# Forum in English  > Internet security for beginners  > Computer security  >  security & browsers

## Ultima Weapon

IC, Is Opera still better than firefox with noscript? I thought they say Opera is the safest browser... Your opinion?

----------


## drongo

Any browser has bugs and security halls  :Wink:  As more  as browser become popular- more security  bugs will be find.
In opera you can easily  allow on specific web page all scripts for all  or no one -  in explorer you can't doing even this so easily.But in noscript you can allow on specific site execution of the scrips, and others (mainly advertising  systems ) will be still blocked.
For example, lets go to the site http://www.networkworld.com/topics/security.html
I want to allow scripts just for www.networkworld.com, and not for other advertising sites that  may be  appear on this page. (maby these  advertising sites were been hacked  (for example :http://www.wired.com/techbiz/media/n...11/doubleclick ) or even www.networkworld.com itself was hacked (and 3th  scripts was added)  :Wink:  )
You can see  this on the pic: noscript.JPG
(Sorry that words  like "allow " are in russian .)

I have heard, that NoScript can be used on netscape browser too  :Wink:

----------


## XP user

> IC, Is Opera still better than firefox with noscript? I thought they say Opera is the safest browser... Your opinion?


 Nothing beats NoScript; it's as simple as that. If that didn't exist, I would certainly opt for Opera as my default browser.  Paul

----------


## Surfer

Firefox - best tweakable browser =)

----------


## Sjoeii

Still I really like Opera. But if I need to do any secure browsing I definately use Firefox with NoScript

----------


## Sjoeii

Someone posted this test over at the Kaspersky fan club forum.
http://www.webdevout.net/browser-security

----------


## Shadow[13]

*Sjoeii* Do you know is there anything like that thing for other browsers?
(BTW, there: http://en.wikipedia.org/wiki/List_of_web_browsers is some information about many browsers including timeline, but no information about security...)

Does anyone heard/seen/know anything bad about Amaya Browser?
(http://en.wikipedia.org/wiki/Amaya_(web_browser) http://www.w3.org/Amaya/)
I want to try using it... ^_^

----------


## Sjoeii

No sorry. I just picked it up somewhere.

never heard of amaya, but it sure looks like Maxthon

----------


## Shadow[13]

Hmm... Well... It doesn't realy looks like Maxton... I think...
And Maxton doesn't have it's own engine, but it can use IE or Firefox engine...
I'm trying to find compact and fast browser, what is not eating too much resources and doesn't support java and flash, with its own engine, maybe even something text based(w3m browser looks good: http://en.wikipedia.org/wiki/W3m)...

I want to try to install win2k3 on an old machine(Celeron 300, 520mb hdd, 128mb ram) and make it working there with all common features(Web Browser, File Manager, some archivator(s), some IM client(some icq client for me without all that useless things like sounds, animation, banners, games, avatars, advanced statuses, file transfer...), irc client(looking for something like 0irc(http://www.dev0.de/)), ftp client, some small network tools, some text editor and readers for word documents, pdf, djvu and others, some image viewer(i think about IrfanView), multimedia player, other common apps)... ^_^

----------


## Simple10

I read some posts at mozzillazine forums about IE being infected(or other) through firefox. The method does not apparently affect Firefox but only IE. I can't locate the thread currently, but if I find it I will post a link to it.

If this were possible, would it occur because of the trident layout engine which is a part of IE and Firefox or is it some other bug or vulnerability?

----------


## XP user

The problem is, of course, not in the browsers themselves, but in Windows. A malware installer capable of working on a range of browsers with native Java support (with the help of Sun Java Runtime Environment) can do very dirty tricks, yes, and I'm afraid this is not only limited to Firefox - it will work with Opera, Netscape and others as well.
Besides there is the URI vulnerability, which has still not been resolved completely. This affects especially the proud owners of IE7. It has to do with the way your browser launches arbitrary programs when special URLs containing the % character are clicked on. In doing so, they may allow spyware to be installed on the user's system, but the technical details go beyond the scope of this forum section. To give one example:
Entering


```
http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
```

under 'Start/Run' launches the calculator. Very scary. That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/*Command*-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications. 
P.S.: I also removed Java support on my machine.

Paul

----------


## Sjoeii

just curious. Anyone using safari browser?

----------


## aintrust

@ *Sjoeii*

Sure... =)

----------


## Sjoeii

haha and what do you think?

----------


## aintrust

Safari is the best browser I've ever seen on my iPhone... =)))

----------


## Sjoeii

haha
I hope I can test that version later this week when I receive mine ;-)

----------


## Simple10

however, the most common avenue of exploitation is via Internet Explorer.
Internet Explorer 5.x, 6.x and 7 running on all versions of Windows are affected.

As plug-ins are generally used to enable access to third party file formats, many plug-in vulnerabilities apply to all compatible browsers on all operating systems. Any web browser running on any version of any operating system is potentially vulnerable.

- www.sans.org/top20/#c1

Could you be more specific on these procedures (would like to impliment them).

"That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/Command-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications.
P.S.: I also removed Java support on my machine." -Paul

----------


## Sjoeii

> Safari is the best browser I've ever seen on my iPhone... =)))


I have my iPhone now for couple of days and must admit. safari works great

----------


## Simple10

> That's why, even while Firefox is my default browser, I locked IE down completely, and blocked it from Internet access (it's on a proxy to remote address 0.0.0.0, and I disabled the ability for most programs to launch others in the HKEY_CLASSES_ROOT section of the registry by deleting the Shell/Open/*Command*-parameter. This *is* risky if you don't know what you're doing, but it's the best defense you can imagine against spyware trying to silently run applications. 
> P.S.: I also removed Java support on my machine.
> 
> Paul


I have vista. How do I do that with the registry? PM if you don't want to post. How do I get rid of java support, Add/Remove? I thought I needed IE for Windows Updates.

----------


## harrybro

It has to do with the way your browser launches arbitrary programs when special URLs containing the % character are clicked on.

----------

