| |
to WalkGood
Re: Is turning off Javascript really necessary any more?I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript. |
|
|
 therube
join:2004-11-11
Randallstown, MD |
therube
Member
2012-Aug-24 11:13 am
Or you could have reported the problem, & he likely could have come up with an exception for your particular case, or even a general fix if that is what would have been necessary. |
|
 antdudeMatrix Ant
Premium Member
join:2001-03-25
US |
to RawHeadRex
said by RawHeadRex:I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.
Yeah, NoScript is too much for my taste. I do use hosts, AdBlock Plus with multiple filters (sometimes this is too much too!), FlashBlock extension, etc. |
|
OZO
Premium Member
join:2003-01-17 |
to EdmundGerber
said by EdmundGerber:Proxo last update June 2003. Noscript last update? A few minutes ago!
Do you think what is updated the last is always better? Think again...  They are completely different tools, with completely different implementations, having completely different requirements and completely different functions. |
|
 AVDRespice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ |
AVD
Premium Member
2012-Aug-24 2:34 pm
If you did it right the first time, you don't have to issue a revision. |
|
 LeeBeeIt's Dark Out There
join:2003-06-18
Swissieland
1 recommendation |
to WalkGood
Drive-by infections are almost impossible with scripting turned off.
Downside is that turning off scripts and varying on when needed does not work for non-savvy users.
See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off..... |
|
| |
to OZO
said by OZO:said by EdmundGerber:Proxo last update June 2003. Noscript last update? A few minutes ago!
Do you think what is updated the last is always better? Think again... Generally - yes. You say 'think again' like you have some deep inside knowledge that we don't. Some occasional updates can screw things up. Using software nearly 10 years out of date is almost ALWAYS a bad idea. Thing again? Good advice for you, too. Most software updates are fine. No need to 'think again'... |
|
OZO
Premium Member
join:2003-01-17 |
OZO
Premium Member
2012-Aug-24 6:58 pm
1. Your point was " Proxo last update June 2003. Noscript last update? A few minutes ago!" implying that the latter is better just because of its update time and now you switched to " Generaly"? 2. Read this again: said by AVD:If you did it right the first time, you don't have to issue a revision.
|
|
 Ian1
Premium Member
join:2002-06-18
ON
3 recommendations |
to LeeBee
said by LeeBee:See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....
This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts. 
|
|
 Dustyn
Premium Member
join:2003-02-26
Ontario, CAN ·Carry Telecom
 ·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400
|
Dustyn
Premium Member
2012-Aug-24 9:26 pm
said by Ian1:said by LeeBee:See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....
This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts. Takes me back to the late 90's. |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
to 19579823
Re: My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions. |
|
19579823 (banned)An Awesome Dude
join:2003-08-04 |
to WalkGood
Ah i see what your saying Mele... |
|
 sivranVive Vivaldi
Premium Member
join:2003-09-15
Irving, TX |
to EdmundGerber
Re: Is turning off Javascript really necessary any more?Proxomitron: 1 vuln, not exploitable by arbitrary webpages.
If it ain't broke.... |
|
mysec
Premium Member
join:2005-11-29 |
to WalkGood
said by WalkGood:I have javascript enabled in my browser(s), but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus. Security is basically a state of mind; that is, people take the precautions necessary to make them comfortable in their computing. For some, disabling Javascript is necessary for that peaceful state of mind. For others, it's no worry. The first type of malware trick using Javascript that comes to mind is the redirection exploit, very common in the early years of the fake antivirus exploits. If the user has Javascript white listed per site, being redirected to a site with malware javascript code will have no effect./ Here is one from several years ago: » www.urs2.net/rsj/computi ··· nantivirregards, -rich |
|
therube
join:2004-11-11
Randallstown, MD
1 recommendation |
to WalkGood
from: Warning: 0-Day vulnerability in Java 7from: 1. The javascript in index.html is heavily obfuscated.It doesn't matter how obfuscated it is. JavaScript is JavaScript & if you have it blocked, it does not run. If it does not run, your chances of being affected by this 0-Day are diminished. NoScript has you covered, by default. By default, JavaScript is not allowed at most sites. By default, Java is blocked at non-allowed sites. If the malware page (this "index.html") is hosted on a domain other then what you are visiting, & even if you allowed the domain you are visiting, no JavaScript from that foreign domain will run. Is turning off Javascript really necessary any more? |
|
 NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
Asus RT-AC66U B1
Netgear FR114P
|
to Mele20
said by Mele20:Better tell them how to use proper security instead and one thing is to use Proxo.
What is "improper" about globally disabling JS, then enabling it per site? |
|
| NormanS |
to Mele20
Re: said by Mele20:Outlook Express won't work without javascript turned on. Even dslreports needs javascript.
What part of MSOE needs Javascript enabled? No SMTP/IMAP/POP3 client I have ever used requires Javascript! |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
Mele20
Premium Member
2012-Aug-28 4:21 am
The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script. |
|
 angussf
Premium Member
join:2002-01-11
Tucson, AZ |
to RawHeadRex
Re: Is turning off Javascript really necessary any more?said by RawHeadRex:I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.
