Answer

NoScript addon: A valuable addition to your antimalware toolkit

How useful are browser plug-ins like NoScript? Do they actually help prevent malware infections, or could they give users a false sense of security, thinking they can't get infected because they have this add-on?

    Requires Free Membership to View

Browser plug-ins like the NoScript add-on can help prevent malware infections when configured correctly, and thus, are useful additions to any antimalware toolkit. NoScript helps control JavaScript, Java, Flash and potential cross-site scripting (XSS) by only allowing them to run on trusted websites. Controlling Javascript, Flash and XSS to trusted websites limits the risk of being compromised by an attack using that functionality. Adding this basic functionality to the core Web browser (Firefox in the case of NoScript) can help protect all users of the Web browser. However, this functionality does add some complexity to Firefox and most likely would need to be configured by default to allow most JavaScript, Java and Flash, because non-technical users may have difficulty configuring it properly. The difficulties of getting NoScript configured for non-technical users may make it unusable for the least technical users and less secure, but still effective as a tool in your antimalware toolkit.

If users rely on NoScript completely to protect them from malicious webpages, they have a false sense of security. Given the recent compromises of trusted websites and ad networks used to distribute malware, even allowing trusted websites to use JavaScript, Java and Flash is a risk. However, the other option -- controlling JavaScript or other active code in a browser down to the individual function level -- may require too much effort for even technical users to manage. NoScript should be one of the tools used to reduce the risk of malware infection from browsing potentially malicious webpages.

This was first published in November 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: