Dragon vs. Firefox+NoScript

Sandboxie provides the following security (and more) for any web browser:

  1. a whitelist of allowed executables (launched by the browser)
  2. a blacklist of folders/files not readable by malware
  3. a whitelist of folders where changes are not deleted when the browser is closed

I have one sandbox for updating the browser (bookmarks, settings, installing add-ons) and another sandbox for normal surfing, which automatically deletes almost all changes to the browser’s profile folder. I also close the browser (delete the sandbox) before and after doing any financial-related web activity. After I spent a little time learning how to configure Sandboxie, I wouldn’t browse without it.

Assuming that the browser is sandboxed by Sandboxie, I am interested in how forum members compare the security and usability of Comodo Dragon and Firefox+NoScript. I use Firefox+NoScript today, and I am wondering why folks who have tried NoScript would choose Comodo Dragon instead.

Maybe because they don’t like NoScript? 88)

You mention the usability of Firefox with NoScript, but I’ve always felt NoScript to be a hindrance. Not to mention I have trouble trusting it after the developer purposefully interfered with the operation of another extension. He effectively patched in a blind spot with a NoScript update. It was quickly discovered though, because it completely broke the other extension, instead of just the intended blind spot. NoScript is a self proclaimed security extension, whose author isn’t above malicious tampering of other peoples code… :-TD

I personally feel that using AdBlock Plus with a filter to block third party scripts is a much better option than NoScript. Locally hosted scripts really aren’t a problem unless you visit questionable sites. It’s the scripts that the site owner has no control over that are the real issue.

I think Dragon+Sandboxie is a fine replacement for Firefox+NoScript. It’s even a fine replacement for Firefox+AdBlock Plus. I’m completely comfortable with Dragon+Sandboxie, although AdBlock Plus for Chrome isn’t as functional yet as ABP for Firefox.

Does the following ABP filter combination achieve this?
*$script,third-party (for JavaScript?)

When ABP is disabled for a domain, are these third-party scripts allowed too?

ADP does not have an option like NoScript to temporarily allow a domain. When I disable ABP, for example to place an internet order, I often forget to re-enable it again for a day.

Edit: forgot a “not”

I only use the script filter, but the objects probably couldn’t hurt if you want to filter those as well. The script filter works for all scripts, not just Javascript. Flash will also be blocked, etc…

Yes, when ABP is disabled, nothing is blocked. You can also add exceptions for domains like YouTube that often serve their Flash videos from CDN servers.


This is a good idea. Maybe you could make a post on the ABP forum asking for this. The developer is pretty receptive to user input.

There was a thread about Dragon + Sandboxie combo…the conclusion was that it was meaningless to use sandboxie with dragon/chrome, since it was already using sandboxing technology,

You’re comparing apples and oranges here.

Sandboxie works by virtualzing files and processes. Any and all system changes are merely temporary and can be deleted from the sandbox at any time.

The Chrome sandbox works by restricting user access. In simple terms, it strips processes of all access privileges. (Although I’m sure the techniques are different, this is similar to what the automatic sandbox in CIS does)

Sandboxie on the other hand, doesn’t care about access privileges because anything changed is changed in the virtual system and can easily be undone. If a malicious process runs, simply delete the contents of the sandbox.

Since the Chrome sandbox is using standard Windows security features to limit what processes can and can not access on your system, any exploit that can bypass these OS access checks gets out of the Chrome sandbox.

It’s definitely not meaningless to run a Chromium based browser in Sandboxie…

Here is a link to the Chromium blog describing the sandbox.
Chromium Blog: A new approach to browser security: the Google Chrome Sandbox

Edit: Clarification…