Author Topic: You can lead a horse to the water, but you cannot make it use NoScript..  (Read 56222 times)

0 Members and 1 Guest are viewing this topic.

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1432
Whoa you people are high descriptive..lol!!
I agree with polonus that we should have NoScript..For safer browsing..
And I also agree with logos about average users...

The question is what can be done about it >.<"

We should help them to learn what do accept and what not to..
But if that takes too much time to learn instead of doing their business, would it be worth it ???

Gargamel360

  • Guest
Pol's signature says alot about this issue.   "Cybersecurity is more of an attitude than anything else"

Most people I know personally who use a PC, they don't even want to think about security.  These people sometimes are very busy and this is understandable.........but many are simply either daunted by the learning curve or too lazy to learn.  They will not even learn from getting infected,  they think this should be their ISP's responsibility, as that is who takes their money. 

But it is not only the uneducated.
I have a friend who is almost finished with his college courses for a network management degree.  He wont use NoScript.  But he will use FlashBlocker.  The amusing, ironic reason for this........"It speeds up my browsing not having Flash auto-load and play". 
Of course, NoScript would accomplish this same thing with much more security. 




Dch48

  • Guest
Then why doesn't Mozilla include it in the installation of Firefox? That's one of my beefs about FF. If you install it just in it's default state with no addons, it is less secure than IE8 is in it's default installation. Users should not have to look for addons and plugins to secure their browser, they should be included by default. I wouldn't use the addon anyway probably because I wouldn't like dealing with having to manually allow parts of web pages to load. I want to see everything on the page.  I don't even block ads , only popups and cookies which I allow selectively by site.

There are other things about FF that I don't like such as the download interface and the cookies management where I think IE8 is far better. I also have never found it to be any faster.

IE8 is a piece of crap, period, if you can't see it you got a problem, or problems ???
Why Firefox doesn't include NS, well first because the NS developer doesn't work for Mozilla, and second even if there was an agreement most IE users like you would get lost with NS when trying Firefox.
 As to IE being more secure than FF default config, what are you smoking ??? FF doesn't write entries to the registry while browsing, FF does't use these freaking activeX things, one of the biggest source of potential malware on the internet, interacting directly with your operating system. Rare silently installed extensions in Firefox (previous versions >>> 2.0) from bad sites (became impossible now btw, while browsing), didn't affect the OS, just the browser.
 There's something that I hat more than IE in this world, it's the guys promoting it and talking BS about Firefox. Firefox was, is, and will be the more secure browser of all times. Now ****, thanks.

ps:on a side note, FF might be currently twice slower than Chrome, but guess what, IE8 is twice slower than FF ::) as to the interface if Internet Explorer, it's hardly better than what it was 10 years ago, everything in it is completely outdated, the whole interface is a failure, favorites, downloads, settings etc...

@ the others: I'm a long time NS user >>> NS is not for everyone, that's a fact. Live with it. Put NS in the hands of an average user is to some extent like doing the same with a HIPS (to some extent...). They wouldn't know what to answer.
I couldn't agree less. I would very well know how to use NS but just like HIPS, I don't want to be bothered with it. There also is nothing wrong with the interfaces of IE, they are more developed and useful than the comparatively rudimentary ones of FF and Chrome. Only Opera comes close in the UI aspect. The FF download process is hideous and Chrome is even worse and the favorites UI in IE is also the best and most easily managed. The favorites control in FF was one of the main things that has caused every version I have tried to last less than an hour on my machine.
Another thing is that cleanup utilities like CCleaner all work better with IE than with the other browsers and no other browser gives me the ease of cookie management that IE does.  
Yes, IE8 in it's default installation is more secure than FF is in it's default. This is just proven fact. Firefox is no more secure and never has been as shown by the fact that it was rated as the most insecure program in existence for the year of 2008 and has had to be patched on a regular basis ever since. It gets attacked just as much as IE and so does Chrome.
There also is nothing wrong with Active X. It is one of the biggest boons to computer users and software developers that exists. It enhances the computer experience in the same way that things like flash, java, and the new html5 do. Hackers will find a way to attack anything that's in common usage but the vulnerabilities are quickly and successfully patched in ALL applications.
IE8 is no slower than FF for me in the way I browse, in fact in some instances it is noticeably faster and in none is it noticeably slower.
The integration of IE into the OS is not a mistake, it is a stroke of genius and again , a boon to computer users and developers. Programs that use internal updaters to keep them current all use the internal settings of IE to do so. This eliminates the need for their developers to write much more involved routines, keeps development time and cost down and in the end, benefits everyone, including the makers of the alternative browsers.

