ScriptNo Efficiency Questions

Discussion in 'other software & services' started by Brandonn2010, Aug 12, 2012.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I am debating again whether to use ScriptNo again. I have 3 questions regarding it:

    1. Does it block all scripts at first on a page, or only after selecting block or whatever and reloading the page? I believe it does block on the first time because some pages that worked before adding it didn't work after installing it.

    2. The goal of it is to block malicious scripts. Do most or all malicious scripts show up as separate scripts, or are they injected into existing scripts on the page? For example, say I wanted Facebook to work properly, so I selected to always allow Facebook's main script. Would that be safe, or if Facebook was compromised with a malicious script, would it be the main Facebook script compromised so it would then be allowed? Sorry if that's hard to understand what I'm asking.

    3. Are most drive-by downloads caused by malicious scripts running when you go to an infected page? Would using ScriptNo end almost all malware infections not caused by downloading and running malware?

    Thank you
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Possibly - not reliably. This is due to the Chromium APIs being asynchronous ie: they can't say "stop page load until I'm done" they can only try to be the first to load.

    Depends. Oftentimes scripts are loaded in an iframe that comes from a separate site, so no it wouldn't be mixed into the same domain. It can be though.

    Sort of. You need Javascript to load most things. So if the page has a Flash exploit or Java exploit you probably need Javascript to load it up.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    It would seem, to me, a reliably functioning ScriptNo extension would make Chrome as close to perfectly secure as one could hope for :) However, even without this extension, Chrome's rendering processes running at at an impressive "Untrusted" integrity level and enabling only its ppapi flash has compelled me to settle on Chrome (with AdBlock) as my browser of choice over Firefox with NoScript. I have also examined while testing, that Chrome uses fewer cpu cycles than FF when playing back Flash content.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Chrome has plenty of room for improvement without anything like ScriptNo but implementing a 'NoScript' XSS auditor as well as ClearClick would be nice.
     
  5. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Huh, that's annoying. Hopefully they change this in the future.

    Well I don't have Java installed on my PC, so I would be safe from these anyway?
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you have Flash, don't you?
     
  7. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Just Chrome's built-in Flash
     
  8. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    that's pretty good.
    getting rid of Java is always a good idea if you don't need it.

    last time i checked, ScriptNo hadn't been updated since February this year.


    when i tried ScriptNo, it seemed erratic in it's blocking behaviour.
    certainly no replacement for NoScript, imo.
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    exactly. :(
     
  10. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I wonder if I should remove it from my site, if it can't guarantee it will block scripts before they load.
     
  11. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i would.

    i just checked the Chrome App store; ScriptNo still has not been updated since February 18 this year.
     
  12. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Done. Think I'll add BD Trafficlight when they release the HTTPS update. Can you think of any other good user-friendly add-ons for Chrome other than AdBlock and WOT?
     
  13. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Do Not Track I would add that.
     
  14. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Doesn't AdBlock with EasyPrivacy and FanBoy's privacy whatever lists do about the same thing?
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    nobody has mentioned Ghostery?
     
  16. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    If Chrome could get this to function as well as NoScript does for Firefox, it would be hard to justify using another browser. Other than of course the: "I just don't trust Google" defense, which myself use.

    But I'll tell you what, if Sandboxie doesn't play well with 64-bit Win7 by the time I'm ready to upgrade... I may just get over that paranoia real quick. Because I need a sandbox for my browser, period. And I will be using the 64-bit variety of Win7.

    Hopefully both Sandboxie will play nicely with my OS, and ScriptNo will be fully functional by then, so that I'll have a decision to make. Not be forced into one.
     
  17. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    You could use AppGuard :D

    Also, why is it bad that BitDefender TrafficLight uses HTTP right now, not HTTPS? What is the privacy issue?
     
  18. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    It means it's unincrypted, so anyone can see where your surfing the web. with HTTPS it's encrypted so no one can eavsdrop on you. there are tools out there like SSL strip that can break SSL too.
     
Loading...
Thread Status:
Not open for further replies.