helping many people
Our library self-help group is around 20 strong most of the time.
But it does make for "Firefox isn't working right" scenarios, and not just ones caused by extension conflicts.
No argument with that, but the assertion I did engage with was
makes Firefox less reliable
and I read that as less predictable; less workable. My choice of "unstable" was perhaps unfortunate.
I continue to think a vanilla Firefox without extensions provides the most trouble-free experience.
Certainly, but that's self-evident. I wouldn't have taken exception to that if you'd used "trouble-free" instead of "reliable".
Anyway, to the security part of things;
By far the most prevalent internet-related computer security problems aren't addressed by any of them, including NoScript
(just repeating it to keep me on the centre of our difference)
and
My assumption is that the majority of systems are compromised by people downloading and installing malware on their systems, not by XSS attacks that exploit an unpatched system. I suppose they're often tricked into it. I suspect most problems are introduced through social engineering techniques, not by ones that NS can prevent.
Multiple assumptions in there:
Downloaded stuff (however engineered - social or tech masked) doesn't involve scripting at any point.
Social engineering techniques don't include scripting at any stage of the compromise.
Unpatched systems not prevalent
Can't agree.
The exploits for active content exist and are used by the black web.
Unpatched machines are legion.
What future use will be made of them is unknown, but a ball-park prediction can be made by those who work in the area.
And you're right that neither of us know the actual figures.
Luntrus would have a much better idea.
I don't believe that security professionals really want it known just how many unpatched, unmaintained home systems are involved in the black net.
The computer maintenance shops I've had dealings with over around 15 years on the net overwhelmingly report mangled, infected, broadcasting, botted, choked hdds when the ma and pa machines are eventually brought to a halt by compromise. Very few of the broken machines have broken hardware. Most of those techs have no time (or background in web security) to do anything except format, install the latest blacklisting application and throw the user back out to the dogs.
Patching? Nice concept if the machine's not already infected.
The friends to whom I recommend NS aren't those who I know are aware technically and who do have support; the ones I recommend NS to are the ones who've already been shafted by this or that compromise and who are making a start with Fx. They, when NS is installed right from the get-go don't appear to have any difficulties adjusting to the allow-on-the-fly concept and otherwise NS/Fx just works.
My own anecdotal data set is about 30 friends (and friends of friends).
I used to participate in this tech forum on the Australian public broadcaster's website
http://www2b.abc.net.au/science/techtalk/
Its resident guru is a malware cleaning volunteer on some of the same forums as luntrus, and she pushes Safe Hex with Fx and NS in her education spiel. The forum is consequently a focus for Australian Fx users and you can pick up some useful anecdote/data about trouble-free Fx experience. Fx/NS is the basic recommendation there too.
Practising Safe Hex like many of us vet Fx users do is understood to be an approach to the net that obviates the use of most assisting applications and many do navigate using default Fx without infection, without protection from active content.
I just don't agree that Fx with NS is any less significantly trouble-free as you assert, and it is on the contrary much more secure for plain users when NS is installed - - even with Allow Globally :facehand: you get the rest of the deal.
Yes, I mean "anti-virus" apps with resident scanners. They work for many, and stuff around with many others. I hate trouble-shooting them.
/serious