Discussion in 'other software & services' started by Rico, Oct 6, 2007.
Running FF with 'limited rights' does NoScript still increase security?
Good question as I'm running Firefox with DropMyRights and NoScript. I wonder what the truths are?
One option in the current build is to check for fake Websites is i guess a replacement for the good old SPOOFSTICK !
I use DropMyRights for FF & believe NoScript would add very little protection.
NoScript is better for the following reasons:
- It stops drive-by attempts right in the browser. Your system never executes anything unauthorized.
- It's a whitelist-based solution.
Don't forget that you're still running under an admin account. If a certain piece of malware manages to open another instance of the browser outside of the limited one, it will run with full admin rights.
It's better to have the two layers, a whitelist in the browser and a browser with reduced rights. The layered approach is the key
Thanks Lucas! I'll give NoScript a try.
A few tips:
- Only whitelist sites which you really trust and visit very often. For the rest, use temporal whitelists.
- Extend NoScript control to plug-ins.
Also, I've omitted that NoScript is the only solution to XSS. XSS isn't used to download malware, but it may be used to steal private data.
using 126.96.36.199 but can't see how it checks for fake web sites and spoofstick won't work with 188.8.131.52. could you explain more ?
On no script options, i ticked 'allow from bookmarked' option & still had to due multiple allows. How would you know, the site is bad till you allow it.
So, I browse with scripting/active content disabled and very few sites whitelisted. If I come across a site which needs scripting, I use Link Scanner Lite to look for malicious content and then I enable the necessary scripts temporarily. I never enable scripts which looks obfuscated/very long to my (untrained) eyes.
Hi Longview,Don't know about the earlier 184.108.40.206 but i am on 220.127.116.11 which under security tab there is the option to let FF check for fake sites with a downloaded blacklist,yes this is a lame one at best but better this then nothing, Second option is to activate that Google in my case checks for every URL i visit, this is better but you have to accept the phoning home thing for Google to survey this info.
yes I'm on Firefox 18.104.22.168 as well not noscript version is 22.214.171.124
I thought you meant there was some option in Noscript. Think I will try the google option - Phoning home doesn't worry me
Apart from the security aspect, Noscript has one big advantage - pages load much faster without the bloated dynamic content; pages are much calmer and soothing to the eye without flickers and flash animation.
Well I still don't like the endless 'allowing' from my bookmarked sites. Many new sites require scripts & am unsure as to block/allow. Ok! Thought I'd try 'LinkScanner' to determine whether to allow/block. But if 'LinkScanner' is the decider then why or what purpose does NoScript do? Or why not just uninstall NoScript & go with Link? But so far, with my system 'LinkScanner' causes nothing but problems & is close to BSOD.
NoScript vs ScriptSentry? Are these basically the same except for white/black lists?
Yep, Web 2.0 sites require too much scripting, but usually the scripting is only needed for the advanced functions.
In these sites, you should use temporal whitelist.
It isn't the only decider.
- Only tool against XSS
- Link Scanner might fail.
- NoScript offers a better control than simply enabling/disabling scripting globally (default Firefox behaviour)
Link Scanner Lite shouldn't cause problems, because it doesn't hook winsock as the Pro version does. This hook is what might cause problems with security software (NOD32's IMON for example)
They are very different tools. ScripSentry (and ScriptDefender, ScriptTrap, etc) intercepts extensions commonly associated with scripts interpreted by WHS. Scripts in webpages are interpreted by the browser, so those tools are useless.
LinkScanner is causing you problems? I'm sorry about that. What sort of problems?
Then LinkScanner is the only 'decider' as you allowed script based on its decision. So why not just use LinkScanner?
I downloaded LinkScanner Pro ver 2.6.6.0090.7 > made restore point > closed all tray icons (includes NOD32) > install LinkScanner > reboot
1. One-ClickAnswers did not start correctly & needed to shutdown.
2. Microsoft Visuall C++ Runtime Library, error involving Roxio
3. IMON error
4. RPC service error
Note I was not quick enough writing the error messages, as the last window was a countdown window for windows to restart.
When windows started rebooting from this disaster press F8 > uninstall LinkScanner > use the restore point.
1. Does NOD32 now need to be uninstalled/reinstalled?
a) If so how to save NOD32 current config.. Last time with LinkScanner
I could not sem to save the config, yet it's supposed to be possible.
2. Previous versions of LinkScanner Pro with Comodo FW active, all grey '?'
marks, for search results, turn FW off LinkScanner, & search results were
ok, but very very slow.
So reading that the grey '?', were history with the new version + several folks from your company saying NOD32 problems are history, I gave LinkScanner another try.
PS. Regarding NoScript Hermescomputer makes a very good comment see the quote at: http://www.wilderssecurity.com/showthread.php?t=122085&page=6 post #131
I think we work fine with Nod32, although anything is possible What else do you have, please?
other than NoScript, which i use..... what other extensions are better security?
i currently only use:
firefox works great and very fast, best piece of software on my computer
Adblock Plus (subscriptions)
CookieSafe (soon to be replaced by CS Lite)
i forgot to mention ABP, i use that too.
infact, that one is my favourite, i wouldnt use firefox without it now
Then, you're fine.
I assume that you're using Dr.Web link checker, right?
lol, you would think so right?
but the answer is no
Come on you can't leave it there . why not ?
Separate names with a comma.