5

I've been using NoScript for a couple of years now but I can't seem to figure out which scripts are safe to allow and most of the time I just temporarily allow all the scripts. Is there a way to check if a script is safe other then running it to find out?

kalina
  • 3,354
  • 5
  • 20
  • 36
Jay
  • 535
  • 5
  • 12
  • 1
    Related, but not an exact duplicate: [_NoScript: How to determine which sites/scripts to whitelist?_](http://security.stackexchange.com/q/4983/38377) – IQAndreas Sep 07 '14 at 03:53
  • 1
    What kind of threats are you concerned about and who do you consider trustworthy? "safe" is highly relative in this situation. – thexacre Sep 07 '14 at 06:59
  • Threats like malicious tracking and drive-by-downloads. I consider the scripts that don't do anything malicious trustworthy. – Jay Sep 07 '14 at 09:33
  • 1
    How do you define malicious tracking? – Stephen Touset Sep 09 '14 at 21:29
  • In the exact same way as you check if your other programs are safe to run and don't contain malicious backdoors or exploitable bugs - you can't. – Peteris Sep 09 '14 at 23:21

2 Answers2

2

In short, no. Determining if something is "safe" is isomorphic to the halting problem. The best you can do is to execute the script using an agent you regard as safe.

Keep in mind that one class of exploits involves trusted functions doing things they're not supposed to do. Suppose for example that choose your vendor here installed a back door in the "print" function so that if the printed string was 39549235-052-4-234-2-42-3-29q4er-2348-2398 they would also open a connection to NSA headquarters and dump the contents of your hard drive.

ddyer
  • 1,974
  • 1
  • 12
  • 20
-1

Outside of an Anti-Virus program blocking the execution of a known malicious script, not really. Generally this is where user education comes in, and a pinch of common sense is required when choosing what you allow to run on your system.

You could always run the script in a safe environment, and monitor the output. Outside of that, your options are very limited.

theCowardlyFrench
  • 381
  • 2
  • 6
  • 1
    Depending on his adversary, what is considered a "safe environment" can be very hard to come by. Not everyone wants to buy a burner computer with zero networked peripherals each time they want to test out a script. – forest Apr 04 '16 at 23:39