- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- 9. How to protect yourself and your data when using social networking
- 10. How to use mobile phones as securely as possible
- 11. How to use smartphones as securely as possible
- Hands-On Guides
- avast! - anti-virus
- Spybot - anti-spyware
- Comodo Firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian Backup
- Recuva - file recovery
- Eraser - secure file removal
- CCleaner - secure file deletion and work session wiping
- Riseup - secure email service
- Pidgin with OTR - secure instant messaging
- Jitsi - Secure Audio, Video and Text Communication
- Thunderbird + Enigmail + GPG - secure email client
- gpg4usb - email text and files encryption
- Firefox + add-ons - secure Web browser
- Tor Browser - anonymity and circumvention
- Social networking tools
- Mobile Security
How to Use the NoScript Add On
List of sections on this page:
4.0 About NoScript
NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you have determined that the content of a particular site presents no harm; at this point, you may add it to the white list.
4.1 How to Use NoScript
Before you begin using NoScript ensure that it was successfully installed by selecting Tools > Add-ons to activate the Add-ons window and confirm that it has been installed.
Tip: Although NoScript might seem a little frustrating at first (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.
Figure 1: The NoScript status bar
The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.
Figure 2: An example of NoScript blocking a pop-up advertisement in a commercial site
Since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing. Some web pages present content, including script-like content, from more than one website. For example, a website like www.twitter.com has two sources of scripts (twitter.com and twimg.com):
Figure 4: An example of the NoScript status bar Options menu
To unblock scripts in these circumstances, start by selecting the Temporarily Allow [website name] option (in this instance, Temporarily allow twitter.com). However, if this does not allow you to view the page you may determine, through a process of trial and error, the minimum number of websites required to view your chosen content. For instance, on Twitter, you must select the Temporarily allow twitter.com and Temporarily allow twimg.com options, in order for Twitter to work.
Warning! Under no circumstances should you ever select the Allow Scripts Globally (dangerous) option. As far as possible, avoid selecting the Allow all from this page option. Occasionally, you may have to permit all scripts; in this situation, ensure that you only do this temporarily for sites you really trust, that is, until the end of your on-line session. It only takes a single injection of malicious code to compromise your on-line privacy and safety.
For websites that you trust and frequently visit, select the Allow [website name] option. (In the example above, Allow twitter.com and Allow twimg.com have been selected). Selecting this option permits NoScript to permanently list that website as trusted.