MetaChat REGISTER   ||   LOGIN   ||   IMAGES ARE OFF   ||   RECENT COMMENTS




artphoto by splunge
artphoto by TheophileEscargot
artphoto by Kronos_to_Earth
artphoto by ethylene

Home

About

Search

Archives

Mecha Wiki

Metachat Eye

Emcee

IRC Channels

IRC FAQ


 RSS


Comment Feed:

RSS

MetaChat is an informal place for MeFites to touch base and post, discuss and chatter about topics that may not belong on MetaFilter. Questions? Check the FAQ. Please note: This is important.

10 January 2008

Do you use noscript? Do you whitelist your usual sites or just leave them disallowed?[More:]After yesterday's post about the hotmail hijacking I decided I wanted to beef up my security. I don't know much about how the javascript exploits work, so I'm not sure whether to allow any javascript at all, or if it is fine with sites I generally trust (meta*, flickr, nytimnes, etc. [my web universe is fairly small])

In the past I've gotten along fine as far as I know, with just AVG antivirus and windows firewall and now, an external router [though a thoroughly crappy one supplied by verizon], but now I'm wondering if I need to do more to check for keyloggers, rootkits, etc.
post by: DarkForest at: 12:00 | 13 comments
I've used noscript for ages. I do whitelist my usual haunts, and for places I'm just visiting once, I temorarily allow them (which lasts one session). I got it mainly to get rid of annoying advertising tricks and embedded audio/video, etc. The security stuff is just gravy, to me. (And I've had no problems allowing trusted sites to run scripts all this time.)
posted by BoringPostcards 10 January | 12:09
What BP said. It's annoying to have to wait for a site to reload after you've allowed the script to run, temporarily, but the safety is worth it.
posted by deborah 10 January | 13:26
Um, what is it, what does it do, how will it affect my browsing, how do I do it, and do I want it?
posted by mudpuppie 10 January | 14:05
It selectively allows/disallows javascript, flash, and java, for security purposes. You can whitelist sites you trust. The downside is that a lot of sites need javascript to work right.
posted by DarkForest 10 January | 14:11
I guess one of the things I'm worrying about, and don't quit get, is cross-site scripting. I probably just need to read some more.
posted by DarkForest 10 January | 14:13
NoScript is a Firefox add-on that automatically prevents websties from running executable scrpits by default. It allows you to click a convenient icon and decide script-by-script what you wish to allow from any given site. It's a free download that auto-updates once installed. I use it all the time when I'm on my laptop, and it works fine. Takes some fiddling to set up, in that you'll want to add your favorite sites and such, but after a couple of days of using it, you'll forget it's there. A++ would use again!
posted by BitterOldPunk 10 January | 14:15
What's the problem with javascripts? They're exploited often, I take it? How does that work?
posted by mudpuppie 10 January | 14:20
Yeah, I use it. Along with Adblock Plus and FlashBlock, it's an important part of my ad-blocking missile defense plan.
posted by box 10 January | 14:47
Adblock Plus, Flashblock, and NoScript for me, too.
posted by malaprohibita 10 January | 15:52
Adblock, FiFiltersetG and Noscript for me. I whitelist my regular hangouts that have sensible setups (metachat for example) but not other regular hangouts that run ads and all sorts of scripting (think major gossip sites where there's ads in everything and I'm not sure about their java-stuff). I've found that Noscript blocks more than I'd like even when I do whitelist a site though (I have problems watching commercials on my own damn site when it's on - gotta look into that), so it requires a little bit of surf-and-tweak before you're good to go.
posted by dabitch 10 January | 16:40
Oh, and what post about the hotmail hijack? I wanna read it!
posted by dabitch 10 January | 16:41
Hotmail hijack post here.
posted by DarkForest 10 January | 17:12
I thought you couldn't use noscript with flashblock (it blocks the flashblock). I use NoScript but I have it off by default and blacklist; I'd rather use a whitelist but flashblock is more important to me.
posted by Eideteker 10 January | 22:26
Goodwill's Fashion Blog || OMG! Kitteh pile!

HOME  ||   REGISTER  ||   LOGIN
All posts and comments © their authors