Say Yes to No
...have become "must-haves" in today's browsing world. I am constantly amazed at how much excess junk is delivered when I use Android's onboard browser.
That being said, the DNS rebinding flaw can only be triggered when the router's password is compromised, or left as an easy-to-guess default. Even though using ABE is good, it should additionally warn the user to change the default password and / or user to prevent other flaws from hijacking / hacking the router, especially using the uPnP route (which will totally bypass NoScript).
This needs to be added to one of your top ten lists, I don't surf without it.
Opera's content blocker has done all this for years, it's never cared about what type of content it is, it's always been a full content blocker, not just a add-blocker or a separate script blocker.
The Opera blocker also blocks its prior to downloading, not prior to rendering (which Noscript and Ablock do).
Can we have a dunce's cap icon?
Misleading healdine, unless noscript can ensure my aviating Russian donkey gets a soft bum-landing?
AC, 'cos I'm not owning up to this.
'Arse' has a better ring to it
...has some serious usability improvements, I'll not be using it. All it did was sit there being a pain in the arse and update itself every few seconds. I found there were so many pages that simply broke with it switched on, that I turned it off altogether. And the web page it takes you to after an update looks like it was made by a 13 year old some time in 1996. First time I saw it I thought I'd been maliciously redirected by some malware or other.
I accept that it protects you from a lot of things, but it's far too visible and interactive for my liking. I have ABP and FlashBlock installed (even though the latter screws up street view), and they are simple and practically invisible. NoScript keeps rubbing itself in my face like a horny dog with a boner. If someone can tell me how to set it up so it can be installed but my wife is still actually able to use the internet, then please do.
Your argument is a bit strange - you seem to be saying that, unless your wife can see whatever she wants on the internet, it is a failure, yet you seem to be okay with Flashblock, which makes so many sites unusable.
As with anything else, it requires a bit of time and patience to teach someone to use the security that is necessary these days. With NoScript, teach your wife to allow the content of routinely used sites (so, on here, click "Allow theregister.co.uk"), temporarily allow extra bits (comments often need something else enabled, but this doesn't need to be done every time), but never, ever, allow e.g. doubleclick, google analytics, etc. Simple.
Insult your own wife's intelligence much? My 8 year old sister can operate NoScript just fine.
Paris: knows how to deal with a boner being rubbed in her face.
You can whitelist Google Maps' URL
(On Windows) go to Tools > Add-ons. Click Flashblock's options, select whitelist and add maps.google.co.uk (or whichever Google Maps you use) and hey presto, you have Streetview
Yes, when you start using it NoScript can be a pain in the arse, but a little effort setting up your fav sites and then it saves that very same arse big time. IMHO that's a pain worth going through.
On the interwebs?
Access to knowledge is a dangerous thing, stick with a portable TV in the kitchen for her, much safer.
Paris - no access to knowledge is so important to her.
The hillbillies now have Internet access ?
Who knew ?
That's my biggest downvote yet. Nice to get a reaction. Unfortunately not everyone is a techie (in fact most people aren't), so things like NoScript have limited usefulness unless you can make the "just work". On my home machine I actually spend around 50% of my time on sites I've never visited before and probably will never go back to. That's the kind of surfer I am. Whitelisting hence only cuts out half the problem.
Even if that shuts it up a bit, it may be fine for me to figure out the faffing with the rest of it, but unfortunately no amout of "time and patience" will get my elderly relatives to understand it. I can't even get them to stop using IE, because they get confused.
Regarding FlashBlock, that does "just work" the vast majority of the time (thanks for the street view tip Code Monkey). People don't even need to be taught about it, because a helpful "play" button appears that just needs an obvious extra click. ABP does "just work", completely transparently. So much so that I get mildly confused when using other people's browsers because the pages I'm used to look different- it takes me a moment to realise why.
Yes, in an ideal world, all people would understand the nuances of internet security and be able to know when to click "yes" and when to click "no", but this is the real world, and the majority of people have no idea. Unless a security add-on "just works", then it's only going to find a limited audience of techies like the readership here (at a guess, 0.1% of the UK population). I know all the problems, understand the risks, and have even suffered the consequences of poor browser security. Yet I still don't want the hassle of having to think about NoScript every time I open a browser.
To me, using NoScript is like wearing one of these:
every time I leave the house. Yeah, sure, it'll really defend me against being raped, but do I really want that up me all day every day?
Although I tend to use NoScript with a whitelist (for sites like El Reg that I want to support), I also have FlashBlock.
Why? Because while I can put up with static adverts, flashing, moving, noisy, etc., ones in Flash are, for me, the biggest single problem with the internet.
I also have animated GIFs disabled for the same reason.
The few El Reg Flash-based ads I've seen are generally alright - certainly better than other sites - but I can't stand ones that expand over the screen if you accidentally pass the mouse over it.
.... I don't use FlashBlock, but I never see any of the ads you mention. AdBlock Plus seems to do the job nicely and unobtrusively.
I agree totally Giorgio Maone has done a great job with NoScript; more pplz should donate! he puts a lot of time and effort into this project.
Re: When will MS copy this kind of functionality? It's a compliment that they haven't tried to yet but they also can't confuse the masses.
I don't think they ever will - functionality to the masses is key to MS. Mostly only advanced users know how to use NoScript effectively.
Besides if MS implements content/script blocking technologies; it would upset the balance of business; can you image how Adobe & Sun Micro systems would feel if MS blocked it's content? ;)
Grab the latest beta build if you want meta forwarding fixed.
all users are in your debt ! In particular users running Windows OS - those who surf without NoScript in such circumstances should knot the little «神風» bandanna tighter round their heads and take an extra sip of sake before heading out to sea....
Yeah, using Noscript is a pain in the ass, but I blame the web page designers that lard their content with stuff I don't want.