So, you allow scripts from sites you determine known to not distribute malware AND the other (cross) sites that site uses for its flash content?
On Sep 16, 2:11 pm, "Ian Fette" <[EMAIL PROTECTED]> wrote: > Sadly, it's hard to block flash "popups" without breaking flash. I wish > there were a better answer. Some people have requested things like noflash, > I suspect that once we have an extension mechanism in place this would be a > good candidate for that. > > On Tue, Sep 16, 2008 at 2:01 PM, gbob <[EMAIL PROTECTED]> wrote: > > > BTW, the only sites in my trusted zone are google, microsoft and just > > a few others. I have yet to be infected by them. They are VERY quick > > to fix vulnerabilities. > > > On Sep 16, 1:36 pm, "Ian Fette" <[EMAIL PROTECTED]> wrote: > > > The whole point though is that running or not running script on sites you > > > trust is not sufficient. E.g. you may trust myfavoritesite.com to run > > > script, but then tomorrow it gets hacked and starts including malicious > > > javascript. This is something that Safe Browsing (the anti-malware > > > protection built into Google Chrome) can help with, but is not something > > > that would be stopped if you say "I trust myfavoritesite.com to run > > script". > > > People are hacking sites you trust and that you visit. That's how they > > get > > > infections. They're not trying to hack sites that nobody visits. > > > This is not something that I think would be a useful feature from a > > security > > > perspective. > > > > On Tue, Sep 16, 2008 at 1:08 PM, gbob <[EMAIL PROTECTED]> wrote: > > > > > You say, "Wouldn't that just be like Mozilla Firefox + NoScript?". > > > > No, as safe as IE6 with prompt for scripts and having a trusted sites > > > > list. Automatically run scripts on sites YOU trust and examine all > > > > others deciding on a site-per-site basis which you'll give permission > > > > to run scripts. Thanks. > > > > > On Sep 16, 5:38 am, "Alwin Garside" <[EMAIL PROTECTED]> wrote: > > > > > Wouldn't that just be like Mozilla Firefox + NoScript? > > > > > > On Mon, Sep 15, 2008 at 11:35 PM, gbob <[EMAIL PROTECTED]> wrote: > > > > > > > Allowing the user to set the browser security to allow them to set > > it > > > > > > to ask for permission to run any scripts (Java, Javascript, etc.) > > and > > > > > > to have a trusted sites list similar to the way IE works. > > > > > > > On Sep 15, 7:29 pm, "Ian Fette" <[EMAIL PROTECTED]> wrote: > > > > > >> I'm not sure what the ask here is. We don't allow active-x to run. > > > > > > >> On Mon, Sep 15, 2008 at 7:23 PM, gbob <[EMAIL PROTECTED]> wrote: > > > > > > >> > Hello: I currently use only IE 6 (I know, I know) because it has > > one > > > > > >> > of the most important security features that has prevented a > > number > > > > of > > > > > >> > infections recently. I have three separate OS partitions with > > XP on > > > > > >> > each. One is used for my non-web work with ALL data and most > > > > programs > > > > > >> > on another drive. Another is used for my normal Web work and > > has NO > > > > > >> > connection to ANY data; documents, projects, etc. And the last > > is a > > > > > >> > test partition setup the same way, to test security where I take > > > > more > > > > > >> > risks. So, on my test partition, in the last month, I was > > infested > > > > > >> > twice by a number of malware programs that got through all > > > > (numerous) > > > > > >> > defenses. My normal web partition is setup slightly > > differently. I > > > > > >> > use only IE and have ActiveX and scripts set to "Prompt" and add > > > > only > > > > > >> > a few sites I trust to the trusted sites list. Even the trusted > > > > sites > > > > > >> > prompt for permission when scripts from other sites are executed > > at > > > > > >> > that site (and I say no, which works fine). It has NEVER been > > > > > >> > infected. It's a pain, I know, but it's MUCH safer and would be > > > > great > > > > > >> > if Chrome had the same so it was at least as secure IE in that > > > > > >> > respect. I'll use Chrome for regular web access when it has it. > > > > > >> > Thanks. > > > > > > >> > May or may not apply... > > > > > >> > See:http://www.darkreading.com/document.asp?doc_id=162515 > > > > > >> > Report: Popular Web Attacks Go Stealth > > > > > > -- > > > > > Alwin "Yogarine" Garside > > > > > Development Lead > > > > > LinFox Serviços de Informatica LTDA.http://www.linfox.com.br > > > > > Phone: +55 (0xx)83 3333-9084 > > > > > Mobile: +55 (0xx)83 91275361 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-dev?hl=en -~----------~----~----~----~------~----~------~--~---
