NoScript: Good or bad?

Discussion in 'other security issues & news' started by Daveski17, Jan 31, 2010.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I've heard good & bad things about NoScript, I read this blog & have looked at this forum. I think NoScript is a good idea but I use the Privacy bar on K-Meleon to control JS.

    Many have told me that they have uninstalled it after using it for a while as it became controversial. Is NoScript good or bad?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    good? one of the best for FF
     
  3. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    I would agree with Cudni, NoScript is one of the best add-ons for FF out there. It is trustworthy as many use it.

    Just adding my 0.02 centavos.
     
  5. GrailVanGogh

    GrailVanGogh Registered Member

    Joined:
    May 2, 2007
    Posts:
    97
    Location:
    US
    There was a minor issue with a couple of developers but at no time was security of Fx in jeopardy because of it as far as I am concerned.

    I have used Noscript since its initial offering and it is a powerful tool in my Fx security toolbox along with Adblock Plus.

    If you do not like it you just uninstall it. Simple as that.
     
  6. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I noticed it automatically whitelisting Google Ad Sense and the noscript site as soon as I installed it - I removed all those sites from the whitelist and have been happy using it since.
     
  7. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The latest build of NoScript doesn't whitelist Google AdSense, check your settings. It does whitelist Google Analytics, which are as pervasive. If you have those whitelisted, I would suggest removing them.
     
  8. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    My bad - I meant Analytics and not AdSense. :)

    ETA - Though Google Analytics is blocked already by most HOSTS file, too.
     
  9. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Now why would you want to use Noscript and miss out on all that lovely malware downloaded from those fake online scan sites? ;)
     
  10. Bensec

    Bensec Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    177
    Location:
    China Changsha
    A pain for normal browsing, good for browsing suspicious site. But there are a number of infiltrations coming from the dailiy sites; even google is not safe today. :-( Ease or Security, just a question of balance.

    I like its force HTTPS function and domain policy feature. but both have seperate add-ons of similar function(Force HTTPS, Karma blocker etc) . So I dont use it anymore. I prefer better web experience.
     
  11. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Simply put, unless you have VERY unusual security requirements for your browsing environment, NoScript is a waste of time.

    The author of this extension advocates it by whipping up an overhyped cocktail of paranoid security issues, to create fake demand where none actually exists, and to sell his invasive and cumbersome solution as the fix for these "problems". If you're a control freak who enjoys manually whitelisting Javascript by hand for every site on the Internet, you'll love this extension. But while Firefox does have a spotty security track record, the situation is NOWHERE near the stage where you need something as incredibly intrusive as NoScript.

    But, as with all things, try it for yourself and see how it goes.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    OK, thanks for all of the replies. :thumb:

    I tried it out in Firefox & it seems like an interesting tool, despite the controversy, but I don't see how it really improves the fact that in Opera & K-Meleon I can easily toggle the JS on/off on the toolbar (& easily visible). To be honest I don't actually use Firefox very much so it does seem a bit superfluous.
     
  13. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Not a problem as long as you know where you are at. :thumb:
    A HOSTS File is a great tool IE Browser users.
     
    Last edited: Jan 31, 2010
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hmm? NoScript good for IE users? By the way, given what a custom HOST file is, that being an incredibly long black list of ad servers and malicious websites, how are they still relevant to security today? Do malware domains not change as frequently as we change our underwear? Most HOST file providers update what, every few weeks at best? How can that be reliable in todays' security environment?
     
  15. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    A HOSTS File is relevant in today's security environment, regardless of how often it is updated. Most that I know advocate running one, as do I.
     
  16. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    We know what you're claiming. What you fail to provide is the rationale behind your claims. Do you have any good ones?
     
  17. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm sorry, but I have to agree here. I would truly like to know the reasons because, though I'm not the sharpest knife in the drawer, common sense tells me that if malware is infecting websites for a few hours and then vanishing, leaving behind a clean, safe website, what good is blacklisting the domain and keeping it blacklisted until the next update, however long that will be?

    I understand that the intent of it is keeping you away from domains that are well-known to cause trouble, but the bad guys have smartened up and don't work that way anymore. Now it's get in and get out, move on to the next target.
     
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    See how many Forums support updates of this file. That speaks for itself.
    I did not propose rationale, per se, I posted fact and no claims.
     
  19. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    tried it a while back then again recently still to much bother uninstalled
     
  20. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Again, the number of Forums that support this file is a testament to it's use and usefullness to Firefox users.
     
  21. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Sorry, but without supporting evidence, your so-called posted fact is nothing but an empty claim.

    And no, "but everyone recommends it!" is not evidence.
     
  22. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Does such a thing exist for Firefox?
     
  23. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
  24. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    The K-Meleon Privacy Bar was the original inspiration for Prefbar. It is more or less the same thing.
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Again, I completely agree. The mention of updates to ANY security program or measure doesn't make said program or measure good or effective. It simply is information for people who are still using it. Just my opinion.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.