Yeah, things like HIPS, sandboxing, and NS might make you more secure or at least make you feel that way, but I choose to use none of them because I want to retain free, easy, enjoyable and uncluttered usage of my computer. In my 11 years on line, I have never been hacked by anyone, or infected by anything more serious than some harmless adware that was easily removed. I want to see everything that a website's developer has on their page without having to click to allow this or that. Sometimes the ads are more interesting than the page itself. Paranoia runs deep, but not in my house.

If was running a business, then yes, I'd want some of the other layers of security, but as a home user who just browses the same sites every day for the most part and plays the occasional game and receives a very minimal amount of email, I just don't need or want all that crap.
I am convinced that installing all these "layers of security" is the prime cause of complaints about broken applications and bad updates. I constantly see posts from people with all these things installed about incompatibilities and crashes and reformats. I never have any of those problems and I'm convinced it's because I keep my security software to a minimum and also because I use Microsoft applications whenever possible to do what I want to do. If there is something I want to do and there's a MS app that does it, I will almost always choose that option because I feel there will be much less chance of conflicts or instabilities. Give me IE, Media Player (with a few added codecs), Outlook Express/Windows Mail, etc. The only open source program I really like is 7-Zip. In fact I think it's the only one I use but I did change the hideous icons it uses to ones that are much nicer.

Dch48

  • Guest
Pol's signature says alot about this issue.   "Cybersecurity is more of an attitude than anything else"

Most people I know personally who use a PC, they don't even want to think about security.  These people sometimes are very busy and this is understandable.........but many are simply either daunted by the learning curve or too lazy to learn.  They will not even learn from getting infected,  they think this should be their ISP's responsibility, as that is who takes their money. 

But it is not only the uneducated.
I have a friend who is almost finished with his college courses for a network management degree.  He wont use NoScript.  But he will use FlashBlocker.  The amusing, ironic reason for this........"It speeds up my browsing not having Flash auto-load and play". 
Of course, NoScript would accomplish this same thing with much more security. 




There is also the philosophy of not letting the actions of a collection of pond scum detract from your enjoyment of the computer experience. Just use a good AV and a firewall and bravely venture forth into the not nearly as dangerous as some would have you think world of cyberspace. Don't give in to terrorists who want to take all the fun out of things

Gargamel360

  • Guest
Nice "article" ;)

There is a lot to be said about conflicting/overaggressive apps being worse for your system than any virus, for sure.  And there is certainly plenty of hype in the on-or-offline security business.
Malware writers do not seem to fit the definition of "terrorist", however.  They don't want to scare people at all, they want to lull them into a false sense of security then strike for profit, for the most part.  To defend myself is not "giving in", imo.  
And if you look at my sig, you will not see some "security hydra", it is fairly simple.  Running NoScript precludes the need of anymore security, for me. 


Perhaps you should start a different thread?  Title it, "An Ode to MS"?,  "In Defense of I.E."? ,  
 or "A Synopsis of My Preferred Methods of Computing and Internet Security"?
« Last Edit: June 26, 2010, 10:43:48 PM by Gargamel360 »

Dch48

  • Guest
I do like the CommonSense v2010. More people should download that one.

Gargamel360

  • Guest
If I could, I would support mass-distribution.

You never need to update, no bandwidth/connection restrictions apply, no end-user agreement, DRM free!
Unfortunately, many humans are incompatible. Common Sense will cause a system wide mental crash in these individuals, as they are unable to grasp cause&effect.  This is a very common problem with Redneck systems ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi folks.

