"Robert Riches"  wrote

| >   When you combine the corporate security model with
| > SOHo usage you get crazy risk.
|
| There is a solution that significantly decreases risk when
| allowing JavaScript in a web browser:
|
|    Run the browser from a different (browser-only) user account
|    that has very strictly controlled access to files owned by
|    your normal account.
|

   That seems like an awfully lot of work to me. I don't
even use a restricted user account in the first place.
Since most people do, any malware attack has to be
able to bypass the restrictions and the only result is
that I can't access my own files!

   But I guess that's at least some help if people
bank online. I avoid doing things like that. For awhile
I've taken an approach of having 2 gecko browsers
on all computers. One is Firefox with NoScript, which I
use if I must enable script. The other is New Moon,
Pale Moon, or Waterfox, with the prefs set for optimal
privacy and security -- blocking script, iframes, 3rd
party files, prefetch, autorefresh, and so on. I rarely
need to use the browser with script. And I've never
liked things moving on webpages, anyway. So I don't
mind the simpler layout. Though I have to admit that
pages are becoming increasingly broken. I often end
up toggling CSS off in order to get links to work or to
see text that webmasters have hidden from anyone
disabling script.

  Push has never really taken off, but increasingly
javascript is being used to make pages work like
an interactive broadcast. Either you let them spy on
you, and let them change the webpage as you're
viewing it, or they'll do their best to make sure you
can't view it at all. So much for the information
superhighway. What we've ended up with is sleazeballs,
large and small, each fashioning their own custom
turnpike to extort from passersby.

--- SoupGate-Win32 v1.05