NoScript Didn't Block Rogue Site

[Guest]

Yes I'm sure. Think about TOR user, with very limited bandwidth.

[Guest]

Well it has got to do with how FF works! When FF senses something to be download it initiates it at full speed and PARALLELY throws the user confirmation to download. In effect it means FF does not wait for confirmation to BEGIN download

Thank you... finally someone who understands that FF will start downloading a file while you make up your mind whether you want to download it or not. The thing is, I never got the dialog to make that choice. NOD32's Internet Monitor must have stopped the download when enough packets came in.

I think a major part of the confusion is understanding that "downloading" and "installing" sw are two different things

My bad... I said "install" in my initial post, because I thought some rogue script or exploit was attempting to do just that. Because I saw no dialog, I was surprised to see the NOD32 alert which made me suspect the worst hence the verbiage. Perhaps I should have said "download" instead of "install" to avoid this confusion.

But like I said...
Never at any time did I see a Download Dialog within Firefox. Normally, you click a link and a dialog appears asking you where to save your file. In the meantime, while you are deciding where to save your file, Firefox is already downloading your file while you make up your mind to speed up the process. Well, I never saw that dialog to download the file, yet the file was well underway and eventually stopped by NOD32.

The only way I know how to start a download (without client-side OR server-side scripting) without the users consent is to use meta-refresh or an iframe as Giorgio pointed out earlier. Both of these were set to block in NoScript, which is why I assumed it was script-initiated. It may have just been a fluke, but I am dumbfounded how a download could have started without me explicitly initiating it.

[Alan Baxter]

Tor discussion split to http://forums.informaction.com/viewtopi ... =19&t=1526

[Thrawn]

@jB: If you're really concerned about cross-site HTTP requests occurring without your knowledge, then I recommend that you investigate NoScript's ABE module, or for a simpler interface you can try the RequestPolicy addon. Either one will allow you to take control of cross-site requests.

Bear in mind that by blocking cross-site requests, you will prevent many sites from loading even their stylesheets, so you need to be prepared for a lot of initial setup work. RequestPolicy makes it a bit easier by offering a relaxed mode where subdomains can send requests to each other.

On the other hand, blocking cross-site requests can make a pretty effective ad-blocker .

[cocoapuff]

I was recently searching something on Google and clicked on a link that took me to a site that redirected me to a malicious rogue site

To protect yourself specifically against this kind of threat, you may want to look into the Search Engine Security (SES) extension for Firefox from Zscaler: http://research.zscaler.com/2010/10/upd ... lugin.html