NoScript is a free, open source add-on that provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers.
NoScript primary aim is preventing malicious JavaScript, Java, Flash, Silverlight, and other plug-ins code and scripted content to be executed. It accomplishes that by curtailing code execution on the browser and allowing only the trusted web sites of your choice.
NoScript provides also additional defenses against web-based attacks such as XSS, CSRF, Clickjacking, Man in the Middle attacks and DNS Rebinding, with specific countermeasures which work independently from script blocking.
These kind of threats are not to be taken lightly. Symantec has suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.” Another security expert, F-Secure, has pointed out how the amount of malware produced just in 2007 exceeded that of the previous 20 years altogether.”
Malware’s most common pathway from criminals to users used to be by e-mail, but as of today main sources of infection are distributed all over the World Wide Web in the form of embedded scripts. Now, your computer can become compromised just by going to an infected website or clicking on certain suspect links, even if you have a firewall, anti-virus, anti-spyware and related software on your computer
So, will NoScript make your web surfing safer? Sure it will. Is it worth the hassle of having to white-list the sites? It’s up to you to decide. If you’re sending and receiving sensitive data or accessing the kind of websites that common sense advise against, then you’d probably better off using it. Even the latest security software is not as effective, simply because of the vast amount of JavaScript-related vulnerabilities that keep popping up nowadays. Having the NoScript add-on installed goes a long way in ensuring the safety of your web surfing, especially when navigating uncharted waters.
Perhaps the video below will help you decide:
Unfortunately, there’s no NoScript version for non-mozilla browsers capable of executing JavaScript code, such as Internet Explorer, Opera or Safari. And yes, malicious script code can be executed on any script-enabled browser, no matter how sophisticated they are.
More info:
- CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (Dennis O’Reilly, Get a new PC ready for everyday use)
- Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Andy Greenberg, Filter The Virus Filters).
As HTML5 usage spreads, it will bring new vulnerabilities to apps, as well as Web pages, security experts warn:
http://www.infoworld.com/d/developer-world/programming-html5-raises-new-security-issues-browser-makers-681
So, what options are left for Internet Explorer? I undserstand this is Firefox-only?
Hi, Just remind you that when you install NoScript, JavaScript, Java, Flash Silverlight and other executable contents are blocked by default.
is this such a great technique ? Not so sure