Best Advice to give to a Newbie noscript user??

Discussion in 'other anti-malware software' started by tamba1, May 8, 2008.

Thread Status:
Not open for further replies.
  1. tamba1

    tamba1 Registered Member

    Joined:
    Jan 13, 2006
    Posts:
    54
    Location:
    UK
    Hi I am TRYING to help a friend wise up to the dangers of surfing wihtout decent security.

    I had installed FF and some addons and we are supposed to be having an "education" session this w/end and they would not ve needing to use the laptop this week anyway.. BUT in the meantime they needed to use one of their online supermarket sites , they opened FF forgetting they had not been shown around it etc and tried ordering .. They managed to get as far as the pay now page and noscript stopped them making a payment.. They got so frustrated that they closed FF and opened Internet explorer ( no they have not been shown IE tab yet, was planning on doing that this we/e with them as agreed) and they said "it was fine using IE as the order went through no problems unlike the prbs I was having in FF, it took my credit card details quite happily!"

    Hmmmmmmm I could scream BUT it's not their fault they are not very IT security minded, hey we all started somewhere.. I feel bad as I had not gone through things but we HAD agreed this weekend was the best time for them...

    Thankfully thankfully they do have norton (NIS) installed and although I personally do not like it it IS MUC better than NO security ..

    So does anyone have any gr8 advice for introducing them to noscript and what to do when certain web pages /features "won't work or load correctly" - or maybe there is another application that you feel would suit their needs better..

    I have been using noscript for a while now and since doignn so have had no issues get through- so am grateful to have found it ..

    Many Thanks
    tamba1
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    I am going to make a distinction. A newbie noscript user and a newbie period.

    I am a newbie to no script and it drove me nuts. I've turned it off. Your friends are likely to do the same. I am not worried as I run all browsers in Sandboxie. With the paid version(it's very cheap) you can configure it so they are safe, it's easy for them to learn, and they can use IE with confidence. If you want more info PM me.

    Pete
     
  3. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    I'll second what Peter said. I surf a lot and it just drove me mental. I'm a paid up member of Sandboxie and it is so much less hassle.
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    But, with Sandboxie, your still vulnerable to XSS attacks.
    So, one option is use sandboxie, and NoScript set to allow scripts globally...This way, sandboxie protects your from scripts, and NoScript protects you only for XSS.
     
  5. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    among other things... sandboxie (or for the most part any type of sandbox) may help keep things from getting in but it won't stop information from getting out... intrusions are only part of what one needs to guard against, there's also extrusions to worry about...

    better, i think, would simply be to learn to add sites you trust to noscript's whitelist as needed...
     
  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Sometimes people don't want to learn, or end up allowing all sites anyways... or end up using IE... In this case I think it would be a fair solution.

    I agree that it's best to learn, but when people don't even care about keeping an updated AV, they certainly won't be learning how to safely use NoScript.
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Its easy to add sites to NoScript's whitelist, but IMO it can get repetitive and annoying if you visit lots of different sites where you want JS enabled.
     
  8. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    well, you can lock down IE in a similar way to noscript by disabling all active content (and probably just about everything else) in the internet zone... really, the best thing about noscript is that it's easier to add sites to it's whitelist than it is to add sites to IE's trusted sites (and it's easier to see which sites might need to be added)...

    well, i have another solution for people who don't care to learn how to protect themselves... please ask them to send all their money to me... after all, i'd take much better care of it than the bad guys would... of course they still wouldn't have it for themselves but at least it's not in the hands of bad guys...
     
  9. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    130
    Location:
    USA
    I find locking and unlocking IE a PITA - NoScript, and AdBlockPlus with FireFox is so much faster and easier to let things in or not.
     
Loading...
Similar Threads
  1. max2
    Replies:
    16
    Views:
    1,101
Thread Status:
Not open for further replies.