i wish we could get more info about any of the scripts... like a malicious script database or something... so we can identify bad ones
is about:blank a malicious script? cuz i had a microsoft explorer about:blank browser hijack in the past...
Are bidsystem.com, slashkey.com, or cubics.com malicious scripts???
NoScript features
NoScript features
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: NoScript features
No. That's why it's whitelisted by default.XxMayhemxx wrote:is about:blank a malicious script?
I don't know. That's the beauty of NoScript. It doesn't rely on protecting us from known bad sites. A malicious script database would be huge, incomplete, always obsolete, and not include good, non-malicious sites that have been compromised. Please read the NOSCRIPT QUICK START GUIDE FOR BEGINNERS sticky at the top of the Support forum.Are bidsystem.com, slashkey.com, or cubics.com malicious scripts???
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: NoScript features
I believe that by the time ABE is completed, it will provide something to this effect but not sure exactly in what incarnation.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 AdblockPlus/1.0.1 NoScript/1.9.1.91 RequestPolicy/0.5.4 FirePHP/0.2.4
Re: NoScript features
@ XxMayhemxx: My personal policy is to deny, or rather, leave denied, *everthing*, except that which is absolutely necessary for the specific function you want (even if the rest of the page stays broken). Then, and only then, is there a decision about whether those particular items are trustworthy. Cuts the decision-making tremendously, by cutting the universe of scripts etc. tremendously.
Everyone's usage and system are different. This is a personal opinion and does not represent the forum, developer, or product, and conveys no rights or warranties.
@ GµårÐïåñ: Giorgio himself would be the one to answer that, but from the announcement:
Everyone's usage and system are different. This is a personal opinion and does not represent the forum, developer, or product, and conveys no rights or warranties.
@ GµårÐïåñ: Giorgio himself would be the one to answer that, but from the announcement:
Sounds like you could ask a trusted third party to provide *rules*, but that still doesn't tell you anything about the particular script/object itself. Rules aren't a database of individuals, and as Alan pointed out, the number of executable objects out there changes by the thousands every second. But yes, ABE might assist the OP and others who wish to use the opt-in subscription or implement rules of a third party that they trust.Many of the threats NoScript is currently capable of handling, such as XSS, CSRF or ClickJacking, have one common evil root: lack of proper isolation at the web application level. Since the web has not been originally conceived as an application platform, it misses some key features required for ensuring application security. Actually, it cannot even define what a “web application” is, or declare its boundaries especially if they span across multiple domains, a scenario becoming more common and common in these “mashups” and “social media” days.
The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser. It will be specialized in defining and guarding the boundaries of each sensitive web application relevant to the user (e.g. webmail, online banking and so on), according to policies defined either by the user himself, or by the web developer/administrator, or by a trusted 3rd party.
Rules for the most popular web applications will be made downloadable and/or available via automatic updates for opt-in subscribers, and UI front-ends will be provided to edit them manually or through a transparent auto-learning process, while browsing. Additionally, web developers or administrator will be able to declare policies for their own web applications: ABE will honor them, unless they conflict with more restrictive user-defined rules.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: NoScript features
Yes I have spoken to him in the past and that's why I said not sure in what incarnation because its a work in progress.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 AdblockPlus/1.0.1 NoScript/1.9.1.91 RequestPolicy/0.5.4 FirePHP/0.2.4