NoScript

Hi Guys,

Running FF with 'limited rights' does NoScript still increase security?

Thanks
Rico

 

Yup. ^_^

 

Good question as I'm running Firefox with DropMyRights and NoScript. I wonder what the truths are?

 

One option in the current build is to check for fake Websites is i guess a replacement for the good old SPOOFSTICK !

Huub.

 

Hi Guys,

I use DropMyRights for FF & believe NoScript would add very little protection.

Take Care
Rico

 

NoScript is better for the following reasons:
- It stops drive-by attempts right in the browser. Your system never executes anything unauthorized.
- It's a whitelist-based solution.
Don't forget that you're still running under an admin account. If a certain piece of malware manages to open another instance of the browser outside of the limited one, it will run with full admin rights.
It's better to have the two layers, a whitelist in the browser and a browser with reduced rights. The layered approach is the key

 

Hi Guys.

Thanks Lucas! I'll give NoScript a try.

TakeCare
Rico

 

A few tips:
- Only whitelist sites which you really trust and visit very often. For the rest, use temporal whitelists.
- Extend NoScript control to plug-ins.

Also, I've omitted that NoScript is the only solution to XSS. XSS isn't used to download malware, but it may be used to steal private data.

 

using 1.1.7.2 but can't see how it checks for fake web sites and spoofstick won't work with 2.0.0.7. could you explain more ?

 

Hi,

On no script options, i ticked 'allow from bookmarked' option & still had to due multiple allows. How would you know, the site is bad till you allow it.

Take Care
Rico

 

For general browsing, you don't need Javascript and/or active content to be enabled. The only way to know if a script is malicious is to look at the source of the site. Neither you or me are qualified to do this.
So, I browse with scripting/active content disabled and very few sites whitelisted. If I come across a site which needs scripting, I use Link Scanner Lite to look for malicious content and then I enable the necessary scripts temporarily. I never enable scripts which looks obfuscated/very long to my (untrained) eyes.

 

Hi Longview,Don't know about the earlier 1.1.7.2 but i am on 2.0.0.7 which under security tab there is the option to let FF check for fake sites with a downloaded blacklist,yes this is a lame one at best but better this then nothing, Second option is to activate that Google in my case checks for every URL i visit, this is better but you have to accept the phoning home thing for Google to survey this info.

 

yes I'm on Firefox 2.0.0.7 as well not noscript version is 1.1.7.2
I thought you meant there was some option in Noscript. Think I will try the google option - Phoning home doesn't worry me

 

Hello,
Apart from the security aspect, Noscript has one big advantage - pages load much faster without the bloated dynamic content; pages are much calmer and soothing to the eye without flickers and flash animation.
Mrk

 

Hi Guys,

Well I still don't like the endless 'allowing' from my bookmarked sites. Many new sites require scripts & am unsure as to block/allow. Ok! Thought I'd try 'LinkScanner' to determine whether to allow/block. But if 'LinkScanner' is the decider then why or what purpose does NoScript do? Or why not just uninstall NoScript & go with Link? But so far, with my system 'LinkScanner' causes nothing but problems & is close to BSOD.

NoScript vs ScriptSentry? Are these basically the same except for white/black lists?

Take Care
Rico

 

Yep, Web 2.0 sites require too much scripting, but usually the scripting is only needed for the advanced functions.
In these sites, you should use temporal whitelist.

It isn't the only decider.

-

- Only tool against XSS
- Link Scanner might fail.
- NoScript offers a better control than simply enabling/disabling scripting globally (default Firefox behaviour)

Link Scanner Lite shouldn't cause problems, because it doesn't hook winsock as the Pro version does. This hook is what might cause problems with security software (NOD32's IMON for example)

They are very different tools. ScripSentry (and ScriptDefender, ScriptTrap, etc) intercepts extensions commonly associated with scripts interpreted by WHS. Scripts in webpages are interpreted by the browser, so those tools are useless.

 

Hi Rico,

LinkScanner is causing you problems? I'm sorry about that. What sort of problems?

Roger

 

Hi Guys,

Then LinkScanner is the only 'decider' as you allowed script based on its decision. So why not just use LinkScanner?

Hello Rogert30062,

I downloaded LinkScanner Pro ver 2.6.6.0090.7 > made restore point > closed all tray icons (includes NOD32) > install LinkScanner > reboot

Problems:

1. One-ClickAnswers did not start correctly & needed to shutdown.

2. Microsoft Visuall C++ Runtime Library, error involving Roxio

3. IMON error

4. RPC service error

Note I was not quick enough writing the error messages, as the last window was a countdown window for windows to restart.

My Solution:

When windows started rebooting from this disaster press F8 > uninstall LinkScanner > use the restore point.

My Concerns:

1. Does NOD32 now need to be uninstalled/reinstalled?
a) If so how to save NOD32 current config.. Last time with LinkScanner
I could not sem to save the config, yet it's supposed to be possible.

2. Previous versions of LinkScanner Pro with Comodo FW active, all grey '?'
marks, for search results, turn FW off LinkScanner, & search results were
ok, but very very slow.

So reading that the grey '?', were history with the new version + several folks from your company saying NOD32 problems are history, I gave LinkScanner another try.

Take Care
Rico

PS. Regarding NoScript Hermescomputer makes a very good comment see the quote at: https://www.wilderssecurity.com/showthread.php?t=122085&page=6 post #131

 

Rico,

I think we work fine with Nod32, although anything is possible What else do you have, please?

Roger

 

other than NoScript, which i use..... what other extensions are better security?

i currently only use:

NoScript
IEtab
Fasterfox
WOT

firefox works great and very fast, best piece of software on my computer

 

Adblock Plus (subscriptions)
Secure Login

For privacy:
CookieSafe (soon to be replaced by CS Lite)
RefControl
CustomizeGoogle

 

hey lucas,

i forgot to mention ABP, i use that too.

infact, that one is my favourite, i wouldnt use firefox without it now

 

Then, you're fine.
I assume that you're using Dr.Web link checker, right?

 

lol, you would think so right?

but the answer is no

 

Come on you can't leave it there . why not ?