Do you use NoScript ( Firefox Addon )

[dw426]

Quote:

Originally Posted by tancrackers

NoScript seems WAY too powerful for my taste. It just seems too tedious whitelisting scripts while everything is automatically disabled by default. Javascript is essentially during web browsing. I prefer Adblockplus with a good adblock and privacy filter subscription.

I pretty much agree. I've gone off and on NoScript for years now, and I just end up tiring of it. Its effectiveness at controlling script security issues is well shown, but if you're an "avid surfer" (notice I said avid, not stupid ), it quickly becomes tiresome. I spend more time answering "Is this safe to allow?" questions from friends and family than I care to keep spending.

It may be a fine and dandy tool in the hands of someone who has a single system to his or her self, but add 3 or more people in the mix, and it's soon not worth the most often small benefit of extra security.

[kupo]

Quote:

Originally Posted by dw426

I pretty much agree. I've gone off and on NoScript for years now, and I just end up tiring of it. Its effectiveness at controlling script security issues is well shown, but if you're an "avid surfer" (notice I said avid, not stupid ), it quickly becomes tiresome. I spend more time answering "Is this safe to allow?" questions from friends and family than I care to keep spending.

It may be a fine and dandy tool in the hands of someone who has a single system to his or her self, but add 3 or more people in the mix, and it's soon not worth the most often small benefit of extra security.

You can allow scripts globally and still get some of it's protection.
-ClearClick
-Click to Play plugins
-XSS protection
-ABE
and others

[dw426]

Quote:

Originally Posted by skudo12

You can allow scripts globally and still get some of it's protection.
-ClearClick
-Click to Play plugins
-XSS protection
-ABE
and others

None of which I find to be a big deal anyway. In a multiple person environment, it's more hassle than benefit. I find it's more productive and easier to simply use a browser that makes it harder or impossible to pull off such attacks (Chrome), or isolating the browser via Sandboxie or some such method. Allowing scripts globally is all but the same as not having the extension to begin with. And, as I've said before a few times, playing the shell game with scripts isn't going to do a user any good either.

No, I have never used it because I do not use Java.

[moontan]

Quote:

Originally Posted by general_zerohour

No, I have never used it because I do not use Java.

Java and java scripts are not the same thing.
at all.

Java is a framework to make other software/apps work, java scripts are little pieces of codes that are used in internet browsers.
they are totally different.

[moontan]

Quote:

Originally Posted by dw426

I pretty much agree. I've gone off and on NoScript for years now, and I just end up tiring of it. Its effectiveness at controlling script security issues is well shown, but if you're an "avid surfer" (notice I said avid, not stupid ), it quickly becomes tiresome. I spend more time answering "Is this safe to allow?" questions from friends and family than I care to keep spending.

It may be a fine and dandy tool in the hands of someone who has a single system to his or her self, but add 3 or more people in the mix, and it's soon not worth the most often small benefit of extra security.

i think you got something there.

i kinda enjoy fiddling with NoScript but there's gotta be something wrong with me.lol
anyway, i kind of enjoy the granularity NoScript affords but while you're playing with NoScript you're not surfing the net.
which is what a browser should be used for.lol

and what if you should allow the wrong script by mistake?
since Firefox doesn't have yet a sandbox it means one should use Sandboxie, SRP or some other thing...

[bo elam]

I like NoScript not only because it makes browsing safer but also because it cleans websites of a lot of annoying stuff that gets displayed as ads, moving and/or distracting thing's that jump all over the place, pop ups, etc. Browsing gets faster and it makes it easier to focus on what I am doing since most distractions are killed by NoScript. To me, NoScript is a lot more than a security addon but it is also a great tool for security.

A couple of years ago, a Colombian site that I visit almost every day was under attack. That did not stop me from going there and even though NoScript kept displaying the clickjacking warning for almost 2 weeks, I did not get infected. I was still using an AV at the time and it never detected anything, SBIE and NoScript alerts is what kept me clean.

