Difference between revisions of "NoScript Review"
(Created page with "Image:50star.png In light of recent browser hijack and malware such as the Internet Security 2012 Virus it is highly recommended that users install and learn to use ...") |
|||
Line 2: | Line 2: | ||
In light of recent browser hijack and malware such as the [[Internet Security 2012 Virus]] it is highly recommended that users install and learn to use this extension. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default. | In light of recent browser hijack and malware such as the [[Internet Security 2012 Virus]] it is highly recommended that users install and learn to use this extension. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default. | ||
+ | |||
+ | No version of Microsoft Internet Explorer to date (2014) provides the same level of protection as using a Mozilla based web browser with the NoScript extension. Read [[Firefox With NoScript -vs- Microsoft Internet Explorer]] for more details. | ||
''note: [http://forums.informaction.com/viewtopic.php?f=7&t=7971 incompatibility with online banking]: resolve. Issue: even with "allow scripts globally" and allowed domains many major online banking sites will not function with this extension active. <del>NoScript had to be completely disabled for online banking</del>. Resolution: Options -> Advanced - > uncheck "Turn cross-site POST requests into data-less GET requests" - do online banking - then promptly enable the feature again. This feature is a valuable security intervention and the problem it causes is actually a defect in the bank's web site that the bank needs to and hopefully will correct presently.'' | ''note: [http://forums.informaction.com/viewtopic.php?f=7&t=7971 incompatibility with online banking]: resolve. Issue: even with "allow scripts globally" and allowed domains many major online banking sites will not function with this extension active. <del>NoScript had to be completely disabled for online banking</del>. Resolution: Options -> Advanced - > uncheck "Turn cross-site POST requests into data-less GET requests" - do online banking - then promptly enable the feature again. This feature is a valuable security intervention and the problem it causes is actually a defect in the bank's web site that the bank needs to and hopefully will correct presently.'' |
Latest revision as of 14:02, 23 July 2014
In light of recent browser hijack and malware such as the Internet Security 2012 Virus it is highly recommended that users install and learn to use this extension. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default.
No version of Microsoft Internet Explorer to date (2014) provides the same level of protection as using a Mozilla based web browser with the NoScript extension. Read Firefox With NoScript -vs- Microsoft Internet Explorer for more details.
note: incompatibility with online banking: resolve. Issue: even with "allow scripts globally" and allowed domains many major online banking sites will not function with this extension active. NoScript had to be completely disabled for online banking. Resolution: Options -> Advanced - > uncheck "Turn cross-site POST requests into data-less GET requests" - do online banking - then promptly enable the feature again. This feature is a valuable security intervention and the problem it causes is actually a defect in the bank's web site that the bank needs to and hopefully will correct presently.
NoScript deserves 5 stars and we urge people to try out. However, it may be overwhelming for some novice users or people that "just don't get it" and cause them problems on their ordinary use of common web sites. However, not everyone is willing to wear a life preserver when they go boating in deep water, and as much is the same for online safety and security.
Upgraded NoScript to 5 star status. This is the most valuable Firefox Extension ever created. I recommend it to everyone.
- Usefulness: Recommended (for security)
- Category: Security
- Side Effects: may conflict with other plugins.
- Conflicts: impacts but does not nullify QuickJava 1.7.5. Although it works ok with Flashblock 1.5.15.1., it is no longer necessary to use Flashblock when running NoScript (redundancy). Other similar plugins also redundancy; possibly QuickJava.
- VLT: 2.2.3
configuration tip: Goto Firefox about:config and change boolean parameter noscript.firstRunRedirection to disable annoying NoScript homepage after update (because updates are very frequent). Set noscript.firstRunRedirection to False.
NoScript Review is one of many Firefox Extensions discussed on the Favorite Firefox Extensions section.