dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
6812

WalkGood
Checkin out where you are!
Premium Member
join:2002-12-28
Patchogue, NY

WalkGood

Premium Member

Is turning off Javascript really necessary any more?

Is turning off Javascript in your browswer REALLY necessary any more?

I have javascript enabled in my browser(s), but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.
91862239 (banned)
join:2011-10-15
Brownsville, TX

91862239 (banned)

Member

i heard that to try it turn it off then go to all your favorite websites like youtube or any site and see if it works if it does keep it turned off

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

3 recommendations

Juggernaut to WalkGood

Premium Member

to WalkGood
Use FireFox, and NoScript. Then, allow what you want, and need to see a site.

Control. It's a good thing.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

2 recommendations

AVD

Premium Member

it is no more safer now than it ever was.
OZO
Premium Member
join:2003-01-17

OZO to WalkGood

Premium Member

to WalkGood
I don't think that JavaScript creates any kind of serious vulnerabilities. At the same time, I think the more people use protection against any kind of attacks (including JavaScript) - the better. It discourages some form writing new bad code. It's like, the more people use anti-spam filters, the less spam I may get... So. lets users make their computers more safe, I'll benefit from that

Personally, I keep JavaScript on all the time with all web sites I visit and, BTW, without any antivirus programs, running on the background too. To avoid annoying ads, to block cross-site scripting and other tracking tricks I run Proxomitron sidki's filters. And that's all "protection" that I have and it's completely enough for me

therube
join:2004-11-11
Randallstown, MD

therube

Member

> I don't think that JavaScript creates any kind of serious vulnerabilities.

There is nothing wrong with JavaScript.

It's not that JavaScript creates vulnerabilities, but rather that JavasScript is used by malware writers to facilitate their transmission of, malware. (Now they don't have to use JavaScript, just makes it much easier for them to code that way.)

So, use NoScript. Allow JavaScript where its needed. If not Allowed, it is blocked, everywhere else. Simple. (Not always so simple is knowing what is needed where. But over time, you get a feel. BTW, it is not needed here, for most all activities. Some may not care for it.)
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to WalkGood

Premium Member

to WalkGood
I tried NoScript and the internet was crippled as was this site. I don't know what you mean by this site not needing JavaScript. EVERYTHING needs it ....seems like. Just use IE with notification permission turned on anytime active scripting is needed and you will see that you can't enjoy the internet without it as IE will constantly put up the question about allowing active scripting to run or not. I can't even open Outlook Express without TWICE telling IE that it ok to allow javascript.

I far prefer to use the Proxomitron. I have no idea how anyone could complain about Proxo being difficult to use but they think NoScript use is a piece of cake.
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98 to WalkGood

Premium Member

to WalkGood
walkgood, in my opinion, if you want your computer to be secure, yes, javascript must be disabled, but it is not practical to disable it universally, to have it disabled for every single website.. so, with "internet explorer", you have it disabled in IE's "internet zone" and "intranet zone" (ie you use high security-settings for IE's "internet zone" and "intranet zone" zone) and then add websites to IE's "trusted sites" zone as necessary, where "javascript" is not disabled..

with "firefox", you just use "firefox" with the "noscript" "addon" and then allow scripting for individual webpages as needed (which is similar to adding websites to IE's "trusted-sites" zone).. i use "firefox" with the "noscript" addon.. i only rarely ever use IE.. specifically, i use IE when installing "windows updates" and at a couple of websites where i need for "activex-controls" to run..
19579823 (banned)
An Awesome Dude
join:2003-08-04

19579823 (banned) to Mele20

Member

to Mele20

 

quote:
I tried NoScript and the internet was crippled as was this site. I don't know what you mean by this site not needing JavaScript. EVERYTHING needs it
Well thankfully not everything Mele! -- I usually always have scripts DISABLED.... (Only 3 or 4 sites i use do i have to enable them (Email,etc))

I think its better having them disabled! (faster loading of pages,etc)

Ken1943
join:2001-12-30
Brighton, CO

2 recommendations

Ken1943 to WalkGood

Member

to WalkGood

Re: Is turning off Javascript really necessary any more?

