Author Topic: You can lead a horse to the water, but you cannot make it use NoScript..  (Read 57228 times)

0 Members and 1 Guest are viewing this topic.

Offline gautam7

  • Full Member
  • ***
  • Posts: 193
hi everyone. its a very interesting topic. sounds like i should use NS. so added it to my FF. but after some days of use i realise its very difficult to use, dont know what to allow and what to reject. so allowed script globally, i think it still protect me from some other form of attack. but can anyone post some link so that i can learn what scripts to allow and what to reject.  ;D
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi gautam7,

Here you get all the info you want to have: http://noscript.net/features
I really leave the NS active until I need some specific code activity on a page for I want that functionality on that particular webpage or part of the webpage, and then allow the main domain only, also use RequestPolicy and allow for the main domain only or subdomains for a particular googleapi to function (for instance with unmasked parasites I need three clicks- two allows with NS and 1 allow with RP) for a functionality when wanted. I have not created any whitelist because you never know when a reputable site could be hacked and could run malicious JavaScript the next instant (yes that is the overall insecure situation on the Internet now, and I haven't heard anything to suspect that is going to change soon or overnight) or other from a hidden inline injection or i Frame or malicious ad code that was altered by a malcreant, and one cannot always trust the webmaster to find out his web making tools or programs have bugs and these have been exploited, so what seems fine the one minute can render a drive-by-download or a fake-codec or a malscript infection the next. And that is precisely why I feel better having NoScript extension inside the Mozilla browser, some more clicks to perform on the NS icon or the RP flag, but so much more control over your browser security and protection against eventual malcode script or content. Find the way to toggle it and it will fit you like the protective glove fits the anti-malware knight...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
The intriguing thing is that I do not have Java on my system at all, and I notice no loss of functionality

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi essexboy,

We are talking about javascript and that is a completely different script as java is (although related in some sense qua development). I have not spotted a website without some javascript there, so also some hidden possibilty for script-danger! Anyway it is a good idea to minimalize on services that one does not need on a computer because that would also make the attack surface smaller, there I agree with you.
Main crux of the malcode problem is javascript, just leaf through all the exploits given at unmasked parasites and you get 100 out of 100, why else use jsunpack to analyze - it is analyzing javascript, and at wepawet you analyze again javascript!. What to do on a page with an ICF score of 248 - javascript links here 44, inline styles 79, inline events 125, onclick 61, onsubmit 1, onchange 3, onmouseout 29, onmouseover 29, onkeyup 1, onselect 1, and well that is excactly the page you are watching at the moment, and there are pages with scores of thousands. I know this page also known as forum.avast.com is secure at this moment in time and suspect that to be in the coming future, but could you know that for certain for any page you'd visit with your browser?

polonus
« Last Edit: June 27, 2010, 06:48:55 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
I couldn't agree less etc...

there's not much that you know about computers hey...but I won't argue again, it's pointless to argue with someone who doesn't know anything, and refuses to learn anything. Could be that you're just lying, as all your statements are false...but I doubt it, you're just completely blind...I see you're running an "home basic" version of Windows on a system (  ::) ) >>> keep on turning the switch of your PC as if you were turning on your TV and enjoy the show, it's probably worth it ::)
You're an arrogant %^&$. I know a heck of a lot more than you think. I choose to run my systems the way I want to get the maximum ease of use out of them and don't allow myself to be boxed in behind walls that are unnecessary 99.9999% of the time. My statements are all true and documented in my personal use or in readily available documents. The one system is running Vista Home Basic because that's what it came with and is sufficient for that users needs. The only thing it can't do is run Aero, big deal. There certainly is no need to spend the money for a different version of the OS. I learn as much as I need to know to do what I want to do. I could learn the rest since my IQ is over 160 but I don't feel the need to bother with it.
« Last Edit: June 27, 2010, 06:58:22 PM by Dch48 »

Dch48

  • Guest
The intriguing thing is that I do not have Java on my system at all, and I notice no loss of functionality
You would if you went to a site that requires the java runtime. Sites like Yahoo games where my ladyfriend here spends most of her time  ;D. (and never gets infected btw).

