NoScript Security Suite
- Thread starter Alhaitham
- Start date
I have used it until Windows offered running Edge in a Virtual Containor (figured the build-in browser sandbox and VM sortof reduced webbased threats to near Zero).
But I used FF with Sandboxie and Noscript before that.
I still use NoScript in my daily Firefox/Chrome usage. 
More specifically on my Linux distro.
More specifically on my Linux distro. 
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
NoScript 13.5.6 (already released for Firefox)
noscript.net
Changelog - NoScript: Own Your Browser!
The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!
noscript.net
I installed NoScript for old times sake and noticed it has an easy/allow option (reverting the default deny to default allow: "Automatically apply top-document's permissions to subdocuments and inclusions not configured yet"). I also enabled the third option (blocking top document capabilities in sub documents).
When I visited CNN and BBC I noticed that the CUSTOM icon is replaced by "temporarily AUTO-TRUSTED" with a clock.
When I clicked on the AUTO-TRUSTED icon, it changed to old CUSTOM icon (clicking custom allowed me to set custom capabilities for a domain).
When I visited CNN and BBC I noticed that the CUSTOM icon is replaced by "temporarily AUTO-TRUSTED" with a clock.
When I clicked on the AUTO-TRUSTED icon, it changed to old CUSTOM icon (clicking custom allowed me to set custom capabilities for a domain).
Last edited:
The Chrome sandbox has probably become so strong that the need for additional containment has lowered. Also uBO with its dynamic filtering (on Firefox) probably took a big bite out of NoScript's user base. NoScript used to have a block all (first and third-party) risky stuff mode and a block only third-party risky stuff (temporarely set top domain to trusted).
This new mode adds a third mode (allow all, blacklist some by setting it to untrusted). Use case I can think of is are Brave and Vivaldi users who want to see what is happening under the hood with Noscript (is easier than using the browser's inspect mode) and may blacklist stuff missed by the build-in adblocker.
This new mode adds a third mode (allow all, blacklist some by setting it to untrusted). Use case I can think of is are Brave and Vivaldi users who want to see what is happening under the hood with Noscript (is easier than using the browser's inspect mode) and may blacklist stuff missed by the build-in adblocker.
Chrome sandbox does not reach its full potential by default.
I am playing with this new easy-allow NOScript mode in my Brave surfing profile for a few days (to find out whether a blacklist and anomaly tripwire has any practical use).
Because TRUSTED is the new DEFAULT (auto-trusted) mode, I decided to allow in TRUSTED only common capabilities to make it new default
. Most websites should run fine with only below common capabilities (scripts, media, iframes, font, xmlhttprequests, lazy load and cascading style sheets).
To have a one-click allow all option, I used the DEFAULT profile to allow all, except depreciated plugins (objects) and LAN-access (I don't see why websites should access your LAN, maybe more knowledgeable members could explain what the use case for LAN-access is).
In this adopted EASY-ALLOW mode BBC.com and CNN.com work fine. I will test ride this setup for a few days and report issues encountered. Because scripts and subframes are still allowed it does not reduce third-party exposure a lot. By disabling less used capabilities this reduces the attack surface a bit, but its value lies in anomaly detection (NoScript will show blocked number in the icon when a website requires more capabilities, by setting it to default you can grant additional capabilities).
Because TRUSTED is the new DEFAULT (auto-trusted) mode, I decided to allow in TRUSTED only common capabilities to make it new default
. Most websites should run fine with only below common capabilities (scripts, media, iframes, font, xmlhttprequests, lazy load and cascading style sheets).To have a one-click allow all option, I used the DEFAULT profile to allow all, except depreciated plugins (objects) and LAN-access (I don't see why websites should access your LAN, maybe more knowledgeable members could explain what the use case for LAN-access is).
In this adopted EASY-ALLOW mode BBC.com and CNN.com work fine. I will test ride this setup for a few days and report issues encountered. Because scripts and subframes are still allowed it does not reduce third-party exposure a lot. By disabling less used capabilities this reduces the attack surface a bit, but its value lies in anomaly detection (NoScript will show blocked number in the icon when a website requires more capabilities, by setting it to default you can grant additional capabilities).
Last edited:
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
NoScript 13.5.7 (already released for Firefox)
noscript.net
Changelog - NoScript: Own Your Browser!
The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!
noscript.net
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
NoScript 13.5.9 (seems released only for Firefox)
noscript.net
Changelog - NoScript: Own Your Browser!
The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!
noscript.net
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
NoScript 13.5.10 (released for Firefox and later for Chrome)
noscript.net
Changelog - NoScript: Own Your Browser!
The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!
noscript.net
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
NoScript 13.5.12 (already released for Firefox)
noscript.net
Changelog - NoScript: Own Your Browser!
The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!
noscript.net
You may also like...
-
The Trifecta Threat. Comodo vs. ESET vs. McAfee - Which Security Suite Wears the Crown?- Started by Divergent
- Replies: 31
-
Trend Micro Maximum Security 1 Devices 1 Year PC $8.99- Started by Brownie2019
- Replies: 0
-
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing- Started by harlan4096
- Replies: 3
-
-
Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back- Started by annaegorov
- Replies: 88