NS in Chrome (a few things have changed)

General discussion about the NoScript extension for Firefox
Post Reply
Logos
Junior Member
Posts: 43
Joined: Wed Oct 28, 2009 5:11 pm

NS in Chrome (a few things have changed)

Post by Logos » Fri Jul 02, 2010 10:55 am

okay now that the Google API (somehow...) allows ad-blockers to not just prevent ads to be displayed but also now to block the downloading from ad servers, does that change anything for NoScript at all, as to the implementation in Chrome?

https://chrome.google.com/extensions/de ... kkbiglidom
New in version 2.0: Ads are actually BLOCKED FROM DOWNLOADING now, instead of just being removed after the fact!


https://chrome.google.com/extensions/de ... cddilifddb
New in 0.9.20: Improved support for blocking ads as they are loaded. (Chrome doesn't yet support one last feature required for this to work 100%, but hopefully it will soon.)


I checked with the first extension mentioned above (with Fiddler2), and indeed most ad servers are blocked. I'm quite aware that ad-blocking and script-blocking isn't the same, but could somehow the changes in Chrome API benefit to a possible implementation of NoScript now? thanks.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.447.0 Safari/534.2

User avatar
Giorgio Maone
Site Admin
Posts: 8955
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NS in Chrome (a few things have changed)

Post by Giorgio Maone » Fri Jul 02, 2010 1:41 pm

A NoScript implementation is currently still impossible, albeit easier once the other pieces of the puzzle go to their place.
Specifically, I've asked Google to provide an API to at least see the current permissions as set by Chrome's built-in user interface (if not write them, which would allow NoScript to replace or augment the UI with a more familiar one), so that embeddings can be blocked/enabled according to permissions, rather than duplicating whitelists/blacklists.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6

Logos
Junior Member
Posts: 43
Joined: Wed Oct 28, 2009 5:11 pm

Re: NS in Chrome (a few things have changed)

Post by Logos » Fri Jul 02, 2010 4:34 pm

okay, thanks for the feedback. Hoping that this situation will change with the time... ;)
Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:2.0b1) Gecko/20100630 Firefox/4.0b1

luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: NS in Chrome (a few things have changed)

Post by luntrus » Fri Jul 02, 2010 6:00 pm

Hi forum friends,

For me this issue is one of the issues why I always returned to a Mozilla type browser, they have NS inside.
GoogleChrome, and the clones thereof, like SRWare's Iron cannot support it somehow,
another point to try and get broader multi-browser support at any moment for our best extension/plug-in around,
is that the developers of the flock browser now with their new beta also decided to develop further into a Chrome based browser direction,
and I will be eventually without Mozilla support for the flock browser, so also without NS there.
Can the new flock beta come out with NS extension support or do they follow the GoogleChrome
out-of-the-box development, with their "pepper" plug-in (Adobe flash a la default) policy and silent update/patch regime,

luntrus
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6

luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: NS in Chrome (a few things have changed)

Post by luntrus » Fri Jul 02, 2010 10:40 pm

Hi forum users,

In the thread now running at the avast forums general section, started by little old me: http://forum.avast.com/index.php?topic= ... #msg518856
I was heavily attacked and even accused of patronizing now, this is what I wrote to my defense:
... and I are good friends, and good friends may have different visions on in-browser-security measures, and our difference of opinion can only be helping the discussion.
I have nowhere read (from experts and browser security researchers that are in a position to know) that NS is not doing its job as it should and it has been qualified by them as one of the best security extensions ever developed for the Fx browser, and it is a shame it could not be brought in other browser flaws. I haven't heard anyone in this thread say anything to the contrary, they argued on other arguments, because they could not beat this one.

As I stated elsewhere I would welcome it that NoScript would finally get an all-browser-wide adherence. I am not patronizing, I just repeat a general opinion on an extension. I am no party in this.
I also know that the opposition against it comes from a lot of folks that have never used it and talk on a hearsay basis or handling the browser extension features and settings are just beyond their scope. I want to leave that aspect out of the discussion. If you better feel on automation you won't have gears... Fine with me.

I just like what Giorgio Maone has developed and I have seen what it can do. I asked the man on his forums many times "and does NS protect here, and does it protect here?". And on all accounts he stated it always did. I wanted to hand down this experience to our user base here, and if it falls on deaf ears here or people for whatever reason do not want to hear it, that is OK with me, go with the second best in-browser protection there is which is a combination of reputation scanning (not reliable in various cases), block listing (always running after the facts) or the use of a scanning proxy - sort of IDS which is provided by the avast shields (we are so lucky as avast users to have these but is is depending on the fact the recognition of malscript must be excellent, and it misses some out).

I am not talking about browsers, I am not talking about in-browser-security in general, I am just talking about the unique quality of the NoScript plug-in which makes the Mozilla browser the most secure, alas without the NoScript extension it falls back to a third place or even worse and is not the most secure browser there is at all and must let for instance GoogleChrome sandboxed go first, but there one made that NS cannot be implemented.

When flock started years ago I was part of their browser security, and been a Fx test pilot for quite some time, I just wanted to pass on my experience for years now with browsers and browser code,


Why it is, my dear forum friends here, that NS creates such resentment from some users when presented with the NS facts on other security forums?

luntrus aka polonus
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: NS in Chrome (a few things have changed)

Post by Tom T. » Sat Jul 03, 2010 3:29 am

luntrus wrote:Why it is, my dear forum friends here, that NS creates such resentment from some users when presented with the NS facts on other security forums?luntrus aka polonus

Because NoScript requires that users take some responsibility for their own safety, whereas most just want to go wherever they want to go, and do whatever they want to do, dangerous or not, and "somehow" have the browser magically be safe.

People in denial, or unwilling to invest a little effort to protect themselves, will invest much more effort in finding reasons not to change their present habits.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

Post Reply