Say Yes to No
Good job!
NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites. Maone is particularly pleased with a change to NoScript's Application Boundaries Enforcer (ABE) module, designed to guard against router …
This post has been deleted by its author
...have become "must-haves" in today's browsing world. I am constantly amazed at how much excess junk is delivered when I use Android's onboard browser.
That being said, the DNS rebinding flaw can only be triggered when the router's password is compromised, or left as an easy-to-guess default. Even though using ABE is good, it should additionally warn the user to change the default password and / or user to prevent other flaws from hijacking / hacking the router, especially using the uPnP route (which will totally bypass NoScript).
Opera's content blocker has done all this for years, it's never cared about what type of content it is, it's always been a full content blocker, not just a add-blocker or a separate script blocker.
The Opera blocker also blocks its prior to downloading, not prior to rendering (which Noscript and Ablock do).
I agree totally Giorgio Maone has done a great job with NoScript; more pplz should donate! he puts a lot of time and effort into this project.
@DATmafia:
Re: When will MS copy this kind of functionality? It's a compliment that they haven't tried to yet but they also can't confuse the masses.
I don't think they ever will - functionality to the masses is key to MS. Mostly only advanced users know how to use NoScript effectively.
Besides if MS implements content/script blocking technologies; it would upset the balance of business; can you image how Adobe & Sun Micro systems would feel if MS blocked it's content? ;)
Although I tend to use NoScript with a whitelist (for sites like El Reg that I want to support), I also have FlashBlock.
Why? Because while I can put up with static adverts, flashing, moving, noisy, etc., ones in Flash are, for me, the biggest single problem with the internet.
I also have animated GIFs disabled for the same reason.
The few El Reg Flash-based ads I've seen are generally alright - certainly better than other sites - but I can't stand ones that expand over the screen if you accidentally pass the mouse over it.
...has some serious usability improvements, I'll not be using it. All it did was sit there being a pain in the arse and update itself every few seconds. I found there were so many pages that simply broke with it switched on, that I turned it off altogether. And the web page it takes you to after an update looks like it was made by a 13 year old some time in 1996. First time I saw it I thought I'd been maliciously redirected by some malware or other.
I accept that it protects you from a lot of things, but it's far too visible and interactive for my liking. I have ABP and FlashBlock installed (even though the latter screws up street view), and they are simple and practically invisible. NoScript keeps rubbing itself in my face like a horny dog with a boner. If someone can tell me how to set it up so it can be installed but my wife is still actually able to use the internet, then please do.
Your argument is a bit strange - you seem to be saying that, unless your wife can see whatever she wants on the internet, it is a failure, yet you seem to be okay with Flashblock, which makes so many sites unusable.
As with anything else, it requires a bit of time and patience to teach someone to use the security that is necessary these days. With NoScript, teach your wife to allow the content of routinely used sites (so, on here, click "Allow theregister.co.uk"), temporarily allow extra bits (comments often need something else enabled, but this doesn't need to be done every time), but never, ever, allow e.g. doubleclick, google analytics, etc. Simple.
You can set it to allow javascript everywhere by default so it's not a pain to use, and it still spots a bunch of dodgy practices like this. Given that it's far too much of a pain to run 70% of the sites I ever go to without javascript I'd never have run it for any period with whitelisting switched on
That's my biggest downvote yet. Nice to get a reaction. Unfortunately not everyone is a techie (in fact most people aren't), so things like NoScript have limited usefulness unless you can make the "just work". On my home machine I actually spend around 50% of my time on sites I've never visited before and probably will never go back to. That's the kind of surfer I am. Whitelisting hence only cuts out half the problem.
Even if that shuts it up a bit, it may be fine for me to figure out the faffing with the rest of it, but unfortunately no amout of "time and patience" will get my elderly relatives to understand it. I can't even get them to stop using IE, because they get confused.
Regarding FlashBlock, that does "just work" the vast majority of the time (thanks for the street view tip Code Monkey). People don't even need to be taught about it, because a helpful "play" button appears that just needs an obvious extra click. ABP does "just work", completely transparently. So much so that I get mildly confused when using other people's browsers because the pages I'm used to look different- it takes me a moment to realise why.
Yes, in an ideal world, all people would understand the nuances of internet security and be able to know when to click "yes" and when to click "no", but this is the real world, and the majority of people have no idea. Unless a security add-on "just works", then it's only going to find a limited audience of techies like the readership here (at a guess, 0.1% of the UK population). I know all the problems, understand the risks, and have even suffered the consequences of poor browser security. Yet I still don't want the hassle of having to think about NoScript every time I open a browser.
To me, using NoScript is like wearing one of these:
http://www.theregister.co.uk/2010/06/21/sa_device/
every time I leave the house. Yeah, sure, it'll really defend me against being raped, but do I really want that up me all day every day?