay clean myself and report any filth I find. :)

The real irony I see in NoScript is it seems limiting, constrictive, suffocating.
When in fact it is the exact opposite, it is liberating, imo, as it gives me choice, freedom to say yes/no.



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Gargamel360,

Yes and it gives you security to an extent we have never experienced before with modern browser script technology. Through NoScript you are protected against malscript all sorts from the past, malscript all sorts from the present, and even to those that have not been detected or found out yet so malscripty all sorts from the future, because where script cannot run it can not infest, and that is a very basic general rule, based on a simple fact of life. We have to thank the developer, Giorgio Maone, to have come up with this extension that was the best in-browser security extension so far. It is a great addition to the in-browser-defense of the avast shields, well enjoy it fully,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Yeah, I lack the knowledge to take the offensive against malware like many here can.
For now the best way I can fight it is to stay clean myself and report any filth I find. :)

The real irony I see in NoScript is it seems limiting, constrictive, suffocating.
When in fact it is the exact opposite, it is liberating, imo, as it gives me choice, freedom to say yes/no.

Gargamel,
I remember I did compliment you some time ago.
And I'm happy to say, that it was no mistake, you really are a very smart guy..! :)
I'm sure you'll keep learning fast and someday fight the malware out there the offensive way...
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

SafeSurf

  • Guest
Through NoScript you are protected against malscript all sorts from the past, malscript all sorts from the present, and even to those that have not been detected or found out yet so malscripty all sorts from the future, because where script cannot run it can not infest, and that is a very basic general rule, based on a simple fact of life. We have to thank the developer, Giorgio Maone, to have come up with this extension that was the best in-browser security extension so far. It is a great addition to the in-browser-defense of the avast shields, well enjoy it fully,

I couldn't agree more, and I know I've talked about it here in the forum, but I think this is the best add-on out there that compliments other security features.  I would not go on the Internet without it.  The developer is very receptive to feedback, and thus the frequent updates to improve the software.  Using it becomes routine within a day, and I've been using it since it first came out.

Now the problem is educating others to get them to use it.  So we spread the word.

Hermite15

  • Guest
Then why doesn't Mozilla include it in the installation of Firefox? That's one of my beefs about FF. If you install it just in it's default state with no addons, it is less secure than IE8 is in it's default installation. Users should not have to look for addons and plugins to secure their browser, they should be included by default. I wouldn't use the addon anyway probably because I wouldn't like dealing with having to manually allow parts of web pages to load. I want to see everything on the page.  I don't even block ads , only popups and cookies which I allow selectively by site.

There are other things about FF that I don't like such as the download interface and the cookies management where I think IE8 is far better. I also have never found it to be any faster.

IE8 is a piece of crap, period, if you can't see it you got a problem, or problems ???
Why Firefox doesn't include NS, well first because the NS developer doesn't work for Mozilla, and second even if there was an agreement most IE users like you would get lost with NS when trying Firefox.
 As to IE being more secure than FF default config, what are you smoking ??? FF doesn't write entries to the registry while browsing, FF does't use these freaking activeX things, one of the biggest source of potential malware on the internet, interacting directly with your operating system. Rare silently installed extensions in Firefox (previous versions >>> 2.0) from bad sites (became impossible now btw, while browsing), didn't affect the OS, just the browser.
 There's something that I hat more than IE in this world, it's the guys promoting it and talking BS about Firefox. Firefox was, is, and will be the more secure browser of all times. Now ****, thanks.

ps:on a side note, FF might be currently twice slower than Chrome, but guess what, IE8 is twice slower than FF ::) as to the interface if Internet Explorer, it's hardly better than what it was 10 years ago, everything in it is completely outdated, the whole interface is a failure, favorites, downloads, settings etc...

@ the others: I'm a long time NS user >>> NS is not for everyone, that's a fact. Live with it. Put NS in the hands of an average user is to some extent like doing the same with a HIPS (to some extent...). They wouldn't know what to answer.
« Last Edit: June 26, 2010, 11:54:46 AM by Logos »