NoScript on Firefox really needed?

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
Greg F.
Posts: 372
Joined: Wed Nov 23, 2005 6:51 am
Location: Seattle

NoScript on Firefox really needed?

Post by Greg F. » Thu Feb 04, 2010 7:07 am

I don't really know enough about these things to know if Noscript is actually needed. I do know that often I will sit here wondering why something isn't loading and then realize I must right click and allow something. It just seems almost pointless, because if someone wants to write something to my computer they would likely find a way that is beyond my efforts to stop.
Other browsers I use don't use a no script extension, only Firefox, and I don't seem to have problems. Do the rest of you bother with NoScript?

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Thu Feb 04, 2010 7:34 am

tried it for two weeks, I found it too much of a hassle.

plus its not like i have any state secrets to protect on my PC. :wink:

bonestonne
Posts: 1839
Joined: Mon Feb 05, 2007 2:10 pm
Location: Northern New Jersey
Contact:

Post by bonestonne » Thu Feb 04, 2010 7:58 am

i used a different plugin, i think it was flash block, not for every script, but it made flash load separately....good for those who want pages to load faster, and there's a small play button to allow you to start flash at your leisure.

i don't use it anymore, but i have noticed that with FF 3.7apre1, flash crashes a lot.

as for stopping attacks, i use comodo firewall and avast antivirus...considering i really have nothing to hide on my laptop or desktop (unless college homework is that important, but it is a semester old)...

on my mac i don't use anything, but if it ever got messed up i'd just back up the files and reinstall...maybe i'll actually get to the point where i install linux...

CA_Steve
Moderator
Posts: 7471
Joined: Thu Oct 06, 2005 4:36 am
Location: St. Louis, MO

Post by CA_Steve » Thu Feb 04, 2010 3:19 pm

I've been using No Script, Ad Blocker Plus and Ghostery for a while. Yes, there is a learning curve where you have to decide whether or not to allow a site. I find that my browsing is about 95% repeat sites and 5% new sites. So, after a couple of days of training, only 5% or so new site training is needed. Given the ability to insert malicious content into flash, I really don't want it to play on sites I'm going to for the first time until I check out the site.

Mr Evil
Posts: 566
Joined: Fri Jan 20, 2006 10:12 am
Location: UK
Contact:

Post by Mr Evil » Thu Feb 04, 2010 3:34 pm

There are a lot of exploits that are stopped by NoScript. However, the fact that so many sites break in non-obvious ways if JavaScript is turned off (mostly badly written sites that don't actually need JS at all) means I never recommend it to non-techy users. Adblock Plus does a pretty good job by itself and is transparent to the user.
xan_user wrote:...plus its not like i have any state secrets to protect on my PC. :wink:
You don't need to be interesting for you to be a target. They may be after your banking details, or simply want to turn your PC into part of their botnet.

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Thu Feb 04, 2010 4:28 pm

What banking details? You mean like how my credit card was scanned by a hacked gas pump last year, or the waitress that copied the numbers while she was in back running my dinner bill through?

So im in a bot net for a few mins/hours...? Just format>replace drive image with a clean one overnight.
If my PC was compromised while i was away or unaware, and spewing garbage onto the network, my ISP would turn off my router within 24-48 hours, possibly faster.

I dont usually lock my house, (and rarely lock my car) so with the firewalls spyware tools and antivirus, my PC is technically way more secure than my house is.

Given its been at least 3 years since i had any nasties infect my PC, no script is way more hassle than its worth, to me.

Mr Evil
Posts: 566
Joined: Fri Jan 20, 2006 10:12 am
Location: UK
Contact:

Post by Mr Evil » Thu Feb 04, 2010 5:38 pm

xan_user wrote:What banking details? You mean like how my credit card was scanned by a hacked gas pump last year, or the waitress that copied the numbers while she was in back running my dinner bill through?..
Surely the fewer ways to steal that stuff the better?
xan_user wrote:So im in a bot net for a few mins/hours...? Just format>replace drive image with a clean one overnight.
If my PC was compromised while i was away or unaware, and spewing garbage onto the network, my ISP would turn off my router within 24-48 hours, possibly faster...
You underestimate the ingenuity of bot writers. They don't necessarily just spew huge quantities precisely because they know it will result in the machine being detected. Furthermore, many are extremely good at avoiding detection by antivirus and other programs.
xan_user wrote:... Given its been at least 3 years since i had any nasties infect my PC...
...that you know of.

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Thu Feb 04, 2010 5:59 pm

I guess I rather have a bot than a wardrobe of tinfoil hats. :lol:

CA_Steve
Moderator
Posts: 7471
Joined: Thu Oct 06, 2005 4:36 am
Location: St. Louis, MO

Post by CA_Steve » Thu Feb 04, 2010 6:11 pm

I think we've entered the realm of viewing the problems/solutions as either a glass half full or a glass half empty. YMMV.

