Protecting your computer from unwanted guests: Firefox with NoScript
In the final post of this series I'll look at my favorite tool, Firefox with the NoScript plugin. Firefox is a browser by Mozilla and NoScript is a plugin that can be installed on Firefox. What NoScript essentially does is blacklist all the "JavaScript, Java, Flash, and other plugins" running on websites. It also provides cross-site scripting (XSS) and clickjacking protection.
After downloading and installing Firefox, go to the NoScript site or plugin page and install it to Firefox. A reboot of the browser will be required, but NoScript will be up and running. Now comes the annoying part. Every website and every script running on that website will require your approval to run. This is great for avoiding malware and web ads, but means that a page might not run properly when you first visit it.
To allow a web page and some scripts that will be needed to perform functions on the web page, click on the NoScript icon, which is an 'S' with a prohibition sign. Click on the main web page and allow, this will provide some more functionality on the page as well as open up more scripts to unblock. And that's the tricky part figuring out which scripts to allow to run. A Google search can help with this, but sometimes it's just trial and error to allow the right script to get the function you want to run. If you get frustrated enough you can 'temporarily allow all this page,' 'allow all this page,' or 'Allow Scripts Globally (dangerous).' Allowing scripts globally will essentially disable the plugin and I would avoid if you can. Temporarily will allow as long as the browser is open and allow all this page will allow all the scripts on the page permanently. Some scripts might run on multiple sites, so allowing them once allows them for all websites.
This method of protection will require the most work on your part, but also provides the most security when browsing the web. Accidentally clicked the wrong link? No worries, the script that installed the nasty malware never had a chance to run. You'll also get to see all the useless crap companies put on their web pages.
This the final post in my series on Protecting your computer from unwanted guests. This was mainly to provide my brother a walkthrough for protecting his computers at work, but if any other security professionals would like to chime in with tips or other suggestion, I would love that.
This post first appeared on Exploring Information Security.