Firefox With NoScript -vs- Microsoft Internet Explorer

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Firefox With NoScript -vs- Microsoft Internet Explorer 7

Microsoft's Internet Explorer 7 offers significant security improvements over its deservedly criticized predecessor. But the new IE still does not do enough to protect users.

Microsoft has, in IE 7, locked down some of the problem areas in IE 6. The browser will permit a Web site to nag you only once about installing an ActiveX control, for instance. (Some users will approve an installation simply to get rid of the pop-up windows.)

But malicious scripting attacks remain a big problem. Some miscreant Web sites use scripting code (such as JavaScript) to exploit security holes. This can allow them to perform drive-by installations of spyware or Trojan horse programs. IE 7 has a host of features designed to thwart exploits, including showing a pop-up warning that lets the user know when a site is trying to use scripting. But the new features don't go far enough.

Firefox's NoScript plug-in provides an elegant solution to the problem of malicious scripting. Once installed, NoScript prevents scripting from working at any Web site you visit until you approve it for that particular site. Being able to control scripting on a site-by-site basis with a single mouse click gives you a powerful security advantage.

But instead of the surgical script controls of NoScript, IE 7 still uses the same mud-covered sledgehammer that IE 6 did. Like NoScript, IE lets you block scripting for all sites in the Internet Zone, after which you can enable scripting for a particular site, but getting to the necessary dialog box takes at least six mouse clicks, and you must then enter the site's URL into the Trusted Sites list. It's a hassle most users won't deal with.

Microsoft touts IE 7's Phishing Filter as a significant new security feature, but a recent test of IE 7's filters by researchers at Carnegie Mellon University found that the Phishing Filter caught, at best, 68 percent of the phishing URLs that the researchers threw at the browser. (You can read more about the study's findings "Phinding Phish: An Evaluation of Anti-Phishing Toolbars.") Your best bet: Install an antiphishing toolbar as a safety net. In the CMU tests, SpoofGuard identified 91 percent of phishing sites. EarthLink's free toolbar placed second, with 83 percent accuracy.

None of this means that you shouldn't upgrade to IE 7. The new browser is more secure than IE 6--and given how tightly it's integrated into Windows, that extra protection is critical. Andrew Brandt is a contributing editor for PC World. E-mail him at privacywatch@pcworld.com.

source: PC World. PC World has removed the link destination of this article.

 

Firefox With NoScript -vs- Microsoft Internet Explorer 8

Microsoft has added NoScript style XSS filtering to Internet Explorer 8. This brings Internet Explorer closer to the security available in Firefox with NoScript. Firefox has this technology which comes as an add-on to Firefox called NoScript.

The XSS Filter added to Internet Explorer is only a black list. The things that Internet Explorer does block are going to be known and high risk XSS attacks. That leaves room for the ones that are unknown no matter how serious the risk. The XSS filter in MSIE only protects against XSS (cross-site scripting) attacks.

The NoScript plugin added to Firefox does more than just protect you from XSS Attacks. NoScript by default blocks every website you visit from running Scripts. This extra layer of protection protects you from a list of other attacks that are carried out using scripts. If you are blocking scripts by default until you allow them for a certain site, then no attack ever takes place.

The new filtering in MSIE 8 has also caused incompatibility with some web sites. Users of MSIE 8 have had to disable the feature to use certain web sites such as company secure file and email systems.

To disable the XSS Filtering ub MSIE 8:

Open Internet Explorer 8

  • Click on the Tools Menu,
  • Click on Internet Options
  • Click on the "Security" tab
  • Under the Security Tab, click on the "Internet" Icon (it looks like a picture of earth)
  • After selecting the Internet Icon, click on the ‘Custom Level’ button at the bottom
  • Scroll down the list of settings and click "Disable" in the Enable XSS Filter option

Click OK to apply the setting and then you can close out of the Internet Options and Relaunch Internet Explorer to be Sure the settings are saved and applied

NoScript plugin writer Giorgio Maone posted a commentary on IE 8's new filters, drawing comparisons to his own widely popular NoScript Firefox plugin. Maone writes:I’m happy to learn that IE8 is going to implement a less ambitious version of a feature which NoScript users have enjoyed for more than one year now.