back to article NoScript 2.0 beefs border patrol

NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites. Maone is particularly pleased with a change to NoScript's Application Boundaries Enforcer (ABE) module, designed to guard against router …

COMMENTS

This topic is closed for new posts.
  1. This post has been deleted by its author

  2. Winkypop Silver badge
    Thumb Up

    Say Yes to No

    Good job!

  3. rahul
    Go

    NoScript and AdBlock...

    ...have become "must-haves" in today's browsing world. I am constantly amazed at how much excess junk is delivered when I use Android's onboard browser.

    That being said, the DNS rebinding flaw can only be triggered when the router's password is compromised, or left as an easy-to-guess default. Even though using ABE is good, it should additionally warn the user to change the default password and / or user to prevent other flaws from hijacking / hacking the router, especially using the uPnP route (which will totally bypass NoScript).

  4. Anonymous Coward
    FAIL

    Good to see Firefix catching up.

    Opera's content blocker has done all this for years, it's never cared about what type of content it is, it's always been a full content blocker, not just a add-blocker or a separate script blocker.

    The Opera blocker also blocks its prior to downloading, not prior to rendering (which Noscript and Ablock do).

    1. Anonymous Coward
      Paris Hilton

      Dear Reg

      Can we have a dunce's cap icon?

  5. Scott 19

    Needs to be

    This needs to be added to one of your top ten lists, I don't surf without it.

  6. Anonymous Coward
    WTF?

    saves your router's ass?

    Misleading healdine, unless noscript can ensure my aviating Russian donkey gets a soft bum-landing?

    AC, 'cos I'm not owning up to this.

    1. Elmer Phud
      Coat

      Indeed

      'Arse' has a better ring to it

  7. qt101
    Thumb Up

    Awesome! NoScript - Voted Best addon in my book :)

    I agree totally Giorgio Maone has done a great job with NoScript; more pplz should donate! he puts a lot of time and effort into this project.

    @DATmafia:

    Re: When will MS copy this kind of functionality? It's a compliment that they haven't tried to yet but they also can't confuse the masses.

    I don't think they ever will - functionality to the masses is key to MS. Mostly only advanced users know how to use NoScript effectively.

    Besides if MS implements content/script blocking technologies; it would upset the balance of business; can you image how Adobe & Sun Micro systems would feel if MS blocked it's content? ;)

  8. Ian Yates
    Grenade

    Blame the ad companies

    Although I tend to use NoScript with a whitelist (for sites like El Reg that I want to support), I also have FlashBlock.

    Why? Because while I can put up with static adverts, flashing, moving, noisy, etc., ones in Flash are, for me, the biggest single problem with the internet.

    I also have animated GIFs disabled for the same reason.

    The few El Reg Flash-based ads I've seen are generally alright - certainly better than other sites - but I can't stand ones that expand over the screen if you accidentally pass the mouse over it.

    1. Intractable Potsherd

      Ummmm....

      .... I don't use FlashBlock, but I never see any of the ads you mention. AdBlock Plus seems to do the job nicely and unobtrusively.

  9. Anonymous Coward
    Unhappy

    Until NoScript...

    ...has some serious usability improvements, I'll not be using it. All it did was sit there being a pain in the arse and update itself every few seconds. I found there were so many pages that simply broke with it switched on, that I turned it off altogether. And the web page it takes you to after an update looks like it was made by a 13 year old some time in 1996. First time I saw it I thought I'd been maliciously redirected by some malware or other.

    I accept that it protects you from a lot of things, but it's far too visible and interactive for my liking. I have ABP and FlashBlock installed (even though the latter screws up street view), and they are simple and practically invisible. NoScript keeps rubbing itself in my face like a horny dog with a boner. If someone can tell me how to set it up so it can be installed but my wife is still actually able to use the internet, then please do.

    1. Intractable Potsherd

      Wife usability quotient

      Your argument is a bit strange - you seem to be saying that, unless your wife can see whatever she wants on the internet, it is a failure, yet you seem to be okay with Flashblock, which makes so many sites unusable.

