Saturday, May 31, 2008

Can NoScript help?



In watching an episode of Tekzilla, they mentioned a Firefox addon called NoScript. Always willing to try something new, it was installed within seconds and after restarting FF my browsing experience was changed forever!

The first thing you notice is the "S" down in the lower right corner of the browser window. The second thing is the popup "Options" line also down in the lower portion of the browser. It is a simple matter to authorize the scripts on a page and NoScript automatically reloads the page after changes are selected. For me, it works well and reasonably unobtrusively. However, some who desire a transparent browsing experience may not appreciate the attention required for this added safety.

The unexpected benefit for my browsing experience was the identification of all the scripts within a web page. Both the ones that make the page "work" as well as the insidious background, hidden scripts that track, collect or basically spy on your internet behaviors. NoScript easily exposes these to the user and provides a way to be in control of both your actions and what others can collect about those actions.

Of course, there is the matter of trust. Yes, Noscript is an excellent aid to safe surfin', but it has the opportunity to abuse that trust. However, I don't believe that this is the case and since its introduction it has been closely reviewed. It is free software under GPL licensing. So for now, I will trust it until I learn something different.

Information from the web site:

The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers:
this free, open source add-on allows JavaScript, Java, Flash and other plugins
to be executed only by trusted web sites of your choice (e.g. your online bank),
and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach
prevents exploitation of security vulnerabilities (known and even not known yet!)
with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click
on the NoScript status bar icon (look at the picture), or
using the contextual menu, for easier operation in popup statusbar-less windows.

Watch the "Using NoScript" video
kindly contributed by John Wilkerson.

Staying safe has never been so easy!

Experts will agree: Firefox is really safer with NoScript!


Bottom line: NoScript has been around for a couple of years. For this author, it has opened his eyes to just how nasty some of the scripting is on various sites. Even if you plan to globally authorize all scripting, be sure to at least check out the scripts on the pages you visit, they could be helping you in ways you really, really don't want to have happen.

NoScript was written by Giorgio Maone who cofounded Informaction located in Palermo, Italy.

You can get NoScript here.