- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- Glossary
- Hands-On Guides
- Avast - anti-virus
- Spybot - anti-spyware
- Comodo - firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian - backup
- Undelete Plus - file recovery
- Eraser - secure file removal
- CCleaner - temporary file removal
- Riseup - secure email service
- Pidgin + OTR - secure instant messaging
- VaultletSuite - secure mail client
- Thunderbird + Enigmail - secure mail client
- Firefox - Web browser
- Tor - anonymity and circumvention
- portable security
NoScript
Submitted by genner on Fri, 11/14/2008 - 23:59.
NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as being acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you decide that the site's content presents no harm and add it to the white list.
4.1 How to Use NoScript
After you have downloaded NoScript and restarted Firefox, the NoScript icon appears in the bottom right corner of the Firefox status bar as follows:
Figure 8: The NoScript button
Note: You will find that after installing NoScript some web sites may not load properly; the reason for this will be explained below.
To begin using NoScript, perform the following steps:
Step 1. Click: to activate its pop-up menu as follows:
Figure 9: The NoScript pop-up menu
NoScript also has its own status bar. It displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The Options button lets you activate the NoScript Options screen, and appears in the right corner as follows:
Figure 10: The NoScript status bar
After installation, NoScript will automatically start blocking all pop-up advertisements, banners, Java code and JavaScript, as well as other potentially harmful attributes of a web site. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to you to make exceptions for those sites with content that you think is safe.
Here are two examples of NoScript at work: In Figure 11, NoScript has successfully blocked an advertisement on a commercial website. In Figure 12, the Air Canada web site notifies you that JavaScript must be enabled (at least temporarily) to view this web site.
Figure 11: An example of NoScript blocking a pop-up advertisement in a commercial site
Figure 12: The Air Canada site requesting that JavaScript be enabled
Sometimes NoScript will only partially block JavaScript. When this happens, the following message and symbol appears: 
Since NoScript does not differentiate between malicious and real code, you might find that certain key features and functions (for instance, a tool bar) are missing. Simply:
Step 2: Click 
and select either
- the Temporarily Allow [web site name] option to allow all code for this session or
- the Allow [web site name] option for a permanent rule to enable all code on the webpage
Tip: Although NoScript might seem a little frustrating at first, (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.
4.2 How to Use the NoScript Options (Experienced and Advanced Users Only)
NoScript can be configured to defend your system against cross-site scripting attacks (XSS), including the blocking of JAR remote resources. A cross-site script is a computer security vulnerability that permits hackers and other intruders to 'inject' a computer bug or virus into the existing code used in a web browser, (particularly code written in HTML, Java and JavaScript or other browser-supported languages). Indeed, a single web site could attract multiple attacks from different sites, if they have either advertising or links to that site. Attacks like this can be also generated by third party web sites. If you are knowledgeable about computers and software, NoScript has a number of tabs for configuring certain security parameters to protect your systems from these kinds of attacks.
To access these features perform the following steps:
Step 1. Click: to activate its pop-up menu, then select Options to activate the NoScript Options screen. Then choose the Advanced tab as follows:
Figure 13: The NoScript Options screen with the Advanced tab in active mode
Step 2. Click a tab (for instance JAR or XSS), and then check the options and/or specify your exceptions where required.
Tip: For more comprehensive and detailed information about NoScript, please refer to http://noscript.net/ and http://noscript.net/faq
The Plugins tab lets you set additional restrictions for both trusted and untrusted sites.
Figure 14: The NoScript Options screen with the Plugins tab in active mode