Why not whitelist those pages in NoScript? You could also ask here for help in writing an XSS Exception filter for NoScript so this wouldn't bother you again. Browsing with scripting enabled by default for all pages is just opening yourself up to malware and spyware IMHO. |
|
angussf
1 recommendation |
to Mele20
Re: said by Mele20:My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions.
Why on earth are you still using Outlook Express and IE? |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
Mele20
Premium Member
2012-Aug-28 7:10 pm
I don't use IE except for Java speed tests (which also require Flash Player which I no longer allow on Fx due to the issues recently).
I use OE because it is the one Microsoft program (besides Word 2002- not any ribbon version) that I love. Why would I not use it? I have a little free program called OETool that greatly enhances OE. Plus, I have another freebie (not available for years now) called OE Freebie Backup that is great. It backs up all nine of my Identities in about two minutes including the address books, everything. Plus, it does a proper restore (some backup programs don't). I LOVE the way OE handles Identities and I am not giving this up. Microsoft completely screwed up OE in Vista by getting rid of the best thing about OE: Identities. I know Thunderbird has Identities but it has other stuff I don't like.
I still use XP Pro. OE will work on Win 7 when I get a new computer also because I would never buy a "Home" version of Windows (too much missing) and Pro version has XP as a virtual machine, plus, I run virtual machines already with XP Pro so I can continue using OE. I've used Thunderbird and I really disliked the harsh blue font and other stuff in it (that is one problem with Opera mail client currently...horrible blue font...I don't get the propensity for the ugly, hard to read blue that you see so much of in programs). Sea Monkey email client is quite a bit like OE but not nearly as good as OE and it has a lot of bugs. Opera's mail client was good until recently and now it is awful. What else is there? |
|
19579823 (banned)An Awesome Dude
join:2003-08-04 |
to angussf
Whats wrong with IE and OE??
2 perfectly good programs..... |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
to Mele20
said by Mele20:The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.
I tried using MSOE Identities, briefly. Didn't find much use for them. |
|
| NormanS |
to 19579823
said by 19579823:Whats wrong with IE and OE??
2 perfectly good programs.....
I've got four perfectly good battle rifles for you; about 133 years old each, but perfectly serviceable!  |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
to NormanS
said by NormanS:said by Mele20:The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.
I tried using MSOE Identities, briefly. Didn't find much use for them. So, you only have one email account? |
|
 caffeinatorComing soon to a cup near you..
Premium Member
join:2005-01-16
00000 |
to WalkGood
Re: Is turning off Javascript really necessary any more?What I've been doing for many years is disabling all scripting and plugins globally and only allow what is needed on a per-site basis. You only have to allow it once, after all. That's in Opera, in FF I use NoScript so that is taken care of there. IE is neutered and not used for anything. That said, most sites now are CMS based and will need .JS for basic functions, sometimes even navigation...unfortunately. It's crap, but sites do browser sniffing, include all their ads, and use things like FB/Twitter/Google API's via Javascript. For example, this link posted in the Home Improvement forums shows a totally blank page in Opera with scripting disabled. » www.cableorganizer.com/c ··· 6CBCFA78The difference between web pages and apps is pretty much non-existent these days.  |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
to Mele20
Re: said by Mele20:said by NormanS:said by Mele20:The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.
I tried using MSOE Identities, briefly. Didn't find much use for them. So, you only have one email account? Who says I need one "Identity" per account? 
Multiple Acounts!
|
|
angussf
Premium Member
join:2002-01-11
Tucson, AZ |
to Mele20
said by Mele20:I don't use IE except for Java speed tests (which also require Flash Player which I no longer allow on Fx due to the issues recently).
I use OE because it is the one Microsoft program (besides Word 2002- not any ribbon version) that I love. Why would I not use it? I have a little free program called OETool that greatly enhances OE. Plus, I have another freebie (not available for years now) called OE Freebie Backup that is great. It backs up all nine of my Identities in about two minutes including the address books, everything. Plus, it does a proper restore (some backup programs don't). I LOVE the way OE handles Identities and I am not giving this up. Microsoft completely screwed up OE in Vista by getting rid of the best thing about OE: Identities. I know Thunderbird has Identities but it has other stuff I don't like. ... What else is there?
You should look into Pegasus Mail as a great alternative to OE. Super Identity support. Totally immune to any IE-based attacks as it doesn't use the IE HTML engine. Actively being developed. Active support on the Pegasus Mail mailing lists and at the Pegasus Mail & Mercury Community site. Runs fine on Win7 when you get dragged, kicking and screaming, there once XP security patching stops. |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
Mele20
Premium Member
2012-Aug-30 5:12 am
I'll certainly look into that. Thanks.
I wish you would stop with the 'kicking and screaming to Win7'. I'd already have a new computer if Dell had done proper QA on the XPS 8500. Now a bios update is to be issued but Dell is being closed mouthed about it ...maybe because the root problem appears to be the new Ivy bridge processor. I also have to wait for nVidia to fix their problems which has made it impossible for Dell to offer their cards (except for two low end OEM ones). |
|
·
·
