Hello,
Would there be any advantage to doing this or is NIS all that I need?
Cheers,
Flavio.
It will add extra protection. If a malicious script tries to run when you visit a website, and it is one that Norton is unable to recognize, NoScript will block it from executing.
Hi Flavio_C,
There is a BIG advantage to using NoScript. You are always safer blocking an avenue of attack, rather than allowing attacks to happen, and then trying to deal with them after the fact. JavaScript is often used to redirect browsers to sites that will attempt to download malware through a drive-by attack. If you avoid the redirection in the first place, you eliminate the risk of something new getting through that Norton does not yet recognize. Please see the following:
http://krebsonsecurity.com/2011/05/blocking-javascript-in-the-browser/
@Bombastus and SendOfJive,
OK you sold me, thanks.
Is there a way of configuring NoScript so that it doesn't prompt me on several webpages?
Kind of like an automatic pilot.
Flavio_C
There is a bit of a learning curve with NoScript, but as far as I know there is no auto pilot as that would defeat the purpose of blocking JavaScript by default and only allowing it on trusted sites.
One setting I have changed is in Options > Notifications > Show message about blocked scripts. I have removed that check mark > OK.
Flavio_C wrote:Is there a way of configuring NoScript so that it doesn't prompt me on several webpages?
Kind of like an automatic pilot.
You want to block scripts on all sites and only allow them selectively, as needed. NoScript won't prompt you - you will need to manually allow each site that you find does not work correctly without JavaScript. Some sites will work just fine without JavaScript. For others, you can permanently allow JS for sites you trust and visit frequently, or temporarily allow it for sites that you visit infrequently. Usually you will want to allow only the main site itself, and only allow other domains as necessary - there is a bit of trial and error when you first start using NoScript, but you will quickly get a feel for it.
@SendOfJive and Krusty13,
Thanks for your opinions!
I have many twebsites in which JS has to be enabled and I have done just that by "Allowing all on this page."
Hope I'm doing the right thing for my frequent sites.
Cheers,
Flavio :)
Its useless. Guess the wrong script or allow the wrong once by accident. You still get infected. Its a pita to use.
It is not at all useless, you just need to learn how to use it.
I would not recommend allowing "Allowing all on this page". You would normally only need to allow the main site, but for here at Norton Community you would need to allow norton.com and lithium.com for these forums to work properly.
Oh I know how to use it. I got tired of the guessing game to get some sites to work properly. It gets old. Which brings me back to what I said. Guess the wrong script to allow on an infected site. You will get hit with it. So, in a way. It is completely useless and only good for well known trusted websites you visit.
Fair enough, but if I am going to any unknown, unfamiliar sites I always check them at Sucuri SiteCheck first, so that I don't visit any infected sites.
... But each to their own. Computer security is like that, the more locked down and secure you make your system the less user friendly it becomes. We have to choose a level that suits our needs.
Flavio_C wrote:I have many twebsites in which JS has to be enabled and I have done just that by "Allowing all on this page."
Hope I'm doing the right thing for my frequent sites.
Hi Flavio_C,
Allowing all defeats the purpose. What you are trying to do is to only allow the domains that are absolutely necessary to use a site effectively. When you allow all, you are permitting ad sites and other third-party sites on the page to run JavaScript. Some third-party sites might need to be allowed, but most won't. Because many attacks arise from malicious ads, you generally won't want to be allowing ad domains.
As an example, below is the NoScript dialog for a New York TImes website page. By default, nothing is allowed. If the page works, I will leave everything blocked. If something won't work, such as a search function, I will try allowing the main site (in bold type). If it still won't work, I'll allow ajax.googleapis.com, which is a domain that is often necessary for features on a page to work. Doubleclick.net is an ad server, so I won't ever allow that
Middle-clicking or shift+left clicking a domain name in the NoScript list will open a page with links to information about that domain - so if you are unsure, you can check first before allowing a domain. I know it sounds tedious and painful, but most of the sites you will need to allow are the ones you visit most often, and once you have configured those, you will seldom have to tinker with NoScript. And again, as you use it and learn to recognize the ad domains and the domains that provide interactive functionality, it becomes easy to know what to allow and what to keep blocked.
FattiesGoneWild wrote:Its useless. Guess the wrong script or allow the wrong once by accident. You still get infected. Its a pita to use.
I agree that it is certainly possible to guess wrong. But NoScript isn't useless, nor is it that much of a pain to use, once you get the hang of things; - although I will grant you that some people are so put off by having to make so many blind decisions when they first try NoScript, that they never do warm up to the program.
Without NoScript your choices are to block all JavaScript, which renders most sites unusable, or globally allow it, which permits any malicious ad on any legitimate website to take a shot at infecting your computer. JavaScript is very dangerous. NoScript does not eliminate the danger completely (a legitimate main site you've allowed could be compromised or you could allow a third-party site that turns out to be malevolent), but it does minimize the risk substantially. First, whenever you visit a new website, no scripts will run - so clicking links poses less danger of landing you instantly in the middle of an exploit kit attack, and it gives you time to look over and evaluate a new site before deciding if it deserves your trust. Users who are willing and able to take the time to learn to use NoScript will definitely be safer than those who simply allow all sites to run whatever active content they please.
Even Symantec encourages people to use NoScript (mentioned near the bottom of their blog in green).
Hello SendOfJive and other forum friends,
Let me just say that NoScript is a pain to use, but I understand it's purpose and as such am able to work around it.
Only my most trusted sites that are HTTPS do I allow NoScript to basically be disabled.
There are many websites which require Javascript to be enabled in order to use them.
One good thing about NoScript is that you can use it on a "granular" basis if needed.
It's no biggie at this point. If I find that it is giving me agaita, I will simply uninstall the plug-in.
One question that I do have, is why NoScript is not used in IE?
Is it because IE uses Active X controls?
The only reason why I use Firefox is that it is super fast on this XP box. On My Windows 7 laptop, I use IE 10.
Thanks for all your responses!
Flavio :)
Update....
I uninstalled NoScript solely due to the fact that it was impeding my browsing experience on many, many sites.
I'm afraid that the necessary control needed caused many sites not to render properly.
Still recommend it for the patient (and perhaps, tranquilized) ones and/or risky websites.
Flavio 
I've been using NoScript for several years. Only the first week or two were painful. Security always involves a trade-off of convenience, and everyone has their own threshold beyond which the added level of protection simply does not justify the increased annoyance. I get that.