Main Area and Open Discussion > Living Room
Virus/Worm attacks - are they getting worse?
f0dder:
I find no script to be perhaps the single most annoying piece of software ever to be on my computer, I was forever trying to configure the thing to let me see sites I wanted to see, I gave up, life's too short.
-Grorgy (October 02, 2008, 06:41 PM)
--- End quote ---
Annoying? Indeed. And if you're impatient, you might end up whitelisting everything, removing the benefit of NoScript. Also, you could end up on a legitimate and whitelisted site... which has been hacked. But imho the added security is worth the hassle.
EDIT: personally I prefer ABP to AM - dunno why exactly, but I prefer not dealing with winsock hooking and only having my web browser filtered. Dunno which one is most likely to have "slips", but I haven't been hit with malware for several years. I guess running x64 also helps reduce some attack vectors - the browser + flash is still 32bit, and that probably is the main attack vector.
Carol Haynes:
OK I am playing with noscripts and I can see how it works.
I am fine with going to amazon.co.uk and allowing [email protected] etc. but how do you decide which scripts are useful and which aren't?
For example google-analytics ? I guess if you block that then google robots won't pick up page visits/changes etc. and won't harm the browsing experience.
However, for a lot of the shopping sites I use I go through www.nectar.com so that I can collect Nectar points on purchases - their site has a lot of scripts but it hard to tell which ones are involved in generating the communication with the shop site to ensure points are delivered. I am tempted just to let nectar.com do its thing (and all its scripts) but some of the scripts are for things like doubleclick (which I presume is a tracking/marketing tool because it seems to be endemic on a lot of legitimate trading sites).
What strategies do people use to decide what to allow and what to block?
Ehtyar:
Firstly, you would naturally avoid those sites where you can. Where you can't, you start enabling subdomains of the primary domain until the content renders correctly, then carry on to those domains that appear to be legitimate. If that approach doesn't work, you can temporarily allow the entire page, though that really defeats the point of NoScript. NoScript can be a lot of work, but it's a lot of work for a good reason.
Ehtyar.
Carol Haynes:
Thanks Ehyyar - I am really curious what stratagies people use.
It strikes me that if I am shopping on Amazon I implicitly trust the site so I may as well allow Amazon to display the content it wants, the way it wants.
Having said that if all of these security apps become to onerous you either end up enabling everything (and this goes for HIPS and firewalls too) or you uninstall it and use something simpler. It's one of the reasons I gave up on firewalls that aledgedly provide outbound security - you constantly have to answer questions and at the end of the day if you say no the software doesn't work properly (so you shouldn't install it in the first place) and if you say yes you are implicitly trusting the publisher not to do anything nasty so you may as well give it full control over its environment.
I know a lot of people round here use security apps to try and filter incoming and outgoing web traffic but it would be good if people chipped in and said how they discriminate between differnt kinds of apps/sites etc.
Ehtyar:
Most often you're perfectly safe trusting javascript originating from a site you actually do trust (amazon.com for example). The trouble originates in things like SQL injection, whereby a script tag is inserted into the document which requests your browser load javascript from a different domain e.g.
--- ---<script src="http://www.maliciousdomain.com/driveby.js" />
Thus, amazon.com scripts would run, as they're trusted, while the injected script would be blocked, as the code does not originate from amazon.com.
Ehtyar.
Navigation
[0] Message Index
[*] Previous page
Go to full version