Comments for NoScript - A Firefox addin that makes browsing safer.

Comment from bubbainmiss on 2011-11-15

2011-11-15T22:03:07Z

It may be a good recommendation, but my recent experiences with Firefox and plugins have been very frustrating. With a new so-called version coming out every 30 days or so, trying to keep my favorite plugins and add-ons working with the latest Firefox is an effort in futility.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from GREG JACKSON on 2011-11-15

2011-11-15T18:02:46Z

Duty now, for the future.

Noscript, as with other programs like ZoneAlarm, are real boogers when you first start. Soon you will have it configured and goes unnoticed until....something out of the ordinary pops up. That's when it shines because it's doing exactly what it should do.

While McAfee & WOT provides "green light-red light" assistance, you need to know why a site is getting a red light. Example w/ WOT: a site I've used for years [myway.com] w/o any problems was a red light. Why? It had a "smiley icons" link at the bottom of the page [never click this link- adware/malware]. That was it. The page itself was fine. WOT is just very careful. But as far as McAfee's "user based" input for site warnings, I found way too many false negatives for my liking. Sites I've used for years were cited as dangerous, although I never had ANY problem. Never.

I just had comment on the above. The best advice while visiting a new uncertain site - don't click links that are not part of the main pages intention. Stay on the path brother & sisters - do not wander.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from gloryatz on 2011-04-10

2011-04-10T15:39:14Z

I thought I would enable NoScript onto Firefox and when I tried to watch the video describing Noscript, it was blocked. So I disabled it.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Kara on 2011-03-29

2011-03-29T17:30:17Z

I love FireFox for the add ins too. Too bad those who provide them don't keep up with the FireFox release cycle, even though they have more than fair warning that a new version (4.0) is on the horizon (are you listening Norton Toolbar?!).

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Kenny55 on 2010-10-15

2010-10-15T16:53:53Z

Noscript is too much trouble, I use Flashblock addon. It blocks all flash content, unless I double
click on it, or right click and select always allow flash on this site.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Tony Incognito on 2010-10-13

2010-10-13T08:33:07Z

good idea to install noscipt for firefox as it give you more control on whats loading on pages you view

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Cathy on 2010-10-13

2010-10-13T07:19:41Z

Ironic, isn't it, that I can't comment on an article that advocates using NoScript, because NoScript has blocked comments on the page. :-)

Yep. (But it puts YOU in control - you can comment if you want to ... as you did.)

13-Oct-2010

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ariel on 2010-07-07

2010-07-07T18:48:20Z

I use WOT and Trend protect on IE8 to help me steer away from bad sites. WOT is community opinion and Trendprotect is an addon that looks for malicious script. They both don't always agree on giving the green light for a page but that's because they do different things.

Last night I wanted to watch a movie on one of those sights that list several streaming sites that have the movie.
I clicked on one of the sites to watch a movie and WOT listed the site in my tool bar as green which means it is safe as far as they are concerened. Then Trend also said that there were no malicious script on the page. So I'm trying to watch a movie and another web page keeps popping up from WOT saying that this site is not safe and that it has a bad reputation. The name of the site is different than the site I'm on. I'm not on this site it is listing. The site I'm on WOT has it listed as safe.
Now that I have read this article and understand the third party scripters it all makes sense.

I ran an online malware scanner after watching the movie because I recieved many a notice from WOT about a site I was not on. I went to sleep and when I awoke the scan had found 3 new adwares and 3 new trojans.

So I would have to dissagree with you leo when you said if you trust the main site it's ok to allow the 2nd and 3rd party sites also.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Gigi Duru on 2010-07-06

2010-07-06T16:42:04Z

Reading this makes me grateful for having Opera - i don't need an addon to get the same effect, it's already embedded in it from the start - in the Edit Site Preferences.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Scared on 2010-06-03

2010-06-03T18:38:48Z

How do you know that the other sites use Fire Fox and NoScript? You tell FireFox to trust your Bank, and the Bank accesses third party software to verify your identity, but the Bank does't use Fire Fox and NoScript. I just had an incident at work when I was online with the bank, and in my account, and reading their instructions on downloading my history to Money, etc. All of a sudden I noticed that my cursor was moving, and someone had taken over my pc; then I noticed that they had even changed from my account to another account. It freaked me out, and I immediately called the bank. They froze my account, and told me to call the fraud department. I called them, and they verified the secret questions on my account, and then said they had additional questions to ask me that was from a third party that they used which freaked me out. They wanted to know if I knew my Ex's wife, then how old she was, and her birthday. I could have cared less when her birthday was. Of course I didn't know. They told me that all of the answers were public information. They paid for access to all of this information. They asked me if I knew 3 foreigners whose names sounded like terrorist? They asked me if I new 259 S. Main Street, and I asked them which city and state. I use a bank on S. Main St, but I could care less what the street number is. I failed the test, and had to go into the bank to straighten out the mess. Can you believe all of this? They have not gotten back to me with an answer. My employer denies any problem on their end. How do I protect myself, when my employer has direct access to my pc to download upgrades to software, and to install new applications?

