Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Security researcher sings the praises of NoScript Firefox add-in

Krebs isn't the only expert in favour of the plug-in, as Peter Woods, CEO of pen testing specialist First Base Technologies will also detail its advantages in an Infosecurity webinar later on today.

So what's the big deal?

According to Krebs, most web sites use Javascript - a powerful scripting language that helps make sites interactive.

"Unfortunately, a huge percentage of web-based attacks use Javascript tricks to foist malicious software and exploits onto site visitors. To protect yourself, it is critically important to have an easy method of selecting which sites should be allowed to run Javascript in the browser", he says in his latest security blog.

The security researcher goes on to say that selectively allowing Javascript on known and `safe' sites won't block all malicious scripting attacks.

Even legitimate sites, he notes, sometimes end up running malicious code when scammers figure out ways to sneak tainted, bogus ads into the major online ad networks.

"But disallowing Javascript by default and selectively enabling it for specific sites remains a much safer option than letting all sites run Javascript unrestricted all the time", he says.

"The NoScript extension makes it easy to place or remove these restrictions on a site-by-site basis, but a novice user may need some practice to get the hang of doing this smoothly", he adds.

Krebs also points out that Google Chrome also includes similar script- and Flash blocking functionality that seems designed to minimise some of these challenges by providing fewer options.

And here's a spot of good news that you probably aren't' aware of, as he also notes that Internet Explorer 9 includes new security features, such as enhanced memory protection and Microsoft's SmartScreen Application Reputation engine, which is designed to alert users when they try to download files from locations on the Web with an unknown or dodgy history.

"I like Chrome's simplicity and speed, but I prefer Firefox because it offers the most options for dealing with Javascript. But, whichever browser you use, be aware that running Javascript can be the point of entry for intrusive and infectious malware. Use caution before deciding to allow it on any site that you visit", Krebs advises.

What’s Hot on Infosecurity Magazine?