NoScript provides also additional defenses against web-based attacks such as XSS, CSRF, Clickjacking, Man in the Middle attacks and DNS Rebinding, with specific countermeasures which work independently from script blocking.
These kind of threats are not to be taken lightly. Symantec has suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.” Another security expert, F-Secure, has pointed out how the amount of malware produced just in 2007 exceeded that of the previous 20 years altogether.”
Malware’s most common pathway from criminals to users used to be by e-mail, but as of today main sources of infection are distributed all over the World Wide Web in the form of embedded scripts. Now, your computer can become compromised just by going to an infected website or clicking on certain suspect links, even if you have a firewall, anti-virus, anti-spyware and related software on your computer
Perhaps the video below will help you decide:
- CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (Dennis O’Reilly, Get a new PC ready for everyday use)
- Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Andy Greenberg, Filter The Virus Filters).