Do you use NoScript ( Firefox Addon )

Discussion in 'polls' started by Joeythedude, Jan 4, 2012.

?

Do you use noscript to handle Javascript

  1. Yes

    91 vote(s)
    52.0%
  2. No

    84 vote(s)
    48.0%
  1. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Do you use Noscript to switch off Javascript ?

    As both "trusted" and "new" website can be exploited ,
    and as almost every "new" site requires Javascript is there any point to it ?

    If you do use it , could you mention if you often browse new sites.

    Edit
    Thanks for the interest and replies
    I'm asking specifically if you use it for blocking Javascript.
    /Edit
     
    Last edited: Jan 5, 2012
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    I use multiple browsers regularly, but use FF for research and industry news reading. I use the NS add-on as a simple form of pre-screening for the site scripting before I temporarily allow them based on their relative threat and what I am doing at that particular moment in time.

    It might be a lazy approach in some ways, but it does filter out the garbage in most cases and allows me to focus in on exactly what I am looking for on a given site as well as a level of control over what does go on initially.

    YMMV
     
  3. guest

    guest Guest

    Yes, but I tweaked it. JavaScript, for example, is allowed globally.

    Reasons:

    https://trac.torproject.org/projects/tor/ticket/3007

    And I browse new sites frequently.
     
    Last edited by a moderator: Jan 4, 2012
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    NoScript does a bit more than blocking javascript. Are you asking if we use NoScript for specifically blocking Javascript or if we use NoScript at all?

    Either way I'm on Chrome =p
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Don't use it at all for anything on Firefox.

    Edit:
    And although this doesn't apply to me, "If you do use it , could you mention if you often browse new sites.", I do visit new sites if I need to but they're mostly boring ones.
     
    Last edited: Jan 4, 2012
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    When Firefox was my browser I used it for a while. I stopped using it as it really made browsing very uncomfortable.
     
  7. wat0114

    wat0114 Guest

    The same here when I used FF; I spent too much time tweaking it and checking WOT reputations.
     
  8. Markbyte

    Markbyte Registered Member

    Joined:
    Jan 4, 2012
    Posts:
    6
    I use FF and Google Chrome. Sometimes, FF ate too much memory.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Nope, it is just too bothersome, pretty much every web page needs it anyway. I prefer adblock, flashblock and popup blocker, which blocks javascripts popups as well.
     
  10. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I use Noscript. I don't find it to bothersome or my browsing experience uncomfortable, most sites work fine with out "white listing". If I find I need to temporarily allow an URL it's only a couple of clicks away. Sites I visit or use frequently (Wilders for example) the URL get permanently white listed. A few sites, like Yahoo! Mail need more than one URL to to function properly, but it's really no trouble once white listed.
     
  11. tlu

    tlu Guest

    Same here. I agree that most "new" sites work without being whitelisted as they are usually readable/viewable (in many cases 3rd party scripting is blocked which doesn't affect the site itself - and by adding such stuff like doubleclick, googleanalytics and so forth to the blacklist you're getting fewer and fewer notifications over time). I find assertions that Noscript doesn't let you comfortably surf the web grossly exaggerated..
     
  12. wat0114

    wat0114 Guest

    You have a point, for sure, but for me it was more a case of not really feeling I could trust many of the WOT reputation scores, and I don't like basing security decisions on guesswork or uncertainty. Also, I reasoned my other system security measures were sufficient to cover what NS does, and then I've since settled on using IE9, so it's now all irrelevent for me anyway :)
     
  13. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Thanks for the interest and replies

    I'm asking specifically if you use it for blocking Javascript.
     
  14. tlu

    tlu Guest

    Yes, I do.
     
  15. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    I'm lazy and I agree, so +1.
    Creating a white- and blacklist doesn't take that much time.
    And no, I don't use it just for blocking javascript (also for the other features) and I do visit new sites frequently.
     
  16. tlu

    tlu Guest

    wat0114, quite frankly, I don't understand this argument. First of all, by middle-clicking a domain in the Noscript menu you get a selection of five services (WOT being only one of them) that help you to evaluate the trustworthiness of a site. Secondly, if some burglars are able to break your front door, does that mean that you leave it wide-open?

    What other security measures protect you against XSS, Clickjacking etc.?
     
  17. wat0114

    wat0114 Guest

    Sure, and that ties me up potentially 5x longer trying to make a decision ;)

    I don't believe I've left any doors, figuratively speaking, wide open.

    IE9 has some form of XSS protection and securing script-initiated windows with size and position restraints, firewall port restrictions for applications, Standard account and AppLocker. I'm also at least somewhat cautious about clicking on links. Historically, for me, I've never been burned this way before, so it makes it hard for me to justify the need to use this approach.

    All I've been doing for the most part is surfing away like a free spirit and nothing evil seems to come my way :)
     
    Last edited by a moderator: Jan 5, 2012
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    EDIT: I realized my post would likely cause some debate about browsers or something...

    Chrome and IE9 have xss protection. Chrome has XSRF protection. Clickjacking is a nonissue, which is something I discussed on the NoScript board.
     
  19. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I used to use it a while ago but ever since i started using sandboxie i stopped using it. Deleting the sandbox contents would remove all the decisions i had made with noscript which became annoying very quickly. There may be a work around but i couldnt be bothered looking into it.
     
  20. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I use it on Firefox & SeaMonkey usually with RequestPolicy. I believe that NoScript can be run on K-Meleon as well.
     
  21. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I doubt that it is a non-issue, otherwise it would be pointless in protecting against it.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Sorry, I meant a nonissue for Chrome =p

    It's kinda like having a flash exploit in Chrome, you still need another exploit on top of that to break into the sandbox. In the case of clickjacking there's another step, first you have the clickjack page, and then you have the first exploit page, and then you have the payload, which needs an exploit to break out of the sandbox.
     
  23. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    Oh OK. So Chrome is clickjack proof?
     
  24. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    i found it difficult to use..;)
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No, definitely not. It's just not an issue. Clickjacking is a method to get the user to an exploit page or a direct download. Since downloads are scanned/ blocked if executable and you would need a plugin exploit + sandbox exploit it's not something to really worry about.
     
Loading...