On userscripts.org site, I suggest you ...

protect us from bad scripts

"Cookie Stealing Scripts " and other fraudulent scripts... figure out a method to better protect us from these problems

482 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    16 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Jan BiniokJan Biniok commented  ·   ·  Flag as inappropriate

        Hi, Tampermonkey dev here.

        How about adding the results from every scripts issues section to the existing or a new meta.js URL.
        A script handler like Tampermonkey then can read them and warn the user if there are a lot of negative ratings. It would then also be possible to re-check the ratings at regular intervals and warn if for example a new version causes new bad ratings

      • Piyush SoniPiyush Soni commented  ·   ·  Flag as inappropriate

        Users can anyway vote on bad scripts, so we should not waste too much time on this. Just have a look in the issues tab. What I suggest is, though to make it much more visible when a script has 'issues' marked by users. So put a big warning sort of thing on the head - "This script has been voted dangerous. Are you sure you want to install it? "

      • Euthanize_ProgressivesEuthanize_Progressives commented  ·   ·  Flag as inappropriate

        an extension for greasemoney to monitor suspicious activities as ABE could have been an extension for NoScript.

        Users could subscribe to a definitions list like AdBlock Plus (and hopefully ABE).

        Softpedia tests software in a sandbox (or VM) allegedly. Could not similar be done with userscripts?

      • smksmk commented  ·   ·  Flag as inappropriate

        automatic detection is very hard
        the script can have the user do something, which automatic checking can never detect

        another suggestion would be to implement some sort of warning in greasemonkey, when the script sends something to another site, or redirects the user to another site

        i find this to be the only way

      • n-regenn-regen commented  ·   ·  Flag as inappropriate

        What about displaying the box with the vote-stats from the section "issues" on the main page of a script and warn the user if more users voted that the script was malicious than not malicious and there were at least 15 votes (or some other count)? For example there could be a big red warning sign just below the "install"-button.

      • nburoojynburoojy commented  ·   ·  Flag as inappropriate

        Firefox addons are reviewed by admins before they are publicly available. Perhaps unchecked code could be flagged with an unchecked warning and bad code deleted.

      • iamahiamah commented  ·   ·  Flag as inappropriate

        What is relatively easy is to do a script that searches the code looking for "potentially dangerous" calls, like http requests, reading cookies, keyboard listening methods, maybe...? for a programmer it should be interesting to take a look what those are doing before installing...

      • Edo78Edo78 commented  ·   ·  Flag as inappropriate

        LOL
        an antivirus need human researchers to detect new virus and their "sign" ...
        If you can find a better solution you're welcome ;-)

      • cookieMonstercookieMonster commented  ·   ·  Flag as inappropriate

        come on. we use scripts to avoid manual work.

        there should be a script to prescan any script for malicious code before installing them. a red flag or something also needs to be posted along with the script name in the classification system.

      • Edo78Edo78 commented  ·   ·  Flag as inappropriate

        the only better method is to manually check every script before publish it ...

      Feedback and Knowledge Base