Are we talking about Java or Javascript. They are two very different animals. Java is used by websites. Java script is a html programing language.

WalkGood
Checkin out where you are!
Premium Member
join:2002-12-28
Patchogue, NY

WalkGood

Premium Member

said by Ken1943:

Are we talking about Java or Javascript. They are two very different animals. Java is used by websites. Java script is a html programing language.

Javascript is what I am asking about.

ZZZZZZZ
Premium Member
join:2001-05-27
PARADISE

1 recommendation

ZZZZZZZ to Mele20

Premium Member

to Mele20
quote:
I tried NoScript and the internet was crippled as was this site.
Are you kidding me?

I've had javascript disabled for years on all my browsers and the only ''crippling'' it's done is block all the crap on the internet.

Noscript controls it beautifully [if you know what you're doing]..

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

1 recommendation

sivran to WalkGood

Premium Member

to WalkGood
I haven't bothered disabling javascript globally in a long time, except for sites that annoy me.

WalkGood
Checkin out where you are!
Premium Member
join:2002-12-28
Patchogue, NY

WalkGood to ZZZZZZZ

Premium Member

to ZZZZZZZ
said by ZZZZZZZ:



I've had javascript disabled for years on all my browsers and the only ''crippling'' it's done is block all the crap on the internet.

Noscript controls it beautifully [if you know what you're doing]..

I have no experience with "Noscript" and 99% of the time I use Firefox. Can you give some pointers on any settings with Noscript?
redwolfe_98
Premium Member
join:2001-06-11

1 edit

redwolfe_98

Premium Member

said by WalkGood:

I have no experience with "Noscript".. Can you give some pointers on any settings with Noscript?

i suggest that you just install "noscript" and use it and, through using it, figure out which settings you want to use.. that is what i did..

noscript's settings-options are pretty simple and intuitive..

i think that it is possible to use some "complex" custom settings with "noscript" but i haven't tried doing anything like that..
Expand your moderator at work

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

DigitalXeron to therube

Member

to therube

Re: Is turning off Javascript really necessary any more?

said by therube:

> I don't think that JavaScript creates any kind of serious vulnerabilities.

There is nothing wrong with JavaScript.

It's not that JavaScript creates vulnerabilities, but rather that JavasScript is used by malware writers to facilitate their transmission of, malware. (Now they don't have to use JavaScript, just makes it much easier for them to code that way.)

While Javascript as a language doesn't generate vulnerabilities, its implementation in most cases does. The need of browser extensions and modules to secure it is a sign of this. Still none of those modules provide access to explicitly disable specific features of javascript because the JS interpreting engine is often a monolithic component of the browser where you either allow a domain/site to run it or you don't. Firewalls are largely useless against javascript security issues because any actions javascript does is under the context of the browser.

A significant example of this is that in the majority of implementations, there's no way to say, prevent javascript from calling out and making connections (think: XMLHTTPRequest) or outright preventing window creation/opening functions from working (popups still plauge some sites and use tricks to bypass popup blockers) while keeping it enabled. Javascript is gaining more and more power to essentially create applications within the browser itself and its becoming a near impossibility to avoid. I think Javascript needs a lot finer grain control than it has in most instances because I see eventually javascript gaining native level access to the computer it runs on as "apps" gain traction.

ZZZZZZZ
Premium Member
join:2001-05-27
PARADISE

ZZZZZZZ to WalkGood

Premium Member

to WalkGood
quote:
I have no experience with "Noscript" and 99% of the time I use Firefox. Can you give some pointers on any settings with Noscript?
Noscript blocks all scripts on sites,so you can leave javascript enabled [although I don't] and then just click on the Noscript icon to temporarily allow any site you trust and wish to see that content.

