Bad things lurk on the interwebs. Viruses are marginalized by Antivirus software, but most Antivirus software doesn’t protect against malicious websites. Websites can phish and clickjack. They can display an invisible button that infects your computer on top of another button that says “download this antivirus software”. There are actions that can be triggered simply by your mouse moving over an element on a page.
Firefox is a web browser that is constantly gaining market share against Microsoft‘s Internet Explorer. While it’s true that Firefox is a secure browser, as is a fully-patched copy of IE, any browser that properly executes JavaScript and other web standards is vulnerable to scripts that are written to do malicious things. The only way to ensure safety on the modern web is by only allowing scripts that you authorize. Later we’ll examine how this safe practice works with Opera, my new favorite web browser, by today we’re going to look at NoScript.
NoScript is a browser addon for Firefox. I first tried it over a year ago and gave up after a matter of minutes. The default settings for NoScript call for it to present a security warning whenever a website attempts to execute JavaScript, Java, Flash and other scripting technologies on sites you haven’t authorized. Because pretty much every website uses one of these scripting languages for something, and because when you first install NoScript none of the websites are listed as trusted, every single page will present the user with a security warning. The sheer annoyance caused by this behavior resulted in a quick removal from my browsing environment.
I was recently listening to Security Now, my favorite Internet security podcast. NoScript was mentioned as a must for Internet security, along with the secret to maintaining sanity while using it. The secret is to turn off notifications. With notifications turned off, the popups are gone but the security remains. Only if you realize that a site isn’t functioning properly do you need to specifically grant that site permissions to run the scripts. It’s as easy as right-clicking on the website and telling NoScript to allow the site to run scripts. To the right you can see how NoScript shows the scripts that AuctioneerTech attempted to run that were blocked successfully with NoScript.
True, AuctioneerTech doesn’t look as cool without scripts. The pull-quotes – sections of text that are larger and served like pictures showing important passages – don’t work, and neither do the CrunchBase widgets. You won’t see the Google Adsense links to the right or the Google Shared Stuff list at the bottom right, nor will my Google Analytics function. For this reason, I encourage you to select the “Allow all on this page” option if you’re viewing AuctioneerTech with NoScript. However, if this were a malicious website, you would already be infected. This is the reason you should install NoScript on Firefox. You’ll still be able to get at the content you want, without having content you don’t want forced upon you and your computer.
Here’s how to do it. Assuming that you already have Firefox installed, launch it.
That’s it. NoScript is installed and you’re safer now than ever before. Here’s how to disable the notifications so you can browse in peace.
Now you won’t get any popups telling you scripts were disabled. Browse the web with peace and security. If something doesn’t look right, simply enable the scripting on the page.
Learn about an easy yet little-known feature of a popular ad blocker that lets you…
With attacks on our privacy coming from every direction, it's tough to know where to…
I'm fairly convinced the internet has become a cesspool of advertising and coercive content meant…
Learn about the iSeries educational collection from NAA, watch the last episode and register for…
In my review of the Samsung Galaxy Note8 on Verizon, I found a beautiful device…
You should always use a VPN whenever you're connected to a wireless network that's not…
View Comments