Post Reply 
NoScript = Malware?
May. 01, 2009, 11:00 PM
Post: #1
NoScript = Malware?
http://adblockplus.org/blog/attention-noscript-users

Quote:Confronted with the facts and with the AMO policy NoScript author agreed to revert the changes. However, he put a different "solution" in place — the new NoScript version released yesterday adds a "filter subscription" to Adblock Plus meant to whitelist NoScript’s domains.

I just checked ABP, and indeed a "whitelist" for various sites related to NoScript have been added without my consent. It is listed as: "NoScript Development Support Filterset".
Visit this user's website
Add Thank You Quote this message in a reply
May. 01, 2009, 11:56 PM
Post: #2
RE: NoScript = Malware?
Saw that, too. Just uncheck that section if you don't want it. That's what I did.


Attached File(s)
.jpg  ABP.jpg (Size: 22.76 KB / Downloads: 974)
Add Thank You Quote this message in a reply
May. 02, 2009, 01:01 AM
Post: #3
RE: NoScript = Malware?
I disliked this so much that I've uninstalled NoScript. What especially irks me is that a pretty significant change (e.g. excluding sites from being filtered) was made without my consent. To me, anything that has such feature is malware.
Visit this user's website
Add Thank You Quote this message in a reply
May. 02, 2009, 01:23 AM
Post: #4
RE: NoScript = Malware?
i don't use Firefox, so all i'm presenting is a strict "third-party" perspective...

i have to agree heavily with Kye-U...
any "trusted" application that starts making decisions "for me" is certainly NOT to be "trusted"...
any application that thinks it is "smarter" than me and should be making decisions "for me" gets the axe...
(including firewalls that think they should be deciding 'port activity' "for me")...
Add Thank You Quote this message in a reply
May. 02, 2009, 03:58 AM (This post was last modified: May. 02, 2009 04:02 AM by 43unite.)
Post: #5
RE: NoScript = Malware?
OK, I understand the issue now and agree with Kye-U.

The new whitelist cannot be deleted, only disabled. Installed without user permission or knowledge. Nasty. Yep, malware. Sad.

Saw the following on the AdBlock site:
http://adblockplus.org/development-build...king-added

Warning: The version described here is a development build and as a such it has not been fully tested and might not work properly. Use at your own risk and make sure to backup your filter list.
A new Adblock Plus 1.1.alpha+ development build (2009042809) has been uploaded: http://adblockplus.org/devbuilds/
Changed the way "add subscription" links work, these can now only be triggered by user clicking a link

Looking forward to this change.
Add Thank You Quote this message in a reply
May. 02, 2009, 07:39 AM
Post: #6
RE: NoScript = Malware?
Quote:Why such a tight release schedule? Version 1.9.2.6 automatically and permanently removes the cotroversial NoScript Development Support Filterset deployed with NoScript 1.9.2.4. I sincerely apologize with those ABP users who missed the information about it given on the AMO install page, on this site's install page, on this very release note page and in the FAQ. Not including a prompt asking for permission beforehand from the start has been a very bad omission, and I want all the ABP users who felt betrayed to know how much I'm sorry for that. As a sign of good will, current NoScript 1.9.2.6 completely removes the filterset itself, if found there, on startup with no questions asked. Thanks for your patience.
-- Giorgio

The damage has been done and I'm hesitant to re-install NoScript.
Visit this user's website
Add Thank You Quote this message in a reply
May. 02, 2009, 12:40 PM
Post: #7
RE: NoScript = Malware?
Looking at my trusted/untrusted list of NoScript i have less than 50 entries. These are the typical exclusions for shared domains like facebook.com and fbcdn.net, and youtube.com, digg, megavideo, etc... a so easy list. So is sufficient blocking third party scripts and using a small exclude list.
But i don't know how to toggle a script, if someone could find a way to do it...

