[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Fri Apr 17 23:44:51 UTC 2009
Robert Nichols <rnicholsNOSPAM at comcast.net>

Lanny Marcus wrote:
> On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva <ssilva at sgvwater.com> wrote:
> <snip>
>> Noscript will give you an idea of just how many sites run a script of some
>> kind. You will see a large part of sites just look different when the scripts
>> don't run, and some don't function at all. Not that it is a bad thing, it will
>> just make you think a lot.
> 
> Yes. Based on very limited surfing, after installing NoScript, I can
> see how many Scripts there are and how few NoScript lets through, with
> it's default settings. Hoping to install it on my daughters box,
> without her screaming, but my assumption is that it is going to catch
> a lot of things, on the game sites she frequents

My problem with NoScript is that there is virtually no site that I visit
that does not require scripting to function properly.  The net result is
an almost knee-jerk reaction to click on "Allow all this page", which of
course negates the protection.  I do get protection from scripting attacks
on random pages that I visit from links in email messages and the like,
but for most any page that I deliberately navigate to, heck, I wanted to
see the page, so I'll probably allow scripting if asked.  Since scripting
is so ubiquitous, the alternative is to restrict my web browsing to a few
familiar sites where I believe scripting is safe, and I really don't need
NoScript to do that.

In addition, while shopping on the net I'll sometimes have NoScript block
a page for which I've been warned, "Do not use your browser's 'Back'
button or reload the page or you may be double-billed."  That leaves me
stuck!  If I tell NoScript to allow the scripting, it will reload the
page.  If I don't, I'm not going to get confirmation that my transaction
was accepted, and I'll just have to hope it went through.

And then there's the little problem of sites that detect that scripting
is blocked and redirect you to a page that informs you that scripting is
required.  Now even the "Allow all this page" is useless because the
current page doesn't use any scripting, and the only solution is to
disable NoScript entirely and try again.

I've once again enabled NoScript.  I'll see how long I can live with it
this time.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.