That's the point. NoScript blocks all scripts by default, which is exactly what you want. That way, if by chance you go to some website with a bad script in it, it is never run unless you specifically enable it, at which point it's your own fault.
Web of Trust is all well and good as a supplement to NoScript, but it's no substitute for NoScript. Plenty of very reputable sites, like CNet for example, outsource the serving up of banner ads. It will routinely happen that an ad is served up on a reputable site which has been rigged to execute a script that tries to exploit some known flaw, or flaws, in web browsers like Internet Explorer. That, in a very simplistic nutshell, is the essence of a cross-site scripting (XSS) attack. The suspect content isn't coming from the site you're visiting, it's being loaded from some third party site.
Just for example, looking at this particular page right now, NoScript lists scripts from the following non-CNet/CBS domains: google-analytics.com (keeps tabs on what links you click on and other things), adobetag.com (another marketing oriented spy script), nrcdn.com (the third marketing oriented script designed to spy on your behavior while on this site), crowdscience.com (see the past three examples), flashtalking.com (ad banner fulfillment), twitter.com (think we all know what that one is), viglink.com (more marketing spyware), and finally gigya.com (integration to social networks like Facebook and Twitter). So that's five distinct sites with the express purpose of keeping tabs on your activities while on this site, viglink is the outsourced ad banner provider, and CBS is using a third party to handle it's integration with the likes of Facebook. If any one of those EIGHT different websites is ever compromised and malicious code is put into the scripts served up on CNet sites, Web of Trust won't do a thing to help you, but NoScript will. That's just for these forums alone, other sites are pretty much the same.
NoScript is a bit of a pain to get set up, but it's a choice between a little bit of pain spread out over a long period of time vs a large amount of pain all at once if you end up having to clean up the aftermath of one wrong click.
Was this reply helpful? (1) (0)