dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6057
share rss forum feed

RawHeadRex

join:2011-08-24
Richmond, IN
Reviews:
·Comcast
reply to WalkGood

Re: Is turning off Javascript really necessary any more?

I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.



therube

join:2004-11-11
Randallstown, MD

Or you could have reported the problem, & he likely could have come up with an exception for your particular case, or even a general fix if that is what would have been necessary.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to RawHeadRex

said by RawHeadRex:

I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.

Yeah, NoScript is too much for my taste. I do use hosts, AdBlock Plus with multiple filters (sometimes this is too much too!), FlashBlock extension, etc.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

OZO
Premium
join:2003-01-17
kudos:2
reply to EdmundGerber

said by EdmundGerber:

Proxo last update June 2003. Noscript last update? A few minutes ago!

Do you think what is updated the last is always better?
Think again...

They are completely different tools, with completely different implementations, having completely different requirements and completely different functions.
--
Keep it simple, it'll become complex by itself...


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

If you did it right the first time, you don't have to issue a revision.
--
--Standard disclaimers apply.--



LeeBee
It's Dark Out There

join:2003-06-18
Swissieland

1 recommendation

reply to WalkGood

Drive-by infections are almost impossible with scripting turned off.

Downside is that turning off scripts and varying on when needed does not work for non-savvy users.

See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....


EdmundGerber

join:2010-01-04
kudos:1
reply to OZO

said by OZO:

said by EdmundGerber:

Proxo last update June 2003. Noscript last update? A few minutes ago!

Do you think what is updated the last is always better?
Think again...

Generally - yes. You say 'think again' like you have some deep inside knowledge that we don't. Some occasional updates can screw things up. Using software nearly 10 years out of date is almost ALWAYS a bad idea. Thing again? Good advice for you, too.

Most software updates are fine. No need to 'think again'...

OZO
Premium
join:2003-01-17
kudos:2

1. Your point was "Proxo last update June 2003. Noscript last update? A few minutes ago!" implying that the latter is better just because of its update time and now you switched to "Generaly"?

2. Read this again:

said by AVD:

If you did it right the first time, you don't have to issue a revision.

--
Keep it simple, it'll become complex by itself...


Ian
Premium
join:2002-06-18
ON
kudos:3

3 recommendations

reply to LeeBee

said by LeeBee:

See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....

This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts.



--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

said by Ian:

said by LeeBee:

See the problem? Those that click on any link and say Yes to any prompt can't work with scripts turned off.....

This is bad? I do need to upgrade my graphics card to get more resolution, because I'm running out of browser space for some reason. But I see no reason not to run scripts.

Takes me back to the late 90's.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Dude111

Re:  

My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to WalkGood

Ah i see what your saying Mele...



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to EdmundGerber

Re: Is turning off Javascript really necessary any more?

Proxomitron: 1 vuln, not exploitable by arbitrary webpages.

If it ain't broke....


mysec
Premium
join:2005-11-29
kudos:4
reply to WalkGood

said by WalkGood:

I have javascript enabled in my browser(s), but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.


Security is basically a state of mind; that is, people take the precautions necessary to make them comfortable in their computing.

For some, disabling Javascript is necessary for that peaceful state of mind. For others, it's no worry.

The first type of malware trick using Javascript that comes to mind is the redirection exploit, very common in the early years of the fake antivirus exploits.

If the user has Javascript white listed per site, being redirected to a site with malware javascript code will have no effect./

Here is one from several years ago:

»www.urs2.net/rsj/computing/tests/winantivir

regards,

-rich


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

1 recommendation

reply to WalkGood

from: Warning: 0-Day vulnerability in Java 7
from: 1. The javascript in index.html is heavily obfuscated.

It doesn't matter how obfuscated it is. JavaScript is JavaScript & if you have it blocked, it does not run.

If it does not run, your chances of being affected by this 0-Day are diminished.

NoScript has you covered, by default.

By default, JavaScript is not allowed at most sites.
By default, Java is blocked at non-allowed sites.
If the malware page (this "index.html") is hosted on a domain other then what you are visiting, & even if you allowed the domain you are visiting, no JavaScript from that foreign domain will run.

Is turning off Javascript really necessary any more?



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Mele20

said by Mele20:

Better tell them how to use proper security instead and one thing is to use Proxo.

What is "improper" about globally disabling JS, then enabling it per site?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Mele20

Re:  

said by Mele20:

Outlook Express won't work without javascript turned on. Even dslreports needs javascript.

What part of MSOE needs Javascript enabled? No SMTP/IMAP/POP3 client I have ever used requires Javascript!
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4
reply to RawHeadRex

Re: Is turning off Javascript really necessary any more?

said by RawHeadRex:

I use Firefox with NoScript, and I know of lately NoScript has become more intrusive. My math class uses MY Math Lab to study and take quizzes, also I have a economy class that uses the same method of study, and both sites are blocked by NoScript 'XSS' which causes the test or quiz to reset it self, and I have to get the instructor to reset the test. Sometimes I forget to disable 'XSS' while going to these sites, so I decided to rid myself of the problem by removing NoScript.

Why not whitelist those pages in NoScript? You could also ask here for help in writing an XSS Exception filter for NoScript so this wouldn't bother you again.

