Author Topic: You can lead a horse to the water, but you cannot make it use NoScript..  (Read 56216 times)

0 Members and 1 Guest are viewing this topic.

Hermite15

  • Guest
hi Polonus,

what do you mean:
Quote
a compatibility update has been applied

where? how? I just can't install it, and the new add-on manager rejects any xpi dropped in, even after modifying the latest build max version. May be I should roll back to ff 4.0 beta1...but again, where's this NS update mentioned?

edit: okay my bad, I should never have installed 4.0b2pre (nightly latest trunk) in the first place, NS runs on 4.0 beta1 ;D
« Last Edit: June 29, 2010, 08:32:47 PM by Logos »

DukeNukem

  • Guest
You can have multiple layers of security but where do you draw the line?

I feel Nscript is just another layer that has a bit of potential to prevent harm and on paper looks great but it is straying over the line.

The whitelist approach in my view is overkill since it requires user interaction and still doesnt avoid the possibility of harm if the user allows a malicious site or an already added site is hacked.

With ot without the risk remains and from my point of view I have been a happy firefox user for so long that I am confident noscript will not be beneficial for my needs.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi DukeNukem,

This is something that is just a mistaken qualification and a gross understatement as I quote you here:
Quote
has a bit of potential to prevent harm
as it protects against all malscript (even if the user allows something and it is blocked it protects by the default settings). Wrong whitelisting (a thing I would not do myself or feel comfortable with) is therefore hardly an issue. If not NS what other in-browser protection do you have than expressing the hope that the developer of your browser of choice has patched all holes and bugs (he probably is not even aware what exploits are still open to abuse even with a complete team- re: the disclosure of the last exploit by Google). Web server tools' and programs' security maybe completely out of your user hands, because the webmaster may not have the full update and patch routine that is required of him and the page may be hacked or he is lucky it has not already happened with his PHP code or older version of Joomla or an insecure iFrame add or XSS hack, non-educated webmaster may endanger the online environment ( + social browsing insecurities where average users are unaware of the threats that lure for their blogs etc. or a hosting firm that allows insecurities or does not seem to be interested, just cash in on the services and spam they render). Then just to rely on one resident av solution and an additional anti-malware on demand scanner is a bit meager security to my opinion, and then with avast we have at least the shields.
Browsers by default are insecure instruments. If a browser was just a tool for viewing rich text format, there would not be any danger and we would not have any discussion, but we need more and more functionality and code and so threats come to play an important role. With the complexity of java script and Ajax and all sorts of other scripts, obfuscation and code protection etc. and the way malcode can be fed to the browser in obfuscated packed bits and pieces, I would not feel secure without the additional protection of NS inside the browser, because it never fails to work. And whatever you write to reject it, does not impress me one bit because it is not based on facts, it is just a subjective feeling and I never trusted emotions and feelings in life and also not with browser security,

polonus
« Last Edit: June 29, 2010, 10:59:20 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Logos,

That it says in my Add-ons drop-box in my flock browser, before checked NS 1.9.9.97, now it is just without notice there,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Hi Logos,

That it says in my Add-ons drop-box in my flock browser, before checked NS 1.9.9.97, now it is just without notice there,

polonus

oh okay so you're not testing ff4...

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Logos,

If I had a comp of my own yet, I would, the old acer XP SP3 had to be turned into an external hard drive in a separate casing with autonomous feed because I lost the MOBO because of leaking "tor"s of the original comp, but at the moment my dear wife lets me use her Vista laptop, so she is on Fx and I use flock on her machine.
When the new "ordinateur" is there, I will let you know about test results,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Hi Logos,

If I had a comp of my own yet, I would, the old acer XP SP3 had to be turned into an external hard drive in a separate casing with autonomous feed because I lost the MOBO because of leaking "tor"s of the original comp, but at the moment my dear wife lets me use her Vista laptop, so she is on Fx and I use flock on her machine.
When the new "ordinateur" is there, I will let you know about test results,

pol

okay chances are that I'll let you know first because as said I'm on it already ;) ...but of course I'm interested about your opinion. Much announced stuff as seen on that video:
http://www.youtube.com/watch?v=HmgtW2Iw-kE

...hasn't been implemented yet. The new add-ons manager is there, and the ability to have tabs on top.
« Last Edit: June 30, 2010, 12:22:07 AM by Logos »

DukeNukem

  • Guest
And whatever you write to reject it, does not impress me one bit because it is not based on facts, it is just a subjective feeling and I never trusted emotions and feelings in life and also not with browser security,


I feel Nscript is .....
..in my view is overkill...
...and from my point of view
.... not be beneficial for my needs.

