Noscript extension for FireFox Useful?

Morning All,

Reading through this topic; viewtopic.php?f=67&t=8651 made me wonder if i need the Noscript extension for FireFox.

I'm using my AA1 stand alone
(i confess guilty to using windows on my other computers ).

thx in advance, especially for a bit of background info... eager to learn

 

Well, if you're using the aspire standalone you're probably not that much of an interesting or, better, rich target. Still, javascript malware, which by definition more or less is cross platform, might be a risk you'd prefer to consider. Still most of exploits in this area depend on having windows on your machine, but I wouldn't depend on this for very much longer. NoScript, btw, tries to also protect you from cross site scripting attacks (which might be interesting if you do sensitive work with your browser, i.e. online banking or the likes) and the new hidden clicks attack.
I'm using it extensively, but, as always, your mileage may vary...

Klaus

 

Noscript extension uses white-listing. Most internet sites use javascript. You will need to add all those sites to your whitelist, or to disable noscript. Yesscript extension uses black-listing. You can easily add a heavy, not-friendly site to you blacklist.

 

Ok, but securitywise whitelisting is more secure. If you stumble upon a website that absolutely needs javascript, you simply add it to NoScript's whitelist (eventually temporally, if you so chose), which, in default setup, issues a reload and everything is fine. If you care for security (whether paranoid or just so), it's better to revisit a website with noscript adjusted than feeling sorry for having visited this site without having it on the blacklist.
That's not for invalidating the other's posters oppinion, not at all, it's just for showing that different ways to tackle a problem lead to different situations. In the end your way to decide which way to go. But I hope I could make it clear, what decisions are waiting for you.

Klaus

 

I'd like to thank you both for providing me some extra insight in to this subject matter..

The cross platform bit of Java made me wonder and since i do use online banking etc. i'm rather "over" safe than sorry.

I've been using Noscript especially because it uses Whitelisting.... again i'm rather "over" safe than sorry.

Call me paranoid but i haven't been bothered by spyware, malware and virii for years because i use a lot of protection on my WinXP machines in combination with regular scans and i do take care where i hang out on the net. I "hate' to take all these precautions but when i see the trouble some of my fiends and acquaintances get them self's in to... it makes it all worthwhile.

lklaus made me aware of a new threat of which i was blissfully unaware until now: 'the new hidden clicks attack" i'll better do some googling on that bit.

Speaking of Google i've recently blocked google.analytics.com and it seems to improve my browsing speed. Haven't used stopwatches to put it to the test.. just my impression. This could be related to my Location (Malta) but am i alone in this experience and kidding myself or do you guys share this experience?

Regards,
woodland

 

How can I block google-analytics.com ?

 

@checksix

1 Surf to a webpage where they run the script
(you can't block it if its not trying to run, afaik, if you find another way let me know )
http://www.google.com/analytics/ ...this one is using the script as are tons of other sites

2 Left click your Noscript Statusbar icon (the S)
3 Click on FORBID "Name of forbidden script" in our case: google-analytics.com

If you do it right a new Group, Untrusted, will appear in the pop up menu; listing (all) the scripts you have forbidden so you can later uncheck them i.e. allow to run.

 

Hi,

the correct expression for the hidden clicks is "clickjacking". You can find information on noscript.net (obviously or here: http://www.securityfocus.com/news/11535

Klaus

 

If you run noscript change the option to notify you of each time or it will bug the hell out of you.

Then you just need to allow a site if you see something isn't apparently working and you need it.

 

Thanks, woodland.