Mr Evil
Posts: 566
Joined: Fri Jan 20, 2006 10:12 am
Location: UK
Contact:

Post by Mr Evil » Thu Feb 04, 2010 6:30 pm

xan_user wrote:I guess I rather have a bot than a wardrobe of tinfoil hats. :lol:
No need for a tinfoil hat - I've had to clean enough crap off of various people's PCs, including infections caught by merely viewing the wrong page at the wrong time.

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Thu Feb 04, 2010 6:44 pm

Mr Evil wrote: I've had to clean enough crap off of various people's PCs, including infections caught by merely viewing the wrong page at the wrong time.
Ditto on that front.
Unfortunately if i put no script on their PC's, they'd bitch endlessly about having to clicky-click to "make the internetz work again".

JazzJackRabbit
Posts: 1386
Joined: Fri Jun 18, 2004 6:53 pm

Post by JazzJackRabbit » Fri Feb 05, 2010 6:03 am

CA_Steve wrote:I've been using No Script, Ad Blocker Plus and Ghostery for a while. Yes, there is a learning curve where you have to decide whether or not to allow a site. I find that my browsing is about 95% repeat sites and 5% new sites. So, after a couple of days of training, only 5% or so new site training is needed. Given the ability to insert malicious content into flash, I really don't want it to play on sites I'm going to for the first time until I check out the site.
That's what more or less the same stuff that I use.

-AdBlock Plus
-NoScript
-BetterPrivacy
-FlashBlock (not really a privacy one, but still useful)

Plus a few other non-privacy related add ons.

NoScript is EXTREMELY painful to set up for the first time. It's incredible how many web sites rely on JS and do not work without it. But like you 95% of my browsing are the same sites that I visit daily so after first few weeks it's usually a breeze. I would never give it up. Occasionally you go on a website, and this is especially true of blogs, and they have stuff hotlinked from at least half a dozen other websites including double-click, ughhh...

Anyway, I googled for Ghostery add-on, this is something I haven't seen before. It says it can block tracking services like google analytics, but you already have the ability to block google analytics with no-script. So is Ghostery really that useful? Does it really add value over No-Script? Just wondering if I should add it to my list of essential privacy addons or not.



P.S. It's a sad state of affairs when you have to know/learn/use so much just in order to protect your privacy.

CA_Steve
Moderator
Posts: 7471
Joined: Thu Oct 06, 2005 4:36 am
Location: St. Louis, MO

Post by CA_Steve » Fri Feb 05, 2010 7:38 am

My main use of Ghostery is to show and limit Web Bugs. I can decide individually whether to permit a bug or not*. I think NoScript has less options for these (if the site is untrusted, then web bugs are denied.)

*eg: Some friggin' financial sites rely upon Omniture's Web Bug to work. <grumbles>

scdr
Posts: 336
Joined: Thu Oct 21, 2004 4:49 pm
Location: Upper left hand corner, USA

Post by scdr » Fri Feb 05, 2010 4:37 pm

Unfortunately the web has been getting slower and slower, and
harder to use (less standard) of recent years, as more and more sites have gone to using scripts.

Used to be one could fairly reliably open a link in a new window by right clicking and select menu item. Now half the time it isn't a normal link, but some script thing that limits how can use it.

Sites are getting slower and slower (dialup, on a venerable P3-500, or on Athlon 2100+, -- take annoyingly long times to download and process all the scripts.)

When I can get away with it, blocking scripts seems to speed up some sites. Unfortunately doesn't help much with sites that require the scripts.

(Hotmail is one of the worst among the sites I use - now you have to click a button and leave the cursor over the thing you clicked for a while before it starts doing what you told it. (Unlike most things where at least it remembers what you clicked on so you can go off and do something else while they finally get around to doing what you told them to.))

Willy Higinbotham
Posts: 102
Joined: Sun Mar 11, 2007 12:39 pm

Post by Willy Higinbotham » Mon Feb 08, 2010 1:57 am

NoScript is one of the best things since sliced bread.

The other excellent plugin I use is Adblock.

Life couldn't be better on the 'net.

kingmaker
Posts: 2
Joined: Mon Feb 08, 2010 11:59 pm
Location: London

Post by kingmaker » Tue Feb 09, 2010 12:05 am

Thanks for the information...

DanceMan
Posts: 287
Joined: Sun Aug 11, 2002 3:26 pm
Location: Burnaby, BC, Canada

Post by DanceMan » Tue Feb 09, 2010 1:46 am

Used to use Flashblock in addition to Noscript, but Noscript also blocks Flash. If you want a little known tool, check out Remove It Permanently.

Post Reply