Re: Web Browsing Security

[Jeff Kell <jeff-kell () UTC EDU>]

On 9/26/2013 5:41 PM, Tim Doty wrote:
> We haven't "implemented" NoScript and I don't really recommend it to
> folks, but FireFox with NoScript is widely used within IT and it may
> have spread outside of it (as I no longer do support I don't see that
> many folk's desktops anymore to get a feel for how widely it is
> installed).

Likewise.  I use it, as do many others in IT, but experience with
typical user (if my family is "typical") is they just permit it if the
site doesn't work, just as they click on any AUP, or any SSL certificate
error, or anything else that gets between them and their destination.

I would more heartily recommend AdBlock Plus or similar, as much
"malicious javascript" comes from "banner ads" appearing on "otherwise
legitimate sites".  We also push TippingPoint's reputation filters,
which help to block "known malicious sites".


> FWIW, the feature I would love to see in NoScript is to "allow only
> for this page/site" so when you allow google.com (required for google
> apps) you can restrict the permission to only google's sites, not
> everyone else's. And, if I used FaceBook, it would be useful in that
> situation as well.

AFAIK, you can configure NoScript to allow the TLD or subset thereof
related to the current page, but I don't think this is the default behavior.

Jeff