NoScript Plugin

Is the anyway to use NoScript "comfortably" and effectively (in Firefox) without it being so terribly annoying?

 

Yup have a good white list

 

Education

 

I globally allow scripts and kill scripts on pages I often visit. Speeds pages up. Pretty much everything else is enforced. Clickjack, XSS, ABE etc.

For banking...whitelist.


You could run allow .com and block everything else.

 

Most of the time you only have to whitelist the first domain on the list. How can that be annoying? You can also set useless tracking crap scripts on untrusted to make your life easier when you need to whitelist domains.

 

Exactly.

 

Thanks to all for the input and comments. I guess the "annoying" part comes particularly for a new user -- it's a little confusing. When you get the "Forbidden Scripts and Objects" notice at the bottom of your screen, do you need to take action or is that just sort of an FYI? If action is required, how do you know which option to choose? And, if you don't take some sort of action, will the functionality of that site be impaired?


Also, for online banking, is it best to simply to Whitelist the site (as mention by Sordid)?

 

This may be a help (Quick-Start Guide for New Users): http://forums.informaction.com/viewtopic.php?f=7&t=268

 

In my opinion, liking NoScript develops with time, the longer you use it, the more you ll understand it and like it. In a way, I am lucky because I liked NoScript from day one even though I did not understand it well.

You ask, " how do you know which option to choose? And, if you don't take some sort of action, will the functionality of that site be impaired?". If you go to a site that doesn't require you to allow anything more than whats already allowed by default, then don't allow nothing but if you go to a site that needs Flash, for example, then click on allow temporarily so Flash gets allowed on that site.

Trial and error is the key with this wonderful program. Personally, I love NoScript, its the main reason why I use Firefox. If you take your time to learn it, you ll like it too when things begin to make sense.

Bo

 

one of our member here (tlu) has made a 'blacklist' (Untrusted) that is very useful to cut down on the numbers of items shown.
here:
https://www.wilderssecurity.com/showpost.php?p=2083653&postcount=125

i like to add manually to this list by checking the reputations of site with NoScript.

pretty good things to do since i've seen sites with up to 30 third party scripts trying to load.
when you have too much stuff showing it's hard to tell what is what.

i like to keep my whitelist to a minimum and allow temporarily instead.
but everyone has their own method.

for beginners:
make sure that you check all the boxes in the "Additional restrictions" in the Embeddings tab.
also check the "Forbid WebGL" which is not checked by default.

pretty soon, you will know what needs to be allowed and what deserves to end up on your blacklist.

i'm one of those who hated NoScript for years until one day i gave it a proper try.

 

NoScript blocks JS. The notification is telling you it has made a block. This is often as overwhelming amounts of sites use JS.

I assume NS has global block on, so just turn the annoying notifications OFF.

Pages will often break...why I globally allow scripts and blacklist. Much higher risk but great usage.

But for banking, I go the inverse and an isolated portable browser. Only allowing scripts from my bank. So my bank would need to get jacked and embed malware. Most banks have 100% guarantee cash back, and it would be clearly their fault. Low risk, high usage IMO. Somewhat redundant since the browser is already isolated. Only tab open is banking.

If you are looking for secure banking, consider using a clean image virtual machine along with RSA or rather two-point verification. You can also create a guest account with some banks. This is a lower admin account access. So even if your password is discovered, less damage can occur.

 

A lot of good info from everyone.

Being new to all of this, I am a little curious about this Untrusted "blacklist" - so a couple questions:

1) What exactly is it supposed to do?

2) After opening the link and reading it, I still wasn't exactly sure how to "install" it. Any additional help would be appreciated.

3) If I were to use it and decided I no longer wanted it, how do you get rid of it?

 

it help unclutter the list of scripts shown.
like i said, some site can have lots 3rd party scripts that wants to load.
blacklisting the cr*p cuts down the list to something manageable.

in Noscript go to Options. there is an Import button at the bottom.

Export you current settings (before you Import as in step 2 above).
then you can reload it if you want.

you could also manually Allow back in the stuff that is Untrusted.
but it was 'blacklisted' for a reason.

 

Nice description of what the Blacklist does.

http://noscript.net/features#blacklist

Before you install Tlus blacklist, go to NoScript and save a copy of your settings by clicking Export. Save a copy of the text file. Afterward, copy and paste Tlus blacklist over yours and click import.

Bo

 

Thanks Bo, for the additional Blacklist info. Does this list in any way cut down of the functionality of sites?

Do you all use this Blacklist -- or do you create your own as you go?

 

No,

it keeps privacy trackers away.

anyway, you don't have to use the blacklist at first if you don't want to.
you can create you own as you go by marking them as Untrusted.

get your feet wet a little and experiment.

 

In my opinion, none.

Bo

 

Just wondering if you, Bo and Sordid use the Blacklist?

Also, does the Reset button in Embeddings reset the Default Embeddings settings?

 

i do, but i've added stuff as i go along and i keep adding stuff once in awhile.

 

I am using the blacklist but is not something that is required for NoScript to do its job. Google some of the names on that list and you ll see why is benefitial to use it.

By the way, in my opinion, Sordid gave you good advice when he suggested to disable notifications. I have been doing that since about day one. If you like to do it, go to options and under notifications, tick off "Show messages about blocked scripts".

Bo

 

One other observation. . .

I run Firefox sandboxed (Sandboxie). The load time is already slower than using FF unsandboxed. However, I've noticed that since adding NoScript, the load time seems to be even slower. Would that be normal?

 

All addons affect the loading of the browser, NoScript might be making Firefox take and extra second to open.

Bo

 

NoScript blocks JS--the notification is telling you it has made a block. This is often overwhelming since large amounts of sites use JS.

I assume your NS has global block on (default), so just turn the annoying notifications OFF via controls. Assume NS is blocking some scripts. NS creates a circular problem here with usage and security, but still is of use.

Pages will often break...why I globally allow scripts and blacklist despite the shortcomings. Much higher risk but great usage.

But for banking, I go the inverse and an isolated portable browser. Only allowing scripts from my bank. So my bank would need to get jacked and embed malware via JS. Most banks have 100% guarantee cash back, and it would be clearly their fault. Low risk, but high usage, IMO. Somewhat redundant since the browser is already isolated. Only tab open is banking.

But remember, using extensions for sec is far from bulletproof.

If you are looking for secure banking, consider using a clean image virtual machine along with RSA or rather two-point verification. You can also create a guest account with some banks. This is a lower bank account admin account access per your site's policy. So even if your password is discovered, less damage can occur. Gmail has this option too, BTW.

I use the blacklist style namely for speed. I hate laggy pages. But this does offer some cosmetic security using NS addition protections. I also generally use Chrome with Moons blocks. Block all JS but allow .com .edu .org .co.uk.

You use sandboxie, and NS is a very good addition--quite secure.

Good luck, guys.

 

What exactly are you referring to here?

 

it means you don't Allow Scripts Globally.
hover your mouse over the little NoScript icon and you'll see.