Author Topic: NoScript Needed? (Read 12670 times)

tonynace · « **on:** June 08, 2012, 06:32:24 PM »

When I run Firefox, do I really need NoScript as well when I am running Avast Internet Security 7 with script shield? I would like to disable it, as it gets really annoying having to give permission after permission to some sites to run scripts. Will I get the same level of protection from Avast?

!Donovan · « **Reply #1 on:** June 08, 2012, 06:52:13 PM »

My opinion is to use NoScript all the time.

If your going to go to some random website, want to use their scripts so their app works, without doing any research on it, then it's better to completely remove NoScript as that is the point of it.

Many websites that you think are harmless might contain malicious iframes that lead to exploits, etc..

NoScript was meant so that you could trust all the sites that are good while blocking others. You do not need to allow an entire site; just the site(s) that you trust and are associated with the app you are trying to use.

The more you use NoScript, the more sites you won't have to worry about "giving permission after permission". The web was made to get information, and information can be given without scripts, so in many cases you don't even have to look at NoScript on a site your getting information from.

tonynace · « **Reply #2 on:** June 08, 2012, 08:46:55 PM »

I've used it for quite a while, and I often visit new web sites. I don't have the time to research what domains are asking for permission, so I usually just click "temporarily allow." But some sites, especially newspapers, come back with even more, and often I don't get to see the content I want unless I hit "allow." I started using Chrome to look at newspapers as this got to be so bothersome. I still like using Firefox, though, because it has some features that Chrome does not. I haven't had any problems so far using Chrome, so either Avast is doing the script protection, Chrome is doing it, or I've just been lucky to not have visited any sites with malicious code.

DavidR · « **Reply #3 on:** June 08, 2012, 09:33:02 PM »

Regardless of my AV protection, I wouldn't be without NoScript. For the most part my regularly visited sites have been allowed, for the most part you shouldn't need to do much research, as you can use temporarily allow all this site.

tonynace · « **Reply #4 on:** June 08, 2012, 10:02:37 PM »

Well, if you're just hitting temporarily allow all the time without checking the domains, isn't that basically overriding it anyway, so what good is it to use it?

Alievitan · « **Reply #5 on:** June 08, 2012, 10:05:13 PM »

http://forum.avast.com/index.php?topic=98764.0

Scriptshield is currently not working for Firefox 12/13, and Chrome 19, but it does work for IE9 and Firefox ESR. Scriptshield is very effective b/c by default it uses a whitelist model, however the temptation to just give temporary permission becomes hassle and security burden. If you look at the breakdown for infected websites you see that traditional scapegoat for malware being porn sites only make up 2.4 percent, with the rest making up overwhelmingly of legitimate websites that were hacked.

http://www.msnbc.msn.com/id/47671318/ns/technology_and_science-tech_and_gadgets/t/surprise-most-dangerous-web-sites-arent-porn-sites/

So the point being if you are dependent on noscript for security, you have to be very very vigilant on what you give permission to b/c nothing is safe (including trusted sites), and a temporary lapse in judgement and temptation to just give temporary privileges for convenience defeats the purpose of using Noscript.

!Donovan · « **Reply #6 on:** June 08, 2012, 10:19:05 PM »

You shouldn't use "Temporarily allow all of this page"

Its better to rather use your knowledge of website names to determine which site's scripts need to be ran in order to get what you want. It would be unwise to do "allow all" if the site was hacked with malicious code injected. Then the site would look normal and have an exploit waiting for you.

Anyways, if lots of the sites you visit for research need scripts then they probably aren't good research sites.

DavidR · « **Reply #7 on:** June 08, 2012, 10:36:34 PM »

Quote from: tonynace on June 08, 2012, 10:02:37 PM

Well, if you're just hitting temporarily allow all the time without checking the domains, isn't that basically overriding it anyway, so what good is it to use it?

I'm not talking about me doing that, but for you when you visit newspaper sites as you say that they are more troublesome, with lots 3rd party site content. As you are already effectively doing that by using Chrome where you don't have the NotScript add-on (chrome version of NoScript).

This is an exception rather than a rule for all sites.

Asyn · « **Reply #8 on:** June 09, 2012, 08:43:43 AM »

Quote from: !Donovan on June 08, 2012, 06:52:13 PM

My opinion is to use NoScript all the time.

+1

Dch48 · « **Reply #9 on:** June 10, 2012, 04:50:17 AM »

I don't use Firefox but if I did, I'm sure I would not use No Script because I don't want to see constant alerts. I think Avast's Script Shield is sufficient.

DavidR · « **Reply #10 on:** June 10, 2012, 01:23:56 PM »

Quote from: Dch48 on June 10, 2012, 04:50:17 AM

I don't use Firefox but if I did, I'm sure I would not use No Script because I don't want to see constant alerts. I think Avast's Script Shield is sufficient.

Great double negative and explains why your answer is totally wrong as you have zero idea how it works.

You don't get constant alerts by NoScript.

SpeedyPC · « **Reply #11 on:** June 10, 2012, 01:35:30 PM »

Quote from: DavidR on June 10, 2012, 01:23:56 PM

Quote from: Dch48 on June 10, 2012, 04:50:17 AM
I don't use Firefox but if I did, I'm sure I would not use No Script because I don't want to see constant alerts. I think Avast's Script Shield is sufficient.

Great double negative and explains why your answer is totally wrong as you have zero idea how it works.

You don't get constant alerts by NoScript.

+1 DavidR is 100% correct Dch48, now we fully understand why you have no dea how NoScript works

HDW38 · « **Reply #12 on:** June 10, 2012, 02:16:18 PM »

Hi!

Until last year i used Firefox and NoScrpt as well and everything was ok. Now I'm using Opera without any add-ons.
Does anybody know, if there is a version for Opera or isn't it necessary?

HDW38

Asyn · « **Reply #13 on:** June 10, 2012, 02:28:41 PM »

Quote from: HDW38 on June 10, 2012, 02:16:18 PM

Does anybody know, if there is a version for Opera or isn't it necessary?

-> https://addons.opera.com/en/extensions/details/notscripts/

DavidR · « **Reply #14 on:** June 10, 2012, 02:31:24 PM »

I don't think it is a case of it isn't necessary for Opera as there will be scripts and cross site scripts run on websites. The most common instance on hacked sites is a cross site scripting attack. e.g. a link on the site, that tries to run a script on another 3rd party site (commonly malicious site).

So unless there is something in Opera that specifically protects against that, then it like other browsers is vulnerable to that kind of attack unless there is something to stop it.

There is a NotScripts I believe for Opera not sure if that is from the same people who made NoScript.

Author Topic: NoScript Needed? (Read 12670 times)

tonynace

NoScript Needed?

!Donovan

Re: NoScript Needed?

tonynace

Re: NoScript Needed?

DavidR

Re: NoScript Needed?

tonynace

Re: NoScript Needed?

Alievitan

Re: NoScript Needed?

!Donovan

Re: NoScript Needed?

DavidR

Re: NoScript Needed?

Asyn

Re: NoScript Needed?

Dch48

Re: NoScript Needed?

DavidR

Re: NoScript Needed?

SpeedyPC

Re: NoScript Needed?

HDW38

Re: NoScript Needed?

Asyn

Re: NoScript Needed?

DavidR

Re: NoScript Needed?