NoScript Plugin

also,

you might want to search Youtube for Noscript.

there's quite a few videos there that you can watch to get you started.

actually, there's tutorials there for almost everything.

 

That's always how I start on pages I've visited the first time. The following is essentially how I continue my approach using NS:

I then view the content of the page and basically ask myself: "is this displaying the content that I need and more or less expect?"

If yes, there's nothing more to do. If no, especially a link within the page or a broken drop-down box, a text entry field I cant type in or similar, I then have to dig further. I will look at what's blocked and use the middle-click mouse button to check the domain I think might be needed.

If the WOT or McAfees Site advisor score is above average, I will allow it temporarily to see if that fixes the broken functionality. If it does fix it, I select Make page permissions permanent. Anything that comes up with a Warning in WOT, I will immediately tag as Untrusted, so I never see it again in the main context menu.

It takes time and a lot of patience, but eventually I've built myself a very comprehensive whitelist/blacklist which I routinely export for safekeeping.

 

Exactly X2. I never got all the complaints of this addon being some monumental inconvenience. How hard is it to whitelist some first party script, then never have to worry about it again?

For that matter, I don't even have to do that. I so rarely have to allow scripts for sites to function properly that I just temp. allow on a per case basis. I only ever have to to watch Youtube videos, or sign into email. 2 mouse clicks, and voila...

This addon creates a barricade on the front lines. With it, quite frankly I probably don't need Sandboxie, or a HIPS, not to mention a real-time AV. It renders all else pretty moot. I could probably run with just NS and a router and never be compromised or infected.

 

I agree. It's probably one of the most underrated, yet powerful pc security measures available.

 

Having to do anything special is a monumental inconvenience to some apparently. Having said that though, there are many situations involving secondary sites/scripts where you either guess at what else you need to allow or you choose after examining the source. How many can examine source and figure things out?

I believe in order to avoid the "visit site A and allow it", "visit site B and allow it", now you've inadvertently allowed site B scripts on site A scenario you have to use ABE. I suspect relatively few try to leverage it.

 

There is often some guesswork involved, in which case I choose: "Temporarily allow domainname.com"...if it fixes the problem then I choose: " Make page permissions permanent".

I've looked at ABE but found it rather complicated. It's really not "average user" friendly imo.

 

if i'm not sure if something is good or bad i middle click on the item and NoScript gives me a few sites (like WOT) where i can make an informed decision on what to block or whitelist.

i especially do that on items that i see often from sites to sites.
the stuff i decide that i see often and is bad end up on the permanent blacklist (Untrusted)