Posts

«
»

Recommended Firefox/Seamonkey add-on: NoScript

I recommend the Firefox (and Seamonkey) add-on NoScript for advanced web browsing-type people. It is NOT for your mom, unless your mom knows what a javascript cross-site scripting attack is.

https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/seamonkey/addon/722

This add-on is so successful at protecting your browsing session, it has won security awards. See the link above for all the details.

Here’s the jist: Install it, restart your browser, then browse the net as usual but keep an eye on the little blue S icon in the lower-right corner of the browser. When you hit a webpage which doesn’t seem to operate as it should, click the little blue S icon and start allowing sites/domains to run javascript. Each time you enable one, the page will re-load. You can then test the functionality of the page again, and if it’s still not working, enable another site/domain and try again.

Here’s a brief example with YouTube:

When I first installed NoScript, all javascript was disabled. So when I go to YouTube, the videos don’t play and I get a little complaint in the video section about not having the Flash plug-in installed. I do have the flash plug-in installed, but it’s the javascript which determines what kind of browser I have and then loads the appropriate Flash code.

youtube_screenshot_mike_adams_2009-04-13

Here we are at Mike Adams’ YouTube channel. This guy is my hero. In this example, I’m trying to watch one of his videos on the evils of vaccines. However, the video isn’t loading and playing.

noscript_screenshot_youtube_2009-04-13First, click the little blue S icon in the lower-right corner of your browser. A list like this popups up:

See how the one on the bottom, youtube.com, is bold? That’s the one you should enable first.

So click on Allow youtube.com and watch the page reload.

youtube_screenshot_mike_adams_2009-04-13

noscript_screenshot_youtube_2009-04-13bStill, however, the video isn’t loading and playing. Click the little blue S again…

The only other site to allow is ytimg.com. I believe this is an image/movie server for youtube (I think).

So click on Allow ytimg.com

youtube_screenshot_mike_adams_2009-04-13b

There, now the video is loading and playing. No sweat.

The danger comes in allowing hostile sites. What is a hostile site? It’s a site which intentionally attempts to infiltrate your computer via your browser. If you’re running IE (Microsoft Internet Exploiter), then you’re kind of a sitting duck and you will get infected eventually.

If you’re running Firefox/Seamonkey with Adblock Plus and NoScript installed, you’re virtually bulletproof.

“But Hawk, how do I know if it’s a hostile site?” you may ask.

Well, ya kinda gotta be geeky about it. You’ll have to look at that domain, that website, and make a decision about it. Does it look like a good site? Or is it trying to do wierd things? Does it have a banner ad which reads, “Click here for a FREE virus!”?

I usually will not allow anything on a site that I’m unfamiliar with. I also don’t go looking for trouble browsing wierd sites in the dark allys of the net. But if I did, I would not be too worried about it; I’d just leave everything disabled in NoScript and surf cautiously.

This entry was posted on Monday, April 13th, 2009 at 1:14 pm and is filed under general, reviews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

Archives and Links