      As with anything else, it requires a bit of time and patience to teach someone to use the security that is necessary these days. With NoScript, teach your wife to allow the content of routinely used sites (so, on here, click "Allow theregister.co.uk"), temporarily allow extra bits (comments often need something else enabled, but this doesn't need to be done every time), but never, ever, allow e.g. doubleclick, google analytics, etc. Simple.

    2. blackworx
      Paris Hilton

      Re: Until NoScript...

      Insult your own wife's intelligence much? My 8 year old sister can operate NoScript just fine.

      Paris: knows how to deal with a boner being rubbed in her face.

    3. Code Monkey

      Flashblock + Streetview

      You can whitelist Google Maps' URL

      (On Windows) go to Tools > Add-ons. Click Flashblock's options, select whitelist and add maps.google.co.uk (or whichever Google Maps you use) and hey presto, you have Streetview

    4. Baldychap

      Your choice mate.

      Yes, when you start using it NoScript can be a pain in the arse, but a little effort setting up your fav sites and then it saves that very same arse big time. IMHO that's a pain worth going through.

    5. nsld
      Paris Hilton

      you let your wife

      On the interwebs?

      Access to knowledge is a dangerous thing, stick with a portable TV in the kitchen for her, much safer.

      Paris - no access to knowledge is so important to her.

    6. Anonymous Coward
      Anonymous Coward

      Fairly sure

      You can set it to allow javascript everywhere by default so it's not a pain to use, and it still spots a bunch of dodgy practices like this. Given that it's far too much of a pain to run 70% of the sites I ever go to without javascript I'd never have run it for any period with whitelisting switched on

    7. Pascal Monett Silver badge

      So

      The hillbillies now have Internet access ?

      Who knew ?

      1. Anonymous Coward
        Happy

        Cool.

        That's my biggest downvote yet. Nice to get a reaction. Unfortunately not everyone is a techie (in fact most people aren't), so things like NoScript have limited usefulness unless you can make the "just work". On my home machine I actually spend around 50% of my time on sites I've never visited before and probably will never go back to. That's the kind of surfer I am. Whitelisting hence only cuts out half the problem.

        Even if that shuts it up a bit, it may be fine for me to figure out the faffing with the rest of it, but unfortunately no amout of "time and patience" will get my elderly relatives to understand it. I can't even get them to stop using IE, because they get confused.

        Regarding FlashBlock, that does "just work" the vast majority of the time (thanks for the street view tip Code Monkey). People don't even need to be taught about it, because a helpful "play" button appears that just needs an obvious extra click. ABP does "just work", completely transparently. So much so that I get mildly confused when using other people's browsers because the pages I'm used to look different- it takes me a moment to realise why.

        Yes, in an ideal world, all people would understand the nuances of internet security and be able to know when to click "yes" and when to click "no", but this is the real world, and the majority of people have no idea. Unless a security add-on "just works", then it's only going to find a limited audience of techies like the readership here (at a guess, 0.1% of the UK population). I know all the problems, understand the risks, and have even suffered the consequences of poor browser security. Yet I still don't want the hassle of having to think about NoScript every time I open a browser.

        To me, using NoScript is like wearing one of these:

        http://www.theregister.co.uk/2010/06/21/sa_device/

        every time I leave the house. Yeah, sure, it'll really defend me against being raped, but do I really want that up me all day every day?

  10. Dick Emery

    update to v2

    Grab the latest beta build if you want meta forwarding fixed.

  11. mhenriday
    Thumb Up

    Thanks, Giorgio -

    all users are in your debt ! In particular users running Windows OS - those who surf without NoScript in such circumstances should knot the little «神風» bandanna tighter round their heads and take an extra sip of sake before heading out to sea....

    Henri

  12. Anonymous Coward
    Anonymous Coward

    pains in the ass

    Yeah, using Noscript is a pain in the ass, but I blame the web page designers that lard their content with stuff I don't want.

This topic is closed for new posts.