« New IE7 security exploit in the wild | Main | More news on the IE security flaw »
12/15/2008
NoScript: A tool for securing your computer against web browser-based attacks
Co-Editor
For those of you that haven't (yet) switched from Internet Explorer to Firefox, there's a tool to significantly improve computer security. It's called: NoScript.
The beauty of NoScript is that it allows you to completely disable javascript, java, flash, shockwave, silverlight, and any other scripts on a site-by-site basis.
"What's the significance of that?" you ask? "Don't I just need an Internet security suite with a good firewall?"
Um, no. Many of today's attacks are able to "pierce" firewalls. Antivirus software is a must. A good firewall is a must. But that's just the beginning.
NoScript is part if the package. It means you can choose the scripts you want to allow to run on a given web page. The beauty of it is that you get the same net effect as completely disabling javascript in Firefox without the pain. Let's face it, if you disable javascript in your browser altogether, it can make surfing the web a total chore.
What's the big deal with javacript (and other scripts, too, for that matter)?
As Swa Frantzen of Sans.org discusses in his post on javascript security from over a year ago, that's still very valid:
"Frequent readers will know that we often recommend to ease up on allowing scripting as it's used by the bad guys. XSS bugs are basically so bad, not for the example alert('XSS') (spaces added for the overly paranoid web content filters) you might see, but for much nastier things starting with capturing your cookies (read credentials, session keys etc.).
Keyloggers aren't impossible either and making you unknowingly upload files from your hard disk to malicious websites etc. is all quite possible in javascript."
Long story short:
- We recommend Firefox.
- We recommend NoScript for Firefox.
Interested in learning more? Here are links for more information:
Download Firefox | Download NoScript |
TrackBack
TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a0133f40d81f4970b013487649202970c
Listed below are links to weblogs that reference NoScript: A tool for securing your computer against web browser-based attacks :
The comments to this entry are closed.
Comments
You can follow this conversation by subscribing to the comment feed for this post.