Is NoScript really that necessary for Firefox besides your current internet security?

Please also give the reason of your answer.

Thank you.

 

I think that due to a lack of tab sandboxing NS is a good basic security precaution. It can also be used in combination with RequestPolicy for even more control over scripts. Plus, it has advantages in that you can block things like Facebook widgets running on & so improve page loading times. So yes, for me anyway, it is necessary.

 

I think yes, cause it's preventing any scripts to run and though download any payload instantly, even any payload that could bypass sandboxie. Afaik there's malware around that can do this. Of course NS is just one security layer of many.

 

i would say yes because i have no internet security.

i also like that it cuts down drastically on the bandwidth-sucking marketing/tracking sludge.

 

IMO, some means of scripting control and web content filtering is necessary. It doesn't necessarily have to be NoScript.

 

no script not only for security but also to increase browsing speed on slow CPU computers.

 

Yes it is necessary. It not only offers great protection but also 'cuts down sludges'.

 

Yes, because the only other "Internet" security I have is a router and Windows firewall with advanced security, plus the security options in Firefox enabled. I consider NS an enormous security benefit.

 

Depends what you used the internet for.
I voted no,i need to see all page contents, but considering the high number of javascript annoyances out there i understand why many users find it useful.

 

"Necessary"? No. Invaluable to kill tracking, 3rd party BS and more? Heck yes. It may annoy you to no end when it comes to that one site you visit on occasion that has to have 5 or 6 scripts allowed and you aren't sure which ones they are. But after that painful moment, you're golden. I do however wish there was better pop-up control for scripts. Even with NoScript, ABP and Firefox pop-ups blocked, damned if some websites still don't throw them at me.

 

If you whitelist a number of sites in NoScript because you need to see all content on there, things like NoScript don't help if any of those sites become compromised. This is why a layered approach is needed.

 

I don't think so. I used to be a regular user but I found it to be too much work. I have not been infected by anything in the last 8 years, so I feel it is overkill, for myself anyway.

 

I see about one popup a year. The only sites where I get popups are sites, like the old Megaupload, where you might get a popup when allowing the page in order to be able to download something. Other than in those sites, I don't get any.

Bo

 

A different angle:
NoScript is not just about script blocking

 

No.

 

Yes, absolutely. I don't surf without it. Many thanks to the developer!!

 

Another great use of noscript is the ability to stop the automatic running of some flash videos in websites.

 

No, I could live without it. I don't use NoScript for security reasons anyway.

 

Security is about covering your bases against potential attack vectors. Sure your could run your browser in a sandbox or run a virtual machine, but these types of applications are geared at protecting your system. But what about protecting your web browsing? The attack might not be to compromise your system. It might simply be to steal your login with a malicious iframe. I find it hilarious when people hide behind arguments like these:

"Well I have an application that blocks the execution or the download of malware on my system."

"But I practice good habits when surfing the internet and I'm very careful about what I click on, download, and install to my system."

Well that is funny, because most of the people I know that proclaim to do these things still can't spot a phishing site and e-mail. They click on "security pop-ups" without the slightest thought of whether its real. Probably the only valid arguments against using add-ons are:

(1) the add-on itself is malicious. This wouldn't be valid for No-Script or Request Policy as far as I known.

(2) But what if the site you visit is compromised, and the add-on allows trusted scripts that are now malicious. Shouldn't you be more concerned about logging into a hijacked website? Honestly, regardless of what it just downloaded to your computer. You've just given it your pay-pal information.

(3) The add-on conflicts with something else. Well then you need to figure out what's more important. Using last-pass to manage your password, which could be swapped out for another manager like key pass or dropping No-Script. Even then, it's likely there is a suitable configuration to make the two compatible.

Some people think security becomes irrelevant when it becomes a head ache to manage. I don't share your opinion, but I'll respect it. Don't use the add-on if your don't honestly want to. I don't think the learning curve is that steep for no-script. It's fairly easy to figure out which scripts to allow for a website and which scripts to ignore. You can even white-list if you don't want to click allow everyday. So yes, No-Script is an absolute for me. I would suggest it to anyone that wants more than a passive security setup.

 

Let me ask one thing, can't these extra protections ("unrelated to script blocking") get implemented in Firefox?

If they can, why such thing still didn't happen?

Genuinely curious.

 

Necessity is the mother of invention. NoScript is one example.

If one uses Firefox, I would recommend them install NoScript....even if it's in "Allow Scripts Globally" mode.

P.S. Of course, as always, different folks have different needs.

 

The big complaint I'm hearing from folks that have tried No Script is that bothersome nag screen constantly popping up and staying up, i hated it too until i found the adjustment in the options window. You can set it to dismiss by going to Options > Notifications > Then set it and forget it. Otherwise your missing out on one of the best tools for your toolbox.. IMO

Mines set to 5 seconds.. That and we don't have to allow everyone of those sites to have access to our machines, why should we?

Hogndog

 

The message can be set not to be displayed, that's how I have it.

Bo

 

Likewise, the primary use is non-security related.
Mrk

 

yes, it is