Results 1 to 4 of 4

Thread: Firefox security

  1. #1
    Join Date
    Apr 2006
    Location
    Sweden
    Beans
    420
    Distro
    Xubuntu 13.04 Raring Ringtail

    Question Firefox security

    Sorry, this post is not Ubuntu specific. I hope someone has some suggestions though...

    I started looking into browser security again, and looked at NoScript, AdBlocker Plus etc, and I saw the Collusion demo which I've been using to verify that the add-ons are working.

    Then I came across the mvps hosts file solution: hosts file re-directs dodgy sites to my local 127.0.0.1 address.

    I have a general question about these solutions:

    When I have this hosts file in place (verified that traceroute does indeed point to my local IP), web browsing with Firefox _still_ shows in the status bar that it is trying to load sites like doubleclick.net, and sites still load slowly, as they try to load the page.

    When I enable NoScript, I no longer see that Firefox is even trying to load those domains, and the pages load substantially faster.

    Is using the hosts file "slow" compared to using NoScript, or is it just that NoScript disables a ton of other stuff that a hosts file does not catch?

  2. #2
    Join Date
    Nov 2006
    Beans
    1,204

    Re: Firefox security

    NoScript is a free and open-source extension for Mozilla Firefox, SeaMonkey, and other Mozilla-based web browsers, created and actively maintained by Giorgio Maone,[1] an Italian software developer and member of the Mozilla Security Group.[2] NoScript allows executable web content such as JavaScript, Java, Flash, Silverlight, and other plugins only if the site hosting it is considered trusted by its user and has been previously added to a whitelist. NoScript also offers specific countermeasures against security exploits

    more info
    https://en.wikipedia.org/wiki/NoScript

  3. #3
    Join Date
    Apr 2006
    Location
    Sweden
    Beans
    420
    Distro
    Xubuntu 13.04 Raring Ringtail

    Re: Firefox security

    Quote Originally Posted by Gremlinzzz View Post
    NoScript is a free and open-source extension for Mozilla Firefox, SeaMonkey, and other Mozilla-based web browsers, created and actively maintained by Giorgio Maone,[1] an Italian software developer and member of the Mozilla Security Group.[2] NoScript allows executable web content such as JavaScript, Java, Flash, Silverlight, and other plugins only if the site hosting it is considered trusted by its user and has been previously added to a whitelist. NoScript also offers specific countermeasures against security exploits

    more info
    https://en.wikipedia.org/wiki/NoScript
    I honestly don't know why you responded with info from the Wiki. It doesn't answer any of my questions.

  4. #4
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firefox security

    Quote Originally Posted by finite9 View Post
    Sorry, this post is not Ubuntu specific. I hope someone has some suggestions though...

    I started looking into browser security again, and looked at NoScript, AdBlocker Plus etc, and I saw the Collusion demo which I've been using to verify that the add-ons are working.

    Then I came across the mvps hosts file solution: hosts file re-directs dodgy sites to my local 127.0.0.1 address.

    I have a general question about these solutions:

    When I have this hosts file in place (verified that traceroute does indeed point to my local IP), web browsing with Firefox _still_ shows in the status bar that it is trying to load sites like doubleclick.net, and sites still load slowly, as they try to load the page.

    When I enable NoScript, I no longer see that Firefox is even trying to load those domains, and the pages load substantially faster.

    Is using the hosts file "slow" compared to using NoScript, or is it just that NoScript disables a ton of other stuff that a hosts file does not catch?
    To answer these questions direectly, NoScript will not load scripts, which often pull content from other sites. So if a script is pointing to doubleclick.net or whatever and the script is never loaded. The request to that site is never made, so the content is not loaded.

    The hosts file targets a different aspect, it basically blocks the content by making the hostname doubleclick.net resolve to localhost. Your browser still loads the script and still tries to load the content, has to wait for doubleclick.net (localhost) to timeout, then continue. So it can slow down performance considerably.

    Hopefully this answers your question.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •