Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: NoScript as a staple in the toolbox - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
NoScript as a staple in the toolbox

I know we’ve talked about NoScript here before, however it is something worth discussing on a regular basis, as it is a simple, solid product that works.  Whenever I build a new desktop or laptop, one of the first things that goes in is Firefox and NoScript as a solid browser combo to continue safely building out and running a system.  The choice of browser software is probably more a matter of personal choice, but a solid security addon for the browser is a must these days, and I have found NoScript to be a solid addon for Firefox.  It is stable, updated constantly (for which I am reminded on a regular basis when I open Firefox) and a product with a very long, proven track record.  One of the solid aspects of NoScript has been the ‘always block by default’ approach, ‘deny all/permit by exception’ philosophy that stops all scripts, and allows me to permit only the content I want or need.

Take a look at NoScript, let us know what you think in the comments, as well as any other addon musts for browsers.  

tony d0t carothers --gmail

Tony

150 Posts
ISC Handler
For those of you who are Chrome users, check out uBlock Origin on the Chrome extension site. It provides a much less resource hogging experience as compared to Adblock Plus and you can fine tune the smallest things with the dynamic filtering. Provides some of the same functionality as NoScript too by allowing you to block all 3rd party requests and only allow the ones you trust, etc.
geeknik

7 Posts
Quoting geeknik:For those of you who are Chrome users, check out uBlock Origin on the Chrome extension site. It provides a much less resource hogging experience as compared to Adblock Plus and you can fine tune the smallest things with the dynamic filtering. Provides some of the same functionality as NoScript too by allowing you to block all 3rd party requests and only allow the ones you trust, etc.


Thanks for sharing that, I may give this a try.
Alex Stanford

136 Posts
I have used NoScript on Firefox for many years, and have found it to show me content most of the time without running Javascript. I usually only temporarily allow use of Javascript on new sites (popular or not).

I also use FlashBlock. It takes a few extra clicks to see videos or other Flash content, but pages tend to load faster (in combination with NoScript).
srondeau

1 Posts
NoScript was essential for me on FireFox. Having switched recently to Chrome, I now am happily using ScriptSafe and FlashControl.
T

31 Posts
I've used NoScript for years, excellent add-on.

I also use HTTPS-EveryWhere, a small, simple, useful add-on.

But the most valuable browser accessory of all is Privoxy, I would
never get on the web without it. And of course the MVPS Hosts file, managed easily by HostsMan. These 3 applications combine to make web browsing smooth and frustration-free (on Windows at least!).
Paul

1 Posts
Noscript is great. As ISO for my organization, It helps me minimize the potential embarrassment of being "the one" getting his machine infected.

It's great for the technical user who wants to deal with it. It's a real eye-opener to see how many scripts load from how many different websites for the average page. Unfortunately, non-technical users will just think that it broke the internet for them...

Kevin
Paul
1 Posts
We also utilize ADP (Ad Block Plus). Helps speed up browsing for us by eliminating much of the advertising junk.
Glenn

17 Posts
I love noscript except for when a site wants to load 10 or more scripts and I can't figure out which one is the one that I need to allow in order to watch my video, or whatever.

Note to developers: I always block the entire site summarily on my system if it has more than 10 scripts.

I also run ghostery routinely on all my systems.
HackerHater

6 Posts

Sign Up for Free or Log In to start participating in the conversation!