Browsing with scripting enabled by default for all pages is just opening yourself up to malware and spyware IMHO.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4

1 recommendation

reply to Mele20

Re:  

said by Mele20:

My point about Outlook Express is that you you cannot disable scripting in IE if you want OE to work correctly. IE controls OE as OE is a part of IE. The best you can do for IE scripting, if you use OE, is to set IE to prompt on scripting and that drives me nuts as there is a lot of prompting. The other thing would be to put websites that IE prompts on into the trusted zone. If you do that though then you end up with most sites in the trusted zone. Plus, it is not easy to add to the trusted zone...well, I don't know about IE 9...maybe it is easier there than in earlier versions.

Why on earth are you still using Outlook Express and IE?
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

I don't use IE except for Java speed tests (which also require Flash Player which I no longer allow on Fx due to the issues recently).

I use OE because it is the one Microsoft program (besides Word 2002- not any ribbon version) that I love. Why would I not use it? I have a little free program called OETool that greatly enhances OE. Plus, I have another freebie (not available for years now) called OE Freebie Backup that is great. It backs up all nine of my Identities in about two minutes including the address books, everything. Plus, it does a proper restore (some backup programs don't). I LOVE the way OE handles Identities and I am not giving this up. Microsoft completely screwed up OE in Vista by getting rid of the best thing about OE: Identities. I know Thunderbird has Identities but it has other stuff I don't like.

I still use XP Pro. OE will work on Win 7 when I get a new computer also because I would never buy a "Home" version of Windows (too much missing) and Pro version has XP as a virtual machine, plus, I run virtual machines already with XP Pro so I can continue using OE. I've used Thunderbird and I really disliked the harsh blue font and other stuff in it (that is one problem with Opera mail client currently...horrible blue font...I don't get the propensity for the ugly, hard to read blue that you see so much of in programs). Sea Monkey email client is quite a bit like OE but not nearly as good as OE and it has a lot of bugs. Opera's mail client was good until recently and now it is awful. What else is there?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to angussf

Whats wrong with IE and OE??

2 perfectly good programs.....



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Mele20

said by Mele20:

The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.

I tried using MSOE Identities, briefly. Didn't find much use for them.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Dude111

said by Dude111:

Whats wrong with IE and OE??

2 perfectly good programs.....

I've got four perfectly good battle rifles for you; about 133 years old each, but perfectly serviceable!
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to NormanS

said by NormanS:

said by Mele20:

The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.

I tried using MSOE Identities, briefly. Didn't find much use for them.

So, you only have one email account?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
reply to WalkGood

Re: Is turning off Javascript really necessary any more?

What I've been doing for many years is disabling all scripting and plugins globally and only allow what is needed on a per-site basis. You only have to allow it once, after all. That's in Opera, in FF I use NoScript so that is taken care of there. IE is neutered and not used for anything.

That said, most sites now are CMS based and will need .JS for basic functions, sometimes even navigation...unfortunately. It's crap, but sites do browser sniffing, include all their ads, and use things like FB/Twitter/Google API's via Javascript.

For example, this link posted in the Home Improvement forums shows a totally blank page in Opera with scripting disabled.

»www.cableorganizer.com/cord-prot···6CBCFA78

The difference between web pages and apps is pretty much non-existent these days.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Mele20

Re:  

said by Mele20:

said by NormanS:

said by Mele20:

The title page for each Identity, which I like, requires javascript. If you check the box on the bottom of the title page to "go directly to Inbox in the future" then you won't need java script.

I tried using MSOE Identities, briefly. Didn't find much use for them.

So, you only have one email account?

Who says I need one "Identity" per account?

Multiple Acounts!

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4
reply to Mele20

said by Mele20:

I don't use IE except for Java speed tests (which also require Flash Player which I no longer allow on Fx due to the issues recently).

I use OE because it is the one Microsoft program (besides Word 2002- not any ribbon version) that I love. Why would I not use it? I have a little free program called OETool that greatly enhances OE. Plus, I have another freebie (not available for years now) called OE Freebie Backup that is great. It backs up all nine of my Identities in about two minutes including the address books, everything. Plus, it does a proper restore (some backup programs don't). I LOVE the way OE handles Identities and I am not giving this up. Microsoft completely screwed up OE in Vista by getting rid of the best thing about OE: Identities. I know Thunderbird has Identities but it has other stuff I don't like. ... What else is there?

You should look into Pegasus Mail as a great alternative to OE. Super Identity support. Totally immune to any IE-based attacks as it doesn't use the IE HTML engine. Actively being developed. Active support on the Pegasus Mail mailing lists and at the Pegasus Mail & Mercury Community site. Runs fine on Win7 when you get dragged, kicking and screaming, there once XP security patching stops.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

I'll certainly look into that. Thanks.

I wish you would stop with the 'kicking and screaming to Win7'. I'd already have a new computer if Dell had done proper QA on the XPS 8500. Now a bios update is to be issued but Dell is being closed mouthed about it ...maybe because the root problem appears to be the new Ivy bridge processor. I also have to wait for nVidia to fix their problems which has made it impossible for Dell to offer their cards (except for two low end OEM ones).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson