Is there any malware that bypasses noscript?

Discussion in 'other anti-malware software' started by jo3blac1, Jan 30, 2013.

Thread Status:
Not open for further replies.
  1. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Just curious how effective NS really is. I have it enabled for all websites with exception of those that I know are malware free (gmail, hotmail, google news, etc...).
    So what do you guys think? Is it possible for any website to bypass NS?
     
  2. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    Circumvent: surely possible. Trojans, phishing, engineering, vulns.

    Bypass. Things like the xss filter or click-jack gear should be able to be bypassed and have been in the past. Too many odd ways to execute JScripts.

    At the core prevention--blocking JS and plugins--you have deep coverage as it would require the malware using those tools to exploit your machine. Would it be possible to bypass this? If you mistrusted a plugin, that would be most obvious problem and where NS lacks most; you must run scripts to make pages functional again, otherwise, it would likely be from vulns in the browser itself. So attacking the browser, extension store, or other extensions via an overflow using acceptable parameters for example could bypass it, but I've never seen this in the wild or PoC and doubtful such holes would remain unpatched for too long or be created in the first place.

    Noscript works well because it kills the tools malware designers use and use most often. Its weakness is in that you must turn it off in order to gain content but can't ensure that content is safe. However, that shouldn't be considered a "bypass" IMO although the end is the same: an exploited computer.
     
    Last edited: Jan 30, 2013
  3. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    NoScript is very powerful. I've seen researchers who try to bypass XSS filters in browsers have a lot of trouble trying to bypass the NoScript one.

    Unlike browser filters, NoScript cares far more about security and far less about compatibility. So the filter is very strong.
     
  5. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    interesting. good to know because i can really trim down on some security. most of my browsing is just to maybe a dozen of known safe websites, everything else is just Google searches during which I never disable NS.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    NoScript is as powerful as the one who's in control of it. If you don't allow malicious content, it won't allow malware. Allow only the content you need to view. It's that simple.

    In this case, NoScript is all you need.
     
  7. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    It can be bypassed but as others have said it's very hard.

    Why haven't they ported No-script to Chrome btw?
     
  8. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Well, im keeping NS and MBAM Pro just in case.
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    It has to do with some of the bad stuff that gets blocked by NoScript that don't make Google happy.:D

    Bo
     
  10. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    You're absolutely right Bo.:D:thumb:
     
  11. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    I agree.:thumb:
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    it's the only pro-active security i have been using for the last year.

    not only does it help a lot with security but it cuts down on the bandwidth sucking adware/trackware sludge.

    i read not too long ago that 40% of a user bandwidth is devoted to running that crap.
    tnx, but not with my computer. lol
     
  13. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Thats the reason ive switched to cyberfox amongst others just to use noscript and it blocks a ton of crap from webpages.o_O
     
  14. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    That's why I run the trinity: NoScript + Request Policy + Ad-block Plus. Throw in a good sandbox to catch anything should it get through and you should be pretty darn solid. I'd imagine that drops the risk of infection down considerably even without real-time protection av/am/as. I employed this setup on my parents computer for a year without problems.

    My father complained about NoScript enough that he decided to disable it. Just disabling that one add-on, even with sandboxie lead to massive infection. Not because sandboxie didn't trap, but because he knows how to recover content from within the sandbox. People are resourceful, so I wouldn't say the above setup is advised unless you practically kiosk or admin restrict the entire setup.
     
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    @Techwiz
    I've tried trinity many times. But RP is just too much hassle. :D
     
Loading...
Thread Status:
Not open for further replies.