Author Topic: HTTPS Everywhere Atlas  (Read 13413 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
HTTPS Everywhere Atlas
« on: April 19, 2013, 06:15:20 PM »
I checked on adblade dot .com because of this particular WOT review: http://www.webutation.net/go/review/adblade.com
See: http://www.mywot.com/en/scorecard/adblade.com?utm_source=addon&utm_content=popup-donuts
This is a known adware tracker. Then I stumbled upon this interesting information:
https://www.eff.org/https-everywhere/atlas/domains/adblade.com.html

Some here use HTTPS Everywhere.
Some avast users do not, because avast does deep scans into http,
and so on https you miss some of that accurate  avast malweb protection.

I think to know that DavidR does not enforce HTTPS on http websites for this particular reason.
Correct me if I am wrong.

Anyway it is good to use the atlas to see what mixed content could be considered  insecure and is rewritten.

Of course NoScript and RequestPolicy extensions could also help greatly to keep such insecurities at bay.

Like to hear your opinion or get your feedback, my dear forum users....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #1 on: April 19, 2013, 06:21:41 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7170
  • When you think you know, Think Again
Re: HTTPS Everywhere Atlas
« Reply #2 on: April 19, 2013, 06:37:12 PM »
Thanks Polonus.
I use 'https everywhere' and have read similar information.
I view it as an either/or situation. Possibly good in some situations and not in others.
But this is just a comment from someone who is not an expert on such matters. ;)
« Last Edit: April 19, 2013, 06:41:57 PM by schmidthouse »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: HTTPS Everywhere Atlas
« Reply #3 on: April 19, 2013, 06:40:17 PM »
Like David, it's a tool I don't use. I prefer avast! to be in charge in keeping me safe on the net. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #4 on: April 19, 2013, 09:53:43 PM »
Thanks for your contributions - schmidthouse and bob3160. What I like about such threads like this one is that users can make up their own point of view. The pro's and contras can be clearly defined and  lined up and one could decide. The https protocol can be a secure one as such, but the mix of secure and insecure content could mean a disadvantage. In that case the http protocol secured is an alternative to be preferred. With pre-scanning, various web rep guideline add-ons, script blocking, the blocking of third party (suspicious or malicious) requests, the added protection of both avast! Web- and Network Shields, google safebrowsing, Malware Script Detector and firekeeper (with recent Malware Patrol - Block List - http://www.malwarepatrol.net #   List for FireKeeper enabled) and on top the protection of Exploit Shield 0.9.1. I am quite confident I can steer away from harm that could originate from http sites,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: HTTPS Everywhere Atlas
« Reply #5 on: April 19, 2013, 10:12:30 PM »
Thanks Polonus.
I use 'https everywhere' and have read similar information.
I view it as an either/or situation. Possibly good in some situations and not in others.
But this is just a comment from someone who is not an expert on such matters. ;)

I don't think it is good in any situation, if a site is set to use https then fine, but forcing it everywhere is crazy as you have totally disabled the web shields protection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #6 on: April 19, 2013, 10:33:25 PM »
Hi DavidR,

That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.

So enforcing https where it should not be done is an overreaction to say the least,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: HTTPS Everywhere Atlas
« Reply #7 on: April 19, 2013, 10:37:41 PM »
Hi DavidR,

That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.

So enforcing https where it should not be done is an overreaction to say the least,

polonus
Which reiterates that a program like this can actually do more harm than good if you're using avast!.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #8 on: April 19, 2013, 10:44:26 PM »
Hi bob3160,

We could take this a step further even. Would you agree when we state that HTTPS Everywhere could mean a clear security risk that should not be taken lightly - a lot of "bogus" HTTPS feel of security which actually as we look into the real protection of it  could be termed as  "Snake Oil Security"?

pol

P.S. Think Kill Evil on Google Chrome makes more sense for the average user that does not yet use NotScript: http://lifehacker.com/5903630/kill-evil-gets-rid-of-annoying-javascript-tweaks-all-over-the-web (extension could also be used additionally)
« Last Edit: April 19, 2013, 10:51:38 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: HTTPS Everywhere Atlas
« Reply #9 on: April 19, 2013, 10:51:21 PM »
I think you've answered your own question. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: HTTPS Everywhere Atlas
« Reply #10 on: April 20, 2013, 12:16:42 AM »
Hi DavidR,

That is clear and I cannot but agree with you on these very points. Why degrade the https protocol to sites where it never was meant to be implemented?
And more important avast! shield detection is a main security feature and has saved many a user from getting into contact with malcode by blocking malicious website URIs or block connecting out to certain infested IPs.

So enforcing https where it should not be done is an overreaction to say the least,

polonus

I don't get where you think I/we disagree ?

I have said the only circumstance where https should be used is for sites that are specifically set up to use https, banking, logon, etc. Under no circumstances do I believe regular http sites should be forced to use https as it degrades the avast protection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: HTTPS Everywhere Atlas
« Reply #11 on: April 20, 2013, 01:45:01 AM »
no idea what's Kill Evil ... no screenshot, barely any users...

for Chrome / Chromium browsers I use ScripSafe
https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
I definitely like ScripSafe, sometimes feels way better than FF's NoScript

ScriptSafe is evolution of now 'abandoned' NotScripts (which was try to recreate NoScript for Chrome)
see http://code.google.com/p/notscripts/ and https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en

for Opera I use NotScripts (sadly ScriptSafe isn't for Opera)
https://addons.opera.com/en/extensions/details/notscripts/

and as bonus Ghostery, WOT, webRep in both browsers


« Last Edit: April 20, 2013, 10:16:31 AM by Dwarden »
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #12 on: April 20, 2013, 02:27:56 PM »
What Kill Evil does is to  remove or disable the following annoyances on all pages (except those you whitelist):

  - oncontextmenu (aka "HOW DO I DISABLED RIGHT CLICK")
  - window.print (for "print version" pages that assume you actually want to kill some trees and interrupt you with a dialog)
  - getSelection and onselectstart/onmousedown (pages that attempt to prevent copying, pop up "definition" links, or even send back everything you select to a tracking server)
  - oncut/copy/paste (another way pages can try to interfere with your clipboard)
  - window move/resize functions (no one else should be able to dictate the geometry of your window)
  - the TARGET attribute on links to open a new tab (I feel *very* strongly about this one: if I want a new tab, I will click with the middle mouse button or use the context menu. Otherwise, I will not.)
  - More things if I think of them later/you suggest them
Remember to whitelist sites it may be able to cripple...

Thanks for the link to ScriptSafe. There has been so much here on the forums that added to my security awareness.
Really amazing, and we learn here every day as this is an ongoing security education,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTTPS Everywhere Atlas
« Reply #13 on: April 20, 2013, 02:57:01 PM »
Hi Dwarden,

Like this ScriptSafe a lot and it combines beautifully with NotScripts,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: HTTPS Everywhere Atlas
« Reply #14 on: April 20, 2013, 03:02:24 PM »
Hi Dwarden,

Like this ScriptSafe a lot and it combines beautifully with NotScripts,

Damian

Trouble is we can't used ScriptSafe with FF this add-on only support for Chrome browser :'(
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip