Hi malware fighters,
Let us turn back to the topic of this thread and maybe all works better if I start to tell you a real life story. So there is that piece of obfuscated malware code that is wanting access to your browser. He wears dark glasses because he is obfuscated code and he has a weird knitted polo because they made him wear it with sixteen packers to go under any AV radar and online scanners, he feels mighty important because he was bought by cyber criminals and put online at a server somewhere in Malkodovia by a scriptkiddie that used a specific toolkit to do this. "Hello, I am here I want entrance to your browser" (thinking - and via your browser access to your computer and your OS if there is a chance). The browser user, Mr. PEBKAC has sent a request for me, and here I am standing in front of port 80 (you have a service there that when I can walk straight under through that gate without bending I am entitled to some free candy I came to collect, your specific cookie and other data). "OK", says the browser but before we can lead you further, you have to pass little gate with port number 12080, that is the avast shield to check if you are OK". "Sure I am OK, have the latest obfuscated code tested at our own maltest scanners, I am fullproof scam adcode", think (I will go unnoticed here, no signature, no heuristic to touch me). "We let you pass for now", say the browser officials. "Nice I aam happy to run, no one to interfere, my certificate is self made, the exploit room has been opened for me "So I can run and do my job here?". Now that could be a plausible scenario for any browser, even Fx, but not if you had NS installed. What then? Mr. PEBKAC now only allows secure code to run, NS is standing at the door and does not let any insecure code in like a bouncer, not even when it wears a tie and gloves and gets specifically nervous when it has sunglasses or weird unpacker-clothes. "Only Mr. PEBKAC may allow you in and if he allows you my settings will even prevent you from entering, you are suspicious"; says NoScript, reading his instructions he got from developer Giorgio Maone and settings he got from Mr. PEBKAC.. Now Mr. PEBKAC the wiser browser owner also has RequestPolicy extension installed and your request came from the Malkodovia server who does not have anything to do with the main domain, so you are blocked, and we even have a subsituted adcode for that that you pose as you, provided by courtesy of Mr. NoScript.
Mr. PEBKAC was totally unaware what went on under the hood of his browser with NS active, and if he could he could, he would smile and write this little true life story,
polonus
