| reply to WalkGood
Re: Is turning off Javascript really necessary any more? I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript. |
|
 therube
join:2004-11-11
Randallstown, MD | Or you could have reported the problem, & he likely could have come up with an exception for your particular case, or even a general fix if that is what would have been necessary. |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| reply to RawHeadRex
said by RawHeadRex:I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.
Yeah, NoScript is too much for my taste. I do use hosts, AdBlock Plus with multiple filters (sometimes this is too much too!), FlashBlock extension, etc.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to EdmundGerber
said by EdmundGerber:Proxo last update June 2003. Noscript last update? A few minutes ago!
Do you think what is updated the last is always better?
Think again... 
They are completely different tools, with completely different implementations, having completely different requirements and completely different functions.
--
Keep it simple, it'll become complex by itself... |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | If you did it right the first time, you don't have to issue a revision.
--
--Standard disclaimers apply.-- |
|
 LeeBeeIt's Dark Out There
join:2003-06-18
Swissieland
·Cablecom Switzer..
| reply to WalkGood
Drive-by infections are almost impossible with scripting turned off.
Downside is that turning off scripts and varying on when needed does not work for non-savvy users.
See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off..... |
|
| reply to OZO
said by OZO:said by EdmundGerber:Proxo last update June 2003. Noscript last update? A few minutes ago!
Do you think what is updated the last is always better? Think again... Generally - yes. You say 'think again' like you have some deep inside knowledge that we don't. Some occasional updates can screw things up. Using software nearly 10 years out of date is almost ALWAYS a bad idea. Thing again? Good advice for you, too.
Most software updates are fine. No need to 'think again'... |
|
|
|
OZOPremium
join:2003-01-17
kudos:2 | 1. Your point was "Proxo last update June 2003. Noscript last update? A few minutes ago!" implying that the latter is better just because of its update time and now you switched to "Generaly"?
2. Read this again:
said by AVD:If you did it right the first time, you don't have to issue a revision.
--
Keep it simple, it'll become complex by itself... |
|
 IanPremium
join:2002-06-18
ON
kudos:1
·Rogers Hi-Speed
| reply to LeeBee
said by LeeBee:See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....
This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 | said by Ian:said by LeeBee:See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....
This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts. Takes me back to the late 90's.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Dude111
Re: My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:11 | reply to WalkGood
Ah i see what your saying Mele... |
|
 sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | reply to EdmundGerber
Re: Is turning off Javascript really necessary any more? Proxomitron: 1 vuln, not exploitable by arbitrary webpages.
If it ain't broke.... |
|
mysecPremium
join:2005-11-29
kudos:4 | reply to WalkGood
said by WalkGood:I have javascript enabled in my browser(s), but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.
Security is basically a state of mind; that is, people take the precautions necessary to make them comfortable in their computing.
For some, disabling Javascript is necessary for that peaceful state of mind. For others, it's no worry.
The first type of malware trick using Javascript that comes to mind is the redirection exploit, very common in the early years of the fake antivirus exploits.
If the user has Javascript white listed per site, being redirected to a site with malware javascript code will have no effect./
Here is one from several years ago:
»www.urs2.net/rsj/computing/tests/winantivir
regards,
-rich |
|
therube
join:2004-11-11
Randallstown, MD | reply to WalkGood
from: Warning: 0-Day vulnerability in Java 7
from: 1. The javascript in index.html is heavily obfuscated.
It doesn't matter how obfuscated it is. JavaScript is JavaScript & if you have it blocked, it does not run.
If it does not run, your chances of being affected by this 0-Day are diminished.
NoScript has you covered, by default.
By default, JavaScript is not allowed at most sites.
By default, Java is blocked at non-allowed sites.
If the malware page (this "index.html") is hosted on a domain other then what you are visiting, & even if you allowed the domain you are visiting, no JavaScript from that foreign domain will run.
Is turning off Javascript really necessary any more? |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| reply to Mele20
said by Mele20:Better tell them how to use proper security instead and one thing is to use Proxo.
What is "improper" about globally disabling JS, then enabling it per site?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to Mele20
Re: said by Mele20:Outlook Express won't work without javascript turned on. Even dslreports needs javascript.
What part of MSOE needs Javascript enabled? No SMTP/IMAP/POP3 client I have ever used requires Javascript!
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 angussfPremium
join:2002-01-11
Tucson, AZ
kudos:4 | reply to RawHeadRex
Re: Is turning off Javascript really necessary any more? said by RawHeadRex:I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.
Why not whitelist those pages in NoScript? You could also ask here for help in writing an XSS Exception filter for NoScript so this wouldn't bother you again.
Browsing with scripting enabled by default for all pages is just opening yourself up to malware and spyware IMHO.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/ |
|
angussfPremium
join:2002-01-11
Tucson, AZ
kudos:4 | reply to Mele20
Re: said by Mele20:My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions.
Why on earth are you still using Outlook Express and IE?
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/ |
|
