Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will using NoScript protect you from a malware site if..?


  • Please log in to reply
11 replies to this topic

#1 I have a computer...

I have a computer...

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:49 AM

Posted 08 June 2014 - 01:05 PM

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?

 

Also, I hope this is the right place to post this.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 08 June 2014 - 01:29 PM

COPIED FROM NoScript:

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Block scripts in Firefox" video by cnet.

 

If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.

There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew

were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.

The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:02:49 AM

Posted 08 June 2014 - 05:56 PM

Try this NoScript Configuration Guide

http://www.bleepingcomputer.com/forums/t/529612/noscript-configuration-guide/



#4 I have a computer...

I have a computer...
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:49 AM

Posted 09 June 2014 - 09:53 AM

Thanks everyone for your replies.

I already have been using NoScript for months and I know how to use it.

So if I landed on a page that would normally have malware and I had NoScript, it would protect me if I don't allow scripts from that page, yes?



#5 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 09 June 2014 - 11:14 AM

That's right. With NoScript active you will not get infected with malware by just visiting a page....a driveby install of malware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 I have a computer...

I have a computer...
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:49 AM

Posted 17 June 2014 - 02:43 AM

What about browser exploits...?

#7 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 17 June 2014 - 07:55 AM

....What about browser exploits...?,,,,,,,,,,,,

 

If the exploit requires you to visit a page on the web that contains the java scripting needed to exploit the browser,

then yes, NoScript will prevent the exploit from running.

If you are updating your Adobe Flash and other Adobe products, JAVA (not java script) and Silverlight plugins as soon as the updates become available, then

you have closed most if not all pathways used by any known browser exploit in the wild.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Kilroy

Kilroy

  • BC Advisor
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:11:49 AM

Posted 17 June 2014 - 09:15 AM

If you are visiting a page you are downloading.  All of the text and images are being downloaded to your computer.  NoScript protects you by only allowing scripts that you allow, so you can allow a bad script to run.

 

You could be infected by a browser exploit that was not script related, such as a malformed graphic.

 

The bottom line is that NoScirpt can provide additional protection, but cannot protect you from yourself.



#9 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 AM

Posted 17 June 2014 - 09:35 AM

Kilroy....but NoScript is blocking all scripting...even in a 'malformed graphic'...which I am pretty sure it does....

That's the beauty of not relying on a signature of any scripted malware but just simply blocking all java scripting.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Kilroy

Kilroy

  • BC Advisor
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:11:49 AM

Posted 17 June 2014 - 11:39 AM

A malformed graphic is not a script.  It would be used to exploit an issue with the graphics rendering.  This was just the first browser based issue that popped into my head.  While the example I linked to is an old IE issue it was just as an example.  A similar issue could occur in any browser.



#11 I have a computer...

I have a computer...
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:49 AM

Posted 03 July 2014 - 12:30 PM

Thank you buddy215, NickAru1, and kilroy, for the information, it was helpful! :)

I have not heard of a malformed graphic before so that was interesting.



#12 I have a computer...

I have a computer...
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:49 AM

Posted 12 July 2014 - 01:48 PM

Hey I just thought of a question, if its okay to ask.

Would NoScript protect you from any/all potentially malicious files that are opened in Firefox (Or whatever browser) like pictures, videos, HTM files etc?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users