Shouldn't safe online be protecting me?

im just curious how keyscrambler fails this? i figured its supposed to encrypt ur keystrokes even here

 

SafeOnline works similarly to KeyScrambler - in this test, the keystrokes don't make it into the underlying OS - they are sent from the browser to the browser, not letting any protection from any application take place in the middle. Disabling this ability would break dozens of features in the browser, which is why disabling javascript or mixed conten are the only ways to deal with this.

SafeOnline, KeyScrambler, and any other protection software like them are trying to protect the browser from software on the system. Protecting the browser from the browser's intrinsic functionality is too dangerous because it will immediately break functions that need to work in browsers today.

 

OnlineArmor with RunSafer IE8 blocked it.

 

Try Firefox and or Opera?

TIA,

TH

 

Just run NoScript for Firefox and you'll have no problem with these sort of scams.

 

On Opera just disable JS globally and allow it on single websites that u trust and need JS. For chrome theres this extension with the same functionality:
https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn
Also browsing is so much faster without JS and adds are blocked by 99%.

 

In IE it's "just" a matter of setting the Internet Zone security to High and manually adding sites to the Trusted Sites zone.

it's a bloddy PITA if you ask me...

 

Am I the only one, who is seeing a lot of paranoia in this thread?

It is not really a rocket science to realise that you are not on full https site.

I think even most of the average joes will realise that putting their logins in site where it shows some crossed lock isn't good idea.

Yet, I am amazed to see paranoia amongst security forum users?

And I don't think it is something new....

 

Firefox warns about it and NoScript blocks it if you haven't trusted the site. No problem for me, and if I really want to login I can always come back with IE8 that offers the possibility of showing only the secured content.

 

THANKS!!! Your guidance was the singularly most useful post on this entire thread.

 

Agreed

 

Using IE8 without SOL I got this:

 

Agree.

Would I trust using IE9 and surfing the web against threats, or trusting safeonline's protection?

Safeonline has passed many more user tests. Prevx might 'fail' this test, but protect against 1000 others which are in use and affecting users. Your choice what you want to use.

 

Thanks
I also found out that you can block it with a special rule in ABE of NoScript, but when going from a HTTPS site to a HTTP one, for example when using a SSL search engine or logging into Hotmail, it will also block that, so you have to add all those sites to the exceptions:
http://forums.informaction.com/viewtopic.php?f=10&t=5269&sid=8209e7034665ee14f32d0470064f97d9

 

Problem is when folks start relying on other symbols/icons/usage.
While Firefox doesn't show the blue/green icon and lock, Prevx SOL does show 'green' and a lock icon.

Not hammering on PSOL but reliance on their icons/colorscheme might be counterproductive in this particular case.
Especially for those folks who have learned that if their browser shows green and a lock 'somewhere', all is well.

 

no, point is:
Don't rely on green icons as they may be misleading as you have mentioned.
But at the same time don't do anything sensitive if there is red icon or crossed icon or skull....

see, it IS easy.

 

Any difference between that and Tools > Options > Security > Settings... > I'm about to view an encrypted page that contains some unencrypted information ??

 

In a word, Yes. Why not test it yourself?

 

You can disable javascript for Chrome, globally, as well, and only allow for the websites you wish. No need for extensions for that.

I wouldn't say by 99%, but 90%. At least, that's my own experience.

 

If u disable it globally then some extensions dont work..

 

I have, can't see any difference. That's why I wanted to check with the experts. Sorry I'm not up there with you, if you could spell it out for me it would be really helpful.

Additionally, not everyone wants to be a dragon slayer, if the two acheive the same result some might prefer not to mix it with the dragons.

 

When setting the boolean trigger to "True" you will see the following pop-up warning by FF when visiting the poisoned site (et alia) . . .



Without setting the boolean to "True" the only visible clue of being on a mixed site is that the lock (indicating a secure site) will have an exclamation mark over it. At least that is what transpires with my computer and all 17 of those computers in my granddaughter's computer classroom.

As to dragon slaying -- this is an exercise akin to swatting a fly. No dragons involved.

 

Bellgamin, thanks for taking the time and effort to post. I've been reading and re-reading, changing settings and changing settings again. What am I missing? It still seems to work the same if you do it through Tools > Options > Security > Settings > check 5th box down > OK > OK

After doing that I've been and checked the boolean(??) and that's altered to True as a result.

As you say, no dragons involved but it sure reads scary the about:config way.

Whichever way it's done, I think it's best done, the padlock is tiny and if the Status Bar is disabled it's not visible anyway.

 

True.

But I always image so nothing scares me except keyloggers. Every other computer bleep is merely a minor inconvenience.

 

Noscript can pass this test without disabling Java; on the 'Advanced' tab of Noscript's Options, set 'Forbid active web content unless it comes from a secure (HTTPS) connection' to 'Always'.

screenshot

You can then white-list the sites that you trust on the same tab.