Educause Security Discussion mailing list archives
Re: Web Browsing Security
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Thu, 26 Sep 2013 17:50:01 -0400
On 9/26/2013 5:41 PM, Tim Doty wrote:
We haven't "implemented" NoScript and I don't really recommend it to folks, but FireFox with NoScript is widely used within IT and it may have spread outside of it (as I no longer do support I don't see that many folk's desktops anymore to get a feel for how widely it is installed).
Likewise. I use it, as do many others in IT, but experience with typical user (if my family is "typical") is they just permit it if the site doesn't work, just as they click on any AUP, or any SSL certificate error, or anything else that gets between them and their destination. I would more heartily recommend AdBlock Plus or similar, as much "malicious javascript" comes from "banner ads" appearing on "otherwise legitimate sites". We also push TippingPoint's reputation filters, which help to block "known malicious sites".
FWIW, the feature I would love to see in NoScript is to "allow only for this page/site" so when you allow google.com (required for google apps) you can restrict the permission to only google's sites, not everyone else's. And, if I used FaceBook, it would be useful in that situation as well.
AFAIK, you can configure NoScript to allow the TLD or subset thereof related to the current page, but I don't think this is the default behavior. Jeff
Current thread:
- Web Browsing Security Bohlk, Christopher J. (Sep 26)
- Re: Web Browsing Security David Gillett (Sep 26)
- Re: Web Browsing Security Tim Doty (Sep 26)
- Re: Web Browsing Security Jeff Kell (Sep 26)
- Re: Web Browsing Security Tim Doty (Sep 26)
- Re: Web Browsing Security Omen Wild (Sep 26)
- Re: Web Browsing Security Jeff Kell (Sep 26)
- Re: Web Browsing Security Isabelle Graham (Sep 27)
- Re: Web Browsing Security Jeff Kell (Sep 26)