Microsoft Internet Explorer, Mozilla Firefox and Google Chrome (the three most popular) provide the capability to control browser plugins and protect users from malicious XSS and IFrame attacks. Google Chrome offers NotScript; Mozilla Firefox – NoScript and Microsoft Internet Explorer – uses an integrated XSS filter – but the major drawback here is it uses a black list. So what happens to those sites that are not in the black list and which are delivering XSS and malicious IFrame code? Maybe Redmond can answer this one.
Cross site scripting (XSS) as mentioned above is a vulnerability which allows a hacker to inject malicious code from one website into another. Another attack vector is clickjacking, which allows a HTML element to be inserted inside another HTML document – this if often referred to as an IFrame attack. These types of attack methods are growing in popularity with malware writers i.e. the IFrame attack using a worm script on Orkut. XSS/IFrame exploits are difficult to identify, unless you know what you are looking for, so you can see the value of controlling what scripts are presented to your browser. NoScript provides a high level of security from these attack vectors, however the user will still need to make informed decisions on what plugins to allow.
NoScript also offers a useful whitelisting function, which is another important tool to allow users to add websites that they feel are safe. This function provides the option to allow execution of all scripts from websites that users visit. This is fine for technical people but for ‘average joe’, it might prove just too daunting.
In summary,these script blocking add-ons are not easy to use but with a little patience and time you will realize their importance (and of course it adds an extra layer of security) to your web browsing experience. Why not take a look at the add-ons for Google Chrome and Mozilla Firefox for yourself right now. These are external links (please note the Google link is safe even though it contains an unusual string).
Download and install:
Google Chrome: https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn
Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/722/
Safe surfing folks!