BlockIt : Opera alternative for NoScript

[Anupam]

Quote:

Originally Posted by sa1

Even I feel such solutions are only for the paranoid. I've never had a security issue even with these kind of tools disabled. They don't let you have a feel of the real web. And there's no security risk that running your browser sandboxed should not prevent, which is much more convenient.

I disagree with you that such solutions are only for paranoids. Very incorrect. With increasing security risks all around the internet, with malicious websites, hacked websites, hidden links, malicious javascripts, etc... such solutions provide security.

Many people are not familiar with Sandbox, and don't use it. For such people, solutions like NoScript are very useful. Although, I agree that these can sometimes slow down the browsing, or may require extra clicks to enable certain items on the webpage, but its worth the effort, because its for your own security.

[Sope]

Quote:

Originally Posted by sa1

Even I feel such solutions are only for the paranoid. I've never had a security issue even with these kind of tools disabled. They don't let you have a feel of the real web. And there's no security risk that running your browser sandboxed should not prevent, which is much more convenient.

Quote:

Originally Posted by Anupam

I disagree with you that such solutions are only for paranoids. Very incorrect. With increasing security risks all around the internet, with malicious websites, hacked websites, hidden links, malicious javascripts, etc... such solutions provide security.

Many people are not familiar with Sandbox, and don't use it. For such people, solutions like NoScript are very useful. Although, I agree that these can sometimes slow down the browsing, or may require extra clicks to enable certain items on the webpage, but its worth the effort, because its for your own security.

I have to say that even though both points being made are valid, I personally feel more inclined to sa1's point of view. I've been a long time Opera user though have also tried Firefox with NoScript. I feel safer with sandboxed Opera and find the Firefox/NoScript setup far too cumbersome and sluggish in comparison.

Yes, there are plenty of hazards out there, but the plethora of security apps and addons available do contribute to an unrealistic level of paranoia. My experience is that most risks can be avoided with reasonably sensible surfing practices rather than equipping yourself with every possible security approach available.

[Anupam]

I agree that with NoScript, Firefox behaves sluggishly. I had been using NoScript with Firefox since long, and I was using it with FF 3.6 too. But, when someone told me, Firefox works fast without NoScript, I uninstalled it, and found it to be true. I really could feel the difference with NoScript installed, and NoScript uninstalled. Now, Firefox just blazes away, and I am happy without NoScript. Also, as posted in other thread, there were news of some issues with NoScript. That's why too, I did not install NoScript back, although I do find it useful. Maybe, the issue with NoScript has been solved, but I have not installed it again, and its mainly due to the speed.

I also agree that there are many security apps, and also increasing news of malwares, and other things which pose a security risk, and can easily make people paranoid. But still, not all security apps are useless. Many people do not follow safe surfing, and are also not much knowledgeable enough to use software like Sandbox. For them, software like NoScript can be useful.

[sa1]

Quote:

Originally Posted by Anupam

I also agree that there are many security apps, and also increasing news of malwares, and other things which pose a security risk, and can easily make people paranoid. But still, not all security apps are useless. Many people do not follow safe surfing, and are also not much knowledgeable enough to use software like Sandbox. For them, software like NoScript can be useful.

It can be very useful of course like other software operating at different layers like sandbox,av,Hips. But I think that benefits of Noscript exceed its costs only for people who use it as their primary mode of defense. For people who have a secure browser installed, along with a AV are sufficiently protected. Those with an sandbox or a HIPS are so highly protected that the overheads of Noscript are more than its benefits.
The most common a web page can cause harm via a secure browser without vulnerabilities is offering malicious downloads. If users learn to browse sensibly and not run these obviously malicious files, they are protected in 95% of cases. With a reliable AV, it should approach 99% . A sandbox or a HIPS make it so close to 100% that I think people are sacrificing their enjoyment of the web for security by running Noscript. Paranoids do that.
Most often the problem lies between the keyboard and chair. People who do not follow safe browsing and average in knowledge running Noscript will grow so used to clicking and allowing the domains that on a well designed malware site also he would do that. More often than not learning how to browse sensibly and not running unknown files should be more than enough for the user on any browser except IE. I can guarantee that myself that I never got a malicious download that even made it to my sandbox.

[vasa1]

Quote:

Originally Posted by Anupam

A userscript is available for Opera...

Userscripts are external scripts that can be installed on the browser...

Hi Anupam, with reference to Opera 10.5, is there any advantage in installing the userscript you mention?

I ask because Opera 10.5 has this:
Tools > Quick Preferences > Enable JavaScript (which can be disabled).

Firefox also has it. (So are there scripts other than Java, to justify NoScript or its equivalent add-on?).

[Anupam]

Quote:

Originally Posted by vasa1

Hi Anupam, with reference to Opera 10.5, is there any advantage in installing the userscript you mention?

I ask because Opera 10.5 has this:
Tools > Quick Preferences > Enable JavaScript (which can be disabled).

Firefox also has it. (So are there scripts other than Java, to justify NoScript or its equivalent add-on?).

If you choose enable/disable javascript from the tools option, all scripts on the page will be enabled, or disabled.

But with the userscript mentioned, you can enable/disable individual scripts on the page. That is useful. Some scripts are necessary for the proper display and functioning of a site, you can enable those. But some scripts are not required in order to browse the site, you can keep them disabled. So, this is the advantage that comes with scripts like NoScript, and BlockIt.

[vasa1]

Quote:

Originally Posted by sa1

Even I feel such solutions are only for the paranoid. I've never had a security issue even with these kind of tools disabled. They don't let you have a feel of the real web. And there's no security risk that running your browser sandboxed should not prevent, which is much more convenient.

Let's see. I'm going to try it, not from the security point of view, but with the hope of speeding up getting to see what I want...

[sa1]

Quote:

Let's see. I'm going to try it, not from the security point of view, but with the hope of speeding up getting to see what I want...

Little help there. Blockit blocks scripts from running not from downloading. You may find that disabling javascript globally and enabling it site by site is more helpful.

[vasa1]

Quote:

Originally Posted by sa1

Little help there. Blockit blocks scripts from running not from downloading. You may find that disabling javascript globally and enabling it site by site is more helpful.

I am making an uneducated guess here: but doesn't it all depend on what the script does? For example, even downloading a script may not be as big a deal computationally as running it?

[sa1]

Quote:

Originally Posted by vasa1

I am making an uneducated guess here: but doesn't it all depend on what the script does? For example, even downloading a script may not be as big a deal computationally as running it?

Downloading speed depends on your network speed not on the computational power of your computer. Opera is fast enough when it comes to executing scripts. If you are on a slow network your network speed will the rate-limiter not the power of your computer.