It is plain obvious I am expressing my views and much of what I write is my opinion.

However you just contradicted yourself.

"I would not feel secure without the additional protection of NS inside the browser"

You only use noscript because it makes you feel secure, that says it all really.
 
Noscript is not a necessity for safe browsing, as you clearly demonstate with your above statement and you are overhyping its use.

Why have i not had any problems with firefox during the many years i have been using it?

Hermite15

  • Guest
it's not just about malware. You may indeed browse safely and live well without noscript, although s**t can happen, on hacked sites (legit sites whose owner aren't aware they got hacked), and NS would protect, but that was not my point here: my point is that AB+ like NoScript have one point in common: they block the ad and stat (-ware) channels; they avoid you to be tracked indefinitely...and privacy matters. The one hundred percent privacy shield doesn't exist yet, and hey you still need to browse the Internet, but NS can reduce the impact, and does in fact continuously reduce the impact of unwanted traffic, intrusions etc...nothing that could harm your system, but still, I do mind. You can browse the web with NS and be blocking thousands of useless crap without you noticing any loss of "relevant" info through the pages you visit.
 There's a downside, without that crap, no free internet. But too much is too much...do a test, run Fiddler2 (Microsoft) and see the traffic with NS/AB+ and then without...see the tracking at work, that's purely disgusting. Now if you don't mind "double click" and "analytics" etc... watching behind your back - and that's no paranoia, that's exactly what they do - so if you're unaware, or if you don't mind or may be if you can just look the other way and smile stupidly (nothing personal), then indeed, Noscript is not for you.

 
« Last Edit: July 01, 2010, 12:41:57 AM by Logos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Logos and also to the critical,

There is another benefit of having NS inside the Mozilla browser (also in combination with ABP and RP)- that is that the web pages load faster, a lot faster because that script that is blocked does not have to load (do you know what tons of ad-tracking code you do not have to load into your browser then?), and what Logos says is so true, if you look at the sites with ghostery you will see how many trackers some pages have 6 or 7 ad trackers per page is just customary, and even if you delete your session cookies the flash Super cookie set them back the next time you come to visit there, and what if they combine all these unique tracking code they have a fairly accurate profile of you and will exactly know if your the type that will eat your peanut butter with crunches or without, just to mention the trivial characteristics, but what about things you would not like to admit even to yourself?

polonus


« Last Edit: June 30, 2010, 11:12:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Quote
they have a fairly accurate profile of you and will exactly know if your the type that will eat your peanut butter with crunches or without
It this results in them sending me a discount for my favorite peanut butter, I'd be very happy. :)

As for "things you would not like to admit even to yourself", they are still out there and hiding them from yourself, doesn't make them
go away or less embarrassing.
If you don't want bad things out there, don't do them in the first place.
Something Tiger should have practiced.  :'(


Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi bob3160,

Right you are, I spotted that little gate when I visited Rotterdam last, and if kids could pass it without having to tuck their heads into their shoulders they would get an ice cream totally for free, maybe you get your peanut butter with little real chunks of peanut. I like peanut butter as a spread and hot peanut sauce with Chinese dishes is my favorite dish,

polonus

Some free peanut butter attached.... ;D

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Actually I don't much care for peanut butter and never have so collect away.  lol
I never ate the stuff as a kid. It  just stuck the bread to the roof of my mouth and made it nearly impossible to swallow.  ;D
« Last Edit: July 01, 2010, 01:42:33 AM by Dch48 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
...and even if you delete your session cookies the flash Super cookie set them back the next time you come to visit there...

A short OT...
Better Privacy takes care of this..!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

SafeSurf

  • Guest
Better Privacy takes care of this..!

+1   BP is another add-on for FF I couldn't live without to get rid of those LSO's!