Script Defender for Chrome

Discussion in 'other software & services' started by ichito, Oct 31, 2013.

Thread Status:
Not open for further replies.
  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Today I found interesting Chrome's add-on called Script Defender that is brand new for me. Someone has any opinion?...experiance?
    -https://chrome.google.com/webstore/detail/script-defender/celgmkbkgakmkfboolifhbllkfiepcae
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx for the head's up ichito! :thumb:

    you must be the first person to notice this plugin as it was uploaded to the Chrome Store only 2 days ago.

    i'm gonna give it a try later on this morning.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  4. guest

    guest Guest

    Anyone wants to test it?
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Ding-Ding-Ding!

    ladies and gentleman, we have a winner! :thumb: :D

    i've tested it with the sites you supplied above.

    i have just tested it for a few minutes but i think this is the first javascript blocker that actually works in Chrome!

    i will have to test this some more over the coming days and get used to the UI.

    maybe someone beside me can report as well and share their findings.
     
    Last edited: Oct 31, 2013
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    First, thanks for the heads up, ichito! :)

    I ran the battery of tests twice, and it blocked them all successfully both rounds. In the first round I temporarily allowed the scripts, then disabled them and the plugin seems to work as intended, but it's still early, maybe a bug will or two will rear its ugly head, but so far so good :)

    You may be right. It looks pretty darn good in the early going. Keeping fingers crossed ;)
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    this could be the Holy Grail folks: Chrome and its sandbox with a javascipt blocker that actually block things! :p
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    It is enforcing the settings under Chrome's javascript Images settings. Blue icon means Allow, white icon means Block.
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i noticed one has to use the Chrome setting page to manage the White and Black lists.
    i'll see how easy that is to manage...

    there's a lot of buttons and functions to learn.
    that should be paradise for a geek like me. lol :D
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I've found the settings that are enforced by the plugin are not manageable in the settings page. They can only be managed via the plugin drop-down menu. There's also a whitelist/list under the plugin's Options setting where they management can also be done.
     
  11. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx m8!

    i'll play with this for a couple of days to see how it fare but so far so good. :)
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    here is a mini tutorial i came up to ease people into using this plugin.

    Image 1.png

    above you can see the blue shield icon for Script Defender and the drop down menu.

    i have no idea yet what the icons in section #1 do.
    the program/addon works fine without playing with those.
    i'll have to look into it later.

    #2 takes you to the Option pages which i will get into later.

    #3 is the global toggle group

    #4 is for the website you are currently viewing.
    can also be used to temporarily allow/deny websites and other 3rd party scripts.

    for example, i have white-listed Wilders Security, which is why section 4 has blue buttons.
    you can of course manually override a white-listed site with those buttons.
    ------------------------------------------------------------------
    the second image below shows the Option page (#2 in the first image)

    as you can see, i chose not to globally block Images.

    the Whitelist box is the list of websites that are permanently whitelisted.

    the list box contains BOTH permanent and temporary allowed/blocked websites, in a nutshell.

    to clean up the temporary sites click on the red Clear All button.
    permanent websites can be deleted from the Whitelist, then by clicking the Save List blue button the list box will get synchronized/cleaned up with the Whitelist


    Image 2.png

    -----------------------------------------------------
    anyway, i think this addon is well worth looking into.
    i really like it. :thumb:
     
    Last edited: Nov 1, 2013
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Okay glad you finally have a extension working, but o_O

    .... using a deny/block showed script sign, pluf-in sign (flash) and cookie sign

    .... simply clicking the icon made chrome add a website to the whitelist (depending on icon in cookie, flash or javascript)
     
  14. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Not using chrome now, but I would guess quick access to the settings page (the image icon for toggling images, javascript icon for javascript, etc)
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Chrome javascript switch is a 'all or nothing' affair.
    meaning if you allow a top domain all 3rd party scripts will run.

    Script Defender can block cross-site scriptings and has way more granular control.
    it's almost as good as NoScript, imo.
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Agreed!

    Not available atm to play further, but will check it out later. BTW moontan, nice tutorial :thumb:
     
  17. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Okay thanks for the explanation, you feel that the Same Origin Policy implementation of Chrome and the Content Security Policy do not close cross site scripting risks.
    See (easy read) http://www.html5rocks.com/en/tutorials/security/content-security-policy/ and
    (more detailed) https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#syntax
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    for me, javascript blocking is not only about risks and security but to reduce bandwidth-sucking adds, privacy trackers and other sludge. ;)

    apparently, about 40% of the bandwidth we use is to run adds, and other sludge-like stuff. lol :blink:
     
  19. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    glad to help all our fellow Wilderites here. ;)

    beside, i am excited enough about this addon i thought the best way to support it was to help people, since there are no documentations or help whatsoever for this plugin.
     
  20. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Does this extension have a temporarily allow like NoScript and ScriptBlock?

    I've been running ScriptBlock for a while on the wife's PC and have liked it so far.

    Later...

    Bob

    Also, wish there was a Chrome equivalent of Cookie Monster.
     
  21. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    yes.

    read post #12 above.

    i just tried Scriptblock a few minutes ago.
    it breaks a few of the sites in the tests above.

    Script Defender behaves much better.
     
    Last edited: Nov 1, 2013
  22. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Is there any way to import the whitelist from Noscript to Script Defender?
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    it can be done.

    export NoScript list, open the text file and copy the sites you want, them paste them into the Script Defender Whitelist.
    you're gonna have to fiddle with the list a little so the text is formatted properly for SD.

    it would probably be better to paste it into a text editor first, format the text properly, then paste the whole thing into the SD Whitelist
     
    Last edited: Nov 1, 2013
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    As how I read it, while CSP is a nice layer of defense, it looks like it only works if the websites implement it, so addons like this are still necessary.
     
  25. guest

    guest Guest

    Just to clarify...

    1. I didn't provide any links. It's tlu who suggested those links to test if javascript is enabled or not.

    2. ScriptSafe passed all the tests. The 6th one is quite confusing to interpret, but I've seen that site with javascript enabled and it looks like ScriptSafe is working well.

    BTW, the icon looks somewhat familiar *cough-spyshelter-cough*.
     
Loading...
Thread Status:
Not open for further replies.