Block scripts in Firefox

The Internet is full of threats like cross-site scripting attacks and clickjacking. A lot of these attacks work by injecting scripts in Web pages that you don't even know are there. You can give yourself a modicum more protection by running a Firefox plug-in called NoScript.

NoScript blocks all scripts from running until you authorize them. Let me show you how it works.

Go to addons.mozilla.org and search for NoScript or get it from Download.com. Install it as you would any add-on. Once you have it installed, look in the bottom right corner at the little S with the cross-out symbol.

Clicking on it brings up a submenu that lets you choose how to handle scripts on the page you're at. The safest way to go is not to allow any scripts. You'll never fall victim to code that doesn't run.

But some sites won't work without scripts so, the next safest thing is to temporarily allow only the scripts you need or trust. A lazier and slightly less safe method is to temporarily allow all on a page.

The next more convenient level, but also less safe is to permanently allow scripts individually or all for a page. This becomes necessary for things like your Bank's Web site or Google Docs where you don't want to constantly allow scripts every time you launch your browser. If you permanently allow scripts from a site, you're putting your trust in that site that it will never allow itself to be infected by a malicious script.

The worst thing you can do is globally allow all scripts. You might as well not run NoScript at that point. If you have allowed a script on a page and you change your mind about it, you can always choose forbid, to start blocking it again.

Running NoScript means you're going to have to do a bit more thinking about pages you surf to. It was enlightening when I first started running NoScript to see which of my banks and utilities worked just fine without scripts and which became disabled. If nothing else, NoScript gives you more control over what risks you expose yourself to on the Net.