- TalkBack 2 of 5:
- Next »
- « Previous
- Thread View
- Flat View
- It's why Protected Mode (and AppArmor) are better than NoScript
-
@NonZealot:
Telling NoScript that you trust one site does not tell it to trust all scripts served through a site's Web page. If the script comes from a different server, you will be prompted to approve that, even if you have already approved the site hosting the page you've viewing.
So even if a user would have automatically approved the malicious script on CNET, all subsequent scripts would have to be approved manually. Of course, I'll grant you that users might approve each script blindly, but NoScript doesn't make it easy to do that.
I'm not arguing that NoScript would be the perfect solution, just pointing out that it doesn't work quite the way you describe.
According to http://msdn.microsoft.com/en-us/library/bb250462.aspx:
The Windows Vista security infrastructure allows Protected Mode to provide Internet Explorer with the privileges needed to browse the Web while withholding privileges needed to silently install programs or modify sensitive system data.
Seems to me that Firefox with NoScript meets that description, although it might be easier for the user to override the NoScript protection than the Protected Mode protection. But that override would take distinct effort on the part of the user, either by turning off NoScript or clicking on the Options button and allowing 101.202.303.404, for instance, to run a script.
If I'm wrong about any of this, I'd love to discuss it.
-- Tim - Posted by: TimothyMcGowan Posted on: 08/08/08 You are currently: a Guest | Members login | Terms of Use
It's why Protected Mode (and AppArmor) are better than NoScript
NonZealot | 08/07/08
|
 
It's why Protected Mode (and AppArmor) are better than NoScript
TimothyMcGowan | 08/08/08
|
You are correct, it depends on the circumstances
NonZealot | 08/08/08
|
|
RE: CNET's Clientside developer blog serving Adobe Flash exploits
jtwaldo | 08/08/08
|
|
RE: CNET's Clientside developer blog serving Adobe Flash exploits
Hates Idiots | 08/08/08
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Dell Case Study: Bergstrasse District Council Dell The Bergstrasse district in Germany wanted to provide each pupil with a ... Download Now
- Selecting the Right NAS Appliance for Your Workgroup LAN Dell Data storage is a major concern for enterprises today. Network attached ... Download Now
- Invest in Smarter Collaboration - Early Benefits of Enterprise Social Software IBM Discover the true business value of enterprise social software plus hear about best practices from industry experts during this live interactive webcast. (Sponsored by IBM) Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
- Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
