Author Topic: You can lead a horse to the water, but you cannot make it use NoScript..  (Read 57273 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Hi malware fighters and users of NS,

Here I have got permission of Tom T., moderator of the NoScript forum to eventually link to his posts there for your convenience under the conditions he wrote in his reply to our post here: http://forums.informaction.com/viewtopic.php?f=8&t=4571#p19472
I am so grateful for having so many dear friends both here and on the NS forums,

polonus/luntrus
(malware fighter- avast evangelist & propagator of the use of the NoScript extension)

P.S. Also thanks to Alan Baxter, both forum member here and on the NS forum for making me so welcome there,

Damian
« Last Edit: June 26, 2010, 02:43:27 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
NoScript has got some extra coding that no one knows what it is for

This is what people over at K-Meleon, another Gecko based browser, told me

But I am not sure

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76031
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Now the problem is educating others to get them to use it.  So we spread the word.

Well spoken, SafeSurf...!! And sure we will spread the word... ;)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Alan Baxter

  • Guest
NoScript has got some extra coding that no one knows what it is for

I don't think it's a good idea for you to repeat FUD like that, Chris.  Please post specific information that can be substantiated and investigated.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76031
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
@ the others: I'm a long time NS user >>> NS is not for everyone, that's a fact. Live with it. Put NS in the hands of an average user is to some extent like doing the same with a HIPS (to some extent...). They wouldn't know what to answer.

Well, I think an average user could very well handle it, if he/she is able of reading...
It isn't that hard to handle, imo. The reading would take about 5-10 minutes (at slowest reading level) to get the basic concept.
Btw, Logos, I think you made a very good point regarding IE in you post...!! :)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Alan Baxter

  • Guest
@ the others: I'm a long time NS user >>> NS is not for everyone, that's a fact. Live with it. Put NS in the hands of an average user is to some extent like doing the same with a HIPS (to some extent...). They wouldn't know what to answer.

I agree somewhat, Logos.  There are a couple of usage modes that work around that:

1) Select Allow Scripts Globally.  This is the setting recommended by the developer as being a lot safer than not using NoScript at all.  He says:
http://forums.informaction.com/viewtopic.php?p=19235#p19235
Quote
That said, if you're security minded but you're not a NoScript user, maybe you're not a NoScript user for the wrong reason.
There's this ongoing misconception: "Yes, NoScript gives this protection too, but script blocking is too much an inconvenience so I pass". Well, do you know you can actually have your cake and eat it too?

I think people should be more informed about the fact that whitelist script blocking is default (because it's safer) but it's optional. You can easily turn it to a non-invasive blacklist (Allow scripts globally) and keep all the lots of unique protection features which are completely independent from script blocking, such as anti-XSS, anti-Clickjacking, HTTPS enforcement, ABE and so on.

2) Temporarily Allow scripts to run for the top-level site only without adding any additional permissions for scripts and objects from third-party sites that haven't been whitelisted.  This can be done conveniently by clicking the NoScript toolbar button.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
NoScript has got some extra coding that no one knows what it is for

I don't think it's a good idea for you to repeat FUD like that, Chris.  Please post specific information that can be substantiated and investigated.

I think you can read it here

http://kmeleon.sourceforge.net/forum/read.php?9,99506,page=1

Maybe it is a FUD after all!

These are all dated 2009

http://adblockplus.org/blog/attention-noscript-users

Apology from NoScript

http://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

NoScript=Malware

http://prxbx.com/forums/showthread.php?tid=1357

I wish somebody with enough patience can go through and give a status report.

Should I be concerned?
« Last Edit: June 26, 2010, 05:38:16 PM by Chris Thomas »

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek

Alan Baxter

  • Guest
I wish somebody with enough patience can go through and give a status report.

Should I be concerned?

No.  NoScript's developer made an egregious mistake over a year ago. Because we have such an open community it was quickly corrected.  It's ancient history now.
« Last Edit: June 26, 2010, 05:46:34 PM by Alan Baxter »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76031
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I think you can read it here
http://kmeleon.sourceforge.net/forum/read.php?9,99506,page=1

I followed your link and read the thread...
There are some really ridiculous statements there. ;D
The guys, posting there, are rather funny than anything else... ;)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
I wish somebody with enough patience can go through and give a status report.

Should I be concerned?

No.  NoScript's developer made an egregious mistake over a year ago. Because we have such an open community it was quickly corrected.  It's ancient history now.

Yup, Thanks for the clarifications - Peace of mind  ;)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76031
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I wish somebody with enough patience can go through and give a status report.
Should I be concerned?

Status report: ;)
All links you posted are outdated. (The fight between ABP and NS is well known)
And no, you should not be concerned...!!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
I wish somebody with enough patience can go through and give a status report.
Should I be concerned?

Status report: ;)
All links you posted are outdated. (The fight between ABP and NS is well known)
And no, you should not be concerned...!!
asyn


I had already told that it is dated on 2009 but I had some doubts that all :)

And it is fixed

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76031
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I had already told that it is dated on 2009 but I had some doubts that all :)
And it is fixed

No problem..! ;)
asyn

W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
I've been one more devoted fan of NS for quite a while, and will gladly stay with it.  The only minor problem I've had with it is that sometime recently they must have changed the setup for its XSS protection ... the last 2 or 3 weeks, if I click on a news headline link in My Yahoo to see the full news story, I'll often get that "not permitted" page and have to use the "unsafe load" option. Oddly, that's the only place I ever get that.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent