YesScript is NoScript's Antagonist - gHacks Tech News

YesScript is NoScript's Antagonist

NoScript is a highly acclaimed Firefox security add-on that protects its user from scripts that are executed on websites. The approach is to block all scripts on a website unless the website gets whitelisted by the user. These whitelists can be temporary for the browsing session or permanently.

While that is certainly the best security approach it does require lots of work especially in the beginning as you will encounter sites that won't work without at least some whitelisting.

Most users on the other hand prefer simplicity and no user interaction and that's where YesScript comes into play. Its approach is the complete opposite of NoScript: YesScript allows all scripts on all websites unless they are blacklisted by the user.

The advantage of this method is that less user interaction is required. It does however undermine the security aspect because scripts will be executed normally as long as the website is not on the blacklist.

yesscript

There are other differences. YesScript adds a single button to Firefox that you click on to enable or disallow scripts on the domain you are on. This means that either all or no scripts are allowed to run on it which is different from NoScript's behavior that allows to enable scripts individually.

NoScript in addition to this ships with a set of additional security features that improve the overeall security of the browser further.

It comes down to an evaluation of the advantages and disadvantages of both methods. NoScript provides enhanced security while YesScript less work and vice versa. Installing YesScript from a security standpoint does not make that much sense but it is quite capable of removing scripts from websites that make extensive use of them which can be beneficial on sites that use lots of cpu for example or load slowly because of those scripts.

If you ask me, YesScript is great for turning off JavaScript on sites with the click of the button. It won't help security-wise though and the author of the extension confirmed that he created it to remove hassles from websites and not improve overall security of the browser.

Summary
software image
Author Rating
1star1star1star1stargray
no rating based on 0 votes
Software Name
YesScript
Landing Page




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Tim said on August 12, 2008 at 3:55 pm
      Reply

      This looks useful.

      The tool I have been searching for is a CPU Usage Meter that indicates the processor load imposed by each tabbed web page. It can display the average/max cpu load in a tool-tip box when the mouse hovers the tab. Then I can take more informed action on the offending site.

    2. Tony S. said on August 12, 2008 at 4:27 pm
      Reply

      In NoScript’s options, you can enable that any 1st level domain (i.e. ghacks.net) has scripting allowed by default.

      (and then you can ban some page, if you want)

    3. indy said on August 12, 2008 at 5:08 pm
      Reply

      it’s totally useless! :D

      I agree with Tony, NoScript has that option and it works really good. It’s between “block all” and “allow all”, we can say “block extra”. I find it is a good approach

    4. Transcontinental said on August 12, 2008 at 5:21 pm
      Reply

      I use YesScript and QuickJava, the latter being a quick Java/script on-off button for when I wander in red light zone districts :)
      I never liked NoScript, too heavy but above all, participates to a negative approach of the Web as a whole. So many sites use java nowadays, even to load a page, to download a file. Better off with Java on — besides exceptions — within a very good if not sophisticated system security overall.

    5. Pietzki said on August 13, 2008 at 12:52 pm
      Reply

      er, how is that useful? Isnt it MORE of a hassle to manually blacklist bad scripts (by which time the script would already have run anyway)?! Besides, this doesn’t protect you against cross site scripting either..

    6. David Bradley said on August 18, 2008 at 4:33 pm
      Reply

      This is an interesting…but totally useless idea. It’s like having a house with NoKeys enabled. All doors are left unlocked unless you blacklist them for a particular person…a burglar say…but how would you know in advance that a particular person is not trustworthy?

    7. Stephan Sokolow said on September 29, 2008 at 4:19 am
      Reply

      I have to agree that blacklisting is bad. I assume you’ve never read “The Six Dumbest Ideas in Computer Security”? Enumerating badness is always doomed to failure.

      http://www.ranum.com/security/computer_security/editorials/dumb/index.html

    8. x said on April 19, 2010 at 5:14 am
      Reply

      Old post but still relevant today. The replies are obviously from NoScript fans, stuck in mindless “NoScript is a panacea” mode.

      YesScript isn’t meant as a security solution, and it isn’t useless. It lets you block scripting on sites that have problematic scripts, and allow everything else. It’s really not hard to understand. Unless you’re mindless.

    9. Thrawn said on March 4, 2011 at 8:31 am
      Reply

      I’m with Pietzki…there’s so much to block that it would be a lot more work to do that than just to unblock selected sites. And NoScript in Allow Scripts Globally mode will behave the same way as YesScript, except that it adds silent protection against XSS, CSRF, etc.

    10. LOL said on August 18, 2011 at 8:34 pm
      Reply

      “there’s so much to block that it would be a lot more work to do that than just to unblock selected sites”

      LOL, Are you crazy?

      The web is not a jungle where you’ll be raped in any corner with the “cock Javascript”. Thanks NoScript for creating users paranoid.

      @x +1

    11. Thrawn said on November 18, 2011 at 2:35 am
      Reply

      Actually, the web is a jungle – or, at least, parts of it are, and until you visit a page, you don’t know whether it’s safe or not. But since YesScript isn’t a security addon, that’s not the key point.

      YesScript is redundant when NoScript can be easily configured to do the same job, only better.

    Leave a Reply