Question: What do you all think in regards to Javascript? Now, with Firefox, we have the option of using Noscript. NoScript can be a little complicated, and perhaps annoying to have to click through. But, with it, we can allow only a specific websites own script, leaving advertising, tracking, and, possibly, malicious scripting disabled. Usually when I was using NoScript and surfing, I would see several scripts from various domains waiting for approval. Not knowing what was what, I tried hard to just enable the script from the single website I was viewing, being very careful in enabling scripts one by one until the website worked as it should, leaving the rest disabled. As I understand it, with the exception of a certain addition to Opera that provides SOME abilities of NoScript, but not all, with the browsers I consider "mainstream", Javascript is either on or off. Off of course disabling most websites out there, completely on resulting in increased risk of exploiting code running. Keep in mind this isn't a subtle attempt to start a Firefox praise-a-thon, I simply wonder what is thought about the limited ability to control scripting in most other browsers, and how that relates to their status of most secure vs least secure.
That's a good question. You can surf a fair bit though with the JS disabled as a precaution & just engage it when you need it. I know a lot of the K-Meleon guys do this. In fact you just toggle JS with F7 in K-Meleon, I tend to do a lot of research in KM & I can follow a lot of hyperlinks & read webpages even without the JS enabled. If I need it & I am sure the site is safe I can just engage the JS & re-load the page. Even NoScript can't tell you if the page is actually safe!
Yeah, I suppose just toggling the JS on or off is a little primitive compared to NoScript. I believe there is a NoScript version for K-Meleon, but it isn't very popular with KM users. I actually experimented with NoScript in Firefox & SeaMonkey once. If they ever get around to fixing bug #510985 (Ajax Script) I might try it again in the FoxMonkey with ABP thrown in for good measure. I can use Site Advisor with Firefox as well. That & the fact that Firefox is covered by SpywareBlaster & automatically virus scans downloads would make a pretty good security system. It would just be difficult for me to give up Opera though!
I gotta admit me and Opera 10.52 are getting along pretty well. I suppose as long as there aren't any vulnerabilities, Javascript exploits won't do very much.
in response to those suggesting a linux live cd. A question came up about this in the security section of ubuntu forums. They warn that a live cd can be less secure than a full linux install simply because it doesn't have all the updates.
About opera and javascript... I use opera's site preferences to allow/deny javascript per site. In case you're not aware of it, Turn off javascript then for each site you want to allow right-click the site then click Edit Site Preferences... select the Scripting tab then check Enable JavaScript. That way javascript will only be enabled for the individual sites you select.
Question. At this point in time would chrome be a simple way to prevent a lot of malware? I'm thinking of making this the default browser when I have to help people reformat. The built in sandbox sounds nice because I don't have to worry about another application or teach them how to use it. Edit: I also wanted to ask how complete is the "blacklist" that chrome uses? This could be very valuable to prevent crap before it ever happens anyway.
I aint really sure, but i got told SRWare Iron was the safest, many people say chrome because of the sandboxed feature and others say firefox because of all the addons etc.
Remember, web-browser is not the only security factor of online banking. DNS, Zbot and other banker trojans (and a simple HOST file modification) can work regardless of the browser being used.
I've heard some bad things about WOT. It seems to slow things down a bit and your browsing info is all channeled through them I think.
I'm using WOT as well but theoretically there has to be a "slowdown" however invisible it is on a fast internet connection. As for their knowing about every link we click on, we asked for it by installing WOT so that can't be made into something sinister. Plus, one can always disable it at will.