Avast WEBforum
Other => General Topics => Topic started by: polonus on April 19, 2013, 06:15:20 PM
-
I checked on adblade dot .com because of this particular WOT review: http://www.webutation.net/go/review/adblade.com
See: http://www.mywot.com/en/scorecard/adblade.com?utm_source=addon&utm_content=popup-donuts
This is a known adware tracker. Then I stumbled upon this interesting information:
https://www.eff.org/https-everywhere/atlas/domains/adblade.com.html
Some here use HTTPS Everywhere.
Some avast users do not, because avast does deep scans into http,
and so on https you miss some of that accurate avast malweb protection.
I think to know that DavidR does not enforce HTTPS on http websites for this particular reason.
Correct me if I am wrong.
Anyway it is good to use the atlas to see what mixed content could be considered insecure and is rewritten.
Of course NoScript and RequestPolicy extensions could also help greatly to keep such insecurities at bay.
Like to hear your opinion or get your feedback, my dear forum users....
polonus
-
Here is what it does on avast dot com: https://www.eff.org/https-everywhere/atlas/domains/avast.com.html
pol
-
Thanks Polonus.
I use 'https everywhere' and have read similar information.
I view it as an either/or situation. Possibly good in some situations and not in others.
But this is just a comment from someone who is not an expert on such matters. ;)
-
Like David, it's a tool I don't use. I prefer avast! to be in charge in keeping me safe on the net. :)
-
Thanks for your contributions - schmidthouse and bob3160. What I like about such threads like this one is that users can make up their own point of view. The pro's and contras can be clearly defined and lined up and one could decide. The https protocol can be a secure one as such, but the mix of secure and insecure content could mean a disadvantage. In that case the http protocol secured is an alternative to be preferred. With pre-scanning, various web rep guideline add-ons, script blocking, the blocking of third party (suspicious or malicious) requests, the added protection of both avast! Web- and Network Shields, google safebrowsing, Malware Script Detector and firekeeper (with recent Malware Patrol - Block List - http://www.malwarepatrol.net # List for FireKeeper enabled) and on top the protection of Exploit Shield 0.9.1. I am quite confident I can steer away from harm that could originate from http sites,
polonus
-
Thanks Polonus.
I use 'https everywhere' and have read similar information.
I view it as an either/or situation. Possibly good in some situations and not in others.
But this is just a comment from someone who is not an expert on such matters. ;)
I don't think it is good in any situation, if a site is set to use https then fine, but forcing it everywhere is crazy as you have totally disabled the web shields protection.
-
Hi DavidR,
That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.
So enforcing https where it should not be done is an overreaction to say the least,
polonus
-
Hi DavidR,
That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.
So enforcing https where it should not be done is an overreaction to say the least,
polonus
Which reiterates that a program like this can actually do more harm than good if you're using avast!.
-
Hi bob3160,
We could take this a step further even. Would you agree when we state that HTTPS Everywhere could mean a clear security risk that should not be taken lightly - a lot of "bogus" HTTPS feel of security which actually as we look into the real protection of it could be termed as "Snake Oil Security"?
pol
P.S. Think Kill Evil on Google Chrome makes more sense for the average user that does not yet use NotScript: http://lifehacker.com/5903630/kill-evil-gets-rid-of-annoying-javascript-tweaks-all-over-the-web (extension could also be used additionally)
-
I think you've answered your own question. :)
-
Hi DavidR,
That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.
So enforcing https where it should not be done is an overreaction to say the least,
polonus
I don't get where you think I/we disagree ?
I have said the only circumstance where https should be used is for sites that are specifically set up to use https, banking, logon, etc. Under no circumstances do I believe regular http sites should be forced to use https as it degrades the avast protection.
-
no idea what's Kill Evil ... no screenshot, barely any users...
for Chrome / Chromium browsers I use ScripSafe
https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
I definitely like ScripSafe, sometimes feels way better than FF's NoScript
ScriptSafe is evolution of now 'abandoned' NotScripts (which was try to recreate NoScript for Chrome)
see http://code.google.com/p/notscripts/ and https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en
for Opera I use NotScripts (sadly ScriptSafe isn't for Opera)
https://addons.opera.com/en/extensions/details/notscripts/
and as bonus Ghostery, WOT, webRep in both browsers
-
What Kill Evil does is to remove or disable the following annoyances on all pages (except those you whitelist):
- oncontextmenu (aka "HOW DO I DISABLED RIGHT CLICK")
- window.print (for "print version" pages that assume you actually want to kill some trees and interrupt you with a dialog)
- getSelection and onselectstart/onmousedown (pages that attempt to prevent copying, pop up "definition" links, or even send back everything you select to a tracking server)
- oncut/copy/paste (another way pages can try to interfere with your clipboard)
- window move/resize functions (no one else should be able to dictate the geometry of your window)
- the TARGET attribute on links to open a new tab (I feel *very* strongly about this one: if I want a new tab, I will click with the middle mouse button or use the context menu. Otherwise, I will not.)
