Block scripts in Firefox
The Internet is full of threats like cross-site scripting attacks and clickjacking. A lot of these attacks work by injecting scripts in Web pages that you don't even know are there. You can give yourself a modicum more protection by running a Firefox plug-in called NoScript.
NoScript blocks all scripts from running until you authorize them. Let me show you how it works.
Go to addons.mozilla.org and search for NoScript or get it from Download.com. Install it as you would any add-on. Once you have it installed, look in the bottom right corner at the little S with the cross-out symbol.
Clicking on it brings up a submenu that lets you choose how to handle scripts on the page you're at. The safest way to go is not to allow any scripts. You'll never fall victim to code that doesn't run.
But some sites won't work without scripts so, the next safest thing is to temporarily allow only the scripts you need or trust. A lazier and slightly less safe method is to temporarily allow all on a page.
The next more convenient level, but also less safe is to permanently allow scripts individually or all for a page. This becomes necessary for things like your Bank's Web site or Google Docs where you don't want to constantly allow scripts every time you launch your browser. If you permanently allow scripts from a site, you're putting your trust in that site that it will never allow itself to be infected by a malicious script.
The worst thing you can do is globally allow all scripts. You might as well not run NoScript at that point. If you have allowed a script on a page and you change your mind about it, you can always choose forbid, to start blocking it again.
Running NoScript means you're going to have to do a bit more thinking about pages you surf to. It was enlightening when I first started running NoScript to see which of my banks and utilities worked just fine without scripts and which became disabled. If nothing else, NoScript gives you more control over what risks you expose yourself to on the Net.
Would you like a wrap-up of the week's hottest CNET TV videos delivered directly to your in-box? Then sign up for the weekly CNET TV newsletter, delivered every Friday.
It's a safety issue, above all. There's really no way to tell if any given advertiser is doing something unsavory with the data they're collecting (the current adblocking tools do not help with this triage), so it's far more wise to block all ads.
Anyway, if all the adverts get blocked then the advertisers will turn to the text. Every article will be trying to sell you something. (if it's not like that already.)
I'm also a big fan of Adblock Plus. The Web seems incredibly noisy and distracting whenever I use a machine where it's not available.
That means almost every day when you open FireFox it asks you to update it. It gets annoying.
In addition, every time you do an update, it opens their homepage wich has full of advertising.
Do they want to make the product better every day? or want more exposure to their site? (More $$$)
I don't know.
One of the adblocking list sites completely buckled the NoScript site to try block the ads, making it unusable.
(By the way, AdBlock Plus also blocks scripts, if you set it to do so... You can pick specific scripts to block. So it kind of makes it useless to have both.)
If you don't like people staring over your shoulder, stand with your back to a wall.
Unmetaphorically: Disconnect your internet and don't even risk it.
As more and more web apps, such as Firefox Prism, Adobe Air, Google Apps and MS Silverlight, begin leveraging local resources, it will become really necessary. It could actually make development of web apps faster as well as more secure. I think MS is missing a great chance to provide a desktop hook into the cloud applications.
It took awhile, but thanks to browser vendors actually listening to W3C and not caring much for JavaScript, we are left in the current mess we are with having to use manual sandboxing and script-blockers.
Oh, and Microsoft Microsoft Microsoft, can't forget Microsoft trying to kill off JavaScript because it was a threat to the desktop.
It is a good idea to have things blocked and stay safe unless you do trust the site though.
It is a good idea to have things blocked and stay safe unless you do trust the site though.
I use and love NoScript, and continued to use it after the event. However, this shows you cannot trust anyone and you should be aware the author has done things to this product to make it be considered Mal-Ware. He may have learned his lesson and may not do it again, but he did it once so everyone should be cautious.
Blocked scripts on cnet.com: sphere.com, revsci.net, questionmarket.com. Check this websites on WOT, if you don't know what they are. This sites are all red and dangerous. That's why when you use browser without NoScript and Ad Block you see all ads and pop ups, advertising sometimes rogue software!
You should allow scripts from yimg.com and com.com if you want to see images on the website.
I have McAfee Security Suite and it has the ability to stop my machine from running a bad script. It logs all of the bad and harmful scripts it blocks and I have yet to have one on this machine and I have been on the internet for several years now.
I am no longer using firefox or IE or Chrome.. They all are the slowest, most aggravating browsers there are to use. They have so many bells and whistles that I can not keep up with what is slowing it down and what is causing my machine to whine and wheeze when they have so many virtual machines running on the same page that I just went looking and I am now happily using Opera.. I have a Google home page and I am not about to start messing around with the workings of this simple lovely browser..
Thanks for the warning.. but it is just another example of trying to give the public too much control over their settings. I want a browser to drive me to the site and then let me save an image or the entire page for later viewing and that is all I need to have on my toolbar. You give us too much stuff to change when we do not know what it is we are changing.. and you get a major mess!
thanks for letting me rant.
lockerridge
I have McAfee Security Suite and it has the ability to stop my machine from running a bad script. It logs all of the bad and harmful scripts it blocks and I have yet to have one on this machine and I have been on the internet for several years now.
I am no longer using firefox or IE or Chrome.. They all are the slowest, most aggravating browsers there are to use. They have so many bells and whistles that I can not keep up with what is slowing it down and what is causing my machine to whine and wheeze when they have so many virtual machines running on the same page that I just went looking and I am now happily using Opera.. I have a Google home page and I am not about to start messing around with the workings of this simple lovely browser..
Thanks for the warning.. but it is just another example of trying to give the public too much control over their settings. I want a browser to drive me to the site and then let me save an image or the entire page for later viewing and that is all I need to have on my toolbar. You give us too much stuff to change when we do not know what it is we are changing.. and you get a major mess!
thanks for letting me rant.
lockerridge
The scripts on the page freeze Firefox for me.
http://forums.mozillazine.org/viewtopic.php?f=38&t=1149005
Vista Home Premium 64 bit
Intel Quad 2 Q8200
8.0 GB RAM
-
by 0zSpit
June 27, 2009 5:20 PM PDT
- the add-ons for firefox is one reason i've never switched. noscript, adblock plus, a better privacy, and wot makes it one of the safest browsers. noscript is an excellent tool to block the dreaded google virus, also.
-
Like this
Reply to this comment
-
(27 Comments)