Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is pluggins like No-Script really needed?

25 Jul 2010   #11
noobvious

Win 7 Ultimate 64-bit SP1 (desktop)
 
 

Quote   Quote: Originally Posted by JonM33 View Post
.

I never used No-Script when I used Firefox and I have never gotten a virus/malware from web browsing. I gave it a try but found it to be too intrusive to browsing the web. I'd have to add practically every website to the white list because most websites use scripts for a more involved experience.

The people that use it are either so scared of the world that they won't even go outside and get some sunlight or are browsing the most dangerous parts of the internet (ie illegal) to warrant such an extreme. If they are that scared then they should honestly switch to Linux.
You're just a bundle of sunshine in every thread, aren't you?


My System SpecsSystem Spec
.
25 Jul 2010   #12
malexous

Arch Linux 64-bit
 
 

Quote   Quote: Originally Posted by JonM33 View Post
Oddly enough I have been visiting only legitimate websites and never used No-Script and I don't have any malware.

Not sure if I trust an AV company who would most likely try to spread FUD in order to sell product.
I visit all websites and I don't have any malware.

A lot of the affected domains were legitimate: Over 62,000 New URLs Serving Exploit Cocktail - Vulnerable visitors get infected with backdoors and info stealing trojans - Softpedia

You can find many supposedly legitimate websites listed on host files.
My System SpecsSystem Spec
25 Jul 2010   #13
JonM33

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by noobvious View Post
You're just a bundle of sunshine in every thread, aren't you?
It depends on the subject. Sorry, maybe I was harsh on the terminology there. No offense intended.

Quote   Quote: Originally Posted by malexous View Post
I visit all websites and I don't have any malware.

A lot of the affected domains were legitimate: Over 62,000 New URLs Serving Exploit Cocktail - Vulnerable visitors get infected with backdoors and info stealing trojans - Softpedia

You can find many supposedly legitimate websites listed on host files.
If I search Google for that string I get a whopping 1,400 (not 62,000) results, most just asking questions.

I wonder what websites were actually effected?
My System SpecsSystem Spec
.

25 Jul 2010   #14
malexous

Arch Linux 64-bit
 
 

If I search for that string without quotes I receive 32,600 results. With quotes 158,000.

The article is nearly a year old.

I found one website still containing the code (I only checked a few). The domain hosting the script is thankfully down.

Edit: According to http://siteanalytics.compete.com one of the legitimate affected websites had 150,000 unique visits during August 2009.
My System SpecsSystem Spec
25 Jul 2010   #15
JonM33

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by malexous View Post
If I search for that string without quotes I receive 32,600 results. With quotes 158,000.

The article is nearly a year old.

I found one website still containing the code (I only checked a few). The domain hosting the script is thankfully down.

Edit: According to Site Profile Search | Compete one of the legitimate affected websites had 150,000 unique visits during August 2009.
Without quotes in Google I get 1,440 hits. With quotes I get 10,200 hits. MOST of these are all people asking about it, not actual websites with the embedded script.



When digging I could only find portal/forum based websites as these are most susceptible, the DotNetNuke portal for example: Script Injection on DNN 4.9.4 - Administration and Configuration - DotNetNuke

Of course people running portals and forums should be protecting themselves against SQL injections anyway but it doesn't seem like any real (or major) websites were affected.
My System SpecsSystem Spec
25 Jul 2010   #16
malexous

Arch Linux 64-bit
 
 

I was searching at Google.ie | I get the same results as you at Google.com

The most major affected website was probably feedzilla.com (it's clean now).

Many major websites have been or are vulnerable to different attacks.

Google, Symantec, Ebay, Intel, MPAA, Kaspersky, Avast, ESET, RIAA, U.S. Bank, Bank of America, McAfee, AVG, F-Secure, Avira, Paypal, etc.

Thanks to Team Elite.

Other major websites have been exploited maliciously and non-maliciously. Incidents - News - page 1 - Softpedia

Edit: I remember reading about a news site being attacked. This is probably it: Mass Web attack hits Wall Street Journal, Jerusalem Post
My System SpecsSystem Spec
26 Jul 2010   #17
JonM33

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by malexous View Post
I was searching at Google.ie | I get the same results as you at Google.com

The most major affected website was probably feedzilla.com (it's clean now).

Many major websites have been or are vulnerable to different attacks.

Google, Symantec, Ebay, Intel, MPAA, Kaspersky, Avast, ESET, RIAA, U.S. Bank, Bank of America, McAfee, AVG, F-Secure, Avira, Paypal, etc.

Thanks to Team Elite.

Other major websites have been exploited maliciously and non-maliciously. Incidents - News - page 1 - Softpedia

Edit: I remember reading about a news site being attacked. This is probably be it: Mass Web attack hits Wall Street Journal, Jerusalem Post
Curious...I'm no hacker but I do have experience on websites, primarily using PHP based portals with SQL backends.

How is a SQL injection (adds information into database) going to modify HTML code of a website? HTML (or even PHP) is generally stagnant and permissions are set so that you'd need something like FTP permission to modify them. I have experience with an SQL injection a couple times on a website I ran. It forced me to use NukeSentinel on top of my web portal. After I installed that the SQL attacks stopped (NS can ban IP addresses attempting scripts against your website) so then my website was DDOSed.

Anyway, I'm confused at the articles pointing to SQL injections modifying HTML code.

I guess the debate would be whether you trust the admin of the website you are visiting? Did they go the extra mile to protect their databases?
My System SpecsSystem Spec
28 Jul 2010   #18
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

I think it's your choice to have it or not.

But, every little bit of protection helps. If it stops even one bug from getting on your system, then it's been worth it.
My System SpecsSystem Spec
Reply

 Is pluggins like No-Script really needed?




Thread Tools




Similar help and support threads
Thread Forum
Dos script help
Hi, Below is my folder path, D:/Sample I have .sql files in that folder and i need to get the file names based on modified/created date i pass. for ex : i need to get the file names created/modified on or after 10/01/2014(mm/dd/yyyy). Can any please give me some sample script to make this...
General Discussion
Help needed in creating a script to change certain Windows 7 settings
Morning, afternoon and or evening ladies and gentlemen. Glad to be a part of the forums. As the title of the thread implies, I would like some help in creating a script or scripts to change a few settings in windows instantaneously with a single keystroke, command or perhaps using specific...
General Discussion
In need of a script...
I am looking for a script which can delete cookies, Windows + browser cache automatically on a regular (scheduled) basis. Can this be done through Windows itself or would i have to implement a custom script or something? I am looking to replace CCleaner and similar software package(s). Just now...
Performance & Maintenance
can't run script
Having a problem run this script at 1am /every:Friday c:\windows\shutdown.exe /l when I run it a black screen pop up and then disappears so I know the script is running but nothing is happen. I have ran it from the command line and it say access denial but I am in the local administrator...
Network & Sharing
Script Error
Hello I have this script error msg popuping up all the time. It tried to format and install newer version but still problem exists. Also I think it happens when I am using flashget.
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:26.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App