Most people infected via legit sites that were hacked...

Hi malware fighters,

More users are infected with malware from legit sites that were hacked than specific sites that were set up by malware spreaders. The sites with vulnerabilities are found up using Google, and are therefor called Googledorks, see a nice gallery of such sites here: http://johnny.ihackstuff.com/gallery2/gallery/main.php?g2_itemId=277
More about the strategies of the hackers of legit websites:
http://blog.washingtonpost.com/securityfix/2008/01/report_51_of_malicious_web_sit.html

Watch your steps on the Internet, keep your visors up and NoScript enabled,

polonus

It’s difficult to watch each of ours steps…
K9 filter can be set to avoid malware sources and WebShield from avast will do it automatically.
Of course, NoScript is on :wink:

How do i make sure “No Script” is on ???) :cry: I am sorry, but pulling these rabbits out of the hat !!! ).

Just install it…
http://noscript.net/getit

Don’t think it works with “IE” ? Thanks

Hi hines232,

If you hang on to IE, and cannot do without it, you can use this form of NoScript inside IE:
http://service1.symantec.com/sarc/sarc.nsf/html/win.script.hosting.html

But I like Firefox 3Beta5 and that only because of ABP (so many ads and pop-ups less to glance at) and NoScript add-on with which I can block whatever tries to run inside the browser and can be a menace, even those vulnerabilities that haven’t been found up yet by the developers (Ajax, JavaScript, FF and NoScript has been translated for all sorts of languages,

polonus

Thank you Sir. I use (IE) because I am use to it !. Don’t feel like taking on some thing like “Fire Fox” right now. I tried “Opera” didn’t work to good on my system (ME), and had one heck of a time getting it off ! Thanks.

Hi Tech,

I use FF with a lot of add-ons, but I am not sure if I really need this one. I have just read many different views about NoScript and can’t make a decision. Could you explain why I should (as polonus advises) have it installed?

PS: I already have “Finjan Secure Browsing”, IDND and other (non-security) add-ons.

Very good suggestion and protection for IE!

NoScript is a must have security add-on. Tons of users will recommend it. It will run scripts in the page you allowed to do so (temporarily or permanently) and will block the others (unknown ones). You will prevent a very common malicious infection source.

Thanks for the reply but many users complain that NoScript slows down their internet connection and is unnecessary because they brows the same pages almost everyday (they’re sure in these pages’ security).

I do not experience slowdowns due to NoScript… but it is just my personal experience.

Well, one more question. As I understand the user himself should decide to whether permit scripts or not on any site. But how can I make the decision? I am not an expert in such cases. Are there any algorithm to do that?

The general answer is no, deny scripts to run.
If there is something in that particular page that you need to use, you can then think if it is a reliable page. You’ll see that you’ll have to make very few exceptions and the majority of the times, the scripts could be blocked without any particular loss on browsing.
But, indeed, there isn’t an automated action with scripts. NoScript blocks. avast Pro scans automatically in some browsers.

You can let NoScript turn off java script partially or entirely for web pages of your choice. Since it reduces unnecessary activities, theoretically or on paper, it should rather increase the browsing speed. This must be obvious when you visit sites filled with flash and/or pop-up advertisements with NoScript. You must trust the sites on which you allow any script to work but you don’t need to allow every single script even on these sites. You can play some “experiments” on your favorite sites and see the results immediately. I don’t strongly recommend Firefox and/or NoScript since, ultimately, applications are tools which you choose to use.