NoScript is a highly acclaimed Firefox security add-on that protects the user from scripts that are executed on websites. The approach is to block all scripts on a website unless the website gets whitelisted by the user. While that is certainly the best security approach it does require lots of manual whitelisting in the beginning and when visiting new websites.
Most users on the other hand prefer simplicity and no user interaction and that’s where YesScript comes into play. Its approach is the complete opposite of NoScript. YesScript allows all scripts on all websites unless they are blacklisted by the user.
The advantage of this method is that less user interaction is required. It does however undermine the security aspect because scripts will be executed normally as long as the website is not in the blacklist.
It comes down to an evaluation of the advantages and disadvantages of both methods. NoScript provides enhanced security while YesScript less work and vice versa. Installing YesScript from a security standpoint does not make that much sense but it is quite capable of removing scripts from websites that make extensive use of them.
Related posts:
Block NoScript From Opening Homepage After UpdateForce SSL HTTPS Connections In NoScript
My Firefox Security Profile
5 Essential Firefox Extensions
PC Security: Tips To Make Your PC More Secure
Combine multi-paged articles in Firefox
My Current Firefox Setup
Add Text Link Information To Websites
8 Responses to “YesScript is NoScript’s Antagonist”
Trackbacks/Pingbacks
-
[...] NoScript (homepage): This is really one of my favourite add-ons, effectively blocking all JavaScript unless you allow it (either permanently or temporarily). While this might not be for everyone, if you want to take control of your browsing experience, this is a must have. NoScript has received an antagonist: YesScript. More information can be found on gHacks. [...]
This looks useful.
The tool I have been searching for is a CPU Usage Meter that indicates the processor load imposed by each tabbed web page. It can display the average/max cpu load in a tool-tip box when the mouse hovers the tab. Then I can take more informed action on the offending site.
In NoScript’s options, you can enable that any 1st level domain (i.e. ghacks.net) has scripting allowed by default.
(and then you can ban some page, if you want)
it’s totally useless! :D
I agree with Tony, NoScript has that option and it works really good. It’s between “block all” and “allow all”, we can say “block extra”. I find it is a good approach
I use YesScript and QuickJava, the latter being a quick Java/script on-off button for when I wander in red light zone districts :)
I never liked NoScript, too heavy but above all, participates to a negative approach of the Web as a whole. So many sites use java nowadays, even to load a page, to download a file. Better off with Java on — besides exceptions — within a very good if not sophisticated system security overall.
er, how is that useful? Isnt it MORE of a hassle to manually blacklist bad scripts (by which time the script would already have run anyway)?! Besides, this doesn’t protect you against cross site scripting either..
This is an interesting…but totally useless idea. It’s like having a house with NoKeys enabled. All doors are left unlocked unless you blacklist them for a particular person…a burglar say…but how would you know in advance that a particular person is not trustworthy?
I have to agree that blacklisting is bad. I assume you’ve never read “The Six Dumbest Ideas in Computer Security”? Enumerating badness is always doomed to failure.
http://www.ranum.com/security/computer_security/editorials/dumb/index.html