Bo

[moontan]

Quote:

Originally Posted by dw426

I pretty much agree. I've gone off and on NoScript for years now, and I just end up tiring of it. Its effectiveness at controlling script security issues is well shown, but if you're an "avid surfer" (notice I said avid, not stupid ), it quickly becomes tiresome.

the geek in me loves NoScript but the web these days use a lot of javascripts.

yes, NS blocks a lot of things.

for example, it can also block the comments of bloggers to a news article you are reading.
if the site does not warn that the comments are blocked by your js blocker then you might not even know the comments are there.

it seems like most web developers these days are not even trying to cater to the less than 1% who block js in their browsers, using NS or some other means.

using NoScript means you are probably very safe.
it probably also means you are missing a lot of the web...

[tomazyk]

I don't use it because I sandbox browser and scripts can't do much harm to my system.

Whitelisting the whole Internet is just to tedious for me.

[luciddream]

Quote:

Originally Posted by Hungry Man

16% slower to start up.

Yep, and then 50% faster when you start actually browsing. Without all that junk popping up on the screen, pages load much faster.

Same deal with ABP, Ghostery & Request Policy. Pages load much faster with these 4 addons. All the elements blocked far more than offset any resource usage from the addons themselves.

And I just don't get the complaints about it being some monumental inconvenience. How difficult is it, really, to click "allow" one time? It's then on your whitelist and you never have to do it again.

I guess it depends on your usage. If you're perpetually digging through new sites, then it would become a nuisance. I'm not. There are about a dozen sites I frequent, and I rarely do anything else on the net.

[luciddream]

Quote:

Originally Posted by tancrackers

Javascript is essentially during web browsing.

Not for me it's not. Rarely, anyhow. And that is the real impasse here. dw pointed it out in his response to you... if you are an avid surfer, "whitelisting the entire internet", as another person put it, would certainly become a nuisance.

I'm personally not browsing the entire internet.

[RJK3]

It slowed actual browsing last time I used it. I might consider it again in the future, but for now I'm just enjoying simplicity.

My security setup has remained static for longer than a year, other than minor rule changes in Sandboxie and getting rid of HOSTS & Flashblock.

[bo elam]

Quote:

Originally Posted by tomazyk

I don't use it because I sandbox browser and scripts can't do much harm to my system.

Whitelisting the whole Internet is just to tedious for me.

You don't need to whitelist the whole internet when you use NoScript. My own whitelist has 9 sites, those sites have been there since I started using NS a little over 3 years ago and even though I go to new sites everyday, I haven't had the need to add any to it ever since.

When I am in a new site and I want to allow something, I just click on allow temporarily or allow the page. It doesn't really matter if I remember to revoke temporary permissions since the scripts that were allowed temporarily will be gone when I close the browser and the ones that I allowed for good, will also be gone because they were allowed running sandboxed. Thats pretty much how I use NoScript. Simple and easy.

Personally, I feel I get a lot of benefits out NoScript. I mentioned those on my previous post, most of them have nothing to do with security but I feel that SBIE and NoScript as a team, is what keeps me safe. I have been using both programs for about the same amount of time, SBIE came a little earlier but since I started using them, I have never seen anything that looks like malware popping around while browsing. Not once in over 3 years. In my opinion, NoScript is blocking a lot of bad stuff for me.

I remember once, someone told me, "Why miss the fun?", the fun being watching malware doing its thing while running sandboxed. Myself, I rather let NoScript block potential malware even if I miss the fun. If any gets through NoScrip, it ll be contained by SBIE. Can not be any better.

Bo

[safeguy]

Those who're 'tired' of NoScript can still choose to 'Allow scripts globally' therefore not being prompted with scripts to allow (which is what makes most annoyed) - and yet being able to take advantage of some security benefits, compared to running vanilla firefox or even a sandboxed firefox.
If you want, you can 'blacklist' certain scripts, even in the 'Allow scripts globally' mode. There's little hassle in this mode, and it's suitable for 'family and friends' context.

