dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6026
share rss forum feed


WalkGood
Checkin Out Your Desk
Premium
join:2002-12-28
Patchogue, NY

Is turning off Javascript really necessary any more?

Is turning off Javascript in your browswer REALLY necessary any more?

I have javascript enabled in my browser(s), but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.



DelmarPip
Premium
join:2011-10-15
Brownsville, TX

i heard that to try it turn it off then go to all your favorite websites like youtube or any site and see if it works if it does keep it turned off



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

3 recommendations

reply to WalkGood

Use FireFox, and NoScript. Then, allow what you want, and need to see a site.

Control. It's a good thing.
--
Better to have it and not need it, then need it and not have it.



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

2 recommendations

it is no more safer now than it ever was.
--
--Standard disclaimers apply.--


OZO
Premium
join:2003-01-17
kudos:2
reply to WalkGood

I don't think that JavaScript creates any kind of serious vulnerabilities. At the same time, I think the more people use protection against any kind of attacks (including JavaScript) - the better. It discourages some form writing new bad code. It's like, the more people use anti-spam filters, the less spam I may get... So. lets users make their computers more safe, I'll benefit from that

Personally, I keep JavaScript on all the time with all web sites I visit and, BTW, without any antivirus programs, running on the background too. To avoid annoying ads, to block cross-site scripting and other tracking tricks I run Proxomitron sidki's filters. And that's all "protection" that I have and it's completely enough for me
--
Keep it simple, it'll become complex by itself...



therube

join:2004-11-11
Randallstown, MD

> I don't think that JavaScript creates any kind of serious vulnerabilities.

There is nothing wrong with JavaScript.

It's not that JavaScript creates vulnerabilities, but rather that JavasScript is used by malware writers to facilitate their transmission of, malware. (Now they don't have to use JavaScript, just makes it much easier for them to code that way.)

So, use NoScript. Allow JavaScript where its needed. If not Allowed, it is blocked, everywhere else. Simple. (Not always so simple is knowing what is needed where. But over time, you get a feel. BTW, it is not needed here, for most all activities. Some may not care for it.)


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to WalkGood

I tried NoScript and the internet was crippled as was this site. I don't know what you mean by this site not needing JavaScript. EVERYTHING needs it ....seems like. Just use IE with notification permission turned on anytime active scripting is needed and you will see that you can't enjoy the internet without it as IE will constantly put up the question about allowing active scripting to run or not. I can't even open Outlook Express without TWICE telling IE that it ok to allow javascript.

I far prefer to use the Proxomitron. I have no idea how anyone could complain about Proxo being difficult to use but they think NoScript use is a piece of cake.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to WalkGood

walkgood, in my opinion, if you want your computer to be secure, yes, javascript must be disabled, but it is not practical to disable it universally, to have it disabled for every single website.. so, with "internet explorer", you have it disabled in IE's "internet zone" and "intranet zone" (ie you use high security-settings for IE's "internet zone" and "intranet zone" zone) and then add websites to IE's "trusted sites" zone as necessary, where "javascript" is not disabled..

with "firefox", you just use "firefox" with the "noscript" "addon" and then allow scripting for individual webpages as needed (which is similar to adding websites to IE's "trusted-sites" zone).. i use "firefox" with the "noscript" addon.. i only rarely ever use IE.. specifically, i use IE when installing "windows updates" and at a couple of websites where i need for "activex-controls" to run..



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to Mele20

 

quote:
I tried NoScript and the internet was crippled as was this site. I don't know what you mean by this site not needing JavaScript. EVERYTHING needs it
Well thankfully not everything Mele! -- I usually always have scripts DISABLED.... (Only 3 or 4 sites i use do i have to enable them (Email,etc))

I think its better having them disabled! (faster loading of pages,etc)

Ken1943

join:2001-12-30
Denver, CO

2 recommendations

reply to WalkGood

Re: Is turning off Javascript really necessary any more?

Are we talking about Java or Javascript. They are two very different animals. Java is used by websites. Java script is a html programing language.



WalkGood
Checkin Out Your Desk
Premium
join:2002-12-28
Patchogue, NY

said by Ken1943:

Are we talking about Java or Javascript. They are two very different animals. Java is used by websites. Java script is a html programing language.

Javascript is what I am asking about.


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1

1 recommendation

reply to Mele20

quote:
I tried NoScript and the internet was crippled as was this site.
Are you kidding me?

I've had javascript disabled for years on all my browsers and the only ''crippling'' it's done is block all the crap on the internet.

Noscript controls it beautifully [if you know what you're doing]..
--
~~Go Lions....back to back Cups!!~~


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to WalkGood

I haven't bothered disabling javascript globally in a long time, except for sites that annoy me.



WalkGood
Checkin Out Your Desk
Premium
join:2002-12-28
Patchogue, NY
reply to ZZZZZZZ

said by ZZZZZZZ:



I've had javascript disabled for years on all my browsers and the only ''crippling'' it's done is block all the crap on the internet.

Noscript controls it beautifully [if you know what you're doing]..

I have no experience with "Noscript" and 99% of the time I use Firefox. Can you give some pointers on any settings with Noscript?

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit

said by WalkGood:

I have no experience with "Noscript".. Can you give some pointers on any settings with Noscript?

i suggest that you just install "noscript" and use it and, through using it, figure out which settings you want to use.. that is what i did..

noscript's settings-options are pretty simple and intuitive..

i think that it is possible to use some "complex" custom settings with "noscript" but i haven't tried doing anything like that..
Expand your moderator at work


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON
reply to therube

Re: Is turning off Javascript really necessary any more?

said by therube:

> I don't think that JavaScript creates any kind of serious vulnerabilities.