Hermite15

  • Guest
oh the IQ argument, how did you measure it, counting peas?  ;D ...keep counting, you might reach a better score :D ...not even mentioning that IQ numbers are one of the worse existing form of investigation of all times...concerning intelligence. So that doesn't concern you anyway :D

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi Dch48,

Why did you come to troll this thread? You certainly have made your point now that using an MS computer a la default with their blue e browser is all you average users need to be fully protected, and that what others try to scare you into is just a lot of crap and baloney. So that should be sufficient, let others think differently, you have not convinced me,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Alan Baxter

  • Guest
hi everyone. its a very interesting topic. sounds like i should use NS. so added it to my FF. but after some days of use i realise its very difficult to use, dont know what to allow and what to reject. so allowed script globally, i think it still protect me from some other form of attack. but can anyone post some link so that i can learn what scripts to allow and what to reject.  ;D

Here you get all the info you want to have: http://noscript.net/features

This may help too.
NOSCRIPT QUICK START GUIDE FOR BEGINNERS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi Alan Baxter,

Thanks for the assist and the link, my friend,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Hi Dch48,

Why did you come to troll this thread? You certainly have made your point now that using an MS computer a la default with their blue e browser is all you average users need to be fully protected, and that what others try to scare you into is just a lot of crap and baloney. So that should be sufficient, let others think differently, you have not convinced me,

polonus
I am not "trolling" anything. I'm just expressing my opinion that a lot of things are not necessary for the average computer user and I never said that what I do leaves me "fully protected". To the contrary, I acknowledged that maybe it doesn't but that in my experience so far, I have not needed any more security that what I have used. Maybe my main point is that you don't need Firefox and it's isn't the impregnable fortress it's made out to be. The truth is very far from that when you see how many patch cycles it has and read about the problems many people have with it. Just as many patches as IE from what I can see and more usability problems. I'm also not trying to convince anybody of anything, just presenting an alternative viewpoint.
« Last Edit: June 27, 2010, 07:09:13 PM by Dch48 »

Gargamel360

  • Guest
@Dch

This is not about I.E. being less safe than Firefox.
 It is about Firefox or any other compatible Mozilla browser being more safe, or even the most safe, when running NoScript.
 As pointed out previously, I.E. is already taking pages from NoScript's book.  I would not begrudge this as anything MS does
 to fortify their integrated browser is a good thing for the user. 
 Imitation being the highest form of flattery,  MS has paid a quiet compliment to NoScript.

 Ironically enough, you are beginning to embody the title of this thread. :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi Dch48,

It felt very familiar and it reminded me of a certain member this forums has lost in the past at least he disappeared, he had a similar story and wrapped that in some technical data that he had cooked up on some website himself.
But why not close this discussion once and for all, have NS inside IE and compare that with IE without NS and see what browser is more secure? The developer even offered to bring out an IE version, it was rejected. And I think I know why it was rejected, same reason why adblockers aren't inside browsers by default, it interferes with the money-making schemes of the trackers and profilers when the larger masses would claim the use of their browsers back from them. So we are only a very small security aware niche of the Internet world, so why fulminate against us, you at least admitted browsing as you do does not protect you fully, browsing with NS installed in the browser protects one hundred procent, whatever browser, Firefox has nothing to do with that, I have installed NS in flock and I use that at this moment,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Just one question. How would I know if was making me any more secure if all it wanted to block were things that were perfectly safe? That was my experience in a year of using the HIPS component of Comodo. It never actually found anything that was malicious but just wanted to alert me to actions (necessary actions) being taken by safe applications. It just got too tiresome to bother with (especially when anything needed to be updated like World of Warcraft which I am addicted to  ;D) and No Script sounds like more of the same to me. Things like it and HIPS would be fine if they had an extensive whitelist that was kept up to date but unfortunately that doesn't seem to be the case. I guess I'm just a fan of the default-allow approach to security.

I'm 62 now and I have always been an avid video gamer since the days of PONG and even before that with the DOS text adventures (of which I wrote a few myself). I used to do a lot of programming (games and even disk utilities) back in the days of Gbasic and even some assembly and machine language but when things moved into 16 and then 32 bit and then Visual basic and Windows, what had been an enjoyable hobby became too much of a chore and I gave it up. I'm hardly the computer illiterate some people seem to think. I just choose how much I want to concern myself with.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Hi Dch48,

I was a qualified administrator of Windows NT4, and I was not aware then that there are some 1400 killbits installed with ActiveX in IE, so the actual danger that comes with using a browser is phenomenal in impact. So all that is in the browser that is perfectly safe and can be abused is enormous, else we won't have a perfectly reputable website hack every 3,6 secs. Code is safe when it comes from google-analytics, but when it comes from google-anatytics it is very unsfave, because that domain was set up somewhere in "Beravia" and re-directs to Fake-av for instance, this is only one of thousands and thousands, no millions of possibilities against which NS protects,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!