Giorgio’s message = with some effort you can have better protection. It isn’t ultimate invulnerability, it’s just better, take it or leave it.

Pirlouy’s message = I am a hopeless addict to all the things on the ‘Net, I don’t have the strength/courage/ability to be any better than a hopeless addict, I don’t have the strength/courage/ability to use the protection Giorgio offers, puh-leeze all you software devs see my plight and fix the damn ‘Net so I can continue to do whatever I want, anytime I want, wherever I want yet be completely invulnerable, happy and safe, why can’t you make the ‘Net the utopia it’s supposed to be.

Now I must admit that I am no better than pirlouy. I like the idea of being able to surf wherever I want and I throw caution to the wind more often than I should. I also like banking online and sending/receiving money via PayPal. Realizing…

1) legislators are not willing to pass the laws that would seriously reduce hacking/scamming on the ‘Net (i.e. death to all hackers, scammers, phishers, not a quick death but rather a slow, painful death ) and the devs cannot do the job without standards legislated into place

2) the biggest scammer asshole, Bill Gates, remains at large rather in a coffin where he should be

3) NoSript is a good thing but some day my human frailty and a well executed temptation from a people-savvy hacker/phisher/asshole will lure me into putting his scam site on NoScript’s whitelist thereby revealing my bank account number and PIN or other useful personal info

… I have 2 computers on a wired (no WiFi) LAN with hardware NAT router, KVM switch and 1 monitor, Avast! anti-virus on both machines, as follows:

1) my unsecure machine: my newer, faster machine, used for games (on and offline), surfing porn sites, MSN, torrent, hotmail, i.e. all the dangerous stuff, it does not block Javascript from any site, never used for online banking or any activity that reveals anything about me that a hacker might find useful, all[/b] user info typed on this machine (name, location, birth date, sex, etc.) is bogus, the only truthful info I give on that machine is my timezone and I frequently lie about that too. The strategy is… if there is nothing on this machine but lies and useless personal info then I can surf wherever I want safely and the hackers can have fun trying to use the bogus info they steal from me.

2) my secure machine: my old, slower machine, I run Simply Accounting and other business related software on this machine, use it to access my primary email account (via SMTP and POP3, not HTTP), my online banking and PayPal, absolutely no other sites, no exceptions, it does not share directories with my unsecure machine, no MSN/Yahoo Messenger, no torrents, no games, just Simply Accounting, Avast! anti-virus, a few trusted business softwares, and FireFox with NoScript set to allow Javascript only from my online bank account and PayPal.

I suppose a hacker could trick me into downloading and installing software onto my unsecure machine that would defeat whatever security mechanisms are in place to access the disk on my secure machine and steal valuable info but I don’t know what else I can do. NoScript is adequate if you know who you can trust but I don’t think I can ever know that in every case.

They wouldn’t work for SSL, but may mitigate for normal browsing.

BTW I notice you also said you dont use a firewall and advise people against them. That is also a very very bad idea. To go back to your car analogy, that is like driving around with no cops, speed limits and road laws. Sure you might make it to get groceries or to work. Hell, you might make it a month with no problems but eventually you will get hit by a drunk driver or a speeder out of control. You can not by default trust everyone to make the same nice decisions. More importantly you cant trust them to be able to foresee every vulnerability in their systems.

Think of it as a condom for your browser, allowing ffx to truly browse safer.

PS I take it all back… I almost fell off my chair when i discovered i had to allow jscript just to comment to your site buddy… wtf… cant you find a better way? like your own captcha rather than a offsite? this sux

NoScript isn’t a trade off, if you wanna view a site with javascript and all that just click Allow hackademix.net for example, easy as that, or Allow temporarily. And if you’re one of the idiots only use Internet for searching some information and using MSN don’t use it if you don’t want to have more security.

Greetings, Ian.

Regarding the other questions, I’ve just integrated FAQ 1.5, which was already about the default whitelist, to address your concerns more precisely.

Thank you for updating the NoScript docs. I appreciate its thorough documentation.

Regarding the other questions, I’ve just integrated FAQ 1.5, which was already about the default whitelist, to address your concerns more precisely.