PC mavens, talk me into installing NoScript

I’m pretty much a PC illiterate, but use one at work. My one work vice is surfing the web; while I try to be careful, I’ve discovered the hard way that no site is every truly “safe” these days. I had a bad scare yesterday when I site I visit regularly and previously trusted tried to download some .exe file onto my computer, and think it might be time to beef up my web-surfing security.

I’m already using Firefox v., with AdBolck Plus. (I don’t think my work system will support Firefox 3.0, alas). The catch is that my IT Department won’t officially support Firefox (although they will allow us to use it), so if I install anything that screws up my Firefox browser, I’m on my own when it comes to getting it fixed. (Did I mention that I’m a complete PC illiterate?) I’ve heard mixed things about NoScript; some people seem to love it, others say it’s too hard to customize and makes websurfing painful because it disables so many innocuous-and-necessary scripts on web pages. Just how hard IS it for a non-PC savvy user to install and customize NoScript? How hard is it to remove if you decide you don’t like it?

(Need I add that I really hate my hospital’s IT support? They ought to WANT us to use the safest browser configuration possible!)

I’ve used it with firefox 2 and 3. It’s really pretty simple. Anytime you go to a site with scripts/flash/java it will block it by default, but you will have an option at the bottom of your browser bar to unblock specific parts of the site or to unblock the entire site. If you unblock something, it’s unblocked the next time. It can be a bit of a hassle at first, but once you unblock the things you use, you’ll hardly notice it.

Installing is simple, just use the button on the extension site, let it install then reboot firefox. To uninstall, go to Tools, choose Add-ons, find noscript in the list and click the uninstall button.

NoScript is annoying the first time you visit a site that, as part of a transaction process, passes you to one or two different domains. You might log in at www.mybank.com and enable the scripting on that domain, but on trying to pay a bill it would pass you to www.mybankbills.com and suddenly NoScript would appear again. However, I have yet to see that cause an irreversible mistake, and once I’ve told NoScript to trust the site it works perfectly.

Usually I find that no ‘innocuous’ scripts are all that necessary; there’s been many times when I need to allow scripting on a page, go to allow the domain, and find that there’s 12 different domains touching the page. I can allow only the domain of the page I’m viewing while all the advertising and malicious domains stay blocked. It is a bit of a hassle, but the benefits vastly outweigh the drawbacks.

I didn’t think noscript was worth the effort. Generally, careful surfing does much more for me. What sites are you going to that try to sneak file downloads on you? Not even porn sites do that very often anymore, especially when Adblock + EasyList is on.

Firefox isn’t necessarily the safest browser, just the most hyped and feature-packed (thanks to plugins). If you want safety, go for IE7 + Vista on a non-admin account with UAC left on; it runs in a sandbox and can’t really touch the rest of the system.

Or use the free VMWare Player with their Browser Appliance. It’ll run Firefox inside Ubuntu inside a virtualized window, similarly sandboxing it from the rest of your system. You can also reboot the image from a clean slate every time so it’s like having a brand new computer every time you browse.

Thanks, everyone! I took the plunge and installed NoScript this morning, and so far things seem to be working well (although I do wish NoScript would give you more information about the scripts it’s blocking - it’s hard to decide whether to allow a script when you don’t know what it does).

Believe it or not, it was a blog associated with The Atlantic Monthly (hardly a site I thought would be questionable, and one I’ve visited many times in the past without incident).