NoScript Allow Scripts Globally

Discussion in 'other security issues & news' started by exus69, Nov 23, 2012.

Thread Status:
Not open for further replies.
  1. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hello,

    Since am configuring my cousins laptop who's not really tech savvy
    I want least interaction possible of him with any security stuff I install
    on his laptop.

    So am installing NoScript with "Allow Scripts Globally" coz I read here
    http://blog.zeltser.com/post/2402546461/no-script-strengthens-firefox
    that it protects the user even if the scripting is allowed. Do you think
    its a good option considering that Firefox is always Sandboxed and the
    contents are deleted automatically after every exit??

    Additionally which other addons do you think will help a noob like him who would prefer zero interaction?? I have Adblock Plus, BetterPrivacy, HTTPS Everywhere in mind. Do you think thats enough?
     
    Last edited: Nov 23, 2012
  2. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
    Unless I missed some new update Firefox is not sandboxed. Maybe you are thinking of Chrome. Also I always thought No-Script set to allow scripts globally did not block anything. I guess according to that article it does. Anyway hopefully others will chime in.

    To make my life easier with No-Script I moved the No-Script icon to my tool bar which makes toggling through the settings pretty easy. I think you should show him how to use No-Script properly. You can always add you most visited pages to allow the domain always. And if something is still not working on a page to allow all this page.
     
    Last edited: Nov 24, 2012
  3. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I think if your going to run noscript globally, you might as well forget it. You could run AdBlock plus which needs no intervention. That would at least block ads.
     
  4. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    211
    Location:
    Greece
    If u use no script with allow dcript globally, u take protection.
    I use it in the same way (allow all) and i take anti-XSS protection.

    So in few words if u install it with the option allow all globally u have anti-XSS protection.
     
  5. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Sorry I forgot to mention I run Firefox in Sandboxie which deletes
    the contents of the sandbox on exit
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Unless I am missing something, allowing NoScript with Allow Scripts Globally (dangerous) is the way it is marked in the NoScript Options under the Appearance tab.

    As Forrest Gump always says - Dangerous is as Dangerous does!

    How long do you think it will be until someone figures out a way around your scheme of allowing scripts globally and taking anti-XSS protection?

    Advice is cheap - don't be a Gump!

    -- Tom
     
  7. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    211
    Location:
    Greece
    Maybe because my avast scans scripts globally?
    Not allowing scripts globally is a false sence of security.
    For exable u trust youtube and u run the scripts in that site, no script will not protect u , when someone hack the site.
    Let the scripts deal with ur antivirus.
    Advice is cheap-But no gimmick.
     
    Last edited: Nov 24, 2012
  8. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    The user in this case is a noob and not a tech savvy person and he made it very clear to me to install whatever security stuff I want but it should not be based on him making any sort of decisions whether to 'Allow' or 'Deny', 'Yes' or 'No' etc. etc. He told me that he would rather spend more time on his work on the computer rather than spending time on making decisions about the security of his comp.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Whitelisted Firefox is still good for protecting against XSS and Clickjacking and other attacks like that. For an every day user who doesn't want to be clicking "allow" and "deny" all the time I'd just stick with Chrome.
     
  10. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    NoScript with scripts allowed globally is a no no. There is a reason '(dangerous)' beside the option in the General tab in the NoScript options.:rolleyes:
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    From: http://noscript.net/features

    ..so although "not recommended", it still offers some important protection. And since this setting will work with blacklists, tlu's "special service" :) blackilist might be a nice way to augment it.

    https://www.wilderssecurity.com/showpost.php?p=2083653&postcount=125
     
  12. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Thats really awesome :) Thanks a ton wat :) Some quick questions:

    1) How do I update this blacklist?? Ask tlu in future ??

    2)How is this blacklist different than something like Ghostery/ABP addon??
    Dont you think it'll make them superflous ??
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    You're welcome! Every time a site is marked as "Untrusted", it's added to the blacklist. You might want to read this short thread which explains the main advantage of using a blacklist, basically how tlu explains it as well. Essentially it is:

    You do have to be careful, however, not to add something required to the blacklist.

    Sorry, I don't know the answer to that. The fewer the add-ons, though, the better for the browser in terms of stability and security. Personally, I like NoScript & AdBlock+ only.
     
  14. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Thanks wat. Importing untrusted blacklist is a MUST in case of "Allow Scripts Globally".
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Great point, I had forgotten about that advantage :thumb:
     
Loading...
Thread Status:
Not open for further replies.