http://prxbx.com/forums/showthread.php?tid=1295
Add Thank You Quote this message in a reply
May. 02, 2009, 01:52 PM
Post: #8
RE: NoScript = Malware?
(May. 02, 2009 07:39 AM)Kye-U Wrote:  NoScript 1.9.2.6 completely removes the filterset itself, if found there, on startup with no questions asked.
True.
(May. 02, 2009 07:39 AM)Kye-U Wrote:  The damage has been done and I'm hesitant to re-install NoScript.
Understandable. I'm still running it and will see how it goes. I figure that everyone makes a big blunder once in a while. This blunder is now publicly acknowledged, fixed and apologies offered. NoScript is a potent add-on and performs numerous positive functions.
Add Thank You Quote this message in a reply
May. 02, 2009, 04:39 PM (This post was last modified: May. 02, 2009 04:40 PM by Kye-U.)
Post: #9
RE: NoScript = Malware?
I was reading up on the comments and people were talking about "forking" it. I got interested so I decided to create a test add-on (I've never made one before) by basically downloading the .XPI file, renaming it to .ZIP and extracting/modifying certain files, and named it "NoScript Lite", where all the ABP-code was commented out and I also made it so it automatically adds "noscript.firstRunRedirection = false". I couldn't get the auto-update feature to work, so that's when I hit a snag in my Firefox adventures. I felt that version 1.9.2.6 was a good gesture, so I completely stopped working on it, but kept my notes and various programs (McCoy, the fciv.exe file to create SHA1 hashes), so that I can draw upon them if something like this happens again.
Visit this user's website
Add Thank You Quote this message in a reply
May. 24, 2009, 06:12 AM
Post: #10
RE: NoScript = Malware?
I guess you've read elsewhere that the 2 add-on authors have mended their fences. It's a comparatively happy outcome to see that mozilla is revisiting their "policy" regarding add-on behavior...

...but the issue of "acceptable add-on behavior", in general, still needs a lot more attention.

I've decompiled (xpi to zip, jar to zip) several add-ons to see what makes 'em tick. From memory, I've only bothered to "customize" and REcompile one add-on for my own use... but, I've chosen to NOT install several, based on what I've found in their code.

The most frequent mis-behavior I've obvserved is that many add-ons are coded to "phone home", for no damn good reason (as in, providing no benefit to me, the user, as a result of phoning home). Some add-ons only (!) phone home once each browser session, arguably to check for updates... but, dammit, the browser has a global option "check updates?" which I have turned off -- and these add-ons disrespect (disregard) that and phone home anyhow. Worse, many add-ons phone home at EVERY BLESSED PAGELOAD; to me, this epitomizes "web bug" or "tracker" behavior!

I seem to recall reading about an add-on author who released some sort of "ebay helper" add-on, and (because it was a trojan) served it from an offshore server, away from the addons.mozilla.org site. Can we have "confidence" in an add-on which is dl'ed from the mozilla site -- as in, trust that its code has been independently examined/approved? The point of my post here is to say no, from what I've seen CLEARLY WE CANNOT!
Add Thank You Quote this message in a reply
May. 24, 2009, 03:49 PM
Post: #11
RE: NoScript = Malware?
Hopefully we have Proxomitron and SocketSniff to see these connections without having to understand its code.
To menction i have 50 selected addons installed, plus other non common addons in a secundary profile and i didn't see strange behaviour luckily Smile!
Add Thank You Quote this message in a reply
May. 24, 2009, 06:37 PM
Post: #12
RE: NoScript = Malware?
Some add-ons, for example myWOT and SiteAdvisor, are expected to phone home, by design. If, in their configuration, I specify "only check links embedded within Google search results pages" and the addon disregards this and continues to phone home during every page request... IMO, this constitutes a breach of trust AND amounts to yet another BigBrother tracking my clickstream.

Some add-ons only phone home "every fifteen minutes" or at some other comparatively frequent interval, arguably to "check for updates"... but, c'mon, every fifteen minutes??? Yeah, sniff the packets and you'll likely find the call to the mothership STILL relays your surfing history, it just does so surreptitiously, in batches.

With some add-ons, if you dechipher (and I mean it's sometimes obfuscated within the add-ons js internals) "phone home" hostname or IP address, the add-on will not function. Why? What valid, motivated-by-good reason would the add-on author code such a thing??? In distributing a "free" add-on, is an author "entitled" to have the add-on phone home, keeping him apprised of who / how many / how often people are using his add-on?
Add Thank You Quote this message in a reply
May. 24, 2009, 07:35 PM (This post was last modified: May. 24, 2009 07:36 PM by lnminente.)
Post: #13
RE: NoScript = Malware?
Yes, we have to keep an eye on them. Some tips to log them to a file? Do you know if maybe the referer is empty or if the user agent is different from the one used by FF?

Would be nice to log every post/submit we do, someone has any tip to do that?
Add Thank You Quote this message in a reply
Dec. 04, 2013, 06:04 AM
Post: #14
RE: NoScript = Malware?
Dear you Just uncheck that section if you don't want it. That's what I did. I've decompiled several add-ons to see what makes 'em tick. From memory, I've only bothered to "customize" and REcompile one add-on for my own use but, I've chosen to NOT install several, based on what I've found in their code.

Smile PlzZZzzz…(Usman Malik)…!!!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: