Efficacy or benefit of NoScript on Linux?

Discussion in 'all things UNIX' started by Daveski17, Oct 12, 2014.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    This is a bit of a noob question, but is the efficacy or benefit of using NoScript in Firefox on Linux worth it? Would it really make Ubuntu 14.04 LTS genuinely safer for instance?
     
  2. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Yes. Some browser-based attacks are platform independent, such as phishing and scamming site.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Worthwhile in my experience. I've seen web-based exploits (limited to the browser) that affect Linux; Noscript would generally stop them. Also puts the kibosh on things like Evercookies in some cases.

    There are probably different schools of thought on what configuration is best, but in general I think it's prudent on any OS to not be rendering Javascript, IFrames, etc. from untrusted domains.

    Edit: also a lot of nasties are still served up through malvertising, redirects, injected third-party content, etc., so it just reduces your likelihood of being affected should anything targeting Linux show up in the wild...

    Other considerations:
    - I've seen 3rd-party JS used a lot by ad services. If you find targeted ads creepy and/or annoying, Noscript may help.
    - Bloaty web pages render a lot faster with Javascript disabled.

    Short version: it's not perfect but IMO it's very much worth it.
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    OK, thanks both for the replies.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    NoScript and Adblock Plus are the essentials.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Yes, I have them both.
     
  7. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    I would use adblock-edge instead of adblock plus, if you're on firefox. If you're on chrome, microblock (ublock).
     
  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I have used ABE on Windows, I did actually prefer it now that I think about it. I've heard a lot of good things about ublock as well. I will have to check them out on Linux.
     
  9. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    Ya, ublock is a godsend. It's made by "gorhill"(He's a user in this forum), which is also the coder of HTTP Switchboard. HTTP-SB is the equivalent of Noscript for chrome, though I do prefer the "matrix" style of HTTP-SB.
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Sounds great. I don't use Chrome much but it can be useful. I switched to ABE on Firefox in Ubuntu.
     
  11. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    And of course with browser exploits you have to also think of Flash, Java and other plugins which Noscript would also help block from auto loading as soon as you hit a page. I want to say that with most rouge sites, such as like with an exploit kit, they're made to first check if the system will even run the exploit as its being exploited. And since most are written for Windows, just using Linux does prevent a lot of that stuff. And also even if they get through, then if you use SELinux or Apparmor then that should stop them from going further I believe. That's my understanding anyway. But Noscript is such a great first line of defense that if you know how to use, then why not use it?

    Also just better to stay in the habit of using Noscript than not. It's so second nature to me now that it'd feel weird to not use it.
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
    The benefit of using NoScript with Firefox is more than you can imagine. I routinely visit a particular website with a number of my Firefox privacy add-ons disabled, but not NoScript. The most common occurence is XSS (Cross-site scripting) that NoScript monitors and advises me that has created a Console log. Mind you these are servers which the organization claims support for only Windows and Mac OS platforms, but not Unix/Linux. They probably do not do any quality control of what gets put up on their website (by using Firefox with NoScript) as they are intensely advertising and marketing driven by their corporate relationships which means that they get paid for users that click on their pop-up advertisements.

    While NoScript protects me when I visit that particular website, I wonder what happens to the tons of other users whom either do not use Firefox with NoScript to protect themselves, or if the browser they use is compatible with NoScript so they can at least be shielded from XSS attempts by using NoScript. For those not able or willing to use NoScript for any reason, the sheer number of privacy intrusions must be enormous on that and other websites.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What about AdBlock? I use it on chrome. Any other option that HTTP switch board for chrome?

    Thanks
     
  14. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    According to this thread, ublock is better than adblock plus.. An alternative to HTTP SB, I'm not sure.. Some time ago there existed an extension called "scriptno", or something like that, for chrome. Not sure if still exists. Either way, I bet HTTP SB is better.

    Again, their creator is a wilders member and he seems to be pretty nice answering questions. There's both a thread for ublock and HTTP-SB.
     
  15. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Are there many flash and Java exploits affecting Linux?
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Interesting, thanks for the reply.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sorry i wanted to ask about AdGuard?
     
  18. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    238
    Location:
    Neo Tokyo

    Highly debatable which one is Better, in my personal experience I've seen much more ads and pop-ups using ublock (Yes even with latest version 0.7.0.5.) than when i use ABP. Benchmarks and tests are one thing, real and everyday use is another, also here we're talking about Firefox and NoScript. Let's stick on-topic please.
     
    Last edited: Oct 13, 2014
  19. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    i was looking for noscript threads, and i stumbled upon this thread. Sorry, to bring this old thread now..

    @Nanobot, you might want to create a bug report entry for the list of sites where you see ublock does not block and ABP does, Unless you have different filterset in ABP.
    Technically it should block same or more than ABP, as it supports the most of the ABP filters and extends it. And also the support of host files :).
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Noscript is not just about security, it's about peace and silence when browsing, and that's true for Linux, too.
    Mrk
     
Loading...