Does EMET = no need for NoScript?

Discussion in 'other anti-malware software' started by stueycaster, Feb 1, 2011.

Thread Status:
Not open for further replies.
  1. stueycaster

    stueycaster Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    293
    Location:
    Indianapolis
    I'm trying out EMET (Enhanced Mitigation Experience toolkit). I've set it to block Java exploits. Do you think I could get rid of NoScript? Using NoScript is a bit of a pain but I absolutely can't bear the feeling of surfing the internet and allowing whatever javascript I run across to do whatever it wants. I've run into too many Click Jackers lately. Also I've had to fix too many of my friends computers because they caught a virus.
     
  2. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    If you remove NoScript, what will you do about Flash/Silverlight, IFrames, webbugs and cross site scripting, amongst other things? Also,How will you differentiate between trusted and untrusted sites?

    EMET is a useful adjunct for security, but it doesn't replace Noscript in firefox.
     
  3. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Hey you guys, could you please tell me the benefits and the asspains of using NoScript? Plus is there a version for Chrome?

    Thanks! :D :D :D :thumb: :thumb: :thumb:
     
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    personally, i think NoScript is a PITA.
    it's a kind of HIPS for java script.

    yeah, i think there's something similar for Chrome, it's called Not Script or somesuch.
     
  5. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    What setting is that ?
     
  6. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Thanks mate! :D
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Add the executables from Java to the protected applications list ;)
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Most browsers interpretate the javascript through their own engine, EMET-ing Java does not add protection. It is confusing though Javascript, Java, Java 2 Enterpise Edition, etc.
     
  9. stueycaster

    stueycaster Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    293
    Location:
    Indianapolis
    Thanks for the answer. I'll definitely keep it. Like I said, I feel naked without it.

    NotScript in Chrome is a very poor copy of NoScript. With NoScript you can control each java element on a page individually. With NotScript all you can do is enable or disable java for the whole page. That's why I'm so stuck on Firefox.

    I also use Web of Trust. It shows me on the search page if a site is unrtustworthy. I just don't go there.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Java; Javascript

    Obviously, adding Java under EMET protection won't prevent web-based attacks that need javascript enabled.

    To prevent attacks via web browser, add the web browser process under EMET protection. Considering you use Firefox, also add the plugin-container.exe which handles plugins in Firefox.

    To make life even harder to the attacks keep NoScript.
     
  11. stueycaster

    stueycaster Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    293
    Location:
    Indianapolis
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    But, that will only mitigate Java exploits, not javascript. Yes, add Java as mentioned; but, keep NoScript, because it allows you to control javascript, among other things.

    -edit-

    Considering you're using Firefox, regarding plugins like Adobe Flash Player, you only need to add plugin-container.exe to EMET, which will handle Flash Player.
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When you run your browser (e.g. IE8 or Chrome) in protected mode AND protect it with EMET2 and use TrendMrico Browser Guard (for javascript containment) and 1806 trick (in IE8/9), I have not been able to breach this. PS I am willing to test any javascript based exploit written by Giorgio ;) only not using Firefox

    This article may be old, but still a nice read. http://www.devarticles.com/c/a/JavaScript/JavaScript-Security/
     
    Last edited: Feb 2, 2011
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Java and Javascript are 2 different things....don't get confused over that.

    Whether or not you 'need' NoScript is hard for anyone to judge...you've got to decide that on your own. As far as I'm concerned, there are 3 different school of thoughts (or 'camps') on the matter:

    1. Those who find it redundant in terms of 'security' aspects when put into practice. Wladimir Palant is one of them.

    http://adblockplus.org/blog/usability-vs-security
    http://adblockplus.org/blog/blacklists-whitelists-and-security

    2. Those who find it essential or highly recommend it for 'security' purposes. Of course, Giorgio Maone is one of those.

    There was this thread where the 2 of them 'debated' upon this issue. You can look at it starting from this post:

    https://www.wilderssecurity.com/showpost.php?p=961785&postcount=3

    3. Those who use it for purposes other than (or apart from) security. These are the ones that acknowledge it's usefulness and yet realize it's not an end cure for everything. They don't necessarily think it's a 'must-have' for security but recommend it for those who're willing to gain a bit of control for whatever reasons thinkable. I believe our member, Mrkvonic is one of those.

    http://www.dedoimedo.com/computers/noscript-use.html
    http://ask-leo.com/is_javascript_dangerous.html

    I have also written a (long) post to clear some NoScript misconceptions here:
    https://www.wilderssecurity.com/showpost.php?p=1812239&postcount=35

    In short, the answer lies within you.

    As for EMET, plain and simple - it's useful so keep it if you want (recommended). However, it doesn't serve as a direct replacement for NoScript or any other JavaScript (and other stuffs) blocking capabilities within any browser or any add-on for the matter. Right....I'm including Chrome, IE, and Opera here too in this list...
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not really a misconception. I guess it depends on how someone views it.

    I view it from this angle: Unless the user* knows which domains/URLs should be white-listed at a given moment, and here I'll be merely focusing on javascript, then I'm pretty much sure everything will be white-listed, before the user decides not to want it any longer.
    I've tried that avenue in the past with relatives and friends, when I made them run Firefox with NoScript ~3 years ago.
    I must confess that I never really looked at it to see its full potential, but all I really cared, within the context it was needed for, was for javascript.
    They always had to have a trial and error approach with it, so that they could white-list javascript for trusted domains. In the end, 99% of times they would end up enabling javascript for every domain in NoScript.

    That's why I mentioned the word placebo in the thread you mentioned, in my quoted comment.

    Which is why I soon started to look for something that would actually prevent attacks relying or not on javascript to be enabled, without breaking web browsing experience; this meant javascript to be fully enabled, only preventing attacks relying on it and other type of attacks, as well.

    * I'm speaking in general terms, obviously.
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If you are concerned with this, maybe some research into how Rmus does things would give you yet another option.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.