ImagingTips.com

NoScript, a Firefox Add-On

by Wren McMains
(8/9/2013)

To help protect yourself against viruses and malware I highly recommend NoScript! However, be warned, at first you'll find it a pain in the ass. What NoScript does is prevents JavaScript, Java, and other Plug-ins from running on websites until you identify them as trusted.

I tried to get my wife to use it, but she found it annoying and stopped using it. Then she clicked on something that took her to a website that installed malware that made her machine totally unusable until it was repaired. That convinced her, she's been using it ever since.

Once you install it, the first time you go to each site that runs scripts (and most do), you'll see something like this:

Screen Shot

In this case the box were you enter your username is missing and the graph of how the stock market is doing is missing (red circles). In other cases you might not see anything strange, but maybe when you click on buttons nothing happens (if they require a script to execute). What you will see is a new status bar at the bottom (red arrows) that tells you scripts are being forbidden on this page. To control what's being forbidden click on the Options button (red arrow on right) and you'll see:

Screen Shot

In this case only scripts from one domain (fidelity.com) are being forbidden. Click on "Allow fidelity.com" (red arrow) and now the website works normally:

Screen Shot

When you first start using NoScript you might find it useful to be reminded when a website is being blocked (because it's often hard to know ... it seems fine, but things are missing or don't work and you don't realize it). There's an option to for NoScript to make a noise wherever you go to a website being blocked. Click on Options, then the Notifications tab and you'll see:

Screen Shot

Check the Audio feedback box (red arrow). You can change the sound with the Choose button, or use the Play button to hear the current sound. Once you get tired of the noises you can turn it back off and just get use to looking at the bottom of the page and if you see the Scripts Forbidden bar you know something is being blocked.

I leave a lot of sites blocked (for example, the ones that track which pages you look at and what you click on) so I leave the noise turned off.


Here's another site, it's not so obvious it's blocked (other than the yellow bar at the bottom):

Screen Shot

If it's a website I don't know and trust, I ignore the fact that scripts are blocked and know I'm safe as long as I don't push a button that says something like "Scan my PC for a virus" ... which is almost guaranteed to give you one :) If something on the site doesn't work and I really want it to I might use the allow temporarily options (see below).

If we click on the Options button we see that on this two domains are being blocked (schwab.com and schwabcdn.com):

Screen Shot

As you see there are lots of options: allow individual domains temporarily (blue arrows, see discussion above), allow all this page (orange arrows, two choices permanently or temporarily), and allow individual domains (red arrows).

If it's your bank or a site where you have an account, you need to trust it so in this case I would click on the two individual Allow schwab choices (red arrows). I almost never click on the Allow all this page choice because that often includes domains like doubleclick.com, googleanaylics.com, etc. which you don't need to allow unless you want to be tracked. Now the page looks like this:

Screen Shot

The scripts added some market data was added at the bottom, but what happened, even though we allowed both sites the yellow bar is back but now says scripts are partially allowed and the 2/4 means they're being allowed on 2 out of 4 sites. Clicking on the Options button again shows us:

Screen Shot

The two sites we allowed now appear with Forbid options and we have options about what to do with two new sites. Since they don't seem to be part of Schwab, I might leave them blocked until something doesn't work that I care about.

Note: Even if I had chosen one of the Allow all the page options originally, the yellow bar would still have come back once the scripts initially allowed on the page ran and accessed different sites (as we saw above).


All this might seem like a pain, but it's really not that bad. Once you go to a trusted site and allow it (and maybe some related sites) to run scripts you never have to worry about that site again ... NoScript won't bother you any more until you go to a new site. Of course of you choose the "temporary" options, you'll have to allow it again the next time.

How do you get NoScript? Click on the pull-down next to the word Firefox:

Screen Shot

Then choose Add-ons. Now click on the Get Add-ons tab and then type "noscript" in the search box:

Screen Shot

The search to lead to something like this (note NoScript icon):

Screen Shot

Click on the Add to Firebox button which will download and install NoScript. Then restart Firefox. That's it!

Note: NoScript will frequently update itself, this is normal. It only does it when Firefox is starting and then you'll see the NoScript website page which looks something like this:

Screen Shot

Beware of choices you see on this page. In the top-center of the page it says: "PC slowing you down? Free Scan". I never trust anything like that, all to often it's going to add malware or worse to your machine. This site is explains all the details of using NoScript, so it's worth exploring. Just becareful what you click.

Suggested next choices:

ImagingTips.com Site Map