Problem solve Get help with specific problems with your technologies, process and projects.

NoScript addon: A valuable addition to your antimalware toolkit

Browser plug-ins like the NoScript add-on can help prevent malware infections when configured correctly. Expert Nick Lewis explains.

How useful are browser plug-ins like NoScript? Do they actually help prevent malware infections, or could they give users a false sense of security, thinking they can't get infected because they have this add-on?

Browser plug-ins like the NoScript add-on can help prevent malware infections when configured correctly, and thus, are useful additions to any antimalware toolkit. NoScript helps control JavaScript, Java, Flash and potential cross-site scripting (XSS) by only allowing them to run on trusted websites. Controlling Javascript, Flash and XSS to trusted websites limits the risk of being compromised by an attack using that functionality. Adding this basic functionality to the core Web browser (Firefox in the case of NoScript) can help protect all users of the Web browser. However, this functionality does add some complexity to Firefox and most likely would need to be configured by default to allow most JavaScript, Java and Flash, because non-technical users may have difficulty configuring it properly. The difficulties of getting NoScript configured for non-technical users may make it unusable for the least technical users and less secure, but still effective as a tool in your antimalware toolkit.

If users rely on NoScript completely to protect them from malicious webpages, they have a false sense of security. Given the recent compromises of trusted websites and ad networks used to distribute malware, even allowing trusted websites to use JavaScript, Java and Flash is a risk. However, the other option -- controlling JavaScript or other active code in a browser down to the individual function level -- may require too much effort for even technical users to manage. NoScript should be one of the tools used to reduce the risk of malware infection from browsing potentially malicious webpages.

This was last published in November 2011

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.