Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is pluggins like No-Script really needed?

25 Jul 2010   #1
reluttr

Windows 7 Professional x64
 
 
Is pluggins like No-Script really needed?

While I can clearly understand the need for something like Adblock Plus, seeing as it totally prevents malicious ad's from coming up. I cant help but wonder if I actually need No-Script. Sure it does prevent scripts, which can be used to install malware on my system, but at the same time it also prevents good scripts that can improve my browsing experiance.

Also unlike Ad-Block, no-script totally lacks predefined self-updating whitelists, meaning its very time consuming to set up to work properly and there is really no way of telling which sites are safe and which ones are not. Meaning if you WANT to see the content, you have to blindly enable scripts on that page... its like literally playing Russian roulette with your system. Furthermore, there is a rumor floating around that no-scripts creator added in a script that modifys ad-block to allow his ad's. Being as smart as they are, surely this would be the first thing hackers would take advantage of in order to get malware on your system.

Finally, if you have a fairly decent antivirus like MSE, is script blocking really that important? Isnt mozilla and most other major web browser developers fairly up to date about patching script exploits? After all, Google Chrome didn't have pluggins like Adblock and no-script for quite a while, and yet I didn't hear about browsing based viral infections being a problem.

That being said... I have been re-evaluating my security set up, and I am wondering if no-script is worth the added resource usage. At this point it just seems to be a digital placebo. If anything no-script is actually a hole in my browser based security, if the rumor is true that is...

I have also been curious about trying out google chrome, it seems to have gotten alot better than it was at release, but as I said, it appears to totally lack things like ad-block and no-script. Would I be at a greater risk using chrome than I am now with firefox + addons? Because in the end, isn't it the antivirus that determines how "safe" your system is? Surely as long as I have MSE running, and do daily scans my system should be just as safe with chrome as it is with firefox now. Right?


My System SpecsSystem Spec
.
25 Jul 2010   #2
Dinesh

Windows® 8 Pro (64-bit)
 
 

Some scripts are really useful so I dont use No Script add on. However, ads are totally useless hence I use Ad Block Plus.
My System SpecsSystem Spec
25 Jul 2010   #3
thathagat

windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
 
 

hi...
1)An addon simply adds convinience to security in a supported browser.So its more of a layer in your security setup.
2)Scripting attacks/driveby's/redirects are easily avoided by addons like noscript or disabling java script in a browser like opera.This is specially good for pc's running an av which lacks a web scanner.
3)If you run with UAC maxed,web scanner enabled av,sandboxie then you can give up the trouble of clicking allow/block/block temporarily etc and enjoy the WILD world of web without the speedbreakers like noscript.
My System SpecsSystem Spec
.

25 Jul 2010   #4
MrBrian

Windows 7 x64
 
 

In practice, at least in my case, there isn't much ongoing maintenance needed with NoScript. There is an initial period where you need to whitelist domains to get your commonly used websites to work properly. I haven't found it difficult in general to guess which domains need to be whitelisted. You may find that websites load faster when using NoScript, because unnecessary scripts are not being processed.

From the NoScript FAQ:
Quote:
You may ask, what if site I really trust gets compromised? Will I get infected as well because I've got it in my whitelist, ending to sue as you said?
No, you won't, most probably. When a respectable site gets compromised, 99.9% of the times malicious scripts are still hosted on a different domain which is likely not in your whitelist, and gets just included by the pages you trust. Since NoScript blocks 3rd party scripts which have not been explicitly whitelisted themselves, you're still safe, with the additional benefit of an early warning
Anti-malware software is a layer that can filter out some malware, but it's not 100% effective.

Google Chrome has a sandbox built in.
My System SpecsSystem Spec
25 Jul 2010   #5
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by reluttr View Post
While I can clearly understand the need for something like Adblock Plus, seeing as it totally prevents malicious ad's from coming up. I cant help but wonder if I actually need No-Script. Sure it does prevent scripts, which can be used to install malware on my system, but at the same time it also prevents good scripts that can improve my browsing experiance.

