Page 10 of 14

Re: Should NoScript be considered malware?

Posted: 2018-09-20, 14:28
by BenFenner
I hesitate to reply to the above post, because I don't want to give it any credibility.

Clearly prosecco, you don't know what malware is. And you clearly haven't followed the situation with NoScript and PaleMoon. Please get your facts straight before making such accusations.

Re: Should NoScript be considered malware?

Posted: 2018-09-20, 14:29
by New Tobin Paradigm
It is not considered malware. No one has ever said that. It is however known to specifically cause issues with software it was not specifically designed to work with and for us a support nightmare.

Please don't try making threads about such nonsense again and please keep all noscript discussion in the noscript megathread.

{Moderator note: threads merged}

Re: Should NoScript be considered malware?

Posted: 2018-09-23, 15:16
by prosecco
prosecco wrote:viewtopic.php?f=46&t=17619

It seems to me the measures earnestly advised by Moonchild seem to suggest we are in fact dealing with a full-fledged malware.

It is a shame having to use this word for an extension which has proven needed and useful for years and which has been so well maintained, isn't it?

But the fact is (this is what I assume anyway, trusting Moonchild's assessment) NoScript seems to very often behave like malware, causing numerous problems.

Did its maintainer ever reply to Moonchild's post?
In fact I posted this as its separate thread (Should NoScript be considered malware?), but apparently it was incorporated into this thread.

Re: Should NoScript be considered malware?

Posted: 2018-09-23, 15:19
by prosecco
BenFenner wrote:I hesitate to reply to the above post, because I don't want to give it any credibility.

Clearly prosecco, you don't know what malware is. And you clearly haven't followed the situation with NoScript and PaleMoon. Please get your facts straight before making such accusations.
Excuse me?

No need to get hostile.

If you don't agree, provide arguments, state facts and data rather than use terms like "accusations".

I think I made perfectly clear why I was using the term "malware".

Re: Should NoScript be considered malware?

Posted: 2018-09-23, 15:22
by prosecco
New Tobin Paradigm wrote:It is not considered malware. No one has ever said that. It is however known to specifically cause issues with software it was not specifically designed to work with and for us a support nightmare.

Please don't try making threads about such nonsense again and please keep all noscript discussion in the noscript megathread.

{Moderator note: threads merged}
"No one has ever said that."

I never said or implied that anyone ever said NoScript is malware. Please respond to what I actually SAID.

And last but not least: I don"t need your putdowns. Keep your bickering for other people. I am just a Pale Moon user and a participant to this forum, not whatever it is you imagine I am.

In short, very disappointing reply, as usual!

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-05, 22:26
by JoeyG
Though I guess some people won't share my exuberance, I'm happy to see that Giorgio Maone has apparently changed his mind about support for browsers besides Fx. He had previously announced that v. 5.1.7 would be the last for PM, Basilisk, and others, but I just got v. 5.1.9. of "NoScript Classic". :mrgreen:

His website now says,
You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-06, 02:31
by Pallid Planetoid
^ Just updated to v. 5.1.9 -- thanks for the heads-up! :thumbup: (Oh -- and that's good news about NS support continuing)

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-07, 23:07
by Nightbird
JoeyG wrote:Though I guess some people won't share my exuberance, I'm happy to see that Giorgio Maone has apparently changed his mind about support for browsers besides Fx. He had previously announced that v. 5.1.7 would be the last for PM, Basilisk, and others, but I just got v. 5.1.9. of "NoScript Classic". :mrgreen:

His website now says,
You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.
Thanks JoeyG for this news.
and
thanks Giorgio Maone of course.

but
what's happened here :think:
https://forums.informaction.com/viewtop ... 66a70b804b

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-07, 23:51
by Lootyhoof
Nightbird wrote:what's happened here
It's exactly as it appears.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-08, 16:43
by JoeyG
Nightbird wrote:... but what's happened here ...
The PM folks were consistent, which I think is fine.

By the way, I've just made a (small :oops:) donation to Giorgio for his ongoing support for the PM browser family. I think it would be nice if other people could do the same.

Of course a donation to PM every now and again is also a good idea.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-09, 05:17
by Lew Rockwell Fan
ketmar wrote: . . . since when humanity started to loosing ability to get harmless (yet maybe somewhat edgy) jokes?
Hard to say, since it came on gradually, but I think I first noticed it as a definite trend in the oughts. I think it might be something in the water, or maybe just the drugs, I dunno. And the, ahem . . . funny thing is, there are probably people who will read this and totally not get the humor, and others who will totally not get the seriousness.

Anyway, may I ask about uMatrix compared to NS and some others here, since uMatrix has been touted here? NS has always been a total %$#@W to set up and get running right, and once you break it you pretty much have to retrieve your backup profile you made before installing it, so I'd welcome a better way.

Can NoScript fans point to anything it can do that uMatrix can't?

How does uMatrix compare to the other extensions with similar names, particularly uBlock Origin? Can they all do the same things?

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-09, 09:36
by coffeebreak
Lew Rockwell Fan wrote:anything it can do that uMatrix can't?

Specific protection against cross-site scripting attacks and clickjacking.
Lew Rockwell Fan wrote:How does uMatrix compare to the other extensions with similar names, particularly uBlock Origin?
"Similar names" - same developer.

