• MaeBorowski [she/her]
    ·
    7 months ago

    Thanks, yes I realize it was seeing some kind of script it didn't like but like you said, javascript is something many many sites use which is why I was so suspicious that it was blocking jewishcurrents.org in particular. It's not like it's uncommon for me to visit sites running a lot of scripts lol. Only very rarely will I get an avast warning and block, even less often with "Script-inf" listed as the "infection" type. The only other place that consistently triggers avast are pirate movie streaming sites which I know avast actually blacklists. I'm also using NoScript/uMatrix with strong rules and always selectively allow only the bare minimum scripts needed to load any given webpage.

    Anyway, thank you for the advice. I would never ever pay for this shit, I only have the free version but omg yes, avast is such horrid nagware. A couple times a week or so it will force these moving (which makes them hard to quickly close) popups that say shit like "You are being tracked!" with a button to "remove tracking cookies" only for it to bring up an ad for their premium version or other trash software. It's funny since I won't tolerate ads in like videos or on websites at all. The only reason I've put up with avast in spite of my disgust is that a while back someone I trusted told me as bad as it is that it's still better than the windows default and how necessary it is to have at least some kind of antivirus installed in addition to defender or whatever default. I was always skeptical of that though, so I believe you if you say the windows one suffices. I'm hoping soon to get a new (or another used) laptop and will be installing linux on it making the avast question moot.

    • CoolYori [she/her]
      ·
      edit-2
      7 months ago

      I'm also using NoScript/uMatrix with strong rules and always selectively allow only the bare minimum scripts needed to load any given webpage.

      Modern web browsers are not like ones back in the day that had things like ActiveX that hooked into the operating system and could be an entry point. Really if you look at threat actors that want to get at your data they cant attack you like that. So using something like NoScript or uMatrix does not solve the issue with say browser fingerprinting. It being the main choice for browser based attacks these days. It might actually exacerbate your issues by making you look like a person wearing a yellow jacket in a crowd instead of like a gray one with everyone else. In fact the guy that makes uMatrix says you really should be using uBlock origin instead because like the threat profile that is involved with matrix blocking really is not a thing. What you really want to do is make yourself look as inconspicuous as possible.


      Ask yourself a few opsec questions such as:

      • What is my threat profile?
      • Am I trying to prevent a known threat actor or is it more general than that?
      • What is my attack surface?
      • Is there a way to minimize that attack surface?

      Please also consider a few things that protect you. For example most residential ISPs do not give your computer an internet address. You usually get your address from your router. Your router is really on the internet and will not let things talk to your computer because it does not know how to get it to your computer versus other things on your network. That is unless you manually forward the ports for this, and that is what I mean by attack surface. If you have a device that lets you on the internet then its your border and often they are locked down due to years of customer complaints of hacking. Its why most gateways that come with internet for people have a randomized set of passwords on em.

      Take some time to look at your situation from the perspective of a threat actor and you start to see your security posture. Also consider that fortune 500 companies pay millions for cybersecurity and it takes only one dedicated threat actor to compromise them. You will not stop someone from coming at you directly. You can only really stop automated attacks from the internet and only then by keeping up to date on news.