- More things if I think of them later/you suggest them
Remember to whitelist sites it may be able to cripple...
Thanks for the link to ScriptSafe. There has been so much here on the forums that added to my security awareness.
Really amazing, and we learn here every day as this is an ongoing security education,
polonus
-
Hi Dwarden,
Like this ScriptSafe a lot and it combines beautifully with NotScripts,
Damian
-
Hi Dwarden,
Like this ScriptSafe a lot and it combines beautifully with NotScripts,
Damian
Trouble is we can't used ScriptSafe with FF this add-on only support for Chrome browser :'(
-
Hi SpeedyPC,
With fx you have the best there is NoScript. ScriptSafe is a google friendly solution ( and whitelisted by default comes
Trust Domain | Xtalkgadget.google.com
Trust Domain | Xgoogle.nl
Trust Domain | Xtranslate.googleapis.com
Trust Domain | Xmaps.gstatic.com
Trust Domain | Xurlquery.net = my personal preferred setting
Trust Domain | Xyoutube.com
Trust Domain | Xs.ytimg.com )
What I like about ScriptSafe is the easy handling.
Your preferred settings are at once synced for all of you google environment...
The more you think here, the more you realize what an absurd idea HTTPS Everywhere actually is.
Also falls into the realm of false security through obscure HTTPS security settings...
polonus
-
Hi Dwarden,
Like this ScriptSafe a lot and it combines beautifully with NotScripts,
Damian
while You can combine them, there is really no reason to keep using NotScripts when You installed ScriptSafe
ScriptSafe was written as successor (replacement) of the NotScripts ...
-
Point taken Guys. (Polonus, David, Bob)
All very excellent points and has caused me to remove the https everywhere add-on from FF. ;)
-
Hi schmidthouse,
You are welcome and that is what a good discussion in a thread here should lead to that is -> "gained insight".
That is why I still hang out here after all these 8 years.
And it is not only others, you also will educate yourself where security issues are concerned.
Conclusion:
As we stand on each other's shoulders we see more and learn to see more...
polonus
-
Hi SpeedyPC,
What is also neat from ScriptSafe is the RATING on "API dot MyWot dot com" bringing up the WOT results for a blocked resource link.
Very heplfull. HTTPS Everywhere is blurring the access to such info...
pol
-
Hi schmidthouse,
You are welcome and that is what a good discussion in a thread here should lead to that is -> "gained insight".
That is why I still hang out here after all these 8 years.
And it is not only others, you also will educate yourself where security issues are concerned.
Conclusion:
As we stand on each other's shoulders we see more and learn to see more...
polonus
Absolutely! Also the reason I am a proud member of this forum.
Definitely not for "Post counts" ;)
-
Like David, it's a tool I don't use. I prefer avast! to be in charge in keeping me safe on the net. :)
KUDOS TO THE 'NTH POWER ON THIS ONE!!!
Id even enable the WebRep tool vs using WOT if it wasn't just what users thought of a website. I think that type of 'computing' (leave the old subject of WHY webrep is what it is alone here) can end up more harmful that being infected. If the whole site is only rated by users as good but maintains UNSAFE trackings/cookies/etc., then whats the point of the tool to begin with?
But really Bob... big kudos to your comment. I feel very passionate toward this mentality as well.
-
And it can even be achieved even more comprehensively than with the webrep & WOT combination like with the following examples:
Here we have a three in one resource: http://checkwebsitesafe.net/www/rakhe.com
And if you want more, then here we have over 29 scan resources combined: http://scanurl.net/?u=rakhe.com&uesb=Check+This+URL#results
(launched with one click from a bookmarklet) -> http://scanurl.net/?u=
And for the bob3160 logic? It will come with avast evangelism...
polonus
-
And for the bob3160 logic?
polonus
I would call it common sense, nothing to do with being an 'evangle' or not. That or my status needs to be honorarily upgraded (NOT) cause Iv had that position for some time now... since v2.