Also unlike Ad-Block, no-script totally lacks predefined self-updating whitelists, meaning its very time consuming to set up to work properly and there is really no way of telling which sites are safe and which ones are not. Meaning if you WANT to see the content, you have to blindly enable scripts on that page... its like literally playing Russian roulette with your system. Furthermore, there is a rumor floating around that no-scripts creator added in a script that modifys ad-block to allow his ad's. Being as smart as they are, surely this would be the first thing hackers would take advantage of in order to get malware on your system.

Finally, if you have a fairly decent antivirus like MSE, is script blocking really that important? Isnt mozilla and most other major web browser developers fairly up to date about patching script exploits? After all, Google Chrome didn't have pluggins like Adblock and no-script for quite a while, and yet I didn't hear about browsing based viral infections being a problem.

That being said... I have been re-evaluating my security set up, and I am wondering if no-script is worth the added resource usage. At this point it just seems to be a digital placebo. If anything no-script is actually a hole in my browser based security, if the rumor is true that is...

I have also been curious about trying out google chrome, it seems to have gotten alot better than it was at release, but as I said, it appears to totally lack things like ad-block and no-script. Would I be at a greater risk using chrome than I am now with firefox + addons? Because in the end, isn't it the antivirus that determines how "safe" your system is? Surely as long as I have MSE running, and do daily scans my system should be just as safe with chrome as it is with firefox now. Right?
Reluttr Hi and welcome

Is No-Script necessary? Yes

Adblock blocks some scripting (ADS) No-script blocks all of them. Yes it is a PITA., Yes it takes time to get the whitelist set up, but like a clean install it is worth the effort.
Your statement "if you want to see the content you have to blindly..... If you didnt have no script it would already be infected.

No-script isnt perfect, far from it. It is just one more layer of protection, and frankly it has saved my system many times.

Is script blocking all that important ?????? thats almost the only way you get infected


I dont let rumors define my system security for if I did I might believe MS has a backdoor for their data collection.


Question. How is something that stops either ALL or most (if you believe the rumors) worse than nothing at all? Is a poor AV worse than none?
My System SpecsSystem Spec
25 Jul 2010   #6
malexous

Arch Linux 64-bit
 
 

When I used NoScript, I didn't find it cumbersome after the initial first week.

It provides a very good layer to your security approach (there are many other layers you can use as well or instead). MSE is very good but like all anti-virus, it doesn't catch everything.

When I used NoScript, I didn't use any adblocking software (which we are not supposed to type about as per the forum rules). NoScript prevented the ads I found intrusive such as pop-ups, flash ads, etc.

During my years of NoScript, it alerted me twice. The first was to a clickjacking attempt and the second was a cross-site scripting attack.

Google Chrome does have ablocking add-ons but they aren't as good because Google Chrome doesn't support them very well (Google's business is based around ads after all). It also protects against clickjacking and cross-site scripting out-of-the-box.

Quote:
If anything no-script is actually a hole in my browser based security, if the rumor is true that is...
Add-ons in general are (I don't suggest staying away from them entirely: just be careful as always). Add-on security vulnerability announcement « Mozilla Add-ons Blog

I'm thinking about using NoScript again, mainly because "websites load faster".
My System SpecsSystem Spec
25 Jul 2010   #7
JonM33

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by reluttr View Post
While I can clearly understand the need for something like Adblock Plus, seeing as it totally prevents malicious ad's from coming up. I cant help but wonder if I actually need No-Script. Sure it does prevent scripts, which can be used to install malware on my system, but at the same time it also prevents good scripts that can improve my browsing experiance.

Also unlike Ad-Block, no-script totally lacks predefined self-updating whitelists, meaning its very time consuming to set up to work properly and there is really no way of telling which sites are safe and which ones are not. Meaning if you WANT to see the content, you have to blindly enable scripts on that page... its like literally playing Russian roulette with your system. Furthermore, there is a rumor floating around that no-scripts creator added in a script that modifys ad-block to allow his ad's. Being as smart as they are, surely this would be the first thing hackers would take advantage of in order to get malware on your system.

Finally, if you have a fairly decent antivirus like MSE, is script blocking really that important? Isnt mozilla and most other major web browser developers fairly up to date about patching script exploits? After all, Google Chrome didn't have pluggins like Adblock and no-script for quite a while, and yet I didn't hear about browsing based viral infections being a problem.