There is nothing wrong with JavaScript.

It's not that JavaScript creates vulnerabilities, but rather that JavasScript is used by malware writers to facilitate their transmission of, malware. (Now they don't have to use JavaScript, just makes it much easier for them to code that way.)

While Javascript as a language doesn't generate vulnerabilities, its implementation in most cases does. The need of browser extensions and modules to secure it is a sign of this. Still none of those modules provide access to explicitly disable specific features of javascript because the JS interpreting engine is often a monolithic component of the browser where you either allow a domain/site to run it or you don't. Firewalls are largely useless against javascript security issues because any actions javascript does is under the context of the browser.

A significant example of this is that in the majority of implementations, there's no way to say, prevent javascript from calling out and making connections (think: XMLHTTPRequest) or outright preventing window creation/opening functions from working (popups still plauge some sites and use tricks to bypass popup blockers) while keeping it enabled. Javascript is gaining more and more power to essentially create applications within the browser itself and its becoming a near impossibility to avoid. I think Javascript needs a lot finer grain control than it has in most instances because I see eventually javascript gaining native level access to the computer it runs on as "apps" gain traction.
--
--Kradorex Xeron
[an error occurred while processing this signature]


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to WalkGood

quote:
I have no experience with "Noscript" and 99% of the time I use Firefox. Can you give some pointers on any settings with Noscript?
Noscript blocks all scripts on sites,so you can leave javascript enabled [although I don't] and then just click on the Noscript icon to temporarily allow any site you trust and wish to see that content.

Certain sites like facebook and Cnn ,have so many 3rd party scripts ,that it's a joke.
--
~~Go Lions....back to back Cups!!~~


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

You can also set it to automatically allow first party sites, which reduces the amount of reloading you have to do.
--
Think Outside the Fox.


ctggzg
Premium
join:2005-02-11
USA
kudos:2
reply to WalkGood

said by WalkGood:

... but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.

They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

I would disagree, as will many others here.



ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to ctggzg

quote:
They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.
lol............ya right buddy.
--
~~Go Lions....back to back Cups!!~~

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to WalkGood

I only turn it off if a website uses it to disable a feature. Sometimes I am out surfing the net and see a picture that would make an awesome desktop... but the site has right click disable. turn off Javascript and problem solved. turn it back on and get back to surfing.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports


OZO
Premium
join:2003-01-17
kudos:2

That's actually a good example, when turning off JavaScript could be useful. IMO, web sites should never block context menu in user browsers.

Just in case if you don't want to turn JavaScipt off in such case you may open site in IE and then copy image file from its cache. Remember, everything you see in your computer is already here, downloaded. Just take it and use as you need...
--
Keep it simple, it'll become complex by itself...



therube

join:2004-11-11
Randallstown, MD
reply to ctggzg

said by "quatrix" :
They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.
OK.
(Enough said.)

EdmundGerber

join:2010-01-04
kudos:1
reply to ctggzg

said by ctggzg:

said by WalkGood:

... but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.

They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.

Knowledge is also food for the ignorant, so judging from your statement - dig in!


therube

join:2004-11-11
Randallstown, MD

2 recommendations

reply to DigitalXeron

All code has vulnerabilities.

But that does not mean that a particular code is needed everywhere or all the time.

Since code can be exploited, anything you can do to limit code, will help to make you safer.

Flash is basically required these days.
It is not needed all the time nor is it needed everywhere.

So if you can block Flash, & only enable it when you actually need it, you are safer.

Java (for some, myself included), may not be needed at all. For others, they do require it.
Again it is not needed all the time nor is it needed everywhere.

So if you can block Java, & only enable it when you actually need it, you are safer. (Better yet, in my case, don't even install it.)

JavaScript is (basically) required these days.
Disable it entirely, & sooner rather then later, you're likely going to need to enable it.

But if you can limit its usage, you are better off. And when you have something that can provide more granular control then a simple on/off switch, you are both safer & able to control your browsing experience more effectively & efficiently. NoScript can do that. (Among many other things.)


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

said by therube:

But if you can limit its usage, you are better off. And when you have something that can provide more granular control then a simple on/off switch, you are both safer & able to control your browsing experience more effectively & efficiently. NoScript can do that. (Among many other things.)

So can the Proxomitron and with a heck of a lot less problems. As I have said many times, why anyone would claim NoScript is the answer when Proxo is available with the latest Sidki filters from December 2011, I can't understand. It sometimes will block something, and it is not perfect, but a lot easier to use than NoScript, plus, it works on all browsers...you are not limited to Fx or Opera with its builtin "noscript".
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


therube

join:2004-11-11
Randallstown, MD

quote:
But if you can limit its usage, you are better off.
quote:
So can the Proxomitron
Whatever means works for you.
If NoScript isn't your cup of tea, & Proxomitron can do similar, then by all means.
And in IE (which I'm not familiar with) you can use that "trusted zone" (or something or the other), but I would think that to not really be feasible. But if you're glotten for punishment ...


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to Mele20

Proxomitron is what 10 yrs old and as the author has passed away,it doesn't look like they'll be any further developement.

All it does is the same thing a Hosts file does...........and or a *pac file.

Noscript blocks flash,java and any number of other options.

It's a shame you couldn't understand how to learn how to use it........it probably would only have taken 5 minutes.
--
~~Go Lions....back to back Cups!!~~