Web browsing is full of hazards. Even reputable websites can have poisoned banner ads from third parties, which can attempt to hack your machine or browser settings. You don’t even have to click on a “bad” website to be the victim of a “drive-by download”. Some browsers such as Internet Explorer have a long history of vulnerabilities, and scripting languages such as JavaScript and ActiveX, Java, and media playing programs like Flash are all vectors for malware.
For better security, we recommend that you download the latest Firefox for your particular operating system here. At the same time, install the NoScript extension to Firefox, which will prevent websites from running Javascript, Java, or automatically playing media files such as Flash.
Get NoScript here addons.mozilla.org/en-US/firefox/addon/noscript/
(unfortunately the NoScript home page itself does have advertising on it for potentially unwanted programs (PUPs) so I don’t recommend it.)
Since NoScript blocks all scripts from running, it will make some sites that you want to go to look different or not work well. The solution to this is to look at the yellow bar that NoScript puts on your browser (or click on the S icon), informing you which web domains are trying to run scripts when you visit the page, and offering some Options.
This status bar displays information about the various web objects that are trying to run in the background on this page, and what domains (web servers) they come from. You then have the choice of which domain(s) you will permit scripts to run from, and you can permit temporarily (one time only), or permit a trusted site to run scripts permanently, which will save time the next time you visit.
It’s useful to know that when you visit your favorite sites, what other advertisers and tracking sites are active in the background, so you can selectively block them.
The general rule is, permit the site you know you are visiting (say, goodsite.ca) and block outside sites (google-analytics.com, unknownsite.com, and anything else from unknown sources that may be riding along). If the site requires some content from a different server, you’ll notice something is missing on the page, and you can selectively grant permission to the server that’s needed to make it work.
One thing you will enjoy after installing NoScript is a lack of ads and popups on the sites you visit, as most ads and popups are reliant on scripting.
Similarly, if a trusted YouTube or Flash video doesn’t run properly, and you see something like this
Blocked flash object image
– you can grant permission temporarily for that item to run by clicking on it.
More info on NoScript krebsonsecurity.com/tag/noscript/
Video from CNet www.youtube.com/watch?v=GzBqnLgOzwM
Brief introduction securityinabox.org/en/firefox_noscript
NoScript isn’t perfect, and it can cause some short-term frustration until you get your favorite web sites sorted out. It also may be incompatible with some corporate, remote access or web conferencing software, if so check with your company or the company you are connecting to for system support for that software.
There are some similar utilities to NoScript for Google Chrome (although I have not tested them)
httpswitchboard, ScriptSafe, ScriptBlock – you can find them at the Google Webstore https://chrome.google.com/webstore/
However in my opinion Firefox is inherently easier to protect than Chrome.