NoScript

Discussion in 'other software & services' started by Rico, Oct 6, 2007.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi Guys,

    Running FF with 'limited rights' does NoScript still increase security?

    Thanks
    Rico
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,123
    Location:
    Pennsylvania.
    Yup. ^_^
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Good question as I'm running Firefox with DropMyRights and NoScript. I wonder what the truths are?
     
  4. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    One option in the current build is to check for fake Websites is i guess a replacement for the good old SPOOFSTICK !

    Huub.
     
  5. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi Guys,

    I use DropMyRights for FF & believe NoScript would add very little protection.

    Take Care
    Rico
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    NoScript is better for the following reasons:
    - It stops drive-by attempts right in the browser. Your system never executes anything unauthorized.
    - It's a whitelist-based solution.
    Don't forget that you're still running under an admin account. If a certain piece of malware manages to open another instance of the browser outside of the limited one, it will run with full admin rights.
    It's better to have the two layers, a whitelist in the browser and a browser with reduced rights. The layered approach is the key ;)
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi Guys.

    Thanks Lucas! I'll give NoScript a try.

    TakeCare
    Rico
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    A few tips:
    - Only whitelist sites which you really trust and visit very often. For the rest, use temporal whitelists.
    - Extend NoScript control to plug-ins.

    Also, I've omitted that NoScript is the only solution to XSS. XSS isn't used to download malware, but it may be used to steal private data.
     
  9. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    using 1.1.7.2 but can't see how it checks for fake web sites and spoofstick won't work with 2.0.0.7. could you explain more ?
     
  10. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi,

    On no script options, i ticked 'allow from bookmarked' option & still had to due multiple allows. How would you know, the site is bad till you allow it.

    Take Care
    Rico
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    For general browsing, you don't need Javascript and/or active content to be enabled. The only way to know if a script is malicious is to look at the source of the site. Neither you or me are qualified to do this.
    So, I browse with scripting/active content disabled and very few sites whitelisted. If I come across a site which needs scripting, I use Link Scanner Lite to look for malicious content and then I enable the necessary scripts temporarily. I never enable scripts which looks obfuscated/very long to my (untrained) eyes.
     
  12. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Hi Longview,Don't know about the earlier 1.1.7.2 but i am on 2.0.0.7 which under security tab there is the option to let FF check for fake sites with a downloaded blacklist,yes this is a lame one at best but better this then nothing, Second option is to activate that Google in my case checks for every URL i visit, this is better but you have to accept the phoning home thing for Google to survey this info.
     
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    yes I'm on Firefox 2.0.0.7 as well not noscript version is 1.1.7.2
    I thought you meant there was some option in Noscript. Think I will try the google option - Phoning home doesn't worry me
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Apart from the security aspect, Noscript has one big advantage - pages load much faster without the bloated dynamic content; pages are much calmer and soothing to the eye without flickers and flash animation.
    Mrk
     
  15. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi Guys,

    Well I still don't like the endless 'allowing' from my bookmarked sites. Many new sites require scripts & am unsure as to block/allow. Ok! Thought I'd try 'LinkScanner' to determine whether to allow/block. But if 'LinkScanner' is the decider then why or what purpose does NoScript do? Or why not just uninstall NoScript & go with Link? But so far, with my system 'LinkScanner' causes nothing but problems & is close to BSOD.

    NoScript vs ScriptSentry? Are these basically the same except for white/black lists?

    Take Care
    Rico
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yep, Web 2.0 sites require too much scripting, but usually the scripting is only needed for the advanced functions.
    In these sites, you should use temporal whitelist.
    It isn't the only decider.
    -
    - Only tool against XSS
    - Link Scanner might fail.
    - NoScript offers a better control than simply enabling/disabling scripting globally (default Firefox behaviour)
    Link Scanner Lite shouldn't cause problems, because it doesn't hook winsock as the Pro version does. This hook is what might cause problems with security software (NOD32's IMON for example)
    They are very different tools. ScripSentry (and ScriptDefender, ScriptTrap, etc) intercepts extensions commonly associated with scripts interpreted by WHS. Scripts in webpages are interpreted by the browser, so those tools are useless.
     
  17. rogert30062

    rogert30062 Registered Member

    Joined:
    May 1, 2006
    Posts:
    68
    Location:
    Atlanta
    Hi Rico,

    LinkScanner is causing you problems? I'm sorry about that. What sort of problems?

    Roger
     
  18. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,695
    Location:
    Texas
    Hi Guys,

    Then LinkScanner is the only 'decider' as you allowed script based on its decision. So why not just use LinkScanner?

    Hello Rogert30062,

    I downloaded LinkScanner Pro ver 2.6.6.0090.7 > made restore point > closed all tray icons (includes NOD32) > install LinkScanner > reboot

    Problems:

    1. One-ClickAnswers did not start correctly & needed to shutdown.

    2. Microsoft Visuall C++ Runtime Library, error involving Roxio

    3. IMON error

    4. RPC service error

    Note I was not quick enough writing the error messages, as the last window was a countdown window for windows to restart.

    My Solution:

    When windows started rebooting from this disaster press F8 > uninstall LinkScanner > use the restore point.

    My Concerns:

    1. Does NOD32 now need to be uninstalled/reinstalled?
    a) If so how to save NOD32 current config.. Last time with LinkScanner
    I could not sem to save the config, yet it's supposed to be possible.

    2. Previous versions of LinkScanner Pro with Comodo FW active, all grey '?'
    marks, for search results, turn FW off LinkScanner, & search results were
    ok, but very very slow.

    So reading that the grey '?', were history with the new version + several folks from your company saying NOD32 problems are history, I gave LinkScanner another try.

    Take Care
    Rico

    PS. Regarding NoScript Hermescomputer makes a very good comment see the quote at: https://www.wilderssecurity.com/showthread.php?t=122085&page=6 post #131
     
    Last edited: Oct 8, 2007
  19. rogert30062

    rogert30062 Registered Member

    Joined:
    May 1, 2006
    Posts:
    68
    Location:
    Atlanta
    Rico,

    I think we work fine with Nod32, although anything is possible :) What else do you have, please?

    Roger
     
  20. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    other than NoScript, which i use..... what other extensions are better security?

    i currently only use:

    NoScript
    IEtab
    Fasterfox
    WOT

    firefox works great and very fast, best piece of software on my computer :)
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  22. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    hey lucas,

    i forgot to mention ABP, i use that too.

    infact, that one is my favourite, i wouldnt use firefox without it now :)
     
  23. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  24. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    lol, you would think so right?

    but the answer is no ;)
     
  25. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Come on :D you can't leave it there . why not ?
     
Thread Status:
Not open for further replies.