That being said... I have been re-evaluating my security set up, and I am wondering if no-script is worth the added resource usage. At this point it just seems to be a digital placebo. If anything no-script is actually a hole in my browser based security, if the rumor is true that is...

I have also been curious about trying out google chrome, it seems to have gotten alot better than it was at release, but as I said, it appears to totally lack things like ad-block and no-script. Would I be at a greater risk using chrome than I am now with firefox + addons? Because in the end, isn't it the antivirus that determines how "safe" your system is? Surely as long as I have MSE running, and do daily scans my system should be just as safe with chrome as it is with firefox now. Right?
I never used No-Script when I used Firefox and I have never gotten a virus/malware from web browsing. I gave it a try but found it to be too intrusive to browsing the web. I'd have to add practically every website to the white list because most websites use scripts for a more involved experience.

The people that use it are either so scared of the world that they won't even go outside and get some sunlight or are browsing the most dangerous parts of the internet (ie illegal) to warrant such an extreme. If they are that scared then they should honestly switch to Linux.
My System SpecsSystem Spec
25 Jul 2010   #8
malexous

Arch Linux 64-bit
 
 

Downloading illegal content can be a sure fire way of obtaining malware but is simply visiting the websites any more dangerous than others?
Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex - CNET News
Trojan attacks now almost solely from legitimate websites - The H Security: News and Features
Incidents - News - page 1 - Softpedia
My System SpecsSystem Spec
25 Jul 2010   #9
periboob

Windows 7 Pro 64
 
 

I find NoScript essential. It is the first extension I add when I put Firefox on a new system. It is mildly inconvenient when I go to new sites, but I usually hang around the same couple thousand sites. When I visit a new site that needs to run scripts from a dozen other domains before it gives me the first hint of what they have worth viewing, I question whether I want to have them count my eyeballs, and they are not revisited. I dont use AdBlock because advertising pays for my web surfing experience, I just leave the scripts turned on for the major advertising companies unless thay get distracting. The irritating ads seem seems avoided by preventing their scripts from running.

I thought it was a little extreme when the NoScript author turned off the AdBlock, but he turned that feature off pretty quickly, and I dont use that extension anyway.
My System SpecsSystem Spec
25 Jul 2010   #10
JonM33

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by malexous View Post
Downloading illegal content can be a sure fire way of obtaining malware but is simply visiting the websites any more dangerous than others?
Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex - CNET News
Trojan attacks now almost solely from legitimate websites - The H Security: News and Features
Incidents - News - page 1 - Softpedia
Oddly enough I have been visiting only legitimate websites and never used No-Script and I don't have any malware.

Not sure if I trust an AV company who would most likely try to spread FUD in order to sell product.
My System SpecsSystem Spec
Reply

 Is pluggins like No-Script really needed?




Thread Tools




Similar help and support threads
Thread Forum
Dos script help
Hi, Below is my folder path, D:/Sample I have .sql files in that folder and i need to get the file names based on modified/created date i pass. for ex : i need to get the file names created/modified on or after 10/01/2014(mm/dd/yyyy). Can any please give me some sample script to make this...
General Discussion
Help needed in creating a script to change certain Windows 7 settings
Morning, afternoon and or evening ladies and gentlemen. Glad to be a part of the forums. As the title of the thread implies, I would like some help in creating a script or scripts to change a few settings in windows instantaneously with a single keystroke, command or perhaps using specific...
General Discussion
In need of a script...
I am looking for a script which can delete cookies, Windows + browser cache automatically on a regular (scheduled) basis. Can this be done through Windows itself or would i have to implement a custom script or something? I am looking to replace CCleaner and similar software package(s). Just now...
Performance & Maintenance
can't run script
Having a problem run this script at 1am /every:Friday c:\windows\shutdown.exe /l when I run it a black screen pop up and then disappears so I know the script is running but nothing is happen. I have ran it from the command line and it say access denial but I am in the local administrator...
Network & Sharing
Script Error
Hello I have this script error msg popuping up all the time. It tried to format and install newer version but still problem exists. Also I think it happens when I am using flashget.
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:27.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App