protect us from bad scripts
"Cookie Stealing Scripts " and other fraudulent scripts... figure out a method to better protect us from these problems
Jan Biniok commented
Hi, Tampermonkey dev here.
How about adding the results from every scripts issues section to the existing or a new meta.js URL.
A script handler like Tampermonkey then can read them and warn the user if there are a lot of negative ratings. It would then also be possible to re-check the ratings at regular intervals and warn if for example a new version causes new bad ratings
I love facebook
Ricky H commented
down with this sort of thing
Piyush Soni commented
Users can anyway vote on bad scripts, so we should not waste too much time on this. Just have a look in the issues tab. What I suggest is, though to make it much more visible when a script has 'issues' marked by users. So put a big warning sort of thing on the head - "This script has been voted dangerous. Are you sure you want to install it? "
donovan aganovic commented
tell me of all bad scrips please
This should be closed since it is neither practical or possible.
an extension for greasemoney to monitor suspicious activities as ABE could have been an extension for NoScript.
Users could subscribe to a definitions list like AdBlock Plus (and hopefully ABE).
Softpedia tests software in a sandbox (or VM) allegedly. Could not similar be done with userscripts?
automatic detection is very hard
the script can have the user do something, which automatic checking can never detect
another suggestion would be to implement some sort of warning in greasemonkey, when the script sends something to another site, or redirects the user to another site
i find this to be the only way
What about displaying the box with the vote-stats from the section "issues" on the main page of a script and warn the user if more users voted that the script was malicious than not malicious and there were at least 15 votes (or some other count)? For example there could be a big red warning sign just below the "install"-button.
Firefox addons are reviewed by admins before they are publicly available. Perhaps unchecked code could be flagged with an unchecked warning and bad code deleted.
AdminPhotodeus (Admin, Userscripts.org) commented
At least show a nasty warning if some script uses the eval( ) function, that is the most dangerous out there.
Adminjerone (Admin, Userscripts.org) commented
In answer to cookieMonster and iamah a start: http://userscripts.org/scripts/show/11388
What is relatively easy is to do a script that searches the code looking for "potentially dangerous" calls, like http requests, reading cookies, keyboard listening methods, maybe...? for a programmer it should be interesting to take a look what those are doing before installing...
an antivirus need human researchers to detect new virus and their "sign" ...
If you can find a better solution you're welcome ;-)
come on. we use scripts to avoid manual work.
there should be a script to prescan any script for malicious code before installing them. a red flag or something also needs to be posted along with the script name in the classification system.
the only better method is to manually check every script before publish it ...