Scared

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Norman Overington on 2010-06-01

2010-06-01T15:50:28Z

My website provider is btinternet.com and they provide a security service by McAfee. When looking at a website there is always a green McAfee sign to show it is safe to use or a warning when not to.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mike on 2009-05-12

2009-05-12T23:28:14Z

I don't find it a problem that I have to "allow" sites I want to use Javascript. What I'm worried about is when going to allow it, many times there are multiple sites are listed. I understand this is by design and not a bug in NoScript, but I don't know what should be allowed and shouldn't.

For example, NoScript lists for this very website four sites to possibly allow: ask-leo.com, pugetsoundsoftware.com, aweber.com, and kontera.com. Obviously, I want to allow ask-leo.com because that's the site I came to. But I don't know what the other ones are. I'm not saying they're malware; I'm only using them as an example. But as a web surfer, I only know that I want to allow ask-leo.com in this instance. I don't know what these other sites are and, if I allow them, would just be doing so blindly, negating the purpose of the add-on.

I view it as a matter of trust: if you trust the site you're visiting, then it's probably reasonable to trust the additional site that it includes. This is most commonly advertising related but in many cases additional functionality as well.

Let's use my site as an example:

- pugetsoundsoftware.com is my corporate/parent site, and where I have certain scripts that relate to commenting, content management and spam prevention.

- aweber.com is the email provider I use for my newsletters, and the scripts relate to the newsletter signup forms you'll find on my site

- kontera.com is an adverstising service that helps support the cost of running Ask Leo! - it's the one responsible for the double-underlined links in text.

There are occasionally others like various google domains for site search, advertising and analytics.

You don't have to enable them. The cost, of course, is that whatever it is they represent won't happen. You might not be able to comment, I might miss out on advertising revenue to help support the site, and you might not be able to search the site, for a few examples.

So I go back to trust: if I trust the site I'm visiting, I typically allow that trust to transfer to all the scripting sites that it pulls in. If I'm not sure, I'll only allow the site itself, and enable others on a case-by-case basis if things aren't working.

And of course if I don't trust the site - or just don't know - I trust, and enable, nothing.

- Leo
13-May-2009

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from James on 2009-05-10

2009-05-10T09:31:34Z

I agree with JG: I have Firefox installed (though I prefer Opera) and NoScript. I thought NoScript great until I found how often I had to consider whether I could trust a site. One finds oneself allowing "all on this site" so frequently that it amplifies one's paranoia to the point of neurosis.

Besides, is it not the case that javascript implementations are pretty safe, apart from any unfixed vulnerabilities? And they mostly use a sandbox - see http://en.wikipedia.org/wiki/Javascript.

I find that the (minor) annoyance of deciding which sites to allow decreases dramatically over time as it remembers the settings for all sites you've been to at least once.

There is a small, but growing class of malware that leverages Javascript. While there are some things it cannot do, by virtue of the sandbox you mention, that should not lead you to believe it's always 100% safe. It can be used for malicious purposes as well.

- Leo
08-May-2009

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Thom on 2009-05-09

2009-05-09T14:59:31Z

Thanks for the tip on NoScript. I'm a computer consultant (for 25 years), and always searching for something new or for a customer. I often have to remove junk that wasn't expected from some sites. Hopefully, this will cut down on the trash.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Graham Peters on 2009-05-06

2009-05-06T10:02:13Z

JG makes a good point. Some users install protection and then negate it at every opportunity, rather like someone installing ZoneAlarm and then granting access to everything that asks for it. Punch enough holes in your defence wall, and it's no longer a wall, it's garden trellis!

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from J G on 2009-04-30

2009-04-30T19:37:30Z

I gave up on NoScript because if you visit many new sites you will be constantly clicking to allow javascript to run. Many, many sites use javascript. After a while you just click mindlessly negating the purpose of NoScript.

Also, many sites have several things that NoScript blocks. If the site doesn't work you have to enable them all or enable them sequentially to get things to work. Very time consuming.

Sometimes you won't notice that some feature of the site isn't working because NoScript is blocking it and you'll miss something important.

All in all, if you visit only mainstream sites I'd say the risk of infection because of a compromised site is not worth the trouble of using NoScript.

However, if you regularly visit "iffy" sites then I recommend using it and being very careful about what you enable.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mark on 2009-04-29

2009-04-29T22:48:25Z

I've read Google Chrome runs Java script in a sandbox and becauses of that is virtually safe from these attacks. Is that true?

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Minot Isok on 2009-04-29

2009-04-29T22:11:05Z

I use NoScript also but users need to remember that your allowed sites may have malware in the future. Only allow sites that you always use or need. If you are just reading a particular site then you want to consider whether you want that site to allow scripts. NoScript doesn't allow you to act foolishly on the internet. It is a tool that helps make it safer.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Dan Ullman on 2009-04-29

2009-04-29T16:16:25Z

One point about using NoScript. For the first few days it will be very annoying. Once you get the hang of it the add-on works great and is worth having.

]]>

A comment on: NoScript - A Firefox addin that makes browsing safer.

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.