Starting with a personal view: Nothing, no amount of posted opinion, can replace just installing these extensions and spending time using them and reading the wikis.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

uMatrix (uM wiki; most recent xul version, 1.1.4, or see thread on building from newer source):
It blocks or allows categories of requests (cookie | css | image | media | script | XHR | frame) on sites that you designate.

What it has that uBO lacks:
Some cookie management function; and it has some privacy settings that uBO lacks.
Also, v1.1.4 (and earlier) can spoof headers and user agents. Note: UA spoofing was removed in v1.1.14 based on the assessment that this task would be better performed by a dedicated extension.

uBlock Origin (uBO wiki; current xul version, 1.16.4.4):
It's both an adblocker and general purpose "wide-spectrum" blocker (see overview of what it blocks here).
The more general blocking function requires being in advanced mode.

Two things uBO has that uM doesn't: 1) cosmetic filtering (same as ABP-family element hiding function); 2) ability to block or allow individual requests - so eg., scripts from site.B are blocked on site.A, but you can still allow some specific script from site.B even though the others are blocked.

Off-topic:
Lew Rockwell Fan wrote:
ketmar wrote: . . . since when humanity started to loosing ability to get harmless (yet maybe somewhat edgy) jokes?
Hard to say...

This thing you quoted is from five months ago (whoever wants to see it in context, see pg 7 of this thread) -
(it concerned some users' reactions to some language in the release notes for PM 27.9.2, released 2018-05-18).
I'm kind of perplexed about what this quote has to do with anything else in your post. Just sayin'.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-09, 15:26
by Pallid Planetoid
^ Follow-up:
coffeebreak wrote:
Lew Rockwell Fan wrote:anything it can do that uMatrix can't?

Specific protection against cross-site scripting attacks and clickjacking.
Besides the 2 protections referenced above, NoScript also provides ABE protection ("Application Boundaries Enforcer" that protects against CSRF [Cross-site request forgery] and internet-to-intranet attacks) a level of security that some financial sites notoriously ignore and something I personally use among the other two security protections mentioned. And besides these protections there are dozens of parameters that can be set to restrict website structural functions (i.e. website embedding etc.) via NS's multiple options settings windows as well. All functions that other security add-ons mentioned here do not offer as far as I'm aware.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 00:40
by ron_1
The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 01:50
by Pallid Planetoid
helloimustbegoing wrote:The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.
Rulesets need to be created to use (fix) trusted sites that you visit on a regular basis that break the rules:
As  you can see I have numerous rulesets for sites as a result of using ABE to make exceptions for sites that I trust and use on a regular basis.
As you can see I have numerous rulesets for sites as a result of using ABE to make exceptions for sites that I trust and use on a regular basis.
The important thing is that while specific rulesets might be needed to use websites you feel you can trust and use on a regular basis -- you remain protected as far as any website you might visit that you are not familiar with that could be a potential security threat. Unfortunately, staying protected is never convenient! ;)

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 02:20
by therube
The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.
By default, there is only 1 ABE rule enabled.
So if ABE breaks websites for you, then it was your doing that did the breaking.


If NoScript was to complicated, too confusing, too much trouble... that's different, but it was not ABE.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 02:31
by ron_1
Then it was something else that broke it, and it was not my doing. All I know is that even when I enabled all scripts, some sites still wouldn't work. I had to totally disable NS to get those sites working. And I used a "stock" install. The only one thing I did was add a clearclick exception for my son's online school website (which was not one of the sites that broke). There's a reason why MC did what he did in regards to NoScript.

EDIT
And it wasn't too confusing for me. I had used it for years with no troubles, until recently.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 02:45
by therube
clearclick
Enabled or not, will generally have no affect on a site behaving correctly or not.
even when I enabled all scripts, some sites still wouldn't work
Some sites can be a bear to figure out what they need.
Sometimes when Allow Globally doesn't work, there is some other blocker in the equation, like an ad blocker, that ends up being the actual culprit. (Possible that the ad blocker blocks things before they're seen by NoScript, so NoScript never sees them, so Allow Global has no affect, as the blocking, that which is negatively affecting the site, is being done elsewhere.

Ran into that just today, https://forums.informaction.com/viewtop ... =7&t=25247. At least that's the way it played out on my end, FF 62, NoScript 10. [SeaMonkey 2.45 & NoScript 5 reacted differently, easier to get things working.])

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 02:49
by doofy
helloimustbegoing wrote:All I know is that even when I enabled all scripts, some sites still wouldn't work.
An amusing feature of NS is that when you "allow all", other scripts (not included in the previous "allow all") try to come in. And are blocked.

I well recall my happy years with NS, where sometimes it would take 3 "allows" + 3 page refreshes before a site would work.

Now, with uMatrix, I simply do not miss that "functionality". One click to allow, one click to refresh, done.

Do I miss NS's ABE etc? No. They were only ever false positives.

Re: Want to talk about NoScript? Post here.

Posted: 2018-10-10, 03:17
by ron_1
doofy wrote:
An amusing feature of NS is that when you "allow all", other scripts (not included in the previous "allow all") try to come in.
Yes I was aware of that. When I wrote I allowed all scripts, that's what I meant, repeatedly clicking allow all until there was no more "allow all." ;)