However for those who can go through an initial phase of whitelisting sites that are frequently visited, they'd find the pain worth the gain in the long run.

Maybe i'll share my settings to make NoScript less 'interactive' in the hope that it might be useful for those who wish to run NoScript but on the verge of slamming his/her head on the wall. Yeah, I know coz i've been there...thankfully haven't reached the point of doing it just yet.

[moontan]

no, you do not need to whitelist the whole internet but the way things are these days it's getting there.

i've been surfing some forums for website developers to learn more about how scripts are integrated these days and the common wisdom seems to be to not bother with the 0.5% of us unwashed peasants who block javascripts.

thus the ever growing reliance for developers on using js...

i barely used any whitelist when i used NoScript, wanting to use it as a 'script HIPS'.
this way of using NS worked fine in the past but it's become a bloody headaches lately.
and getting worse i'm afraid.

[safeguy]

Quote:

Originally Posted by moontan

i barely used any whitelist when i used NoScript, wanting to use it as a 'script HIPS'

LOL. No wonder you got headaches.

The whitelist is there for a good reason and despite what some NoScript advocates say about not populating it with too many entries (which is a good reminder); i'd say that one is still better of having 50 (heck, even 100) entries there than to go with the route you took and end up giving up due to being 'tired' of it.

[bo elam]

Quote:

Originally Posted by moontan

no, you do not need to whitelist the whole internet but the way things are these days it's getting there.

Despite using a static short whitelist and only temporarily allowing scripts when necessary, I still can log in any forum, watch videos, download files, read comments in articles or do anything that's important to me. I don't feel inconvenient at all and as far as I can tell, I am not missing anything because I use NoScript. Am I?

Quote:

Originally Posted by moontan

i barely used any whitelist when i used NoScript, wanting to use it as a 'script HIPS'.

Maybe, next time that you use NoScript, make it convenient by including in the whitelist all sites that scripts ought to be displayed in order for you to feel comfortable. It certainly it is not worth it to use any program that will make things unbearable. NS has the settings, in my opinion, to make it a joy using the program. It does for me.

Bo

[Amit]

NoScript is the primary layer of my setup and it's very strong against malware.

[moontan]

back to NS, on Mint this time.

i've added a few sites to my whitelist, mainly Youtube and Google, my webmail and a few of their 'dependencies'.

i'll try to keep this to a bare minimum.

[MrGump]

retina ipad. I use a third party app that converts on the fly as you watch your content. Great for HD movies in bed.

[lws]

Wasn't using NoScript until Bo convinced me again to use it. lol. Damn, he even convinced me to use Sandboxie so I didn't or can't go wrong with either.

[bo elam]

Hey Wolfstr, enthusiasm is contagious.

Greetings

Bo

[lws]

Quote:

Originally Posted by bo elam

Hey Wolfstr, enthusiasm is contagious.

Greetings

Bo

Hey Bo glad you caught on who "lws" is Yes, using Sandboxie and NoScript in FF ='s "less stress" >>

Wolfstr

[bo elam]

Quote:

Originally Posted by lws

Hey Bo glad you caught on who "lws" is Yes, using Sandboxie and NoScript in FF ='s "less stress" >>

Wolfstr

Big guy from the great white north, I knew it was you, we talk about it before.

Bo

[tlu]

Here's my special service for you

If you want to unclutter the Noscript menu on many sites, just add my blacklist to Noscript. First, export your settings to, say, Noscript.txt (a copy of which you might want to save under a new name - just in case something goes wrong). Second, copy the content of the attached file and replace (or add to) what is shown behind "untrusted" in above txt-file. Third, re-import that file to Noscript. Ready. Makes life easier.

Noscript-backup_blacklist.txt