NoScript Allow Scripts Globally

Hello,

Since am configuring my cousins laptop who's not really tech savvy
I want least interaction possible of him with any security stuff I install
on his laptop.

So am installing NoScript with "Allow Scripts Globally" coz I read here
http://blog.zeltser.com/post/2402546461/no-script-strengthens-firefox
that it protects the user even if the scripting is allowed. Do you think
its a good option considering that Firefox is always Sandboxed and the
contents are deleted automatically after every exit??

Additionally which other addons do you think will help a noob like him who would prefer zero interaction?? I have Adblock Plus, BetterPrivacy, HTTPS Everywhere in mind. Do you think thats enough?

 

Unless I missed some new update Firefox is not sandboxed. Maybe you are thinking of Chrome. Also I always thought No-Script set to allow scripts globally did not block anything. I guess according to that article it does. Anyway hopefully others will chime in.

To make my life easier with No-Script I moved the No-Script icon to my tool bar which makes toggling through the settings pretty easy. I think you should show him how to use No-Script properly. You can always add you most visited pages to allow the domain always. And if something is still not working on a page to allow all this page.

 

I think if your going to run noscript globally, you might as well forget it. You could run AdBlock plus which needs no intervention. That would at least block ads.

 

If u use no script with allow dcript globally, u take protection.
I use it in the same way (allow all) and i take anti-XSS protection.

So in few words if u install it with the option allow all globally u have anti-XSS protection.

 

Sorry I forgot to mention I run Firefox in Sandboxie which deletes
the contents of the sandbox on exit

 

Unless I am missing something, allowing NoScript with Allow Scripts Globally (dangerous) is the way it is marked in the NoScript Options under the Appearance tab.

As Forrest Gump always says - Dangerous is as Dangerous does!

How long do you think it will be until someone figures out a way around your scheme of allowing scripts globally and taking anti-XSS protection?

Advice is cheap - don't be a Gump!

-- Tom

 

Maybe because my avast scans scripts globally?
Not allowing scripts globally is a false sence of security.
For exable u trust youtube and u run the scripts in that site, no script will not protect u , when someone hack the site.
Let the scripts deal with ur antivirus.
Advice is cheap-But no gimmick.

 

The user in this case is a noob and not a tech savvy person and he made it very clear to me to install whatever security stuff I want but it should not be based on him making any sort of decisions whether to 'Allow' or 'Deny', 'Yes' or 'No' etc. etc. He told me that he would rather spend more time on his work on the computer rather than spending time on making decisions about the security of his comp.

 

Whitelisted Firefox is still good for protecting against XSS and Clickjacking and other attacks like that. For an every day user who doesn't want to be clicking "allow" and "deny" all the time I'd just stick with Chrome.

 

NoScript with scripts allowed globally is a no no. There is a reason '(dangerous)' beside the option in the General tab in the NoScript options.

 

From: http://noscript.net/features

..so although "not recommended", it still offers some important protection. And since this setting will work with blacklists, tlu's "special service" blackilist might be a nice way to augment it.

https://www.wilderssecurity.com/showpost.php?p=2083653&postcount=125

 

Thats really awesome Thanks a ton wat Some quick questions:

1) How do I update this blacklist?? Ask tlu in future ??

2)How is this blacklist different than something like Ghostery/ABP addon??
Dont you think it'll make them superflous ??

 

You're welcome! Every time a site is marked as "Untrusted", it's added to the blacklist. You might want to read this short thread which explains the main advantage of using a blacklist, basically how tlu explains it as well. Essentially it is:

You do have to be careful, however, not to add something required to the blacklist.

Sorry, I don't know the answer to that. The fewer the add-ons, though, the better for the browser in terms of stability and security. Personally, I like NoScript & AdBlock+ only.

 

Thanks wat. Importing untrusted blacklist is a MUST in case of "Allow Scripts Globally".

 

Great point, I had forgotten about that advantage