This is a bit of a noob question, but is the efficacy or benefit of using NoScript in Firefox on Linux worth it? Would it really make Ubuntu 14.04 LTS genuinely safer for instance?
Worthwhile in my experience. I've seen web-based exploits (limited to the browser) that affect Linux; Noscript would generally stop them. Also puts the kibosh on things like Evercookies in some cases. There are probably different schools of thought on what configuration is best, but in general I think it's prudent on any OS to not be rendering Javascript, IFrames, etc. from untrusted domains. Edit: also a lot of nasties are still served up through malvertising, redirects, injected third-party content, etc., so it just reduces your likelihood of being affected should anything targeting Linux show up in the wild... Other considerations: - I've seen 3rd-party JS used a lot by ad services. If you find targeted ads creepy and/or annoying, Noscript may help. - Bloaty web pages render a lot faster with Javascript disabled. Short version: it's not perfect but IMO it's very much worth it.
I would use adblock-edge instead of adblock plus, if you're on firefox. If you're on chrome, microblock (ublock).
I have used ABE on Windows, I did actually prefer it now that I think about it. I've heard a lot of good things about ublock as well. I will have to check them out on Linux.
Ya, ublock is a godsend. It's made by "gorhill"(He's a user in this forum), which is also the coder of HTTP Switchboard. HTTP-SB is the equivalent of Noscript for chrome, though I do prefer the "matrix" style of HTTP-SB.
And of course with browser exploits you have to also think of Flash, Java and other plugins which Noscript would also help block from auto loading as soon as you hit a page. I want to say that with most rouge sites, such as like with an exploit kit, they're made to first check if the system will even run the exploit as its being exploited. And since most are written for Windows, just using Linux does prevent a lot of that stuff. And also even if they get through, then if you use SELinux or Apparmor then that should stop them from going further I believe. That's my understanding anyway. But Noscript is such a great first line of defense that if you know how to use, then why not use it? Also just better to stay in the habit of using Noscript than not. It's so second nature to me now that it'd feel weird to not use it.
The benefit of using NoScript with Firefox is more than you can imagine. I routinely visit a particular website with a number of my Firefox privacy add-ons disabled, but not NoScript. The most common occurence is XSS (Cross-site scripting) that NoScript monitors and advises me that has created a Console log. Mind you these are servers which the organization claims support for only Windows and Mac OS platforms, but not Unix/Linux. They probably do not do any quality control of what gets put up on their website (by using Firefox with NoScript) as they are intensely advertising and marketing driven by their corporate relationships which means that they get paid for users that click on their pop-up advertisements. While NoScript protects me when I visit that particular website, I wonder what happens to the tons of other users whom either do not use Firefox with NoScript to protect themselves, or if the browser they use is compatible with NoScript so they can at least be shielded from XSS attempts by using NoScript. For those not able or willing to use NoScript for any reason, the sheer number of privacy intrusions must be enormous on that and other websites.
According to this thread, ublock is better than adblock plus.. An alternative to HTTP SB, I'm not sure.. Some time ago there existed an extension called "scriptno", or something like that, for chrome. Not sure if still exists. Either way, I bet HTTP SB is better. Again, their creator is a wilders member and he seems to be pretty nice answering questions. There's both a thread for ublock and HTTP-SB.
Highly debatable which one is Better, in my personal experience I've seen much more ads and pop-ups using ublock (Yes even with latest version 0.7.0.5.) than when i use ABP. Benchmarks and tests are one thing, real and everyday use is another, also here we're talking about Firefox and NoScript. Let's stick on-topic please.
i was looking for noscript threads, and i stumbled upon this thread. Sorry, to bring this old thread now.. @Nanobot, you might want to create a bug report entry for the list of sites where you see ublock does not block and ABP does, Unless you have different filterset in ABP. Technically it should block same or more than ABP, as it supports the most of the ABP filters and extends it. And also the support of host files .
Noscript is not just about security, it's about peace and silence when browsing, and that's true for Linux, too. Mrk
