I agree with the "always allow" point...
to those who realize that the disabling of java, while still resident in the on-board applications , is a frustrating attempt at a fix. I use Comodo Dragon(Chrome) with Script Safe, and I think I like it better than No Script, because it also tends to be just another "always allow" option. Script Safe is a little different in the way it is controlled, and I find I can take steps to gain functionality on web sites without allowing as much as seems necessary with No Script. Bottom line is at least these two plugins, and probably others, are definitely better than nothing. I am convinced though, that my blended defenses, will make the attacking code's success very much less likely.
My tests of the various HIPS based utilities I use have so far caught every malicious file I've downloaded on my honey pot. If one solution doesn't stop it, something else always does. I base this success on well designed software that doesn't rely on signatures, and are kernel based to resist manipulation by the malware. It is even getting hard to find sources for zero day threats to test these solutions. Many in this field are employing junk email accounts to farm up spam, which seem to be the best source for active threats right now. The criminals will never sleep on this, so the mine fields are ever changing, and anyone involved in IT SEC is already well aware of this.
The evolution of security solutions has been mind boggling in just the last two years - but it has become necessary as well. Kudos to Microsoft for improving on the NT5 and 6 model for hardening their operating systems, as this has given us at least a leg up on the problem.