Quote from Dch48
Quote
... just use a good AV and a firewall and bravely venture forth into the not nearly as dangerous as some would have you think world of cyberspace. Don't give in to terrorists who want to take all the fun out of things...
. Well you soon come to think a tiny bit differently after a virut file infector infection and there is no other option left than total recall of the machine in question (especially if it is the less secure XP SP3!) or even worse on Intranet, in such a case you thank NS and it's developer Giorgio Maone, that the malcode did not have had any chance on your machine, also a Virtumonde infection could make you look different at the issue. The trouble of asking an eliminator for a ComboScript anti-malcode cleansing is not something you like to welcome, and do you ever trust a compromised comp again? With a reputable website infested with malcode every 3,6 secs some form of in-browser security is not an idle precaution, and then why not go for the best around? There are still so many users that say an infested machine, well this will not happen for me. I came to join these forums here after I lost an OS and had to reformat after running into a malcreant's creation and after what I learned here I only had some couple of tracking cookies period, I swore this would not happen again and even I am not totally immune, but with NS installed I come very, very close!

polonus
« Last Edit: June 26, 2010, 11:55:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Even if I would have to reformat because of an infection it wouldn't be a big deal. I back up the things I don't want to lose just in case. This includes all my documents, pictures, Installers, and drivers. I have a Windows XP disk as well as the recovery disks for the machine which would reinstall the XP Media center Edition and all the trial stuff that came with the computer. I'd much rather just use the XP Pro Disk I was kindly given by a friend and that I used for my current installation. Within a few hours, I'd be back up to speed with nothing lost but the time, which I have plenty of. It would actually give me something to do for a day  ;D. I've only had to reformat because of a problem twice in 11 years and both times it was caused by me fooling around with settings of Windows on the advice of so called experts who told me I should do it to improve performance. You can understand why I don't trust those kinds of people much any more. I fully realize that I may not be as protected as I could be but I have chosen greater usability and convenience over some of that. As far as XP goes, the other machine here has Vista and we both don't like it so until I buy a new machine with W7, I'm satisfied with XP.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi Dch48,

You're entitled to your opinion, only it is not my world.
I like to use to upgrade and patch also third party software and use a minimum of layered defense,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
1. If I could, I would support mass-distribution.

2. You never need to update, no bandwidth/connection restrictions apply, no end-user agreement, DRM free!
Unfortunately, many humans are incompatible. Common Sense will cause a system wide mental crash in these individuals, as they are unable to grasp cause&effect.  This is a very common problem with Redneck systems ;)

1. It's a sad fact, that this will never happen... ;)
2. ;D
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

SafeSurf

  • Guest
I like to use to upgrade and patch also third party software and use a minimum of layered defense.
+1

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1432
Those who wants more security sometimes would make their system become a slave itself and the most funny one
People who don't care about security, don't update their security software and surf carelessly >_>

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi malware fighters,

Fortunately something is changing, and I like to believe a relevant cause has been
* 1 the pioneering role of NoScript, which dispelled the myth that nothing could be done about XSS and CSRF on the client side: IE8, for instance, contains an Anti-XSS filter which is pretty much a copy of the one introduced by NoScript, albeit less effective than the original ;) ,
*2 Electronic Frontier Foundation came up with: https://www.eff.org/https-everywhere 
of which Giorgio Maone says:
Quote
80% of its code is duplicated almost verbatim from NoScript. For the same reason, if you're not a NoScript user, you may want to try it because its code is very good, even though I can't guarantee about future maintenance
the developer of HTTPS-everywhere, mik33mik, may say something about this?
*3 Fx *indisputably* becomes the safest browser on the market OOB, at least, if NS is turned on or on by default. Such overwhelming superiority, already supported by the US Dept. of Homeland Security's Computer Emergency Readiness Team, would be a *huge* selling point to the increasingly-scared public,

So I stick to my opinion on the use of NS inside a Mozilla browser, notwithstanding what non-arguments some may throw at me and the others here in this thread,

polonus




Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
I couldn't agree less etc...

there's not much that you know about computers hey...but I won't argue again, it's pointless to argue with someone who doesn't know anything, and refuses to learn anything. Could be that you're just lying, as all your statements are false...but I doubt it, you're just completely blind...I see you're running an "home basic" version of Windows on a system (  ::) ) >>> keep on turning the switch of your PC as if you were turning on your TV and enjoy the show, it's probably worth it ::)