I want to know if installing a scriptblocker in my browser will help to protect my credit card credentials when I make an online purchase. If I understand right, such credentials are often harvested from infected sites. This makes me think that the attack takes place after the data has already left the browser, in which case, how will a scriptblocker help?
Certainly it is additional protection especially if you block third-party scripts and frames by default.
I believe it depends on the type of scriptblocker that you're using. For example uBlock is focused on blocking ads and trackers while not trying to break website functionality, so it mostly blocks third party scripts. But you also have NoScript which is way stricter because it tries to block first party scripts, but the downside is that it often breaks websites, and you will then keep having to finetune rules per site. Most people won't bother with this, and it's not even sure if it will block malicious scripts, because most likely you will have to allow them on online webshops. It's best to not use any credit cards, or at least switch to virtual credit cards. You could also use PayPal and in Europe we use this system named iDeal which is quite secure because you always need to have physical access to your PIN/debit card when making payments on PC devices.
This is not really true. Yes, by default Noscript blocks first-party scripts but uBO can be configured accordingly which blocks all scripts and not only 3rd-party scripts like when using Dynamic Filtering in Medium or Hard Mode.
to make something clear: infected pages are infected.see: Cross Site Scripting (XSS) you dont have any chance to correct it because you only see the server and the malware script is injected into the server. locking the browser only to first party scripts as described above do not change anything behind the attack. concerning injected scripts from other sources second/third party blocking is usable what a script blocker can check, based on its filtering lists, if a script contains questionable keywords or based on its name. finally - if you do not trust the server or vendor, dont buy there.
Right, and this is why using Medium or Hard Mode in uBO is a good protection. Yes, that's another advantage of uBO. In Noscript you can only allow/block scripts for specific sites - it's not possible to allow/block specific scripts like in uBO (either via filterlists or by inspecting them via the logger).
to enlighten other users https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode my config something between those two. medium is ok from my view, hard mode need too much fine tuning, but not in the right table, more on the left side. and some are blocked by default here, from image, eg. doubleclick
Make noop rule (turn red to gray) https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide
Yes of course it also has got these capabilities, but my point is that uBlock's main goal is not to block first party scripts since it would break most websites like NoScript does. So yes, blocking first party scripts makes browsing more safe but it comes with a hefty price. Yes, good point. I never really understood this, but if the server itself is infected then I'm also not sure if blocking scripts on the endpoint would help in the first place.
Some of us like yours truly DO bother with the extra effort on NoScript. In my Chrome Browser many times its as simple as clicking the temporary load the blockages and it instantly refreshes the web page that it smothers and blocks. If it ever gets to be too much I might choose to turn it off because as you say @Rasheed187 it is soundly more stricter, which I find appealing but probably not that much necessary in tandem with uBlockO.
See @Azure Phoenix ' reply. You should read this wiki site as well. FWIW, here's how I use Dynamic Filtering. If you don't want to use Hard Mode, omit the first step. If you don't want to block 1st-party scripts, don't enable that setting. uBO is very flexible.