Certain sites like facebook and Cnn ,have so many 3rd party scripts ,that it's a joke.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran

Premium Member

You can also set it to automatically allow first party sites, which reduces the amount of reloading you have to do.
ctggzg
Premium Member
join:2005-02-11
USA

ctggzg to WalkGood

Premium Member

to WalkGood
said by WalkGood:

... but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.

They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

I would disagree, as will many others here.

ZZZZZZZ
Premium Member
join:2001-05-27
PARADISE

ZZZZZZZ to ctggzg

Premium Member

to ctggzg
quote:
They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.
lol............ya right buddy.
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to WalkGood

Premium Member

to WalkGood
I only turn it off if a website uses it to disable a feature. Sometimes I am out surfing the net and see a picture that would make an awesome desktop... but the site has right click disable. turn off Javascript and problem solved. turn it back on and get back to surfing.
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

That's actually a good example, when turning off JavaScript could be useful. IMO, web sites should never block context menu in user browsers.

Just in case if you don't want to turn JavaScipt off in such case you may open site in IE and then copy image file from its cache. Remember, everything you see in your computer is already here, downloaded. Just take it and use as you need...

therube
join:2004-11-11
Randallstown, MD

therube to ctggzg

Member

to ctggzg
said by "quatrix" :
They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.
OK.
(Enough said.)
EdmundGerber
join:2010-01-04

EdmundGerber to ctggzg

Member

to ctggzg
said by ctggzg:

said by WalkGood:

... but I know people who swear that they MUST turn off javascript or they will be hacked and/or they will get a virus.

They're wrong and misinformed. NoScript is also worthless snake oil for the paranoid.

Knowledge is also food for the ignorant, so judging from your statement - dig in!

therube
join:2004-11-11
Randallstown, MD

2 recommendations

therube to DigitalXeron

Member

to DigitalXeron
All code has vulnerabilities.

But that does not mean that a particular code is needed everywhere or all the time.

Since code can be exploited, anything you can do to limit code, will help to make you safer.

Flash is basically required these days.
It is not needed all the time nor is it needed everywhere.

So if you can block Flash, & only enable it when you actually need it, you are safer.

Java (for some, myself included), may not be needed at all. For others, they do require it.
Again it is not needed all the time nor is it needed everywhere.

So if you can block Java, & only enable it when you actually need it, you are safer. (Better yet, in my case, don't even install it.)

JavaScript is (basically) required these days.
Disable it entirely, & sooner rather then later, you're likely going to need to enable it.

But if you can limit its usage, you are better off. And when you have something that can provide more granular control then a simple on/off switch, you are both safer & able to control your browsing experience more effectively & efficiently. NoScript can do that. (Among many other things.)
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

said by therube:

But if you can limit its usage, you are better off. And when you have something that can provide more granular control then a simple on/off switch, you are both safer & able to control your browsing experience more effectively & efficiently. NoScript can do that. (Among many other things.)

So can the Proxomitron and with a heck of a lot less problems. As I have said many times, why anyone would claim NoScript is the answer when Proxo is available with the latest Sidki filters from December 2011, I can't understand. It sometimes will block something, and it is not perfect, but a lot easier to use than NoScript, plus, it works on all browsers...you are not limited to Fx or Opera with its builtin "noscript".

therube
join:2004-11-11
Randallstown, MD

therube

Member

quote:
But if you can limit its usage, you are better off.
quote:
So can the Proxomitron
Whatever means works for you.
If NoScript isn't your cup of tea, & Proxomitron can do similar, then by all means.
And in IE (which I'm not familiar with) you can use that "trusted zone" (or something or the other), but I would think that to not really be feasible. But if you're glotten for punishment ...

ZZZZZZZ
Premium Member
join:2001-05-27
PARADISE

ZZZZZZZ to Mele20

Premium Member

to Mele20
Proxomitron is what 10 yrs old and as the author has passed away,it doesn't look like they'll be any further developement.

All it does is the same thing a Hosts file does...........and or a *pac file.

Noscript blocks flash,java and any number of other options.

It's a shame you couldn't understand how to learn how to use it........it probably would only have taken 5 minutes.